CN104079581A

CN104079581A - Identity authentication method and device

Info

Publication number: CN104079581A
Application number: CN201410340397.9A
Authority: CN
Inventors: 金红宇
Original assignee: Individual
Current assignee: Individual
Priority date: 2014-07-16
Filing date: 2014-07-16
Publication date: 2014-10-01
Anticipated expiration: 2034-07-16
Also published as: CN104079581B

Abstract

The invention provides an identity authentication method and device. According to the method, a safety server receives identity authentication information sent by a service server, the identity authentication information comprises authentication codes and mobile phone numbers of a user to be identified, and therefore secrete keys corresponding to the mobile phone numbers are obtained according to the mobile phone numbers, the secrete keys are utilized for performing encryption processing on the authentication codes to obtain encrypted authentication information, the safety server sends the encrypted authentication information to the service server, and the service server sends the encrypted authentication information in a short-message mode according to the mobile phone numbers; due to the fact that the content of the authentication codes is not clear texts any more, even if the content of the authentication codes is intercepted and captured by lawless persons, the lawless persons cannot decode the authentication codes, the account safety problem caused by leakage of the authentication codes is solved, and the identity authentication reliability is improved.

Description

Identity identifying method and equipment

[technical field]

The present invention relates to verification technique, relate in particular to identity identifying method and equipment.

[background technology]

Along with the development of the communication technology, increasing function that terminal is integrated, thus make to have comprised in the systemic-function list of terminal more and more corresponding application (Application, APP).Terminal is in operation these whens application, in some cases, for example, the situation such as pays, and the identifying code that need to utilize short-message verification code to send with short message, carries out authentication.

But, because the content of short-message verification code is expressly, after being intercepted and captured by lawless person, be easy to utilize this short-message verification code to be successfully completed authentication, thereby caused the reduction of the reliability of authentication.

[summary of the invention]

Many aspects of the present invention provide identity identifying method and equipment, in order to improve the reliability of authentication.

An aspect of of the present present invention, provides a kind of identity identifying method, comprising:

Security server receives the authentication information that service server sends, and described authentication information comprises identifying code and user's to be certified phone number;

Described security server, according to described phone number, obtains the key corresponding with described phone number;

Described security server utilizes described key, described identifying code is encrypted, to obtain encrypted authentication information;

Described security server sends described encrypted authentication information to described service server, to make described service server send described encrypted authentication information according to described phone number with short message.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described security server, according to described phone number, before obtaining the key corresponding with described phone number, also comprises:

Described security server receives the first cryptographic Hash that certification end sends with short message, and described the first cryptographic Hash is that the end message of the identification information of described certification end to the described key of random generation, described certification end and place terminal carries out Hash operation and obtains;

Described security server receives the described key, identification information and the described end message of described certification end that described certification end sends based on HTTPS;

Identification information and the described end message of described security server to described key, described certification end carries out described Hash operation, to obtain the second cryptographic Hash;

If described the second cryptographic Hash is consistent with described the first cryptographic Hash, identification information and the described end message of described security server to the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described method also comprises:

If described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server sends the first indication information to described certification end, to indicate, gesture password is set;

Carry out alternately described security server and described certification end, so that the gesture password of described certification end to be set.

If described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server sends the second indication information to described certification end, to indicate checking gesture password;

Carry out alternately described security server and described certification end, to verify the gesture password of described certification end.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described authentication information also comprises the corresponding service identification of described service server; Described security server, according to described phone number, obtains the key corresponding with described phone number, comprising:

Described security server, according to described phone number, obtains the security configuration information corresponding with described phone number;

Described security server, according to described security configuration information, obtains the safe indication information corresponding with described service identification;

If described safe indication information is the first instruction safely, described security server, according to described phone number, obtains the key corresponding with described phone number.

If described safe indication information is the second instruction safely, described security server sends described identifying code to described service server.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described security server, according to described phone number, before obtaining the security configuration information corresponding with described phone number, also comprises:

Described security server receives identification information and the described security configuration information of the described certification end of described certification end based on HTTPS transmission;

Described security server, according to the identification information of described certification end, obtains the described phone number corresponding with the identification information of described certification end;

Described security server is bound described phone number and described security configuration information, to generate the corresponding relation of described phone number and security configuration information.

Another aspect of the present invention, provides a kind of identity identifying method, comprising:

Key, the identification information of described certification end and the end message of place terminal of certification end to random generation carries out Hash operation, to obtain the first cryptographic Hash;

Described certification end, with short message, sends described the first cryptographic Hash to security server;

Described certification end is based on HTTPS, send identification information and the described end message of described key, described certification end to described security server, to make identification information and the described end message of described security server to described key, described certification end carry out described Hash operation, to obtain the second cryptographic Hash; If described the second cryptographic Hash is consistent with described the first cryptographic Hash, identification information and the described end message of described security server to the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described certification end, based on HTTPS, after described security server sends the identification information and described end message of described key, described certification end, also comprises:

Described certification end receives the first indication information that described security server sends, and to indicate, gesture password is set, and sends with the consistent described security server of described the first cryptographic Hash if described the first indication information is described the second cryptographic Hash;

Described certification end and described security server carry out alternately, so that the gesture password of described certification end to be set.

Described certification end receives the second indication information that described security server sends, and to indicate checking gesture password, sends with the consistent described security server of described the first cryptographic Hash if described the first indication information is described the second cryptographic Hash;

Described certification end and described security server carry out alternately, to verify the gesture password of described certification end.

Described certification end is based on HTTPS, send identification information and the described security configuration information of described certification end to described security server, to make described security server according to the identification information of described certification end, obtain the described phone number corresponding with the identification information of described certification end, described phone number and described security configuration information are bound, to generate the corresponding relation of described phone number and security configuration information.

Certification end receives the encrypted authentication information that service server sends;

Described certification end utilizes the key of storage, described encrypted authentication information is decrypted to processing, to obtain identifying code;

Described certification end represents described identifying code.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described certification end represents described identifying code, comprising:

Described certification end, with picture form, represents described identifying code.

