CN105337740A

CN105337740A - Identity verification method, client, relay device and server

Info

Publication number: CN105337740A
Application number: CN201410373794.6A
Authority: CN
Inventors: 黄冕
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2014-07-31
Filing date: 2014-07-31
Publication date: 2016-02-17
Anticipated expiration: 2034-07-31
Also published as: CN105337740B; CN110062382A

Abstract

The invention provides an identity verification method, a client, a relay device and a server. The method comprises the steps that: the server obtains account information of a user, and inquires an encryption algorithm corresponding to the obtained account information; the server encrypts a first verification code of the server by use of the encryption algorithm to form an encrypted first verification code; the server establishes a wireless network and sets a network name in a specified format for the wireless network, wherein the network name comprises the encrypted first verification code; the client scans the network name of the wireless network and extracts the encrypted first verification code from the scanned network name conforming to the specified format; and the client decrypts the encrypted first verification code by use of a stored decryption algorithm and carries out identity verification according to a decryption result. By means of the embodiments in the invention, the problem that the identity verification of a user cannot be finished when a wireless communication network of an operator is unavailable is solved.

Description

A kind of auth method, client, trunking and server

Technical field

The application belongs to information communication field, particularly relates to the method for a kind of authentication in instant messaging/e-commerce field, client, trunking and server.

Background technology

Along with the high speed development of the Internet, contacting of the life of people and the Internet is more and more tightr.Occur in actual life as the Self-Service etc. that credit card repayment self-service under some lines, self-service mass transit card are supplemented with money and paid under completing line by third-party payment system on the lines such as Alipay.

Usual user, when using these Self-Services, provides the server of Self-Service or the shared device end that is connected with server needs to carry out authentication to user.If user is input validation password on shared device or server directly, may meet with peep, the illegal means such as wooden horse, pin hole electronic eyes and cause user cipher to be revealed.Along with the development of intelligent mobile terminal, occur in currently available technology a kind ofly can carrying out by mobile terminal and server or public setting the method that information interaction completes authentication online.In the method, mobile terminal can obtain the relevant information with Self-Service by the 2 D code information on scanning server or shared device, or server or shared device obtain the account information etc. of user by the 2 D code information of user in scanning client, then mobile terminal and server or shared device further carry out information interaction online by the information obtained, and complete authentication.

At present, above-mentioned client and server or shared device carry out the information interactive process of authentication, are normally realized by the cordless communication network of client place telecom operators.Such as UNICOM user can communicate with server based on the GSM network of operator of UNICOM or WCDMA network, completes authentication.But if the cordless communication network of the telecom operators at user place is unstable or without covering, or cause described cordless communication network normally to use because of the flow restriction etc. of user, the method will complete the authentication to user.

Summary of the invention

The application's object is to provide a kind of auth method, client, shared device, server and system, can complete the authentication to user when the cordless communication network of the telecom operators at user place cannot normally use.

A kind of auth method that the application provides is achieved in that

Server obtains the account information of user, and inquires about the cryptographic algorithm corresponding with the account information of described acquisition based on the user profile stored;

First identifying code of the cryptographic algorithm inquired described in server by utilizing to server is encrypted, and forms the first identifying code after encryption;

Server sets up wireless network, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption;

The network name of client scan wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning;

Client utilizes the decipherment algorithm stored to be decrypted the first identifying code after described encryption; Client carries out authentication according to the decrypted result of the first identifying code after described encryption.

A kind of auth method, described method comprises:

Client utilizes the decipherment algorithm stored to be decrypted the first identifying code after described encryption, and described client is sent to described server by the decrypted result of the first identifying code after described encryption by described wireless network;

Server receives described decrypted result, and carries out authentication according to described decrypted result.

A kind of auth method, described method comprises:

Client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction; When successful decryption, described client utilizes three identifying code of decipherment algorithm to client stored to be encrypted, and forms the 3rd identifying code after encryption, and the 3rd identifying code after described encryption is sent to server by described wireless network;

Server receives the 3rd identifying code after described encryption, and utilizes the cryptographic algorithm corresponding with the account information of the user obtained to be decrypted the 3rd identifying code after described encryption; Described server carries out authentication according to the decrypted result of the 3rd identifying code after described encryption.

A kind of auth method, described method comprises:

Trunking obtains the account information of input, and the account information of described acquisition is sent to server;

Server receives described account information, and inquires about the cryptographic algorithm corresponding with the user account information of described acquisition based on the user profile stored; Described cryptographic algorithm is sent to described trunking by described server;

Trunking receives described cryptographic algorithm, and utilizes first identifying code of the cryptographic algorithm of described reception to described trunking to be encrypted, and forms the first identifying code after encryption; Wireless network set up by trunking, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption;

The network name of client scan wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning, and utilizes the decipherment algorithm stored to be decrypted the first identifying code after described encryption; Client carries out authentication according to the decrypted result of the first identifying code after described encryption.

A kind of auth method, described method comprises

Trunking receives described cryptographic algorithm, and utilizes first identifying code of the cryptographic algorithm of described reception to trunking to be encrypted, and forms the first identifying code after encryption; Wireless network set up by trunking, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption;

The network name of client scan wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning; Described client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction, and the decrypted result of the first identifying code after the encryption to described extraction is sent to trunking by described wireless network;

Trunking receives the described decrypted result of client transmission and described decrypted result is sent to server;

Server receives the described decrypted result that trunking sends, and carries out authentication according to described decrypted result.

A kind of auth method, described method comprises:

The network name of client scan wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning; Described client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction; When successful decryption, described message sink end can utilize three identifying code of the decipherment algorithm of storage to client to be encrypted, and forms the 3rd identifying code after encryption; The 3rd identifying code after described encryption sends and is sent to trunking by described wireless network by described client;

Trunking receives the 3rd identifying code after described encryption, and three identifying codes after described encryption are sent to server;

Server receives the 3rd identifying code after described encryption, and utilizes the cryptographic algorithm corresponding with the account information of the user obtained to be decrypted the 3rd identifying code after described encryption; Described server carries out authentication according to the decrypted result of the second identifying code after described encryption.

A kind of auth method, described method comprises:

Server sets up wireless network, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption.

A kind of auth method, described method comprises:

The network name of client scan wireless network;

Client meets the network name of agreement form from what scan the first identifying code extracted after encryption;

Client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction;

Client carries out authentication according to the decrypted result of the first identifying code after described encryption.

A kind of auth method, described method comprises:

The network name of client scan wireless network;

Client meets the network name of described agreement form from what scan the first identifying code extracted after encryption;

Client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction, and the decrypted result of the first identifying code after the encryption to described extraction is sent to server or trunking by scanning wireless network.

