CN104079581B

CN104079581B - Identity identifying method and equipment

Info

Publication number: CN104079581B
Application number: CN201410340397.9A
Authority: CN
Inventors: 金红宇
Original assignee: Individual
Current assignee: Individual
Priority date: 2014-07-16
Filing date: 2014-07-16
Publication date: 2017-07-11
Anticipated expiration: 2034-07-16
Also published as: CN104079581A

Abstract

The present invention provides identity identifying method and equipment.The embodiment of the present invention receives the authentication information that service server sends by security server, the authentication information includes the phone number of identifying code and user to be certified, and then according to the phone number, obtain key corresponding with the phone number, using the key, the identifying code is encrypted, to obtain encrypted authentication information, enable that the security server sends the encrypted authentication information to the service server, to cause that the service server sends the encrypted authentication information according to the phone number with short message, because the content of identifying code is no longer plaintext, even if so that being intercepted and captured by lawless person, still identifying code cannot be decrypted, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.

Description

Identity identifying method and equipment

【Technical field】

The present invention relates to verification technique, more particularly to identity identifying method and equipment.

【Background technology】

With the development of the communication technology, terminal is integrated with increasing function, so that the systemic-function row of terminal More and more corresponding applications (Application, APP) are contained in table.Terminal run these apply when, in certain situation Under, for example, situations such as being paid is, it is necessary to the identifying code sent with short message using short message verification code, carries out authentication.

However, because the content of short message verification code is plaintext, after being intercepted and captured by lawless person, it is easy to utilize the short message Identifying code successfully completes authentication, so as to result in the reduction of the reliability of authentication.

【The content of the invention】

Many aspects of the invention provide identity identifying method and equipment, are used to improve the reliability of authentication.

A kind of an aspect of of the present present invention, there is provided identity identifying method, including：

Security server receives the authentication information that service server sends, and the authentication information includes identifying code With the phone number of user to be certified；

The security server obtains key corresponding with the phone number according to the phone number；

The security server utilizes the key, and the identifying code is encrypted, to obtain encrypted authentication letter Breath；

The security server sends the encrypted authentication information to the service server, to cause the business service Device sends the encrypted authentication information according to the phone number with short message.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the safety clothes Business device before obtaining key corresponding with the phone number, also includes according to the phone number：

The security server receives the first cryptographic Hash that certification end is sent with short message, and first cryptographic Hash is described Certification end carries out Hash behaviour to the end message of the key, the identification information of the certification end and place terminal of random generation Obtain；

The security server receives the certification end and is based on the key, the mark of the certification end that HTTPS sends Information and the end message；

The security server carries out the Kazakhstan to the key, the identification information of the certification end and the end message Uncommon operation, to obtain the second cryptographic Hash；

If second cryptographic Hash is consistent with first cryptographic Hash, the security server is to according to the short message institute The phone number and the key, the identification information of the certification end and the end message for obtaining, are bound, with life Into the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, methods described is also Including：

If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends the to the certification end One configured information, to indicate to set gesture password；

The security server is interacted with the certification end, to set the gesture password of the certification end.

If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends the to the certification end Two configured informations, to indicate to verify gesture password；

The security server is interacted with the certification end, to verify the gesture password of the certification end.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the identity is recognized Card information also includes the service identification corresponding to the service server；The security server is obtained according to the phone number Key corresponding with the phone number is obtained, including：

The security server obtains security configuration information corresponding with the phone number according to the phone number；

The security server obtains safety corresponding with the service identification and indicates letter according to the security configuration information Breath；

If the safe configured information is the first safety indicating, the security server is obtained according to the phone number Key corresponding with the phone number.

If the safe configured information is the second safety indicating, the security server sends institute to the service server State identifying code.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the safety clothes Business device before obtaining security configuration information corresponding with the phone number, also includes according to the phone number：

The security server receives the certification end and is based on the identification information of the certification end that HTTPS sends and described Security configuration information；

The security server is obtained corresponding with the identification information of the certification end according to the identification information of the certification end The phone number；

The security server is bound to the phone number and the security configuration information, to generate the mobile phone The corresponding relation of number and security configuration information.

A kind of another aspect of the present invention, there is provided identity identifying method, including：

Certification end is breathed out by the end message of the key, the identification information of the certification end and place terminal of random generation Uncommon operation, to obtain the first cryptographic Hash；

The certification end sends first cryptographic Hash with short message to security server；

The certification end is based on HTTPS, and the identification information of the key, the certification end is sent to the security server With the end message, with cause the security server to the key, the identification information of the certification end and the terminal Information carries out the hashing operation, to obtain the second cryptographic Hash；If second cryptographic Hash is consistent with first cryptographic Hash, institute The phone number of the security server to being obtained according to the short message is stated to believe with the mark of the key, the certification end Breath and the end message, are bound, with generate the phone number and the key, the identification information of the certification end and The corresponding relation of the end message.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the certification end Based on HTTPS, to the security server send the key, the identification information of the certification end and the end message it Afterwards, also include：

The certification end receives the first configured information that the security server sends, to indicate to set gesture password, institute If it is that second cryptographic Hash security server consistent with first cryptographic Hash sends to state the first configured information；

The certification end interacts with the security server, to set the gesture password of the certification end.

The certification end receives the second configured information that the security server sends, to indicate to verify gesture password, institute If it is that second cryptographic Hash security server consistent with first cryptographic Hash sends to state the first configured information；

The certification end interacts with the security server, to verify the gesture password of the certification end.

The certification end is based on HTTPS, and the identification information and the peace of the certification end are sent to the security server Full configuration information, to cause that the security server, according to the identification information of the certification end, obtains the mark with the certification end The corresponding phone number of knowledge information, binds to the phone number and the security configuration information, described to generate The corresponding relation of phone number and security configuration information.

Certification end receives the encrypted authentication information that service server sends；

The certification end is decrypted treatment, to obtain identifying code using the key of storage to the encrypted authentication information；

The certification end represents the identifying code.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the certification end Represent the identifying code, including：

The certification end represents the identifying code with graphic form.

A kind of another aspect of the present invention, there is provided ID authentication device, including：

Receiving unit, the authentication information for receiving service server transmission, the authentication information includes testing Card code and the phone number of user to be certified；

Obtaining unit, for according to the phone number, obtaining key corresponding with the phone number；

Ciphering unit, for utilizing the key, is encrypted to the identifying code, to obtain encrypted authentication letter Breath；

Transmitting element, for sending the encrypted authentication information to the service server, to cause the business service Device sends the encrypted authentication information according to the phone number with short message.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the equipment is also Including hash units and binding unit；Wherein,

The receiving unit, is additionally operable to receive the first cryptographic Hash that certification end is sent with short message, first cryptographic Hash For the certification end is carried out to the end message of the key, the identification information of the certification end and place terminal of random generation Hashing operation is obtained；

The receiving unit, is additionally operable to receive the certification end and is based on the key, the certification end that HTTPS sends Identification information and the end message；

The hash units, for carrying out institute to the key, the identification information of the certification end and the end message Hashing operation is stated, to obtain the second cryptographic Hash；

The binding unit, if consistent with first cryptographic Hash for second cryptographic Hash, to short being disappeared according to described The phone number and the key, the identification information of the certification end and the end message that breath is obtained, are bound, To generate the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the equipment is also Including gesture unit；Wherein,

The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, to the certification end The first configured information is sent, to indicate to set gesture password；

The setting unit, for being interacted with the certification end, to set the gesture password of the certification end.