Another aspect of the present invention, provides a kind of ID authentication device, comprising:

Receiving element, the authentication information sending for receiving service server, described authentication information comprises identifying code and user's to be certified phone number;

Obtain unit, for according to described phone number, obtain the key corresponding with described phone number;

Ciphering unit, for utilizing described key, is encrypted described identifying code, to obtain encrypted authentication information;

Transmitting element, for sending described encrypted authentication information, to make described service server send described encrypted authentication information according to described phone number with short message to described service server.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described equipment also comprises hash units and binding unit; Wherein,

Described receiving element, the first cryptographic Hash also sending with short message for receiving certification end, described the first cryptographic Hash is that the end message of the identification information of described certification end to the described key of random generation, described certification end and place terminal carries out Hash operation and obtains;

Described receiving element, the described key, identification information and the described end message of described certification end that also send based on HTTPS for receiving described certification end;

Described hash units, carries out described Hash operation for the identification information to described key, described certification end and described end message, to obtain the second cryptographic Hash;

Described binding unit, if consistent with described the first cryptographic Hash for described the second cryptographic Hash, to identification information and the described end message of the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described equipment also comprises gesture unit; Wherein,

Described transmitting element, if also consistent with described the first cryptographic Hash for described the second cryptographic Hash, sends the first indication information to described certification end, to indicate, gesture password is set;

Described setting unit, for carrying out alternately with described certification end, so that the gesture password of described certification end to be set.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation,

Described transmitting element, if also consistent with described the first cryptographic Hash for described the second cryptographic Hash, sends the second indication information to described certification end, to indicate checking gesture password;

Described gesture unit, also for carrying out alternately with described certification end, to verify the gesture password of described certification end.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described authentication information also comprises the corresponding service identification of described service server; Described acquisition unit, specifically for

According to described phone number, obtain the security configuration information corresponding with described phone number;

According to described security configuration information, obtain the safe indication information corresponding with described service identification; And

If described safe indication information is the first instruction safely, according to described phone number, obtain the key corresponding with described phone number.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, described transmitting element, also for

If described safe indication information is the second instruction safely, send described identifying code to described service server.

Described receiving element, also for receiving identification information and the described security configuration information of the described certification end of described certification end based on HTTPS transmission;

Described acquisition unit, also, for according to the identification information of described certification end, obtains the described phone number corresponding with the identification information of described certification end;

Described binding unit, also for binding described phone number and described security configuration information, to generate the corresponding relation of described phone number and security configuration information.

Hash units, carries out Hash operation for the end message of the identification information to the described key of random generation, described certification end and place terminal, to obtain the first cryptographic Hash;

Transmitting element, for short message, sends described the first cryptographic Hash to security server;

Described transmitting element, also for based on HTTPS, send identification information and the described end message of described key, described certification end to described security server, to make identification information and the described end message of described security server to described key, described certification end carry out described Hash operation, to obtain the second cryptographic Hash; If described the second cryptographic Hash is consistent with described the first cryptographic Hash, identification information and the described end message of described security server to the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, and described equipment also comprises:

Receiving element, the first indication information sending for receiving described security server, arranges gesture password to indicate, and sends with the consistent described security server of described the first cryptographic Hash if described the first indication information is described the second cryptographic Hash;

Gesture unit, for carrying out alternately with described security server, so that the gesture password of described certification end to be set.

Described receiving element, the second indication information also sending for receiving described security server, to indicate checking gesture password, sends with the consistent described security server of described the first cryptographic Hash if described the first indication information is described the second cryptographic Hash;

Described gesture unit, also for carrying out alternately with described security server, to verify the gesture password of described certification end.

Described transmitting element, also for based on HTTPS, send identification information and the described security configuration information of described certification end to described security server, to make described security server according to the identification information of described certification end, obtain the described phone number corresponding with the identification information of described certification end, described phone number and described security configuration information are bound, to generate the corresponding relation of described phone number and security configuration information.

Receiving element, the encrypted authentication information sending for receiving service server;

Decryption unit, for utilizing the key of storage, is decrypted processing to described encrypted authentication information, to obtain identifying code;

Represent unit, for representing described identifying code.

Aspect as above and arbitrary possible implementation, further provide a kind of implementation, described in represent unit, specifically for

With picture form, represent described identifying code.

As shown from the above technical solution, on the one hand, the embodiment of the present invention receives by security server the authentication information that service server sends, described authentication information comprises identifying code and user's to be certified phone number, and then according to described phone number, obtain the key corresponding with described phone number, utilize described key, described identifying code is encrypted, to obtain encrypted authentication information, make described security server to send described encrypted authentication information to described service server, to make described service server send described encrypted authentication information according to described phone number with short message, because the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

As shown from the above technical solution, on the other hand, the embodiment of the present invention is the key to random generation by certification end, the end message of the identification information of described certification end and place terminal carries out Hash operation, to obtain the first cryptographic Hash, and then with short message, send described the first cryptographic Hash to security server, make the described certification end can be based on HTTPS, send described key to described security server, the identification information of described certification end and described end message, like this, described security server can be to described key, the identification information of described certification end and described end message carry out described Hash operation, to obtain the second cryptographic Hash, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server is to the described phone number obtaining according to described short message and described key, the identification information of described certification end and described end message, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message, because key can be for the identifying code of secure service generation that server is bound, therefore, the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

As shown from the above technical solution, on the other hand, the embodiment of the present invention receives by certification end the encrypted authentication information that service server sends, and then the key of utilization storage, described encrypted authentication information is decrypted to processing, to obtain identifying code, make described certification end can represent described identifying code, because the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

[brief description of the drawings]

In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.