A kind of auth method, it is characterized in that, described method comprises:

The network name of client scan wireless network;

Client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction; When successful decryption, described client utilizes three identifying code of decipherment algorithm to client stored to be encrypted, and forms the 3rd identifying code after encryption;

The 3rd identifying code after described encryption is sent to server or trunking by described wireless network by client.

A server for authentication, comprising:

Account acquiring unit, for obtaining the account information of user;

Customer data base, for storing subscriber information; Described user profile can comprise the account information of user, the cryptographic algorithm of user;

Query unit, for inquiring about the cryptographic algorithm corresponding with the account information of described acquisition based on the user profile stored;

Ciphering unit, generates the first identifying code, and is encrypted described first identifying code for the cryptographic algorithm inquired described in utilizing, and forms the first identifying code after encryption;

Radio network unit, for setting up wireless network, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption.

A kind of authentication client, comprising:

Memory cell, for the agreement form of storage networking title; Also for storing the decipherment algorithm of the account information of user;

Network sweep unit, for meeting the network name of the wireless network of described agreement form based on the agreement form scanning of the network name stored;

Extraction unit, for meeting in the network name of agreement form from what scan the first identifying code extracted after encryption;

First decryption unit, for being decrypted the first identifying code after the encryption of described extraction based on the decipherment algorithm stored.

A trunking for authentication, comprising:

Information acquisition unit, for obtaining the account information of user;

Information receiving unit, for the cryptographic algorithm that reception server sends;

Information encryption unit, for generating or receiving the first identifying code from server, and utilizes the cryptographic algorithm received to be encrypted described first identifying code, forms the first identifying code after encryption;

Wireless network broadcast unit, for setting up wireless network, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption.

In a kind of auth method that the application provides, server or shared device can set up wireless network, by the network name of wireless network are broadcasted away after being encrypted by the identifying code of stochastic generation by utilizing PKI.Client can scan the wireless network of described server foundation according to predetermined rule by self-contained wireless device, and can add the rear identifying code of encryption in network name according to the extraction of predetermined network name form.The private key that described client utilizes self to store is decrypted identifying code after described encryption, if successful decryption, then can pass through authentication.The auth method of the application can when the cordless communication network of user place telecom operators cannot normally use, and the wireless network can set up by server or shared device and client carry out information interaction, complete authentication.Existing mobile device is configured with wireless access device mostly, such as WIFI access device etc., utilize the method described in the application can also increase substantially the application scenario of authentication, improve the convenience of authentication, but also the data communication flow of user place telecom operators can be saved.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is the method flow diagram of a kind of embodiment of the method for a kind of authentication of the application;

Fig. 2 is the schematic diagram of the predetermined format of network name in a kind of auth method of the application;

Fig. 3 is the method flow diagram of the another kind of embodiment of a kind of auth method of the application;

Fig. 4 is the method flow diagram of the another kind of embodiment of a kind of auth method of the application;

Fig. 5 is the modular structure schematic diagram of the server of a kind of authentication of the application;

Fig. 6 is the modular structure schematic diagram of the another kind of embodiment of the server of a kind of authentication of the application;

Fig. 7 is the modular structure schematic diagram of the first identity authenticating unit of the server of a kind of authentication of the application;

Fig. 8 is the modular structure schematic diagram of the another kind of embodiment of the server of a kind of authentication of the application;

Fig. 9 is the modular structure schematic diagram of the second identity authenticating unit of the server of a kind of authentication of the application;

Figure 10 is the modular structure schematic diagram of the client of a kind of authentication of the application;

Figure 11 is the modular structure schematic diagram of the another kind of embodiment of the client of a kind of authentication of the application;

Figure 12 is the modular structure schematic diagram of the another kind of embodiment of the client of a kind of authentication of the application;

Figure 13 is the modular structure schematic diagram of the another kind of embodiment of the client of a kind of authentication of the application;

Figure 14 is the modular structure schematic diagram of a kind of embodiment of the trunking of a kind of authentication of the application;

Figure 15 is the modular structure schematic diagram of the another kind of embodiment of the trunking of a kind of authentication of the application.

Embodiment

Technical scheme in the application is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present application, technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all should belong to the scope of the application's protection.

Before user uses Self-Service down online, meeting is in the server registration user profile of Self-Service provider usually, for follow-up identity validation.This user profile can comprise the information such as account information, password of user.Described server can obtain and store described user profile, and concrete can be stored in described user profile in customer data base.Described customer data base can be the database being stored in described server, also can be stored on the database on other equipment.Described server, after the user profile obtaining user, can generate a pair cryptographic algorithm corresponding with the account information of this user and decipherment algorithm.Described server can store the user profile such as account information, password comprising user, and can also store the cryptographic algorithm corresponding with user account information and/or decipherment algorithm, concrete can be stored in described customer data base.The cryptographic algorithm of described user can be uniquely corresponding with the account information of this user, and described server can inquire the cryptographic algorithm corresponding with this user according to the account information of user.The decipherment algorithm corresponding with described user account information can be sent in the client of user by described server, can be stored by the client of user.The client of described user can install corresponding application in advance, and described client can be communicated with server by the corresponding application that described client is installed.User can carry out account confirmation in the application and server logging in described installation for the first time or other are when verifying, can obtain the decipherment algorithm corresponding with this user that server sends by the application in described client.Described client can store the decipherment algorithm of described acquisition.In order to unified presentation, the application of above-mentioned client side can be referred to as client.Cryptographic algorithm described in the application and decipherment algorithm, can comprise a kind of processing method to cleartext information.Described cryptographic algorithm can comprise the information processing method be encrypted cleartext information, and accordingly, described decipherment algorithm can be decrypted the information that described cryptographic algorithm is encrypted, and obtains correct cleartext information.Described cryptographic algorithm and decipherment algorithm are the processing methods to information, in concrete application example, described cryptographic algorithm can be utilized to be encrypted cleartext information, utilize the decipherment algorithm corresponding with cryptographic algorithm to be decrypted, and obtain cleartext information.Certainly, different with decipherment algorithm according to the cryptographic algorithm chosen, in application scenes, described decipherment algorithm also can be utilized to be encrypted cleartext information, to utilize cryptographic algorithm to be decrypted.

When carrying out authentication, described client can carry out information interaction with described server, can by the decipherment algorithm of checking client can decryption server cryptographic algorithm encryption information carry out authentication.A kind of auth method that the application provides is when carrying out authentication, and described server and client can carry out information interaction by WLAN, complete authentication.Here is an embodiment of a kind of auth method of the application, and Fig. 1 is the method flow diagram of an embodiment of described a kind of auth method.As shown in Figure 1, described method comprises:

S1: server can obtain the account information of user, and inquire about the cryptographic algorithm corresponding with the account information of described acquisition based on the user profile stored.