Aspect as described above and any possible implementation, it is further provided a kind of implementation,

The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, to the certification end The second configured information is sent, to indicate to verify gesture password；

The gesture unit, is additionally operable to be interacted with the certification end, to verify the gesture password of the certification end.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the identity is recognized Card information also includes the service identification corresponding to the service server；The obtaining unit, specifically for

According to the phone number, security configuration information corresponding with the phone number is obtained；

According to the security configuration information, safe configured information corresponding with the service identification is obtained；And

If the safe configured information is the first safety indicating, according to the phone number, obtain and the phone number Corresponding key.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the transmission list Unit, is additionally operable to

If the safe configured information is the second safety indicating, the identifying code is sent to the service server.

The receiving unit, is additionally operable to receive the identification information that the certification end is based on the certification end that HTTPS sends With the security configuration information；

The obtaining unit, is additionally operable to the identification information according to the certification end, obtains and believes with the mark of the certification end Cease the corresponding phone number；

The binding unit, is additionally operable to bind the phone number and the security configuration information, to generate State the corresponding relation of phone number and security configuration information.

Hash units, for the end of the key, the identification information of the certification end and place terminal to random generation Client information carries out hashing operation, to obtain the first cryptographic Hash；

Transmitting element, for short message, first cryptographic Hash being sent to security server；

The transmitting element, is additionally operable to, based on HTTPS, the key, the certification end be sent to the security server Identification information and the end message, with cause the security server to the key, the identification information of the certification end The hashing operation is carried out with the end message, to obtain the second cryptographic Hash；If second cryptographic Hash is breathed out with described first Uncommon value is consistent, the security server to the phone number that is obtained according to the short message and the key, described recognize The identification information and the end message at end are demonstrate,proved, is bound, to generate the phone number with the key, the certification end Identification information and the end message corresponding relation.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, the equipment is also Including：

Receiving unit, for receiving the first configured information that the security server sends, to indicate to set gesture password, If first configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends；

Gesture unit, for being interacted with the security server, to set the gesture password of the certification end.

The receiving unit, is additionally operable to receive the second configured information that the security server sends, to indicate to verify hand Gesture password, if first configured information is second cryptographic Hash security server hair consistent with first cryptographic Hash Send；

The gesture unit, is additionally operable to be interacted with the security server, close with the gesture for verifying the certification end Code.

The transmitting element, is additionally operable to be sent to the security server based on HTTPS the identification information of the certification end With the security configuration information, to cause the security server according to the identification information of the certification end, acquisition is recognized with described The phone number corresponding to the identification information at end is demonstrate,proved, the phone number and the security configuration information are bound, with Generate the corresponding relation of the phone number and security configuration information.

Receiving unit, the encrypted authentication information for receiving service server transmission；

Decryption unit, for the key using storage, is decrypted treatment, to be verified to the encrypted authentication information Code；

Represent unit, for representing the identifying code.

Aspect as described above and any possible implementation, it is further provided a kind of implementation, it is described to represent list Unit, specifically for

With graphic form, represent the identifying code.

As shown from the above technical solution, on the one hand, the embodiment of the present invention receives service server and sends out by security server The authentication information sent, the authentication information includes the phone number of identifying code and user to be certified, and then according to institute Phone number is stated, key corresponding with the phone number is obtained, using the key, place is encrypted to the identifying code Reason, to obtain encrypted authentication information so that the security server can send the encrypted authentication to the service server Information, to cause that the service server sends the encrypted authentication information according to the phone number with short message, due to testing Demonstrate,prove code content be no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt identifying code, can avoid by The account safety problem caused by identifying code leakage, so as to improve the reliability of authentication.

As shown from the above technical solution, on the other hand, the embodiment of the present invention passes through key, institute of the certification end to random generation The end message of the identification information and place terminal of stating certification end carries out hashing operation, to obtain the first cryptographic Hash, and then with short Message, first cryptographic Hash is sent to security server so that the certification end can be based on HTTPS, to the safety clothes Business device sends the key, the identification information of the certification end and the end message, and so, the security server then can be with The hashing operation is carried out to the key, the identification information of the certification end and the end message, to obtain the second Hash Value, if second cryptographic Hash is consistent with first cryptographic Hash, the security server according to the short message to being obtained The phone number and the key, the identification information of the certification end and the end message, bound, to generate The corresponding relation of phone number and the key, the identification information of the certification end and the end message is stated, because key can For the identifying code generated bound in encryption service server, therefore, the content of identifying code is no longer plaintext so that even if Intercepted and captured by lawless person, still cannot decrypt identifying code, account safety is asked caused by can avoiding being revealed due to identifying code Topic, so as to improve the reliability of authentication.

As shown from the above technical solution, on the other hand, the embodiment of the present invention receives service server and sends by certification end Encrypted authentication information, and then using storage key, treatment is decrypted to the encrypted authentication information, to be verified Code so that the certification end can represent the identifying code, because the content of identifying code is no longer plaintext so that even if by not Method molecule is intercepted and captured, and still cannot decrypt identifying code, account safety problem caused by can avoiding being revealed due to identifying code, from And improve the reliability of authentication.

【Brief description of the drawings】

Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to embodiment or description of the prior art Needed for the accompanying drawing to be used be briefly described, it should be apparent that, drawings in the following description are some realities of the invention Example is applied, for those of ordinary skill in the art, without having to pay creative labor, can also be attached according to these Figure obtains other accompanying drawings.

A kind of schematic flow sheet of identity identifying method that Fig. 1 is provided for one embodiment of the invention；

The schematic flow sheet of another identity identifying method that Fig. 2 is provided for another embodiment of the present invention；

The schematic flow sheet of another identity identifying method that Fig. 3 is provided for another embodiment of the present invention；

The flow of certification end initialization is illustrated in another identity identifying method that Fig. 4 is provided for another embodiment of the present invention Figure；

The flow of identifying code treatment is illustrated in another identity identifying method that Fig. 5 is provided for another embodiment of the present invention Figure；

A kind of structural representation of ID authentication device that Fig. 6 is provided for another embodiment of the present invention；

The structural representation of another ID authentication device that Fig. 7 is provided for another embodiment of the present invention；

The structural representation of another ID authentication device that Fig. 8 is provided for another embodiment of the present invention；

A kind of structural representation of ID authentication device that Fig. 9 is provided for another embodiment of the present invention；

The structural representation of another ID authentication device that Figure 10 is provided for another embodiment of the present invention；

The structural representation of another ID authentication device that Figure 11 is provided for another embodiment of the present invention.

【Specific embodiment】

To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.

It should be noted that terminal involved in the embodiment of the present invention can include but is not limited to mobile phone, individual digital Assistant (Personal Digital Assistant, PDA), radio hand-held equipment, wireless networking sheet, PC, portable electricity Brain, MP3 player, MP4 players etc..