The schematic flow sheet of a kind of identity identifying method that Fig. 1 provides for one embodiment of the invention;

The schematic flow sheet of the another kind of identity identifying method that Fig. 2 provides for another embodiment of the present invention;

The schematic flow sheet of the another kind of identity identifying method that Fig. 3 provides for another embodiment of the present invention;

The initialized schematic flow sheet in certification end in the another kind of identity identifying method that Fig. 4 provides for another embodiment of the present invention;

The schematic flow sheet of identifying code processing in the another kind of identity identifying method that Fig. 5 provides for another embodiment of the present invention;

The structural representation of a kind of ID authentication device that Fig. 6 provides for another embodiment of the present invention;

The structural representation of the another kind of ID authentication device that Fig. 7 provides for another embodiment of the present invention;

The structural representation of the another kind of ID authentication device that Fig. 8 provides for another embodiment of the present invention;

The structural representation of a kind of ID authentication device that Fig. 9 provides for another embodiment of the present invention;

The structural representation of the another kind of ID authentication device that Figure 10 provides for another embodiment of the present invention;

The structural representation of the another kind of ID authentication device that Figure 11 provides for another embodiment of the present invention.

[embodiment]

For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.

It should be noted that, in the embodiment of the present invention, related terminal can include but not limited to mobile phone, personal digital assistant (Personal Digital Assistant, PDA), radio hand-held equipment, wireless Internet access basis, PC, portable computer, MP3 player, MP4 player etc.

In addition, term "and/or" herein, is only a kind of incidence relation of describing affiliated partner, and expression can exist three kinds of relations, and for example, A and/or B, can represent: individualism A exists A and B, these three kinds of situations of individualism B simultaneously.In addition, character "/" herein, generally represents that forward-backward correlation is to liking a kind of relation of "or".

The schematic flow sheet of a kind of identity identifying method that Fig. 1 provides for one embodiment of the invention, as shown in Figure 1.

101, security server receives the authentication information that service server sends, and described authentication information comprises identifying code and user's to be certified phone number.

102, described security server, according to described phone number, obtains the key corresponding with described phone number.

103, described security server utilizes described key, described identifying code is encrypted, to obtain encrypted authentication information.

104, described security server sends described encrypted authentication information to described service server, to make described service server send described encrypted authentication information according to described phone number with short message.

It should be noted that, 101～104 executive agent is security server, can be positioned at network side.

In the present embodiment, user can, by application, carry out the business that this application provides.In some cases, for example, the situation such as pay, need to utilize short-message verification code to carry out authentication.Service server is according to the identifying code generation strategy setting in advance, for user generates the identifying code for carrying out authentication.Now, service server is no longer directly with short message, the terminal that sends to user to be certified to use identifying code, but identifying code and user's to be certified phone number is sent to security server.

Like this, receive by security server the authentication information that service server sends, described authentication information comprises identifying code and user's to be certified phone number, and then according to described phone number, obtain the key corresponding with described phone number, utilize described key, described identifying code is encrypted, to obtain encrypted authentication information, make described security server to send described encrypted authentication information to described service server, to make described service server send described encrypted authentication information according to described phone number with short message, because the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

Alternatively, in one of the present embodiment possible implementation, before 102, described security server can also further receive the first cryptographic Hash that certification end sends with short message, described the first cryptographic Hash is the described key of described certification end to random generation, the end message of the identification information of described certification end and place terminal carries out Hash operation and obtains, and receive described certification end based on Secure Hypertext Transfer Protocol (Hypertext Transfer Protocol over Secure Socket Layer, HTTPS) the described key sending, the identification information of described certification end and described end message.Wherein, the Hash operation that described certification end adopts, can include but not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment is not particularly limited this.Then, described security server can carry out described Hash operation to the identification information of described key, described certification end and described end message, to obtain the second cryptographic Hash.If described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server can be to identification information and the described end message of the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message, according to this corresponding relation, obtain the key corresponding with described phone number for described security server.Wherein, the Hash operation that described security server adopts, the Hash operation with described certification end adopts, for identical Hash operation, can include but not limited to MD5, SHA1 or CRC32 scheduling algorithm, the present embodiment is not particularly limited this.

Wherein, described end message can include but not limited to international mobile subscriber identity (International Mobile Subscriber Identity, IMSI) at least one item and in International Mobile Equipment Identity identification code (International Mobile Equipment Identity, IMEI).

It should be noted that, because time parameter has standard and uniqueness, make lawless person be not easy to obtain current time, described certification end is the end message of the identification information to the described key of random generation, described certification end and place terminal further, and temporal information carries out Hash operation together, to obtain the first cryptographic Hash.Correspondingly, certification end can also further utilize short message, described the first cryptographic Hash is sent to security server, and based on HTTPS by the identification information of described key, described certification end and described end message, and temporal information sends to security server, can be to the identification information of described key, described certification end and described end message for described security server, and temporal information carries out Hash operation together, to obtain the second cryptographic Hash.

In the present embodiment, the random key generating in certification end, for example, can be the string sequence etc. of 128 bits, and in some cases, security server can also upgrade operation to this key.Particularly, certification end specifically can send random described key, the identification information of described certification end and the end message of place terminal generating in described certification end to security server based on HTTPS.Then, described security server can carry out described Hash operation to the identification information of described key, described certification end and described end message, to obtain the second cryptographic Hash.If described the first cryptographic Hash that described the second cryptographic Hash receives during with initialization is consistent, described security server can be according to the update rule setting in advance for example, exceed the service time of existing key such as the fixed time etc., generates new key, and send to certification end.Like this, certification end can utilize this new key, replaces it the key of front random generation, to realize key updating.

Be understandable that, the identification information of described certification end is that security server is for identifying certification end, if between security server and certification end, adopt the HTTPS based on the corresponding key in certification end, transmitting subscriber information, due to the corresponding escape way of the HTTPS based on the corresponding key in certification end be with certification end one to one, therefore, certification end is without sending the identification information of certification end to security server.

It should be noted that, described certification end, can be with plug-in unit or SDK (Software Development Kit, etc. SDK) form is arranged on local application (Application, App) for example, in Alipay, or can also be arranged in terminal with independent application program (nativeAPP).

Be understandable that, local application can be mounted in the application program (nativeAPP) in terminal, or can also be a webpage (webAPP) of the browser in terminal, as long as the objective reality form that the business that can realize provides can, the present embodiment does not limit this.

Further alternatively, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server can send the first indication information to described certification end, to indicate, gesture password is set.Then, carry out alternately described security server and described certification end, so that the gesture password of described certification end to be set.