User can input the account information of user at server, described server can obtain the account information of user's input.Concrete, described server can obtain the account information of user's input by the account inputting interface being arranged on server.Also can be obtained the account information of user's input by trunkings such as other special equipment such as POS machine, scanners, then the account information of the user of acquisition is sent to server.

Described server can inquire about the cryptographic algorithm corresponding with this account information after obtaining the account information of user.The described cryptographic algorithm corresponding with account information can have the decipherment algorithm corresponding with this cryptographic algorithm.In aforementioned, described server can store the user profile of the account information, password etc. comprising user, can also store the cryptographic algorithm corresponding with user account information.Described server can inquire about the enciphered message corresponding with the account information of described acquisition based on the user profile of described storage.In the present embodiment, described server can arrange customer data base, may be used for the information such as the described user profile of storage user, cryptographic algorithm or decipherment algorithm.Described customer data base can be arranged on described server, also can be arranged in other private server.Described server can inquire about whether there be the cryptographic algorithm corresponding with the account information of described acquisition in described customer data base.Under normal circumstances, if described user A registered user profile at described server registration before carrying out authentication, described server can store the information such as account information, enciphered message of user A.Described server can inquire the cryptographic algorithm corresponding with described user A after obtaining the account information of user A.

Described cryptographic algorithm in the present embodiment and decipherment algorithm concrete can be PKI in cryptographic system in asymmetric key cipher system and private key usually.PKI in described asymmetric key cipher system and private key can encryption and decryption mutually.Described PKI and private key can be a kind of public key algorithm of being encrypted cleartext information or decipher and private key algorithm.When using described asymmetric key cipher system encryption cleartext information, only having and using a pair public/private keys of mutually coupling just can complete decrypting process to cleartext information.Under normal circumstances, disclosed in PKI can be, can not need to be keep secret, can be stored by server; Private key can be underground, can be stored by the above-mentioned user side corresponding with this pair PKI and private key.Such as, described private key can be stored in a certain application of described subscription client.

Certainly, after described server obtains the account information of user's input, can verify that whether the account information that described user inputs is legal, such as can authentication of users input account information form whether meet default form, or authentication of users input account information whether registered at server registration.When the account information of described server authentication user input is illegal, described server can adopt preset processing method to process.

Server can obtain the account information of user's input, and can inquire about in the user profile of user data library storage and input the corresponding cryptographic algorithm of account information with user.

S2: first identifying code of the cryptographic algorithm inquired described in described server by utilizing to server is encrypted, forms rear first identifying code of encryption.

Described server lookup, to inputting after the corresponding cryptographic algorithm of account with user, can be encrypted the first identifying code of server.Described first identifying code A can comprise the one or more identifying code that server generates according to predetermined algorithm according to information such as the account information of user or cryptographic algorithm, also can be the one or more identifying codes generated according to certain regular random.Certainly, described first identifying code also can comprise other servers or the identifying code that sends of special equipment that server receives.When described server can store described first identifying code.The form that can comprise character string that described first identifying code A is concrete, such as described first identifying code A can be the random string of a group 16.Described server is after the described first identifying code A of generation, and the cryptographic algorithm of the user inquired described in can utilizing, the PKI namely in the present embodiment is encrypted described first identifying code A.Described PKI can be a kind of public key algorithm of encrypt/decrypt, and described server can utilize the PKI inquired to be encrypted described first identifying code A, forms rear first identifying code of encryption, the first identifying code after this can represent described encryption with A '.

Server can generate or receive the first identifying code A, and described server can be encrypted described first identifying code A by the described cryptographic algorithm inquired, and forms the rear first identifying code A ' of encryption.

S3: server sets up wireless network, and the network name of agreement form is set for the wireless network of described foundation; Described network name can comprise the first identifying code after described encryption.

Server described in the present embodiment can set up wireless network, and concrete can set up wireless network by the wireless network equipment set up on the server.Server described in the present embodiment can be arranged in same group of equipment with described Wireless Communication Equipment, also can separate with described Wireless Communication Equipment, be separately positioned on different places, between can by arrange transmission link communicate.The first identifying code A ' after described encryption can be broadcasted away by the network name of described wireless network by described server.It should be noted that, wireless network described in the application, the communication connection in short-distance wireless communication mode can be comprised, such as bluetooth (Bluetooth), infrared (IrDA), WLAN (wireless local area network) (WI-FI or WLAN, most employing 802.11 serial protocols), WIFI direct-connected (Wi-FiDirect), ultra-wideband communications (UltraWideBand), purple peak (Zigbee), near-field communication (NearFieldCommunication, NFC), the communication technology such as WImax.The application introduces specific implementation in conjunction with above-mentioned communication mode, and the communication mode simultaneously not getting rid of other is applied to the following concrete scheme of the application.

Concrete, the wireless network that described server is set up in the present embodiment can be WIFI network.Wireless Fidelity (WirelessFidelity, WIFI) technology typically refers to the WLAN (wireless local area network) access technology based on 802.11 agreements, belongs to the short-distance wireless communication technology used in office or family etc.WIFI network can be made up of WIFI access point (AccessPoint, AP) and terminal usually.Wherein access point AP can set up wireless network by equipment such as wireless network cards, is connected to by terminal equipment in another network.Another described network can be wireless network, or cable network.Described access point AP directly can be communicated with server by ADSL or other circuit in the present embodiment, is communicated with server by corresponding trunking.Described access point AP is equivalent to the bridge between heterogeneous networks, its operation principle is equivalent to hub (HUB) or the router of a built-in wireless launcher, and the WIFI network that the client with WIFI access function is set up by AP and described server carry out information interaction.

The first identifying code A ' after described encryption can be broadcasted away by the network name of wireless network by described server.When described server sets up wireless network, it can be the network name that described wireless network arranges predetermined format.In the present embodiment, described server, when setting up WIFI network, can arrange a WIFI network title or identifier for described WIFI network, and this network name or identifier are commonly referred to SSID (ServiceSetIdentifier, SSID).Described SSID can have at most 32 characters usually.The first identifying code A ' after described encryption can be comprised in described SSID.In the present embodiment, described server can adopt SSID described in formatting according to a preconcerted arrangement, and the SSID of described agreement form can by identifying code A ' after described encryption.Such as, using the first identifying code A ' after described encryption as described SSID, then can be broadcasted away by WIFI network.Or the first identifying code A ' of described encryption can be arranged in certain field of the SSID of described agreement form according to the agreement form of the SSID pre-set.The form of such as described SSID can be the first identifying code A ' after encryption and the combination of preset name or account information etc., as being: AUTH+A ', or can be: the form of account title+A '.At a kind of structural representation of arranging the SSID of form that Fig. 2 is described in the present embodiment, as shown in Figure 2, described SSID network name,, and the form of the SSID agreement of WFII can comprise: the identifying code A ' (16) after AUTH (preset name)+0000 (separating character)+encryption.Utilize the SSID of the agreement form described in the present embodiment, the SSID of the described WIFI of described server broadcast can be expressed as: AUTH0000A '.