In addition, the terms "and/or", a kind of only incidence relation for describing affiliated partner, expression there may be Three kinds of relations, for example, A and/or B, can represent：Individualism A, while there is A and B, individualism B these three situations.Separately Outward, character "/" herein, typicallys represent forward-backward correlation pair as if a kind of relation of "or".

A kind of schematic flow sheet of identity identifying method that Fig. 1 is provided for one embodiment of the invention, as shown in Figure 1.

101st, security server receives the authentication information that service server sends, and the authentication information includes testing Card code and the phone number of user to be certified.

102nd, the security server obtains key corresponding with the phone number according to the phone number.

103rd, the security server utilizes the key, and the identifying code is encrypted, and is tested with obtaining encryption Card information.

104th, the security server sends the encrypted authentication information to the service server, to cause the business Server sends the encrypted authentication information according to the phone number with short message.

It should be noted that 101~104 executive agent is security server, network side is may be located at.

In the present embodiment, user can carry out the business that the application is provided by application.In some cases, for example, Situations such as being paid using short message verification code, it is necessary to carry out authentication.Service server is according to the identifying code for pre-setting Generation strategy, is that user generates identifying code for carrying out authentication.Now, service server is no longer directly with short message, Identifying code is sent to the terminal that user to be certified is used, but the phone number of identifying code and user to be certified is sent to Security server.

So, the authentication information that service server sends, the authentication information are received by security server Phone number including identifying code and user to be certified, and then according to the phone number, obtain corresponding with the phone number Key, using the key, the identifying code is encrypted, to obtain encrypted authentication information so that the safety Server can send the encrypted authentication information to the service server, to cause the service server according to the hand Machine number sends the encrypted authentication information with short message, because the content of identifying code is no longer plaintext so that even if by not Method molecule is intercepted and captured, and still cannot decrypt identifying code, account safety problem caused by can avoiding being revealed due to identifying code, from And improve the reliability of authentication.

Alternatively, in a possible implementation of the present embodiment, before 102, the security server may be used also Further to receive the first cryptographic Hash that certification end is sent with short message, first cryptographic Hash is the certification end to random raw Into the end message of the key, the identification information of the certification end and place terminal carry out hashing operation acquisition, Yi Jijie Receive the certification end and be based on Secure Hypertext Transfer Protocol (Hypertext Transfer Protocol over Secure Socket Layer, HTTPS) key, the identification information of the certification end and the end message that send.Wherein, institute State the hashing operation that certification end is used, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, the present embodiment to this not It is particularly limited.Then, the security server then can be to the key, the identification information of the certification end and the end Client information carries out the hashing operation, to obtain the second cryptographic Hash.If second cryptographic Hash is consistent with first cryptographic Hash, The security server then can be to the phone number obtained according to the short message and the key, the certification end Identification information and the end message, bound, to generate the phone number with the key, the mark of the certification end The corresponding relation of knowledge information and the end message, so that the security server is according to the corresponding relation, obtains and the hand The corresponding key of machine number.Wherein, the hashing operation that the security server is used, the Hash used with the certification end Operation, is identical hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment does not enter to this Row is particularly limited to.

Wherein, the end message can include but is not limited to international mobile subscriber identity (International Mobile Subscriber Identity, IMSI) and International Mobile Equipment Identity identification code (International Mobile Equipment Identity, IMEI) at least one.

It should be noted that because time parameter has standard and uniqueness so that lawless person is not readily available and works as Preceding time, the key, the identification information of the certification end and place that the certification end can also further to random generation The end message of terminal, and temporal information carries out hashing operation together, to obtain the first cryptographic Hash.Correspondingly, certification end is also First cryptographic Hash can be sent to security server further with short message, and will be described close based on HTTPS Key, the identification information of the certification end and the end message, and temporal information are sent to security server, for the peace Full server then can be to the key, the identification information of the certification end and the end message, and temporal information is together Hashing operation is carried out, to obtain the second cryptographic Hash.

In the present embodiment, the key that certification end generates at random, for example, it may be string sequence for 128 bits etc., at some In the case of, security server can also be updated operation to the key.Specifically, certification end specifically can based on HTTPS to Security server sends the end of the key, the identification information of the certification end and place terminal that the certification end generates at random Client information.Then, the security server then can be to the key, the identification information of the certification end and the end message The hashing operation is carried out, to obtain the second cryptographic Hash.If received when second cryptographic Hash is with initialization described first Cryptographic Hash is consistent, and the security server then can be according to the renewal rule for pre-setting for example, during the use of existing key Between exceed and specify time etc., generate new key, and be sent to certification end.So, certification end can then utilize the new key, The key of random generation before replacing it, to realize key updating.

It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace Entirely between server and certification end, using the HTTPS based on the key corresponding to certification end, transmitting subscriber information, due to being based on Escape way corresponding to the HTTPS of the key corresponding to certification end is one-to-one with certification end, therefore, certification end then without The identification information of certification end need to be sent to security server.

It should be noted that the certification end, can be with plug-in unit or SDK (Software Development Kit, SDK) etc. form be arranged on local application (Application, App) for example, in Alipay, or Can also be arranged in terminal with single application program (nativeAPP).

It is understood that local application can be mounted in the application program (nativeAPP) in terminal, or also Can be a webpage (webAPP) of the browser in terminal, as long as can realize that the objective reality form that business is provided all may be used So that the present embodiment is not defined to this.

Still optionally further, if second cryptographic Hash is consistent with first cryptographic Hash, the security server then may be used The first configured information is sent with to the certification end, to indicate to set gesture password.Then, the security server is recognized with described Card end interacts, to set the gesture password of the certification end.

Specifically, if second cryptographic Hash is consistent with first cryptographic Hash, the security server is according to the electricity Words number, determines that user, to use certification end first, for example, user downloads for the first time installs certification end, and begins to use, and then The first configured information is sent to the certification end, to indicate to set gesture password.

So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password, Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server Value, to cause that the security server, to phone number and the cryptographic Hash of the gesture password, is bound, to generate the hand Machine number and the corresponding relation of the cryptographic Hash of the gesture password, so that the security server utilizes the corresponding relation, are carried out The gesture checking of the certification end.

Further, certification end further by the contact number of user input can also be sent to safety based on HTTPS Server, the security server is bound to the cryptographic Hash of phone number and the gesture password, and contact number, To generate the phone number and the cryptographic Hash of the gesture password, the corresponding relation of contact number, for the safety clothes Business device utilizes the corresponding relation, and the gesture password for carrying out the certification end resets.

The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can Effectively improve the reliability of authentication.