Particularly, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server is according to described telephone number, determine that user is for using first certification end, for example, user downloads and installs certification end for the first time, and brings into use, and then send the first indication information to described certification end, to indicate, gesture password is set.

Like this, certification end gathers the gesture of user's input, generates gesture password according to gesture, and then according to gesture password, generates the cryptographic Hash of gesture password.Certification end can send based on HTTPS the cryptographic Hash of described gesture password to security server, to make the cryptographic Hash of described security server to phone number and described gesture password, bind, to generate the corresponding relation of cryptographic Hash of described phone number and described gesture password, utilize this corresponding relation for described security server, carry out the gesture checking of described certification end.

Further, certification end can also be further by the contact number of user's input, send to security server based on HTTPS, the cryptographic Hash of described security server to phone number and described gesture password, and contact number is bound, to generate the cryptographic Hash of described phone number and described gesture password, the corresponding relation of contact number, utilize this corresponding relation for described security server, carry out the resetting of gesture password of described certification end.

The gesture password of certification end is set by security server, make lawless person allow to obtain the terminal that carries certification end, also certification end cannot be started, to use certification end to decipher the encrypted authentication information that service server was sent, the reliability of authentication can be effectively improved.

In the present embodiment, the gesture password of set this certification end, certification end, user can also initiatively upgrade operation to this gesture password.Particularly, certification end specifically can send to security server identification information and the gesture replacement instruction of described certification end.And then described security server can, according to the identification information of described certification end, obtain the contact number corresponding with the identification information of described certification end.Then, described security server can, according to described contact number, by the new key generating at random, send with short message.User can be in certification end, the identifying code that input contact number institute counterpart terminal represents, and the new gesture of certification end collection user input, generate new gesture password according to new gesture, and then according to new gesture password, generate the cryptographic Hash of new gesture password.Certification end can send based on HTTPS the cryptographic Hash of described identifying code and described new gesture password to security server, to make after described security server is verified described identifying code, to the cryptographic Hash of phone number and described new gesture password, bind, to generate the corresponding relation of cryptographic Hash of described phone number and described new gesture password, utilize this corresponding relation for described security server, carry out the gesture checking of described certification end.

Be understandable that, the identification information of described certification end is that security server is for identifying certification end, if between security server and certification end, adopt the HTTPS based on the corresponding key in certification end, transmission gesture is reset and is indicated, due to the corresponding escape way of the HTTPS based on the corresponding key in certification end be with certification end one to one, therefore, certification end is without sending the identification information of certification end to security server.

Further alternatively, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server can send the second indication information to described certification end, to indicate checking gesture password.Then, carry out alternately described security server and described certification end, to verify the gesture password of described certification end.

Particularly, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server is according to described telephone number, determine that user is the non-certification end that uses first, for example, user once unloaded certification end, download and install again or reinstall certification end, and bring into use, and then send the second indication information to described certification end, to indicate checking gesture password.

Like this, certification end gathers the gesture of user's input, generates gesture password according to gesture, and then according to gesture password, generates the cryptographic Hash of gesture password.Certification end can send based on HTTPS the cryptographic Hash of described gesture password to security server, to make described security server utilize the corresponding relation of the described phone number of bound generation and the cryptographic Hash of described gesture password, to the cryptographic Hash of described gesture password, verify.

Alternatively, in one of the present embodiment possible implementation, in 101, the described authentication information that security server receives can further include the corresponding service identification of described service server, for example, mark of the mark of Alipay, China Merchants Bank etc.Correspondingly, in 102, described security service implement body can, according to described phone number, obtain the security configuration information corresponding with described phone number, and described security configuration information can include but not limited to service identification and safe indication information.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function; The described second instruction safely, is used to indicate not open-authentication code encryption function.And then described security server, according to described security configuration information, obtains the safe indication information corresponding with described service identification.If described safe indication information is the first instruction safely, described security server can, according to described phone number, obtain the key corresponding with described phone number.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function.

Further alternatively, if described safe indication information is the second instruction safely, described security server directly sends described identifying code to described service server, no longer identifying code is carried out to any operation.Wherein, the described second instruction safely, is used to indicate not open-authentication code encryption function.

Further alternatively, described security server is before obtaining the security configuration information corresponding with described phone number, can also further receive identification information and the described security configuration information of the described certification end of described certification end based on HTTPS transmission, and then according to the identification information of described certification end, obtain the described phone number corresponding with the identification information of described certification end.Then, described security server can be bound described phone number and described security configuration information, to generate the corresponding relation of described phone number and security configuration information, according to this corresponding relation, obtain the security configuration information corresponding with described phone number for described security server.Particularly, described security configuration information can include but not limited to service identification and safe indication information.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function; The described second instruction safely, is used to indicate not open-authentication code encryption function.

Be understandable that, the identification information of described certification end is that security server is for identifying certification end, if between security server and certification end, adopt the HTTPS based on the corresponding key in certification end, transmission security configuration information, due to the corresponding escape way of the HTTPS based on the corresponding key in certification end be with certification end one to one, therefore, certification end is without sending the identification information of certification end to security server.

Be understandable that, related key in the present embodiment, at the storage mode of certification end, can adopt various ways, and the present embodiment is not particularly limited this.

For example, to the random key generating in certification end, be encrypted, then be stored in certification end.For the cryptographic algorithm of encryption key, can adopt the form of C/C++ language development SO expansion module to realize.Specifically can be by the key for encryption key, segmentation is broken up, and is stored in SO expansion module.For the key of encryption key, can with the end message of terminal carry out associated, to ensure that the key of each terminal is unique.

In the present embodiment, receive by security server the authentication information that service server sends, described authentication information comprises identifying code and user's to be certified phone number, and then according to described phone number, obtain the key corresponding with described phone number, utilize described key, described identifying code is encrypted, to obtain encrypted authentication information, make described security server to send described encrypted authentication information to described service server, to make described service server send described encrypted authentication information according to described phone number with short message, because the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

The schematic flow sheet of the another kind of identity identifying method that Fig. 2 provides for another embodiment of the present invention, as shown in Figure 2.

201, key, the identification information of described certification end and the end message of place terminal of certification end to random generation carries out Hash operation, to obtain the first cryptographic Hash.