Certainly, in this application, the composition form of the network name that the agreement form of described network name can preset for other, the application does not limit this.Accordingly, the agreement form of described network consisting title can be sent to described client by described server, and concrete can be sent in the preset application-specific of client.Described client can know the agreement form of described network consisting title, can obtain the information of network name different field according to described predetermined format.

Server can set up WIFI network, and arranges the SSID of agreement form for the WIFI network of described foundation.The SSID of the agreement form that described server is set up can comprise the first identifying code A ' after described encryption.Described server can broadcast the WIFI network that described server is set up.

S4: client can scan the network name of WIFI network, and extract the first identifying code after described encryption from meeting the network name of described agreement form of scanning.

Client described in the application can comprise the notebook computer, net book, mobile phone, the personal digital assistant PersonalDigitalAssistant that have wireless access device (such as wireless network card) usually, PDA), the terminal equipment such as mobile internet device (MobileInternetDevice, MID).Described client can scan the wireless network of surrounding, and when scanning network name and meeting the WIFI network of agreement form, obtains the network name of described wireless network, and can extract the first identifying code after encryption from described acquisition network name.

In aforementioned, the agreement form of described network consisting title can be sent to described client by described server, therefore, described client can get the agreement form of described network name, and can meet the network name of the wireless network of described agreement form around according to the agreement form scanning of described network name.The form of the described network name agreement that such as described client receives can comprise: identifying code A ' (16) after AUTH (preset name)+0000 (separating character)+encryption.Described client can scan the wireless network of surrounding, and from obtaining the wireless network name of scanning.Described client can judge whether the network name of the wireless network of the surrounding of described scanning meets described agreement form.Described client can scan according to described agreement form the network name meeting described agreement form: AUTH0000A '.After meeting the network name of agreement form described in described server scans, the network name of this WIFI network can be obtained, and therefrom extract the first identifying code A ' after encryption described in network name.

S501: client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction; Described client carries out authentication according to the decrypted result of the first identifying code after described encryption.

Described client can utilize the decipherment algorithm of the user self stored to be decrypted the first identifying code A ' after the described encryption of extracting.Decipherment algorithm described in the present embodiment can comprise storage private key on the client.Described client can utilize the private key of described storage to be decrypted the first identifying code A ' after described public key encryption.Mention in aforementioned, when using described asymmetric key cipher system encryption cleartext information, only having and using a pair public/private keys of mutually coupling just can complete decrypting process to cleartext information.In the present embodiment, the first identifying code A of described public key encryption, only has the private key matched with described PKI to decipher.The first identifying code A ' after if described client utilizes the private key stored can decipher described encryption, represent that private key that described client stores is the key mutually mated for a pair with described server to the PKI that the first identifying code A is encrypted, then decrypted result is successfully.Accordingly, if the first identifying code A ' after described client utilizes the private key being stored in self cannot decipher described encryption, then decrypted result is unsuccessfully.

Described client can carry out authentication according to the decrypted result of the first identifying code after described encryption.Such as, if described decrypted result is successfully, described client can pass through authentication.Now described client can obtain the data access authority when authentication is passed through preset, and the application in concrete client can be arranged user and passed through the access rights just to application specific functionality by authentication.If described decrypted result is unsuccessful, then described client cannot pass through authentication.In the WIFI network that described server is set up, described server can arrange the access authentication mode of client, comprises without encrypting and authenticating, encrypting and authenticating, and the access authentication mode of client can be set to without encrypting and authenticating by server described in the present embodiment.Described client can be connected in corresponding WIFI network without the need to carrying out password authentification, sets up communicate with described server.The WIFI network that described server is set up belongs to the WLAN (wireless local area network) of short haul connection, and client by being linked into this WIFI network and described server carries out information interaction, can carry out authentication.

In concrete application scenarios, server can provide the service of mobile phone self-recharging.Described server can set up a WIFI network corresponding with this account information according to the account information of user's input, and only having just can the application of serving of the mobile phone self-recharging that arranges of access services device by the application on the mobile terminal of authentication.Application on described mobile terminal also can arrange the request of the application only had by just having permission the mobile phone self-recharging service sending access services device during authentication.Concrete, server can by the 2 D code information in TCP client or the account information being obtained user C by user C in the account information that server inputs: user123.It is K_PUB that described server can inquire about the PKI of account information corresponding to user123 in customer data base.This PKI can be expressed as the public key encryption algorithm corresponding with user user123.After inquiring public key information corresponding to user yongh123, described server can stochastic generation one 16 the first identifying code MK3D90HB8H2JT4VZ.Described server can utilize the first identifying code MK3D90HB8H2JT4VZ of the PKI K_PUB corresponding to described user user123 to described server stochastic generation to be encrypted, and forms the first identifying code PYKJH89LOEN7F56G after encryption.Described server can set up a WIFI network by WIFI equipment, and can according to the SSID of WIFI network described in the agreement formatting of SSID.The agreement form of described SSID can be sent to described user and download in the application of client before this authentication.The agreement form of described SSID can be: identifying code A ' (16) after AUTH (preset name)+0000 (separating character)+encryption.The SSID of the WIFI network that described server can be set up according to the server of the agreement formatting user account of above-mentioned SSID corresponding to user123, Ke Yiwei: AUTH0000PYKJH89LOEN7F56G.After described server sets up WIFI network, the SSID comprising the first identifying code after encryption can be broadcast to surrounding space.Described client can by the WIFI network meeting the SSID of described agreement form around application scanning that described mobile terminal is installed.Described client is when scanning the WIFI network of the SSID meeting described agreement form, the SSID that can obtain this WIFI network is AUTH0000PYKJH89LOEN7F56G, and extracts the first identifying code PYKJH89LOEN7F56G after described encryption according to the agreement form of described SSID.Described client can utilize the private key K_PRI being stored in self to be decrypted the first identifying code PYKJH89LOEN7F56G after the encryption of described extraction.The first identifying code PYKJH89LOEN7F56G after described client utilizes private key K_PRI can decipher described encryption, described decrypted result is successfully, application in described client can pass through authentication, application-specific in described client can be connected to described SSID according to the rule pre-set be the WIFI network of AUTH0000PYKJH89LOEN7F56G, and have permission the application of the mobile phone self-recharging service that access services device is arranged, or have permission the request sending the service of access mobile phone self-recharging to server.The SSID that described server and described client can be set up by described server is that the WIFI network of AUTH0000PYKJH89LOEN7F56G carries out information interaction, completes the mobile phone self-recharging service of described client.