In the present embodiment, the gesture password of the certification end set by certification end, user can also be actively close to the gesture Code is updated operation.Specifically, certification end can specifically send the identification information and hand of the certification end to security server Gesture resets and indicates.And then, the security server can then be obtained and the certification end according to the identification information of the certification end Contact number corresponding to identification information.Then, the security server then can be according to the contact number, will be random The new key of generation, is transmitted with short message.User can be input into terminal institute corresponding to contact number in certification end The identifying code for representing, and certification end gathers the new gesture of user input, and new gesture password is generated according to new gesture, enters And according to new gesture password, generate the cryptographic Hash of new gesture password.Certification end then can be based on HTTPS to security server The cryptographic Hash of the identifying code and the new gesture password is sent, to cause that the security server is carried out to the identifying code After being verified, to phone number and the cryptographic Hash of the new gesture password, bound, to generate the phone number With the corresponding relation of the cryptographic Hash of the new gesture password, so that the security server utilizes the corresponding relation, institute is carried out State the gesture checking of certification end.

It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace It is complete that, using the HTTPS based on the key corresponding to certification end, transmission gesture resets and indicates between server and certification end, due to Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end Then without the identification information to security server transmission certification end.

Still optionally further, if second cryptographic Hash is consistent with first cryptographic Hash, the security server then may be used The second configured information is sent with to the certification end, to indicate to verify gesture password.Then, the security server is recognized with described Card end interacts, to verify the gesture password of the certification end.

Specifically, if second cryptographic Hash is consistent with first cryptographic Hash, the security server is according to the electricity Words number, determines that user uses certification end first for non-, for example, user once unloads certification end, downloads again and installs or weigh It is new that certification end is installed, and begin to use, and then the second configured information is sent to the certification end, to indicate to verify gesture password.

So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password, Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server Value, to cause that the security server is right with the cryptographic Hash of the gesture password using the phone number of bound generation Should be related to, to the cryptographic Hash of the gesture password, be verified.

Alternatively, in a possible implementation of the present embodiment, in 101, the institute that security server is received State authentication information and can further include service identification corresponding to the service server, for example, the mark of Alipay Knowledge, mark of China Merchants Bank etc..Correspondingly, in 102, the security service implement body can be obtained according to the phone number Security configuration information corresponding with the phone number, the security configuration information can include but is not limited to service identification and Safe configured information.Wherein, first safety is indicated, for indicating to have turned on identifying code encryption function；Second safety Indicate, for indicating non-open-authentication code encryption function.And then, the security server is obtained according to the security configuration information Obtain safe configured information corresponding with the service identification.If the safe configured information is the first safety indicating, the safety Server then can obtain key corresponding with the phone number according to the phone number.Wherein, described first refers to safely Show, for indicating to have turned on identifying code encryption function.

Still optionally further, if the safe configured information be second safety indicate, the security server then directly to The service server sends the identifying code, no longer carries out any operation to identifying code.Wherein, second safety is indicated, For indicating non-open-authentication code encryption function.

Still optionally further, the security server obtain corresponding with phone number security configuration information it Before, the identification information and the safety that can also further receive the certification end that the certification end is sent based on HTTPS are matched somebody with somebody Confidence ceases, and then according to the identification information of the certification end, obtains the mobile phone corresponding with the identification information of the certification end Number.Then, the security server can then be bound to the phone number and the security configuration information, to generate The corresponding relation of the phone number and security configuration information, so that the security server is according to the corresponding relation, obtain with The corresponding security configuration information of the phone number.Specifically, the security configuration information can include but is not limited to business mark Know and safe configured information.Wherein, first safety is indicated, for indicating to have turned on identifying code encryption function；Described second Safety is indicated, for indicating non-open-authentication code encryption function.

It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace It is complete, using the HTTPS based on the key corresponding to certification end, to transmit security configuration information between server and certification end, due to Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end Then without the identification information to security server transmission certification end.

It is understood that key involved in the present embodiment, in the storage mode of certification end, can use various sides Formula, the present embodiment is not particularly limited to this.

For example, to the key of the random generation in certification end, being encrypted, then store in certification end.It is close for encrypting The AES of key, can be realized in the form of C/C++ language development SO expansion modules.Specifically can will be used for encryption key Key, segmentation breaks up, and stores in SO expansion modules.For the key of encryption key, can be with the end message of terminal It is associated, is unique with the key for ensureing each terminal.

In the present embodiment, the authentication information that service server sends is received by security server, the identity is recognized Card information includes the phone number of identifying code and user to be certified, and then according to the phone number, obtains and the cell-phone number The corresponding key of code, using the key, is encrypted, to obtain encrypted authentication information so that institute to the identifying code Stating security server can send the encrypted authentication information to the service server, with cause the service server according to The phone number sends the encrypted authentication information with short message, because the content of identifying code is no longer plaintext so that i.e. Make to be intercepted and captured by lawless person, still cannot decrypt identifying code, account safety caused by can avoiding being revealed due to identifying code Problem, so as to improve the reliability of authentication.

The schematic flow sheet of another identity identifying method that Fig. 2 is provided for another embodiment of the present invention, as shown in Figure 2.

201st, certification end is entered to the end message of the key, the identification information of the certification end and place terminal of random generation Row hashing operation, to obtain the first cryptographic Hash.

Wherein, the hashing operation that the certification end is used, can include but is not limited to the calculation such as MD5, SHA1 or CRC32 Method, the present embodiment is not particularly limited to this.

202nd, the certification end sends first cryptographic Hash with short message to security server.

203rd, the certification end is based on HTTPS, and the mark of the key, the certification end is sent to the security server Information and the end message, to cause the security server to the key, the identification information of the certification end and described End message carries out the hashing operation, to obtain the second cryptographic Hash；If second cryptographic Hash and first cryptographic Hash one Cause, the security server is to the phone number that is obtained according to the short message and the key, the certification end Identification information and the end message, are bound, to generate the phone number with the key, the mark of the certification end The corresponding relation of information and the end message.

Wherein, the hashing operation that the security server is used, the hashing operation used with the certification end is phase Same hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment is not limited especially this It is fixed.

It should be noted that 201~203 executive agent authentication authorization and accounting end, can be with plug-in unit or SDK Forms such as (Software Development Kit, SDK) is arranged on local application (Application, App) for example, branch Fu Baozhong, or can also be arranged in terminal with single application program (nativeAPP).

So, the terminal of the key, the identification information of the certification end and place terminal by certification end to generating at random Information carries out hashing operation, to obtain the first cryptographic Hash, and then with short message, first Hash is sent to security server Value so that the certification end can be based on HTTPS, and the mark of the key, the certification end is sent to the security server Information and the end message, so, the security server then can to the key, the identification information of the certification end and The end message carries out the hashing operation, to obtain the second cryptographic Hash, if second cryptographic Hash and first Hash Value is consistent, and the security server is to the phone number obtained according to the short message and the key, the certification The identification information at end and the end message, are bound, to generate the phone number and the key, the certification end The corresponding relation of identification information and the end message, by key can be used for encrypting the checking that service server is generated Code, therefore, the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt identifying code, Account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.

Alternatively, in a possible implementation of the present embodiment, after 203, the certification end can also be entered One step receives the first configured information that the security server sends, to indicate to set gesture password, first configured information If for second cryptographic Hash security server consistent with first cryptographic Hash sends.Then, the certification end and institute State security server to interact, to set the gesture password of the certification end.

Alternatively, in a possible implementation of the present embodiment, after 203, the certification end can also be entered One step receives the second configured information that the security server sends, to indicate to verify gesture password, first configured information If for second cryptographic Hash security server consistent with first cryptographic Hash sends.Then, the certification end and institute State security server to interact, to verify the gesture password of the certification end.