Wherein, the Hash operation that described certification end adopts, can include but not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment is not particularly limited this.

202, described certification end, with short message, sends described the first cryptographic Hash to security server.

203, described certification end is based on HTTPS, send identification information and the described end message of described key, described certification end to described security server, to make identification information and the described end message of described security server to described key, described certification end carry out described Hash operation, to obtain the second cryptographic Hash; If described the second cryptographic Hash is consistent with described the first cryptographic Hash, identification information and the described end message of described security server to the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

Wherein, the Hash operation that described security server adopts, the Hash operation with described certification end adopts, for identical Hash operation, can include but not limited to MD5, SHA1 or CRC32 scheduling algorithm, the present embodiment is not particularly limited this.

It should be noted that, 201～203 executive agent authentication authorization and accounting end, can be with plug-in unit or SDK (Software Development Kit, etc. SDK) form is arranged on local application (Application, App) for example, in Alipay, or can also be arranged in terminal with independent application program (nativeAPP).

Like this, key by certification end to random generation, the end message of the identification information of described certification end and place terminal carries out Hash operation, to obtain the first cryptographic Hash, and then with short message, send described the first cryptographic Hash to security server, make the described certification end can be based on HTTPS, send described key to described security server, the identification information of described certification end and described end message, like this, described security server can be to described key, the identification information of described certification end and described end message carry out described Hash operation, to obtain the second cryptographic Hash, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server is to the described phone number obtaining according to described short message and described key, the identification information of described certification end and described end message, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message, the identifying code that can generate for secure service server due to key, therefore, the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

Alternatively, in one of the present embodiment possible implementation, after 203, described certification end can also further receive the first indication information that described security server sends, with instruction, gesture password is set, sends with the consistent described security server of described the first cryptographic Hash if described the first indication information is described the second cryptographic Hash.Then, described certification end and described security server carry out alternately, so that the gesture password of described certification end to be set.

Alternatively, in one of the present embodiment possible implementation, after 203, described certification end can also further receive the second indication information that described security server sends, with instruction checking gesture password, if being described the second cryptographic Hash, described the first indication information sends with the consistent described security server of described the first cryptographic Hash.Then, described certification end and described security server carry out alternately, to verify the gesture password of described certification end.

Alternatively, in one of the present embodiment possible implementation, after 203, described certification end can also be further based on HTTPS, send identification information and the described security configuration information of described certification end to described security server, to make described security server according to the identification information of described certification end, obtain the described phone number corresponding with the identification information of described certification end, described phone number and described security configuration information are bound, to generate the corresponding relation of described phone number and security configuration information, for described security server according to this corresponding relation, obtain the security configuration information corresponding with described phone number.

Described security configuration information can include but not limited to service identification and safe indication information.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function; The described second instruction safely, is used to indicate not open-authentication code encryption function.

Like this, described security server just can be according to described security configuration information, and then the corresponding service identification of included described service server in the described authentication information sending in conjunction with service server again, obtain the safe indication information corresponding with described service identification.If described safe indication information is the first instruction safely, described security server can, according to described phone number, obtain the key corresponding with described phone number.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function.Described security server can utilize described key, the identifying code that service server is sent is encrypted, to obtain encrypted authentication information, make described security server to send described encrypted authentication information to described service server, to make described service server send described encrypted authentication information according to described phone number with short message.

In the present embodiment, key by certification end to random generation, the end message of the identification information of described certification end and place terminal carries out Hash operation, to obtain the first cryptographic Hash, and then with short message, send described the first cryptographic Hash to security server, make the described certification end can be based on HTTPS, send described key to described security server, the identification information of described certification end and described end message, like this, described security server can be to described key, the identification information of described certification end and described end message carry out described Hash operation, to obtain the second cryptographic Hash, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server is to the described phone number obtaining according to described short message and described key, the identification information of described certification end and described end message, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message, the identifying code that can generate for secure service server due to key, therefore, the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

The schematic flow sheet of the another kind of identity identifying method that Fig. 3 provides for another embodiment of the present invention, as shown in Figure 3.

301, certification end receives the encrypted authentication information that service server sends.

302, described certification end utilizes the key of storage, described encrypted authentication information is decrypted to processing, to obtain identifying code.

303, described certification end represents described identifying code.

It should be noted that, 301～303 executive agent authentication authorization and accounting end, can be with plug-in unit or SDK (Software Development Kit, etc. SDK) form is arranged on local application (Application, App) for example, in Alipay, or can also be arranged in terminal with independent application program (nativeAPP).

Like this, receive by certification end the encrypted authentication information that service server sends, and then utilize the key of storing, described encrypted authentication information is decrypted to processing, to obtain identifying code, make described certification end can represent described identifying code, because the content of identifying code is no longer expressly, even if make to be intercepted and captured by lawless person, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

Alternatively, in one of the present embodiment possible implementation, in 301, the short message of real-time listening this locality is mainly responsible in certification end, can intercept and capture the encrypted authentication information through encryption being sent by service server.

Alternatively, in one of the present embodiment possible implementation, in 303, described certification end specifically can, with picture form, represent described identifying code.Like this, the clear content of identifying code can be reduced in the life cycle of the region of memory of terminal, the reliability of authentication can be further improved.

Alternatively, in one of the present embodiment possible implementation, after 303, user can be in the corresponding application of the business that identifying code is provided, the described identifying code that input authentication end represents.And then this application can send this identifying code to service server, so that described service server is verified described identifying code, to complete authentication.

In the present embodiment, receive by certification end the encrypted authentication information that service server sends, and then utilize the key of storing, described encrypted authentication information is decrypted to processing, to obtain identifying code, make described certification end can represent described identifying code, because the content of identifying code is no longer expressly, even if make to be intercepted and captured by lawless person, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

For the method that the embodiment of the present invention is provided is clearer, below will be with third party's business platform (TP) as an example.

The initialized schematic flow sheet in certification end in the another kind of identity identifying method that Fig. 4 provides for another embodiment of the present invention.

401, key, the mark (IDentity, ID) of described certification end and the IMSI of place terminal and the IMEI of certification end to random generation carries out Hash operation, to obtain the first cryptographic Hash.