A kind of auth method described in the present embodiment, can utilize the network name of WIFI network to carry out authentication, can not complete the problem of authentication when the cordless communication network solving client place operator can not normally use.Current most terminal equipment has WIFI access function, utilize the auth method described in the present embodiment significantly can provide the application scenario of authentication, the convenience of authentication is provided, but also the data communication flow of user place telecom operators can be saved.

Certainly, the WIFI network set up of server described in the application can be connected by the cordless communication network of corresponding gateway or equipment and described client place operator or computer internet, can provide more service for described client.

Authentication can be carried out by client in above-described embodiment.The application also provides the another kind of embodiment of described a kind of auth method, and in this embodiment, decrypted result can be fed back to server by described client, carries out authentication by server according to decrypted result.Fig. 3 is the flow chart of the another kind of embodiment of a kind of auth method described in the application.As shown in Figure 3, auth method described in the present embodiment can comprise:

S1: server can obtain the account information of user, and cryptographic algorithm that can be corresponding with the account information of described acquisition based on the user profile inquiry stored;

S2: first identifying code of the cryptographic algorithm inquired described in server can utilize to server is encrypted, forms the first identifying code after encryption;

S3: server can set up wireless network, and the network name of agreement form is set for the wireless network of described foundation; Described network name can comprise the first identifying code after described encryption;

S4: client can scan wireless network; Described client can extract the first identifying code after described encryption from meeting the network name of described agreement form of scanning;

S502: described client can utilize the decipherment algorithm of storage to be decrypted the first identifying code after described encryption, described client can be sent to described server by the decrypted result of the first identifying code after described encryption by described wireless network;

S601: described server can receive described decrypted result, and carry out authentication according to described decrypted result.

The decrypted result of the first identifying code after the encryption to described extraction can be sent to described server by described wireless network by described client in the present embodiment.Described client is sent to can comprising the decrypted result of the first identifying code after described encryption of server:

Client is to the first identifying code successful decryption or failure after the encryption of described extraction.

Described server can receive the decrypted result that client returns, and described server can carry out part checking by according to described decrypted result.Such as, if the decrypted result that described client returns is successfully, described server can by the authentication of described client, and described client can obtain the corresponding authority of described server, can carry out further data access.If the decrypted result that described client returns is unsuccessfully, then described server can not by the authentication of described client.

Preferred embodiment, after described client can be decrypted the deciphering of acquisition to the first identifying code after described encryption by described client, the first identifying code is sent to server, carries out authentication by server according to the first identifying code after described deciphering.Therefore, client described in this embodiment is sent to can comprising the decrypted result of the first identifying code after described encryption of server:

Client is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after described encryption.

Accordingly, described server receives described decrypted result, and carries out authentication according to described decrypted result and comprise: described server receives described decrypted result, and from described decrypted result, extract the second identifying code after described deciphering; Whether more described second identifying code of described server is identical with described first identifying code, and passes through authentication when comparative result is identical.

Described client can utilize the decipherment algorithm of storage to be decrypted the first identifying code after the encryption of described extraction, can obtain the second identifying code after deciphering during the first identifying code after the encryption of extracting described in successful decryption.The decrypted result comprising rear first identifying code of deciphering can be sent to described server by described wireless network by described message sink end.Server end can receive described decrypted result and therefrom extract the second identifying code after described deciphering, and can the second identifying code after the deciphering of more described extraction whether identical with the first identifying code of described server; Described server can carry out authentication according to the comparative result of the second identifying code after the deciphering of described reception and described first identifying code.If described comparative result is identical, authentication can be passed through; If comparative result is not identical, authentication can not be passed through.

Such as, described client utilizes the private key stored to be decrypted the first identifying code A ' after described encryption, and the second identifying code when successful decryption after available deciphering is B.The second identifying code B after described deciphering is sent to described server by the wireless network that described client can be set up by described server.Described server can store the first identifying code of described generation, and therefore, after described server receives the second identifying code B after described deciphering, whether more described second identifying code B is identical with the first identifying code A that described server generates.If described second identifying code B is identical with the comparative result of the first identifying code A of described generation, described server can pass through authentication; If the result that described second identifying code B and the first identifying code A of described generation compare is not for identical, described server can not pass through authentication, and now described server can process according to preset processing mode.Utilize the mode described in the present embodiment to carry out authentication, the fail safe of authentication can be improved further.

The application also provides the another kind of preferred embodiment of described authentication.Fig. 4 is the method flow diagram of the another kind of embodiment of auth method described in the application.As shown in Figure 4, described method comprises:

S1: the account information that server can obtain, and cryptographic algorithm that can be corresponding with the account information of described user based on the user profile inquiry stored;

S3: server can set up wireless network, and the network name of arranging form can be set for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption;

S503: client can utilize the decipherment algorithm of storage to be decrypted the first identifying code after the encryption of described extraction; When successful decryption, described message sink end can utilize three identifying code of the decipherment algorithm of storage to client to be encrypted, and forms the 3rd identifying code after encryption; The 3rd identifying code after described encryption can send and be sent to server by described wireless network by described client;

S602: server can receive the 3rd identifying code after described encryption, and the cryptographic algorithm corresponding with the account information of the user obtained can be utilized to be decrypted the 3rd identifying code after described encryption; Described server carries out authentication according to the decrypted result of described cryptographic algorithm to the 3rd identifying code after described encryption.

It should be noted that, the cryptographic algorithm described in the application or decipherment algorithm can comprise the computational methods of information being carried out to certain rule transformation, wherein can comprise the application scenarios utilizing cryptographic algorithm to be decrypted, utilize decipherment algorithm to be encrypted.Such as described in the present embodiment cryptographic algorithm and decipherment algorithm can comprise PKI and private key, described PKI wherein can being utilized to utilize private key to be decrypted to being encrypted, private key also can be utilized to be encrypted information and utilize PKI to be decrypted.In this embodiment, the first identifying code after described client utilizes the decipherment algorithm stored can decipher the encryption of described server transmission, can verify that this client is the message recipient identity that described reception server sends message.Further, described client can utilize the decipherment algorithm of storage to be encrypted the 3rd identifying code in described client, forms the 3rd identifying code after encryption.The 3rd identifying code after described encryption can be sent to server by described wireless network by described client.Described server can utilize the cryptographic algorithm corresponding with the account information of user to be decrypted the 3rd identifying code after described encryption.If can decipher, the message sender iden-tity of message can be sent to described server by checking client.Specifically such as, described client can utilize the private key of storage to be encrypted the 3rd identifying code.Described 3rd identifying code can comprise the verification code information of client according to certain rule or stochastic generation.The 3rd identifying code after encrypted private key can be sent to server by described wireless network by described client.Described server can utilize PKI corresponding with user account information to be decrypted the 3rd identifying code after described encryption.If can successful decryption, described server can pass through authentication; If decipher unsuccessfully, described server can not pass through authentication.