Alternatively, in a possible implementation of the present embodiment, after 203, the certification end can also be entered One step is based on HTTPS, and the identification information and the security configuration information of the certification end are sent to the security server, so that The security server according to the identification information of the certification end, obtain it is corresponding with the identification information of the certification end described in Phone number, binds to the phone number and the security configuration information, is matched somebody with somebody with safety with generating the phone number The corresponding relation of confidence breath, so that the security server is according to the corresponding relation, obtains peace corresponding with the phone number Full configuration information.

The security configuration information can include but is not limited to service identification and safe configured information.Wherein, described first Safety is indicated, for indicating to have turned on identifying code encryption function；Second safety is indicated, for indicating non-open-authentication code to add Close function.

So, the security server according to the security configuration information, and then can just be sent out in conjunction with service server Service identification in the authentication information sent corresponding to the included service server, obtains and the service identification Corresponding safe configured information.If the safe configured information is the first safety indicating, the security server then can basis The phone number, obtains key corresponding with the phone number.Wherein, first safety is indicated, for indicating to have opened Open identifying code encryption function.The security server can utilize the key, and the identifying code that service server sends is carried out Encryption, to obtain encrypted authentication information so that the security server can send described adding to the service server Close checking information, to cause that the service server sends the encrypted authentication information according to the phone number with short message.

In the present embodiment, by certification end to the random key for generating, the identification information of the certification end and place terminal End message carry out hashing operation, to obtain the first cryptographic Hash, and then with short message, described first is sent to security server Cryptographic Hash so that the certification end can be based on HTTPS, the key, the certification end are sent to the security server Identification information and the end message, so, the security server can be then believed the mark of the key, the certification end Breath and the end message carry out the hashing operation, to obtain the second cryptographic Hash, if second cryptographic Hash and described first Cryptographic Hash is consistent, and the security server is to the phone number that is obtained according to the short message and the key, described The identification information of certification end and the end message, are bound, to generate the phone number with the key, the certification The corresponding relation of the identification information at end and the end message, by key can be used for encrypting testing of being generated of service server Card code, therefore, the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt checking Code, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.

The schematic flow sheet of another identity identifying method that Fig. 3 is provided for another embodiment of the present invention, as shown in Figure 3.

301st, certification end receives the encrypted authentication information that service server sends.

302nd, the certification end is decrypted treatment, to be tested using the key of storage to the encrypted authentication information Card code.

303rd, the certification end represents the identifying code.

It should be noted that 301~303 executive agent authentication authorization and accounting end, can be with plug-in unit or SDK Forms such as (Software Development Kit, SDK) is arranged on local application (Application, App) for example, branch Fu Baozhong, or can also be arranged in terminal with single application program (nativeAPP).

So, the encrypted authentication information that service server sends is received by certification end, and then using the key of storage, it is right The encrypted authentication information is decrypted treatment, to obtain identifying code so that the certification end can represent the identifying code, by In the content of identifying code be no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt identifying code, can keep away Account safety problem caused by exempting to be revealed due to identifying code, so as to improve the reliability of authentication.

Alternatively, in a possible implementation of the present embodiment, in 301, prison in real time is mainly responsible in certification end Local short message is listened, the encrypted authentication information by encryption sent by service server can be intercepted and captured.

Alternatively, in a possible implementation of the present embodiment, in 303, the certification end specifically can be with Graphic form, represents the identifying code.So, it is possible to reduce existence week of the clear content of identifying code in the region of memory of terminal Phase, can further improve the reliability of authentication.

Alternatively, in a possible implementation of the present embodiment, after 303, user can provide checking In application corresponding to the business of code, the identifying code that input authentication end is represented.And then, the application can then take to business Business device sends the identifying code, to cause that the service server is verified to the identifying code, to complete authentication.

In the present embodiment, the encrypted authentication information that service server sends is received by certification end, and then using storage Key, is decrypted treatment, to obtain identifying code to the encrypted authentication information so that the certification end can represent described testing Card code, because the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt checking Code, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.

For cause method provided in an embodiment of the present invention it is clearer, below will using third party's business platform (TP) as act Example.

The flow of certification end initialization is illustrated in another identity identifying method that Fig. 4 is provided for another embodiment of the present invention Figure.

401st, certification end is to the random key for generating, the mark (IDentity, ID) of the certification end and place terminal IMSI and IMEI carries out hashing operation, to obtain the first cryptographic Hash.

402nd, the certification end sends first cryptographic Hash with short message to security server.

So, the security server then can be according to the short message, and terminal where access authentication end is that user is made With the phone number of terminal.

403rd, the certification end is based on HTTPS, to the security server send the key, the ID of the certification end, The IMSI and IMEI of the terminal.

It is understood that the 402 and 403 no permanent order of execution, 402 can perform before 403, or might be used also Performed simultaneously with 403, or can also be performed after 403, the present embodiment is not particularly limited to this.

404th, the security server is carried out to the key, the ID of the certification end, the IMSI of the terminal and IMEI The hashing operation, to obtain the second cryptographic Hash.

If the 405, second cryptographic Hash is consistent with first cryptographic Hash, the security server according to described to short disappearing The phone number that is obtained of breath and the key, the ID of the certification end, the IMSI and IMEI of the terminal, are tied up It is fixed, closed with the key, the ID of the certification end, the corresponding of the IMSI of the terminal and IMEI with generating the phone number System.

If second cryptographic Hash is consistent with first cryptographic Hash, the security server then terminates flow.

406th, the security server determines whether user is to use certification end first according to the telephone number.

If the 407, user to use certification end first, the security server sends first and indicates letter to the certification end Breath, to indicate to set gesture password, and then the certification end interacts with the security server, to set the certification end Gesture password.

If the 408, user uses certification end first for non-, the security server sends second and indicates letter to the certification end Breath, to indicate to verify gesture password, and then the certification end interacts with the security server, to verify the certification end Gesture password.

So far, the initialization flow of certification end is finished, and certification end then can in real time monitor the short message of place terminal, To intercept and capture the encrypted authentication information by encryption sent by service server.

The flow of identifying code treatment is illustrated in another identity identifying method that Fig. 5 is provided for another embodiment of the present invention Figure.User can carry out the business that the application is provided by application.In some cases, for example, situations such as being paid, Need to carry out authentication using short message verification code.Service server, according to the identifying code generation strategy for pre-setting, is user Generate the identifying code for carrying out authentication.Now, be sent to for identifying code and treat by service server no longer directly with short message The terminal that certification user is used, but the phone number of identifying code and user to be certified is sent to security server.

501st, service server sends authentication information to security server, and the authentication information includes checking Service identification corresponding to code, the phone number of user to be certified and the service server.

502nd, the security server obtains security configuration letter corresponding with the phone number according to the phone number Breath, and then according to the security configuration information, obtain safe configured information corresponding with the service identification.

Specifically, the security configuration information can specifically include that the first safety is indicated and the second safety is indicated.Wherein, institute State the first safety to indicate, for indicating to have turned on identifying code encryption function；Second safety is indicated, and is tested for indicating not opening Card code encryption function.