402, described certification end, with short message, sends described the first cryptographic Hash to security server.

Like this, described security server can be according to described short message, and access authentication end place terminal is the phone number of terminal that user uses.

403, described certification end, based on HTTPS, sends IMSI and the IMEI of the ID of described key, described certification end, described terminal to described security server.

Be understandable that, 402 and 403 execution does not have permanent order, and 402 can carry out before 403, or can also carry out with 403 simultaneously, or can also after 403, carry out, and the present embodiment is not particularly limited this.

404, ID, IMSI and the IMEI of described terminal of described security server to described key, described certification end carries out described Hash operation, to obtain the second cryptographic Hash.

If 405 described the second cryptographic Hash are consistent with described the first cryptographic Hash, IMSI and the IMEI of described security server to the described phone number obtaining according to described short message and described key, the ID of described certification end, described terminal, bind, to generate described phone number and described key, the ID of described certification end, the IMSI of described terminal and the corresponding relation of IMEI.

If described the second cryptographic Hash is consistent with described the first cryptographic Hash, process ends of described security server.

406, described security server, according to described telephone number, determines that whether user is for using first certification end.

If 407 users are for using first certification end, described security server sends the first indication information to described certification end, to indicate, gesture password is set, and then described certification end and described security server carry out alternately, so that the gesture password of described certification end to be set.

If 408 users are the non-certification end that uses first, described security server sends the second indication information to described certification end, and to indicate checking gesture password, and then described certification end and described security server carry out alternately, to verify the gesture password of described certification end.

So far, the initialization flow performing of certification end is complete, and the short message that certification end can real-time listening place terminal, to intercept and capture the encrypted authentication information through encryption being sent by service server.

The schematic flow sheet of identifying code processing in the another kind of identity identifying method that Fig. 5 provides for another embodiment of the present invention.User can, by application, carry out the business that this application provides.In some cases, for example, the situation such as pay, need to utilize short-message verification code to carry out authentication.Service server is according to the identifying code generation strategy setting in advance, for user generates the identifying code for carrying out authentication.Now, service server is no longer directly with short message, the terminal that sends to user to be certified to use identifying code, but identifying code and user's to be certified phone number is sent to security server.

501, service server sends authentication information to security server, and described authentication information comprises identifying code, user's to be certified phone number and the corresponding service identification of described service server.

502, described security server, according to described phone number, obtains the security configuration information corresponding with described phone number, and then according to described security configuration information, obtains the safe indication information corresponding with described service identification.

Particularly, described security configuration information specifically can comprise the first instruction and second instruction safely safely.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function; The described second instruction safely, is used to indicate not open-authentication code encryption function.

Further, after certification end initialization flow performing is complete, and before 502, described certification end can also further adopt the HTTPS based on the corresponding key in certification end, send described security configuration information to security server, and then described phone number and described security configuration information to the certification end corresponding with the corresponding escape way of this HTTS bound, to generate the corresponding relation of described phone number and security configuration information, according to this corresponding relation, obtain the security configuration information corresponding with described phone number for described security server.

If 503 described safe indication informations are the first instruction safely, described security server is according to described phone number, and the described phone number and described key, the ID of described certification end, the IMSI of described terminal and the corresponding relation of IMEI that generate bound, obtain the key corresponding with described phone number.

If described safe indication information is the second instruction safely, described security server directly sends described identifying code to described service server, no longer identifying code is carried out to any operation.Like this, service server, again according to normal flow, according to described phone number, sends described identifying code with short message.Service server sends the detailed description of identifying code and terminal Receipt Validation code, can, referring to related content of the prior art, repeat no more herein.

504, described security server utilizes described key, described identifying code is encrypted, to obtain encrypted authentication information.

505, described security server sends described encrypted authentication information to described service server.

506, described service server, according to described phone number, sends described encrypted authentication information with short message.

Like this, certification end can intercept the encrypted authentication information that service server sends.

507, described certification end utilizes the key of storage, described encrypted authentication information is decrypted to processing, to obtain identifying code.

508, described certification end, with picture form, represents described identifying code.

So far, identifying code handling process is finished, and user can be in the corresponding application of the business that identifying code is provided, the described identifying code that input authentication end represents.And then this application can send this identifying code to service server, so that described service server is verified described identifying code, to complete authentication., because the content of identifying code is no longer expressly, even if make to be intercepted and captured by lawless person, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

It should be noted that, for aforesaid each embodiment of the method, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the present invention is not subject to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.

In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part of detailed description, can be referring to the associated description of other embodiment.

The structural representation of a kind of ID authentication device that Fig. 6 provides for another embodiment of the present invention, as shown in Figure 6.The ID authentication device of the present embodiment can comprise receiving element 61, obtain unit 62, ciphering unit 63 and transmitting element 64.Wherein, receiving element 61, the authentication information sending for receiving service server, described authentication information comprises identifying code and user's to be certified phone number; Obtain unit 62, for according to described phone number, obtain the key corresponding with described phone number; Ciphering unit 63, for utilizing described key, is encrypted described identifying code, to obtain encrypted authentication information; Transmitting element 64, for sending described encrypted authentication information, to make described service server send described encrypted authentication information according to described phone number with short message to described service server.

It should be noted that, the ID authentication device that the present embodiment provides, can be security server, can be positioned at network side.

The function of security server in embodiment corresponding to Fig. 1～Fig. 5, the ID authentication device that all can be provided by the present embodiment is realized.

Alternatively, as shown in Figure 7, another embodiment of the present invention can also provide another kind of ID authentication device, and the embodiment corresponding with Fig. 6 compares, and can further include hash units 71 and binding unit 72.Wherein,

Described receiving element 61, can also be further used for receiving the first cryptographic Hash that certification end sends with short message, described the first cryptographic Hash is that the end message of the identification information of described certification end to the described key of random generation, described certification end and place terminal carries out Hash operation and obtains;

Described receiving element 61, can also be further used for receiving the described key that described certification end sends based on HTTPS, identification information and the described end message of described certification end;

Described hash units 71, carries out described Hash operation for the identification information to described key, described certification end and described end message, to obtain the second cryptographic Hash; Wherein, the Hash operation that described security server adopts, the Hash operation with described certification end adopts, for identical Hash operation, can include but not limited to MD5, SHA1 or CRC32 scheduling algorithm, the present embodiment is not particularly limited this.