In above-described embodiment, described server carries out authentication according to the decrypted result of described cryptographic algorithm to the 3rd identifying code after described encryption and can comprise:

When described server is to the 3rd identifying code successful decryption after described encryption, obtain the 4th identifying code after deciphering; Described server can more described 4th identifying code whether identical with the initialize verification code of server, and carry out authentication when comparative result is identical.

In this embodiment, described server can decipher the 3rd identifying code after described encryption, obtains the 4th identifying code after deciphering.Described server can more described 4th identifying code whether identical with the initialize verification code of server.3rd identifying code of described client encrypt and the initialize verification code of server can comprise the information for further authentication that described server and client side pre-sets usually.In concrete embodiment, 3rd identifying code of described client can comprise described client and be decrypted the first identifying code after the encryption of described extraction and the second identifying code obtained, the initialize verification code of described server can comprise the first identifying code of described server, accordingly, whether more described 4th identifying code of described server is identical with the initialize verification code of server comprises: whether the first identifying code of more described second identifying code of described server and described server is identical.Such as, server, when the user to account information being user123 carries out authentication, can generate the first identifying code A, and described server can store this generation first identifying code A, and using the initialize verification code of the first identifying code A of described generation as server.Described server can pass through cryptographic algorithm (PKI of such as user) and be encrypted the first identifying code A ' after obtaining encryption.The first identifying code A ' after described encryption is broadcasted away by the network name of the WIFI set up by described server.Described client scan is to this wireless network and utilize the private key of self to decipher the first identifying code A ' after the encryption that in this wireless network, network name comprises, and can obtain the second identifying code B after deciphering.In the present embodiment, described second identifying code B can be encrypted as the 3rd identifying code of described client by described client, the private key of client can be utilized to be encrypted described 3rd identifying code B, obtain the 3rd identifying code B ' after encrypting, and server can be sent by described wireless network.Described server can utilize the PKI corresponding with account information user123 to be decrypted the 3rd identifying code B ' after described encryption, can obtain the 4th identifying code C after deciphering.Further, described server can the 4th identifying code C after more described deciphering and the account information of server stores be whether the first identifying code A of the user of user123 is identical.If the 4th identifying code C after described public key decryptions is identical with the comparative result of described server first identifying code A, described server can pass through authentication; If the 4th identifying code C after described public key decryptions is not identical with the comparative result of described server first identifying code A, described server can not pass through authentication.

In another embodiment of a kind of authentication described in the application, 3rd identifying code of described client can comprise the account information of the user of client, the initialize verification code of described server can comprise the user profile of server stores, accordingly, whether the 4th identifying code after the more described deciphering of described server is identical with the initialize verification code of server comprises: whether the account information of user after the more described deciphering of described server is identical with the account information of the user of server stores.In the present embodiment, described client can obtain the account information of own user, using three identifying code of the account information of the user of described client as described client.After first identifying code of described client after the described encryption of deciphering, the account information of the private key of storage to the user in client can be utilized to be encrypted.The account information user123 of private key K_PRI to the user of client of client such as can be utilized to be encrypted, to form the user account information SFTFDK40AA9KANCM after encryption, and server can be sent to by described wireless network.Described server receives the user account information SFTFDK40AA9KANCM after described encryption, and the PKI K_PUB corresponding to account information user123 can be utilized to be decrypted the user account information after described encryption.The account information of user after deciphering and the account information of this user of server stores compare by described server, if identical, can pass through authentication; If different, authentication can not be passed through.Such as, if the account information of described server deciphering is user123, identical with the account information 123 of the user of server stores, can authentication be passed through.If the account of described server deciphering is user456, not identical with the account information user123 of the user of server stores, authentication can not be passed through.

In auth method described in above-mentioned any one embodiment, described server is the APPID information that can also comprise different application in the network name of the agreement form that the wireless network of described foundation is arranged, described client can extract the APPID information of described different application according to the agreement form of described network name, and according to the different application in the APPID data separation client of described extraction.Described APPID information can comprise the identifier of the different application for distinguishing client.Server can pre-set the APPID information for different application, the APPID that such as can arrange the precious purse application of counterpart expenditure is: " PAY_PACK ", the APPID that can arrange corresponding QQ application is: " IM_QQ ", or the APPD arranging corresponding Ali Wang Wang application is: " IM_WW " etc.Accordingly, described APPID information can be comprised in the agreement form of described SSID, described APPID information can be extracted according to the agreement form of described SSID after described client obtains described agreement form SSID, and can different application in client according to the APPID data separation of described extraction.Certainly, be sent in described client in the message of server and also can comprise described APPID information, described server can distinguish the different application in described client by described APPID.By the present embodiment, described server or client can complete the authentication of different application in client by the wireless network set up.

In the application scenarios that another kind is concrete, can comprise SessionID information in network name described above, described SessionID information can comprise the identifier carrying out the session of authentication generation for identifying described server and client that server is set up.Described network name agreement form can comprise: identifying code after session identification+encryption, as: SessionID+A '.Described SessionID can distinguish the session of described server and different clients, obtains and distinguishes the session in the generation of different time of described server and same client.In concrete application scenarios, described server can set up multiple different WIFI network and multiple client produces session, carries out information interaction, and described server can be the SessionID that session establishment is different each time.Described SessionID can be comprised in the agreement form of described SSID, can extract described SessionID according to the agreement form of described SSID after described client obtains described SSID, described client can be distinguished according to the SessionID of described extraction and judge whether carry out mutual information belongs to a session with server.Certainly, described client is sent in the message of server also can comprise described SessionID information, according to described SessionID, described server can judge whether carry out mutual information belongs to a session with client.