Further, after certification end initialization flow is finished, and before 502, the certification end can be with Further using the HTTPS based on the key corresponding to certification end, the security configuration information is sent to security server, and then The phone number and the security configuration information of pair certification end corresponding with the escape way corresponding to the HTTS are tied up It is fixed, to generate the corresponding relation of the phone number and security configuration information, so that the security server is closed according to the correspondence System, obtains security configuration information corresponding with the phone number.

If the 503, the safe configured information be first safety indicate, the security server according to the phone number, And the phone number of bound generation and the key, the ID of the certification end, the IMSI of the terminal and IMEI Corresponding relation, obtains key corresponding with the phone number.

If the safe configured information is the second safety indicating, the security server is then directly to the service server The identifying code is sent, any operation no longer is carried out to identifying code.So, service server is further according to normal flow, according to institute Phone number is stated, the identifying code is sent with short message.Service server sends identifying code and terminal receives the detailed of identifying code Thin description, may refer to related content of the prior art, and here is omitted.

504th, the security server utilizes the key, and the identifying code is encrypted, and is tested with obtaining encryption Card information.

505th, the security server sends the encrypted authentication information to the service server.

506th, the service server sends the encrypted authentication information according to the phone number with short message.

So, certification end can intercept the encrypted authentication information of service server transmission.

507th, the certification end is decrypted treatment, to be tested using the key of storage to the encrypted authentication information Card code.

508th, the certification end represents the identifying code with graphic form.

So far, identifying code handling process is finished, user can provide identifying code business corresponding to application in, The identifying code that input authentication end is represented.And then, the application then can send the identifying code to service server, to cause The service server is verified to the identifying code, to complete authentication., because the content of identifying code is no longer in plain text So that even if being intercepted and captured by lawless person, identifying code still cannot be decrypted, caused by can avoiding being revealed due to identifying code Account safety problem, so as to improve the reliability of authentication.

It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should know, the present invention not by described by sequence of movement limited because According to the present invention, some steps can sequentially or simultaneously be carried out using other.Secondly, those skilled in the art should also know Know, embodiment described in this description belongs to preferred embodiment, involved action and module is not necessarily of the invention It is necessary.

In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment Point, may refer to the associated description of other embodiment.

A kind of structural representation of ID authentication device that Fig. 6 is provided for another embodiment of the present invention, as shown in Figure 6.This The ID authentication device of embodiment can include receiving unit 61, obtaining unit 62, ciphering unit 63 and transmitting element 64.Its In, receiving unit 61, the authentication information for receiving service server transmission, the authentication information includes identifying code With the phone number of user to be certified；Obtaining unit 62, for according to the phone number, obtaining corresponding with the phone number Key；Ciphering unit 63, for utilizing the key, is encrypted to the identifying code, to obtain encrypted authentication letter Breath；Transmitting element 64, for sending the encrypted authentication information to the service server, to cause the service server root The encrypted authentication information is sent with short message according to the phone number.

It should be noted that the ID authentication device that the present embodiment is provided, can be security server, net is may be located at Network side.

The function of security server in the corresponding embodiments of Fig. 1~Fig. 5, the authentication that can be provided by the present embodiment Equipment is realized.

Alternatively, as shown in fig. 7, another embodiment of the present invention can also provide another ID authentication device, with Fig. 6 pairs The embodiment answered is compared, and can further include hash units 71 and binding unit 72.Wherein,

The receiving unit 61, can also be further used for receiving the first cryptographic Hash that certification end is sent with short message, institute It is the certification end to the key of random generation, the identification information of the certification end and place terminal to state the first cryptographic Hash End message carries out hashing operation acquisition；

The receiving unit 61, can also be further used for receiving the certification end be based on the key that HTTPS sends, The identification information of the certification end and the end message；

The hash units 71, for being carried out to the key, the identification information of the certification end and the end message The hashing operation, to obtain the second cryptographic Hash；Wherein, the hashing operation that the security server is used, with the certification The used hashing operation in end, is identical hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, this Embodiment is not particularly limited to this.

The binding unit 72, if consistent with first cryptographic Hash for second cryptographic Hash, to according to described short The phone number that message is obtained and the key, the identification information of the certification end and the end message, are tied up It is fixed, to generate the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.

Wherein, the end message can include but is not limited at least one in IMSI and IMEI.

Alternatively, as shown in figure 8, another embodiment of the present invention can also provide another ID authentication device, with Fig. 7 pairs The embodiment answered is compared, and can further include gesture unit 81.Wherein,

The transmitting element 64, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, to the certification End sends the first configured information, to indicate to set gesture password；

The gesture unit 81, for being interacted with the certification end, to set the gesture password of the certification end.

So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password, Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server Value, so as to obtain gesture unit 81 to phone number and the cryptographic Hash of the gesture password, is bound, to generate the cell-phone number Code and the corresponding relation of the cryptographic Hash of the gesture password, so that the gesture unit 81 utilizes the corresponding relation, are carried out described The gesture checking of certification end.

Still optionally further, the transmitting element 64, if second cryptographic Hash can also be further used for described One cryptographic Hash is consistent, and the second configured information is sent to the certification end, to indicate to verify gesture password；Correspondingly, the gesture Unit 81, can also be further used for being interacted with the certification end, to verify the gesture password of the certification end.

So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password, Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server Value, to cause that the gesture unit 81 is right with the cryptographic Hash of the gesture password using the phone number of bound generation Should be related to, to the cryptographic Hash of the gesture password, be verified.

Alternatively, in a possible implementation of the present embodiment, the receiving unit 61 can also be used further In the identification information and the security configuration information that receive the certification end that the certification end is sent based on HTTPS, the peace Full configuration information can include but is not limited to service identification and safe configured information.Wherein, first safety is indicated, for referring to Show and have turned on identifying code encryption function；Second safety is indicated, for indicating non-open-authentication code encryption function；The acquisition Unit 62, can also be further used for the identification information according to the certification end, obtain the identification information pair with the certification end The phone number answered；The binding unit, can also be further used for believing the phone number and the security configuration Breath is bound, to generate the corresponding relation of the phone number and security configuration information.

Alternatively, in a possible implementation of the present embodiment, the receiving unit 61, the body for being received Part authentication information can further include the service identification corresponding to the service server；Correspondingly, the obtaining unit 62, specifically can be used for, according to the phone number, obtaining security configuration information corresponding with the phone number；According to described Security configuration information, obtains safe configured information corresponding with the service identification；And if the safe configured information is the One safety is indicated, and according to the phone number, obtains key corresponding with the phone number.Wherein, described first refers to safely Show, for indicating to have turned on identifying code encryption function.

In addition, the transmitting element 64, if the safe configured information can also be further used for for the second safety is indicated, The identifying code is sent to the service server.Wherein, second safety is indicated, for indicating non-open-authentication code encryption Function.