Described binding unit 72, if consistent with described the first cryptographic Hash for described the second cryptographic Hash, to identification information and the described end message of the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

Wherein, described end message can include but not limited at least one in IMSI and IMEI.

Alternatively, as shown in Figure 8, another embodiment of the present invention can also provide another kind of ID authentication device, and the embodiment corresponding with Fig. 7 compares, and can further include gesture unit 81.Wherein,

Described transmitting element 64, if also consistent with described the first cryptographic Hash for described the second cryptographic Hash, sends the first indication information to described certification end, to indicate, gesture password is set;

Described gesture unit 81, for carrying out alternately with described certification end, so that the gesture password of described certification end to be set.

Like this, certification end gathers the gesture of user's input, generates gesture password according to gesture, and then according to gesture password, generates the cryptographic Hash of gesture password.Certification end can send based on HTTPS the cryptographic Hash of described gesture password to security server, so that obtain the cryptographic Hash of gesture unit 81 to phone number and described gesture password, bind, to generate the corresponding relation of cryptographic Hash of described phone number and described gesture password, utilize this corresponding relation for described gesture unit 81, carry out the gesture checking of described certification end.

Further alternatively, described transmitting element 64, if it is consistent with described the first cryptographic Hash to be further used for described the second cryptographic Hash, sends the second indication information to described certification end, to indicate checking gesture password; Correspondingly, described gesture unit 81, can also be further used for carrying out alternately with described certification end, to verify the gesture password of described certification end.

Like this, certification end gathers the gesture of user's input, generates gesture password according to gesture, and then according to gesture password, generates the cryptographic Hash of gesture password.Certification end can send based on HTTPS the cryptographic Hash of described gesture password to security server, to make described gesture unit 81 utilize the corresponding relation of the described phone number of bound generation and the cryptographic Hash of described gesture password, to the cryptographic Hash of described gesture password, verify.

Alternatively, in one of the present embodiment possible implementation, described receiving element 61, identification information and the described security configuration information that can also be further used for receiving the described certification end of described certification end based on HTTPS transmission, described security configuration information can include but not limited to service identification and safe indication information.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function; The described second instruction safely, is used to indicate not open-authentication code encryption function; Described acquisition unit 62, can also be further used for the identification information according to described certification end, obtains the described phone number corresponding with the identification information of described certification end; Described binding unit, can also be further used for described phone number and described security configuration information to bind, to generate the corresponding relation of described phone number and security configuration information.

Alternatively, in one of the present embodiment possible implementation, described receiving element 61, the described authentication information receiving can further include the corresponding service identification of described service server; Correspondingly, described acquisition unit 62, specifically can, for according to described phone number, obtain the security configuration information corresponding with described phone number; According to described security configuration information, obtain the safe indication information corresponding with described service identification; And if described safe indication information be first safely instruction, according to described phone number, obtain the key corresponding with described phone number.Wherein, the described first instruction safely, is used to indicate open-authentication code encryption function.

In addition, described transmitting element 64, is the second instruction safely if can also be further used for described safe indication information, sends described identifying code to described service server.Wherein, the described second instruction safely, is used to indicate not open-authentication code encryption function.

The structural representation of the another kind of ID authentication device that Fig. 9 provides for another embodiment of the present invention, as shown in Figure 9.The ID authentication device that the present embodiment provides can comprise hash units 91 and transmitting element 92.Wherein, hash units 91, carries out Hash operation for the end message of the identification information to the described key of random generation, described certification end and place terminal, to obtain the first cryptographic Hash; Transmitting element 92, for short message, sends described the first cryptographic Hash to security server; Described transmitting element 92, also for based on HTTPS, send identification information and the described end message of described key, described certification end to described security server, to make identification information and the described end message of described security server to described key, described certification end carry out described Hash operation, to obtain the second cryptographic Hash; If described the second cryptographic Hash is consistent with described the first cryptographic Hash, identification information and the described end message of described security server to the described phone number obtaining according to described short message and described key, described certification end, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message.

It should be noted that, the ID authentication device that the present embodiment provides can be certification end, can be with plug-in unit or SDK (Software Development Kit, etc. SDK) form is arranged on local application (Application, App) for example, in Alipay, or can also be arranged in terminal with independent application program (nativeAPP).

The function of certification end in embodiment corresponding to Fig. 1～Fig. 5, the ID authentication device that all can be provided by the present embodiment is realized.

Alternatively, as shown in figure 10, another embodiment of the present invention can also provide another kind of ID authentication device, and the embodiment corresponding with Fig. 9 compares, and can further include receiving element 1001 and gesture unit 1002.

Receiving element 1001, the first indication information sending for receiving described security server, arranges gesture password to indicate, and sends with the consistent described security server of described the first cryptographic Hash if described the first indication information is described the second cryptographic Hash;

Gesture unit 1002, for carrying out alternately with described security server, so that the gesture password of described certification end to be set.

Like this, gesture unit gathers the gesture of user's input, generates gesture password according to gesture, and then according to gesture password, generates the cryptographic Hash of gesture password.Gesture unit can send based on HTTPS the cryptographic Hash of described gesture password to security server, to make the cryptographic Hash of described security server to phone number and described gesture password, bind, to generate the corresponding relation of cryptographic Hash of described phone number and described gesture password, utilize this corresponding relation for described security server, carry out the gesture checking of described certification end.

Alternatively, in one of the present embodiment possible implementation, described receiving element 1001, can also be further used for receiving the second indication information that described security server sends, with instruction checking gesture password, if being described the second cryptographic Hash, described the first indication information sends with the consistent described security server of described the first cryptographic Hash; Described gesture unit 1002, can also be further used for carrying out alternately with described security server, to verify the gesture password of described certification end.