In the another kind of execution mode of the application, described client directly can not carry out information interaction with described server.Described client can as POS, public service equipment etc. as trunking with as described in server communicate, complete authentication.Therefore, the application provides a kind of another kind of embodiment of auth method, and described method can comprise:

S201: trunking obtains the account information of input, and the account information of described acquisition is sent to server;

S202: server receives described account information, and inquire about the cryptographic algorithm corresponding with the user account information of described acquisition based on the user profile stored; Described cryptographic algorithm is sent to described trunking by described server;

S203: trunking receives described cryptographic algorithm, and utilize first identifying code of the cryptographic algorithm of described reception to described trunking to be encrypted, form the first identifying code after encryption;

S204: wireless network set up by trunking, and the network name of agreement form is set for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption;

S205: the network name of client scan wireless network; Described client from meeting the network name of described agreement form of scanning extracting the first identifying code after described encryption;

S2061: described client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction; Client carries out authentication according to the decrypted result of the first identifying code after described encryption.

First identifying code of trunking described above can comprise the first identifying code of described trunking generation, or from the first identifying code that the server received sends.

In the another kind of execution mode of above-mentioned a kind of auth method, on completing after S204, can comprise:

S2062: described client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction, and the decrypted result of the first identifying code after the encryption to described extraction can be sent to trunking by described wireless network;

S2071: described trunking can receive the described decrypted result of client transmission and described decrypted result is sent to server;

S2081: described server can receive the decrypted result that described trunking sends, and carries out authentication according to described decrypted result.

A kind of auth method described above, what described client sent comprises the decrypted result of the first identifying code after described deciphering: client is to the first identifying code successful decryption or failure after the encryption of described extraction.What described client sent comprises the decrypted result of the first identifying code after described deciphering: to the first identifying code successful decryption or failure after the encryption of described extraction.If described decrypted result is successfully, authentication can be passed through; If described decrypted result is unsuccessfully, authentication can not be passed through.

Certainly, what described client sent can comprise the decrypted result of the first identifying code after described deciphering:

Client is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after described encryption;

Accordingly, described server receives the described decrypted result that trunking sends, and carries out authentication according to described decrypted result and comprise: described server receives described decrypted result, and from described in extract the second identifying code decrypted result; Whether more described second identifying code of described server is identical with the first identifying code of server, and passes through ID card verification when comparative result is identical.

In the another kind of auth method of the application, described method can comprise:

S205: the network name of client scan wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning;

S2063: client utilizes the decipherment algorithm stored to be decrypted the first identifying code after the encryption of described extraction; When successful decryption, described message sink end can utilize three identifying code of the decipherment algorithm of storage to client to be encrypted, and forms the 3rd identifying code after encryption; The 3rd identifying code after described encryption can send and be sent to trunking by described wireless network by described client;

S3072: trunking can receive the 3rd identifying code after described encryption, and the identifying code after described encryption is sent to server;

S3082: server can receive three identifying codes after described encryption, and the cryptographic algorithm corresponding with the account information of the user obtained can be utilized to be decrypted the 3rd identifying code after described encryption; Described server carries out authentication according to the decrypted result of described cryptographic algorithm to the 3rd identifying code after described encryption.

3rd identifying code of client described above can comprise: client is according to the verification code information of certain rule or stochastic generation.In above-described embodiment, client can utilize three identifying code of the private key of self to client to be encrypted, and is sent to server by described trunking.If the 3rd identifying code after described server can utilize corresponding private key to decipher described encryption, then can pass through authentication.

Preferred embodiment, described server carries out authentication according to the decrypted result of described cryptographic algorithm to the 3rd identifying code after described encryption and can comprise::

Described server, when to the 3rd identifying code successful decryption after described encryption, obtains the 4th identifying code after deciphering; Whether more described 4th identifying code of described server is identical with server initialize verification code, and passes through authentication when comparative result is identical.

With reference to other embodiments of the application, 3rd identifying code of described client comprises described client and is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after described encryption, and the initialize verification code of described server can comprise the first identifying code of described server;

Accordingly, whether more described 4th identifying code of described server is identical with the initialize verification code of server comprises: whether the first identifying code of more described second identifying code of described server and server is identical;

Or,

3rd identifying code of described client comprises the account information of the user of client, and the initialize verification code of described server comprises the account information of the user of server stores;

Accordingly, whether more described 4th identifying code of described server is identical with the initialize verification code of server comprises: whether the account information of user after the more described deciphering of described server is identical with the account information of the user of server stores.

Certainly, the APPID information of different application can also be comprised in the network name of the agreement form that the wireless network that described trunking is set up is arranged, described client can extract the APPID information of described different application according to the agreement form of described network name, and according to the different application in the APPID data separation client of described extraction.

Based on the auth method described in the application, the application provides a kind of server of authentication.Fig. 5 is the modular structure schematic diagram of the server of authentication described in the application.As shown in Figure 5, described server can comprise:

Account acquiring unit 101, may be used for the account information obtaining user;

Customer data base 102, may be used for storing subscriber information; Described user profile can comprise the account information of user, the cryptographic algorithm of user;

Query unit 103, may be used for based on the user profile inquiry the stored cryptographic algorithm corresponding with the account information of described acquisition;

Ciphering unit 104, can generate the first identifying code, and is encrypted described first identifying code for the cryptographic algorithm inquired described in utilizing, and forms the first identifying code after encryption;

Radio network unit 105, may be used for setting up wireless network, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption.

Fig. 6 is the modular structure schematic diagram of the another kind of embodiment of the server of a kind of authentication described in the application, and as shown in Figure 6, described server can also comprise:

First receiving element 106, may be used for the decrypted result to the first identifying code after encryption obtaining client or trunking transmission;

First identity authenticating unit 107, may be used for carrying out authentication according to the decrypted result of described receiving element 106.

The modular structure schematic diagram of Fig. 7 the first identity authenticating unit 107 described above, as shown in Figure 7, described first identity authenticating unit 107 can comprise:

First extraction unit 1071, may be used for from described decrypted result, extract rear first identifying code of deciphering;

First comparing unit 1072, whether the first identifying code that after may be used for the deciphering of more described extraction, the first identifying code and ciphering unit 104 generate is identical;

First authentication unit 1073, after may be used for the deciphering according to described extraction, the comparative result of the first identifying code that the first identifying code and ciphering unit 104 generate carries out authentication.

Fig. 8 is the modular structure schematic diagram of the another kind of embodiment of the server of a kind of authentication described in the application, and as shown in Figure 8, described server can also comprise:

Second receiving element 108, may be used for the 3rd identifying code received after the encryption of client or trunking transmission;

Decryption unit 109, may be used for utilizing cryptographic algorithm corresponding with the user account obtained in customer data base 102 to be decrypted the 3rd identifying code after described encryption;

Second identity authenticating unit 1010, may be used for according to carrying out authentication to the decrypted result of the 3rd identifying code after described encryption.