The structural representation of another ID authentication device that Fig. 9 is provided for another embodiment of the present invention, as shown in Figure 9. The ID authentication device that the present embodiment is provided can include hash units 91 and transmitting element 92.Wherein, hash units 91, are used for End message to the key, the identification information of the certification end and place terminal of random generation carries out hashing operation, with Obtain the first cryptographic Hash；Transmitting element 92, for short message, first cryptographic Hash being sent to security server；The hair Send unit 92, be additionally operable to based on HTTPS, to the security server send the key, the identification information of the certification end and The end message, to cause that the security server is believed the key, the identification information of the certification end and the terminal Breath carries out the hashing operation, to obtain the second cryptographic Hash；If second cryptographic Hash is consistent with first cryptographic Hash, described Security server is to the phone number and the key, the identification information of the certification end that are obtained according to the short message With the end message, bound, to generate the phone number with the key, the identification information of the certification end and institute State the corresponding relation of end message.

It should be noted that the ID authentication device that the present embodiment is provided can be certification end, can be with plug-in unit or soft The forms such as part development kit (Software Development Kit, SDK) be arranged on local application (Application, App) for example, in Alipay, or can also be arranged in terminal with single application program (nativeAPP).

The function of certification end in the corresponding embodiments of Fig. 1~Fig. 5, the ID authentication device that can be provided by the present embodiment Realize.

Alternatively, as shown in Figure 10, another embodiment of the present invention can also provide another ID authentication device, with Fig. 9 Corresponding embodiment is compared, and can further include receiving unit 1001 and gesture unit 1002.

Receiving unit 1001, for receiving the first configured information that the security server sends, to indicate to set gesture Password, if first configured information is second cryptographic Hash security server hair consistent with first cryptographic Hash Send；

Gesture unit 1002, for being interacted with the security server, to set the gesture password of the certification end.

So, gesture unit gathers the gesture of user input, and gesture password is generated according to gesture, and then close according to gesture Code, generates the cryptographic Hash of gesture password.Gesture unit can then be based on HTTPS and send the gesture password to security server Cryptographic Hash, to cause that the security server, to phone number and the cryptographic Hash of the gesture password, is bound, to generate The corresponding relation of phone number and the cryptographic Hash of the gesture password is stated, so that the security server utilizes the corresponding relation, Carry out the gesture checking of the certification end.

Alternatively, in a possible implementation of the present embodiment, the receiving unit 1001 can also be further For receiving the second configured information that the security server sends, to indicate to verify gesture password, first configured information If for second cryptographic Hash security server consistent with first cryptographic Hash sends；The gesture unit 1002, also Can be further used for being interacted with the security server, to verify the gesture password of the certification end.

So, gesture unit gathers the gesture of user input, and gesture password is generated according to gesture, and then close according to gesture Code, generates the cryptographic Hash of gesture password.Gesture unit can then be based on HTTPS and send the gesture password to security server Cryptographic Hash, to cause the security server using the phone number of bound generation and the cryptographic Hash of the gesture password Corresponding relation, to the cryptographic Hash of the gesture password, verified.

Alternatively, in a possible implementation of the present embodiment, the transmitting element 92 can also be used further In based on HTTPS, the identification information and the security configuration information of the certification end are sent to the security server, to cause The security server obtains the hand corresponding with the identification information of the certification end according to the identification information of the certification end Machine number, binds to the phone number and the security configuration information, to generate the phone number and security configuration The corresponding relation of information.

In the present embodiment, by hash units to the random key for generating, the identification information of the certification end and place end The end message at end carries out hashing operation, to obtain the first cryptographic Hash, and then by transmitting element with short message, to security server Send first cryptographic Hash so that such that transmitting element is based on HTTPS, send described close to the security server Key, the identification information of the certification end and the end message, so, the security server then can be to the key, institute The identification information and the end message for stating certification end carry out the hashing operation, to obtain the second cryptographic Hash, if described second Cryptographic Hash is consistent with first cryptographic Hash, and the security server is to the phone number that is obtained according to the short message With the key, the identification information of the certification end and the end message, bound, to generate the phone number and institute The corresponding relation of key, the identification information of the certification end and the end message is stated, because key can be used for encryption business The identifying code that server is generated, therefore, the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still Identifying code cannot be so decrypted, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve identity The reliability of certification.

The structural representation of another ID authentication device that Figure 11 is provided for another embodiment of the present invention, such as Figure 11 institutes Show.The ID authentication device that the present embodiment is provided can include receiving unit 1101, decryption unit 1102 and represent unit 1103. Wherein, receiving unit 1101, the encrypted authentication information for receiving service server transmission；Decryption unit 1102, for utilizing The key of storage, is decrypted treatment, to obtain identifying code to the encrypted authentication information；Represent unit 1103, for representing The identifying code.

Alternatively, it is described to represent unit 1103 in a possible implementation of the present embodiment, specifically can be used for With graphic form, represent the identifying code.So, it is possible to reduce existence of the clear content of identifying code in the region of memory of terminal In the cycle, can further improve the reliability of authentication.

In the present embodiment, the encrypted authentication information that service server sends is received by receiving unit, so it is single by decryption Unit is decrypted treatment, to obtain identifying code so that representing unit can using the key of storage to the encrypted authentication information Represent the identifying code, because the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot solve It is close go out identifying code, account safety problem caused by can avoiding being revealed due to identifying code can so as to improve authentication By property.

It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.

In several embodiments provided by the present invention, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, for example multiple units or component Can combine or be desirably integrated into another system, or some features can be ignored, or do not perform.It is another, it is shown or The coupling each other for discussing or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces Close or communicate to connect, can be electrical, mechanical or other forms.

The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be according to the actual needs selected to realize the mesh of this embodiment scheme 's.

In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.Above-mentioned integrated list Unit can both be realized in the form of hardware, it would however also be possible to employ hardware adds the form of SFU software functional unit to realize.

The above-mentioned integrated unit realized in the form of SFU software functional unit, can store and be deposited in an embodied on computer readable In storage media.Above-mentioned SFU software functional unit storage is in a storage medium, including some instructions are used to so that a computer Equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the present invention each The part steps of embodiment methods described.And foregoing storage medium includes：USB flash disk, mobile hard disk, read-only storage (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD etc. it is various Can be with the medium of store program codes.

Finally it should be noted that：The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations；Although The present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those within the art that：It still may be used Modified with to the technical scheme described in foregoing embodiments, or equivalent is carried out to which part technical characteristic； And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims

1. a kind of identity identifying method, it is characterised in that including：

Security server receives the authentication information that service server sends, and the authentication information includes identifying code and treats The phone number of certification user；

The security server utilizes the key, the identifying code is encrypted, to obtain encrypted authentication information；

The security server sends the encrypted authentication information to the service server, to cause the service server root The encrypted authentication information is sent with short message according to the phone number；Wherein,

The security server before obtaining key corresponding with the phone number, also includes according to the phone number：

The security server receives the first cryptographic Hash that certification end is sent with short message, and first cryptographic Hash is the certification Hold the end message of the key, the identification information of the certification end and place terminal to generating at random to carry out hashing operation to obtain ；

The security server receives the certification end and is based on the key, the identification information of the certification end that HTTPS sends With the end message；

The security server carries out the Hash behaviour to the key, the identification information of the certification end and the end message Make, to obtain the second cryptographic Hash；

If second cryptographic Hash is consistent with first cryptographic Hash, the security server according to the short message to being obtained The phone number and the key, the identification information of the certification end and the end message, bound, to generate State the corresponding relation of phone number and the key, the identification information of the certification end and the end message.