Like this, gesture unit gathers the gesture of user's input, generates gesture password according to gesture, and then according to gesture password, generates the cryptographic Hash of gesture password.Gesture unit can send based on HTTPS the cryptographic Hash of described gesture password to security server, to make described security server utilize the corresponding relation of the described phone number of bound generation and the cryptographic Hash of described gesture password, to the cryptographic Hash of described gesture password, verify.

Alternatively, in one of the present embodiment possible implementation, described transmitting element 92, can also be further used for based on HTTPS, send identification information and the described security configuration information of described certification end to described security server, to make described security server according to the identification information of described certification end, obtain the described phone number corresponding with the identification information of described certification end, described phone number and described security configuration information are bound, to generate the corresponding relation of described phone number and security configuration information.

In the present embodiment, key by hash units to random generation, the end message of the identification information of described certification end and place terminal carries out Hash operation, to obtain the first cryptographic Hash, and then by transmitting element with short message, send described the first cryptographic Hash to security server, make the transmitting element can be based on HTTPS, send described key to described security server, the identification information of described certification end and described end message, like this, described security server can be to described key, the identification information of described certification end and described end message carry out described Hash operation, to obtain the second cryptographic Hash, if described the second cryptographic Hash is consistent with described the first cryptographic Hash, described security server is to the described phone number obtaining according to described short message and described key, the identification information of described certification end and described end message, bind, to generate described phone number and described key, the identification information of described certification end and the corresponding relation of described end message, the identifying code that can generate for secure service server due to key, therefore, the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

The structural representation of the another kind of ID authentication device that Figure 11 provides for another embodiment of the present invention, as shown in figure 11.The ID authentication device that the present embodiment provides can comprise receiving element 1101, decryption unit 1102 and represent unit 1103.Wherein, receiving element 1101, the encrypted authentication information sending for receiving service server; Decryption unit 1102, for utilizing the key of storage, is decrypted processing to described encrypted authentication information, to obtain identifying code; Represent unit 1103, for representing described identifying code.

Alternatively, in one of the present embodiment possible implementation, described in represent unit 1103, specifically can, for picture form, represent described identifying code.Like this, the clear content of identifying code can be reduced in the life cycle of the region of memory of terminal, the reliability of authentication can be further improved.

In the present embodiment, receive by receiving element the encrypted authentication information that service server sends, and then the key of being stored by decryption unit utilization, described encrypted authentication information is decrypted to processing, to obtain identifying code, make to represent unit and can represent described identifying code, because the content of identifying code is no longer expressly, intercepted and captured by lawless person even if make, still cannot decrypt identifying code, can avoid because identifying code is revealed the account safety problem causing, thereby improve the reliability of authentication.

Those skilled in the art can be well understood to, for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, can, with reference to the corresponding process in preceding method embodiment, not repeat them here.

In several embodiment provided by the present invention, should be understood that, disclosed system, apparatus and method, can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, when actual realization, can have other dividing mode, for example multiple unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.

The described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in multiple network element.Can select according to the actual needs some or all of unit wherein to realize the object of the present embodiment scheme.

In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form that also can adopt hardware to add SFU software functional unit realizes.

The integrated unit that the above-mentioned form with SFU software functional unit realizes, can be stored in a computer read/write memory medium.Above-mentioned SFU software functional unit is stored in a storage medium, comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) or processor (processor) carry out the part steps of method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (Read-Only Memory, ROM), the various media that can be program code stored such as random access memory (Random Access Memory, RAM), magnetic disc or CD.

Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these amendments or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims

1. an identity identifying method, is characterized in that, comprising:

2. method according to claim 1, is characterized in that, described security server, according to described phone number, before obtaining the key corresponding with described phone number, also comprises:

3. method according to claim 2, is characterized in that, described method also comprises:

4. method according to claim 3, is characterized in that, described method also comprises:

5. according to the method described in the arbitrary claim of claim 1～4, it is characterized in that, described authentication information also comprises the corresponding service identification of described service server; Described security server, according to described phone number, obtains the key corresponding with described phone number, comprising:

6. method according to claim 5, is characterized in that, described method also comprises:

7. method according to claim 5, is characterized in that, described security server, according to described phone number, before obtaining the security configuration information corresponding with described phone number, also comprises:

8. an identity identifying method, is characterized in that, comprising:

9. method according to claim 8, is characterized in that, described certification end, based on HTTPS, after described security server sends the identification information and described end message of described key, described certification end, also comprises:

10. method according to claim 9, is characterized in that, described certification end, based on HTTPS, after described security server sends the identification information and described end message of described key, described certification end, also comprises:

Method described in 11. according to Claim 8～10 arbitrary claims, is characterized in that, described certification end, based on HTTPS, after described security server sends the identification information and described end message of described key, described certification end, also comprises:

12. 1 kinds of identity identifying methods, is characterized in that, comprising:

Described certification end represents described identifying code.

13. methods according to claim 12, is characterized in that, described certification end represents described identifying code, comprising:

14. 1 kinds of ID authentication devices, is characterized in that, comprising:

15. equipment according to claim 14, is characterized in that, described equipment also comprises hash units and binding unit; Wherein,

16. equipment according to claim 15, is characterized in that, described equipment also comprises gesture unit; Wherein,

Described gesture unit, for carrying out alternately with described certification end, so that the gesture password of described certification end to be set.

17. equipment according to claim 16, is characterized in that,

18. according to the equipment described in the arbitrary claim of claim 14～17, it is characterized in that, described authentication information also comprises the corresponding service identification of described service server; Described acquisition unit, specifically for

19. equipment according to claim 18, is characterized in that, described transmitting element, also for

20. equipment according to claim 18, is characterized in that,

21. 1 kinds of ID authentication devices, is characterized in that, comprising:

22. equipment according to claim 21, is characterized in that, described equipment also comprises:

23. equipment according to claim 22, is characterized in that,

24. according to the equipment described in the arbitrary claim of claim 21～23, it is characterized in that,

25. 1 kinds of ID authentication devices, is characterized in that, comprising:

Represent unit, for representing described identifying code.

26. equipment according to claim 25, is characterized in that, described in represent unit, specifically for

With picture form, represent described identifying code.