2. method according to claim 1, it is characterised in that methods described also includes：

If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends first and refers to the certification end Show information, to indicate to set gesture password；

3. method according to claim 2, it is characterised in that methods described also includes：

If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends second and refers to the certification end Show information, to indicate to verify gesture password；

4. the method according to claims 1 to 3 any claim, it is characterised in that the authentication information is also wrapped Include the service identification corresponding to the service server；The security server is obtained and the hand according to the phone number The corresponding key of machine number, including：

The security server obtains safe configured information corresponding with the service identification according to the security configuration information；

If the safe configured information is the first safety indicating, the security server is obtained and institute according to the phone number State the corresponding key of phone number.

5. method according to claim 4, it is characterised in that methods described also includes：

If the safe configured information is the second safety indicating, the security server is tested to described in service server transmission Card code.

6. method according to claim 4, it is characterised in that the security server is obtained according to the phone number Before security configuration information corresponding with the phone number, also include：

The security server receives the identification information and the safety that the certification end is based on the certification end that HTTPS sends Configuration information；

The security server obtains the institute corresponding with the identification information of the certification end according to the identification information of the certification end State phone number；

The security server is bound to the phone number and the security configuration information, to generate the phone number With the corresponding relation of security configuration information.

7. a kind of identity identifying method, it is characterised in that including：

Certification end carries out Hash behaviour to the end message of the key, the identification information of the certification end and place terminal of random generation Make, to obtain the first cryptographic Hash；

The certification end is based on HTTPS, and the key, the identification information of the certification end and institute are sent to the security server End message is stated, to cause the security server to the key, the identification information of the certification end and the end message The hashing operation is carried out, to obtain the second cryptographic Hash；If second cryptographic Hash is consistent with first cryptographic Hash, the peace Full server is to the phone number that is obtained according to the short message and the key, the identification information of the certification end and described End message, is bound, to generate the phone number with the key, the identification information of the certification end and the terminal The corresponding relation of information.

8. method according to claim 7, it is characterised in that the certification end is based on HTTPS, to the security server Send after the key, the identification information of the certification end and the end message, also include：

The certification end receives the first configured information that the security server sends, to indicate to set gesture password, described the If a configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends；

9. method according to claim 8, it is characterised in that the certification end is based on HTTPS, to the security server Send after the key, the identification information of the certification end and the end message, also include：

The certification end receives the second configured information that the security server sends, to indicate to verify gesture password, described the If a configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends；

10. the method according to claim 7~9 any claim, it is characterised in that the certification end is based on HTTPS, After to the security server transmission key, the identification information of the certification end and the end message, also include：

The certification end is based on HTTPS, and the identification information and the safety for sending the certification end to the security server are matched somebody with somebody Confidence ceases, to cause that the security server, according to the identification information of the certification end, is obtained and believed with the mark of the certification end The corresponding phone number is ceased, the phone number and the security configuration information are bound, to generate the mobile phone The corresponding relation of number and security configuration information.

A kind of 11. ID authentication devices, it is characterised in that including：

Receiving unit, the authentication information for receiving service server transmission, the authentication information includes identifying code With the phone number of user to be certified；

Ciphering unit, for utilizing the key, is encrypted, to obtain encrypted authentication information to the identifying code；

Transmitting element, for sending the encrypted authentication information to the service server, to cause the service server root The encrypted authentication information is sent with short message according to the phone number；Wherein,

The equipment also includes hash units and binding unit；Wherein,

The receiving unit, is additionally operable to receive the first cryptographic Hash that certification end is sent with short message, and first cryptographic Hash is institute State certification end carries out Hash to the end message of the key, the identification information of the certification end and place terminal of random generation Operation is obtained；

The receiving unit, is additionally operable to receive the key, the mark of the certification end that the certification end is based on HTTPS transmissions Information and the end message；

The hash units, for carrying out the Kazakhstan to the key, the identification information of the certification end and the end message Uncommon operation, to obtain the second cryptographic Hash；

The binding unit, if consistent with first cryptographic Hash for second cryptographic Hash, to according to the short message institute The phone number and the key, the identification information of the certification end and the end message for obtaining, are bound, with life Into the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.

12. equipment according to claim 11, it is characterised in that the equipment also includes gesture unit；Wherein,

The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, sends to the certification end First configured information, to indicate to set gesture password；

The gesture unit, for being interacted with the certification end, to set the gesture password of the certification end.

13. equipment according to claim 12, it is characterised in that

The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, sends to the certification end Second configured information, to indicate to verify gesture password；

14. equipment according to claim 11~13 any claim, it is characterised in that the authentication information is also Including the service identification corresponding to the service server；The obtaining unit, specifically for

If the safe configured information is the first safety indicating, according to the phone number, obtain corresponding with the phone number Key.

15. equipment according to claim 14, it is characterised in that the transmitting element, are additionally operable to

16. equipment according to claim 14, it is characterised in that

The receiving unit, is additionally operable to receive identification information and institute that the certification end is based on the certification end that HTTPS sends State security configuration information；

The obtaining unit, is additionally operable to the identification information according to the certification end, obtains the identification information pair with the certification end The phone number answered；

The binding unit, is additionally operable to bind the phone number and the security configuration information, to generate the hand The corresponding relation of machine number and security configuration information.

A kind of 17. ID authentication devices, it is characterised in that including：

Hash units, the end message for key, the identification information of certification end and place terminal to random generation is breathed out Uncommon operation, to obtain the first cryptographic Hash；

The transmitting element, is additionally operable to be sent to the security server based on HTTPS the mark of the key, the certification end Knowledge information and the end message, to cause the security server to the key, the identification information of the certification end and institute Stating end message carries out the hashing operation, to obtain the second cryptographic Hash；If second cryptographic Hash and first cryptographic Hash Unanimously, the security server is to the phone number and the key, the mark of the certification end that are obtained according to the short message Knowledge information and the end message, are bound, and are believed with the mark of the key, the certification end with generating the phone number The corresponding relation of breath and the end message.

18. equipment according to claim 17, it is characterised in that the equipment also includes：

Receiving unit, it is described to indicate to set gesture password for receiving the first configured information that the security server sends If the first configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends；

19. equipment according to claim 18, it is characterised in that

The receiving unit, is additionally operable to receive the second configured information that the security server sends, to indicate checking gesture close Code, if first configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends；

The gesture unit, is additionally operable to be interacted with the security server, to verify the gesture password of the certification end.

20. equipment according to claim 17~19 any claim, it is characterised in that

The transmitting element, is additionally operable to based on HTTPS, and identification information and the institute of the certification end are sent to the security server Security configuration information is stated, to cause that the security server, according to the identification information of the certification end, is obtained and the certification end The phone number corresponding to identification information, the phone number and the security configuration information are bound, to generate The corresponding relation of the phone number and security configuration information.