The modular structure schematic diagram of Fig. 9 the first identity authenticating unit 1010 described above, as shown in Figure 9, described second identity authenticating unit 1010, can comprise:

Second extraction unit 1011, may be used for extracting four identifying code of described decryption unit 109 to the 3rd identifying code deciphering acquisition after described encryption;

Second comparing unit 1012, may be used for the 4th identifying code after more described deciphering whether identical with the initialize verification code of storage;

Second authentication unit 1013, may be used for carrying out authentication according to the comparative result of the initialize verification code of described 4th identifying code and storage.

The initialize verification code that described second comparing unit 1012 stores, can comprise the first identifying code that ciphering unit 104 generates, or the user account information of user data library storage.

The application also provides a kind of client of authentication, and Figure 10 is the modular structure schematic diagram of the client of described a kind of authentication.As shown in Figure 10, described client can comprise:

Memory cell 201, may be used for the agreement form of storage networking title; The decipherment algorithm of the account information storing user can also be used for;

Network sweep unit 202, may be used for the network name meeting the wireless network of described agreement form based on the agreement form scanning of the network name stored;

Extraction unit 203, may be used for meeting the network name of agreement form from what scan the first identifying code extracted after encryption;

First decryption unit 204, the decipherment algorithm that may be used for based on storing is decrypted the first identifying code after the encryption of described extraction.

Figure 11 is the modular structure schematic diagram of the another kind of embodiment of the client of a kind of authentication described above.As shown in figure 11, described client can also comprise:

Identity authenticating unit 205, the decrypted result that may be used for based on described first decryption unit 204 carries out authentication.

Figure 12 is the modular structure schematic diagram of the another kind of embodiment of the client of a kind of authentication described above.As shown in figure 12, described client can also comprise:

First transmitting element 206, may be used for the decrypted result of the first identifying code after the encryption to described extraction to be sent to server or trunking by described wireless network.

Described client is sent to comprising the decrypted result of the first identifying code after described encryption of server or trunking:

Client is to the first identifying code successful decryption or failure after the encryption of described extraction;

Or,

Figure 13 is the modular structure schematic diagram of the another kind of embodiment of the client of a kind of authentication described above.As shown in figure 13, described client can also comprise:

First ciphering unit 207, may be used for the first identifying code after the encryption to described extraction when being decrypted successfully, utilizes three identifying code of decipherment algorithm to client stored to be encrypted, forms the 3rd identifying code after encryption;

Second transmitting element 208, can be sent to server or trunking by the 3rd identifying code after described encryption by described wireless network.

3rd identifying code of client described above comprises: described client is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after described encryption; Or, the account information of the user of client.

The application also provides a kind of trunking, and Figure 14 is the modular structure schematic diagram of described trunking.As shown in figure 14, described trunking can comprise:

Information acquisition unit 301, may be used for the account information obtaining user;

Information receiving unit 302, may be used for the cryptographic algorithm that reception server sends;

Information encryption unit 303, may be used for generating or receiving the first identifying code from server, and utilizes the cryptographic algorithm received to be encrypted described first identifying code, forms the first identifying code after encryption;

Wireless network broadcast unit 304, may be used for setting up wireless network, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption.

Figure 15 is the modular structure schematic diagram of the another kind of execution mode of a kind of trunking described above, and as shown in figure 15, described trunking can also comprise:

Feedback reception unit 305, may be used for the feedback result receiving client transmission;

Feedback transmitting element 306, may be used for the client feedback result of described reception to be sent to server.The feedback result that the client that described trunking receives sends comprises:

Client is to the first identifying code successful decryption or failure after encryption;

Or,

Client is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after encryption;

Or,

Client utilizes three identifying code of decipherment algorithm to client stored to be encrypted the 3rd identifying code after the encryption of acquisition.

Cryptographic algorithm described in above-mentioned client, server, trunking and decipherment algorithm can comprise PKI in rivest, shamir, adelman and private key.Other other algorithms meeting the application's authentication algorithm can certainly be comprised.The wireless network of the foundation described in concrete products application can comprise WIFI network.

The application also provides a kind of system of authentication, and described system can comprise:

Client, may be used for the network name scanning wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning; Can also be used for utilizing the decipherment algorithm of storage to be decrypted the first identifying code after the encryption of described extraction; The decrypted result of the first identifying code after the encryption to described extraction can also be used for be sent to described server by described wireless network;

Server, may be used for the account information obtaining user, and inquires about the cryptographic algorithm corresponding with the account information of described acquisition based on the user profile stored; First identifying code of cryptographic algorithm to server that can also be used for inquiring described in utilizing is encrypted, and forms the first identifying code after encryption; Can also wireless network be set up, and the network name of agreement form is set for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption; Described decrypted result can also be received, and carry out authentication according to described decrypted result.

Utilize described a kind of auth method, client, server and the trunking of the application, the wireless network that client can utilize trunking or server to set up communicates with server, carries out authentication.In the process of this authentication, the network name of the wireless network of foundation can be utilized to carry out the transmission of authentication information.Utilize each embodiment of the application, the problem of authentication when the cordless communication network that can solve user place operator cannot use, cannot be carried out.And, utilize the application, the application scenario of authentication can also be increased substantially, improve the convenience of authentication.

Although refer to 802.11 in foregoing in the description of interior agreement and so on, it must be meet 802.11 of specification completely in the situation of interior agreement that the application is not limited to.On the basis of some agreement, amended slightly transmission mechanism also can carry out the scheme of each embodiment of above-mentioned the application.Certainly, even if do not adopt above-mentioned IP/TCP/UDP agreement, but adopt proprietary protocol, as long as meet the information interaction of the application's the various embodiments described above and information judges feedback system, still can realize identical application, not repeat them here.

Those skilled in the art also know, except realizing except controller in pure computer readable program code mode, controller can be made to realize identical function with the form of gate, switch, application-specific integrated circuit (ASIC), programmable logic controller (PLC) and embedding microcontroller etc. by method step being carried out programming in logic completely.Therefore this controller can be considered to a kind of hardware component, and to the structure that also can be considered as the device realizing various function in hardware component comprised in it.Or even, the device being used for realizing various function can be considered as not only can be implementation method software module but also can be structure in hardware component.

System, device, module or unit that above-described embodiment is illustrated, specifically can be realized by computer chip or entity, or be realized by the product with certain function.

For convenience of description, various unit is divided into describe respectively with function when describing above device.Certainly, the function of each unit can be realized in same or multiple software and/or hardware when implementing the application.

As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the application can add required general hardware platform by software and realizes.Based on such understanding, the technical scheme of the application can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the application or embodiment.

Each embodiment in this specification adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.

The application can be used in numerous general or special purpose computing system environments or configuration.Such as: personal computer, server computer, handheld device or portable set, laptop device, multicomputer system, system, set top box, programmable consumer-elcetronics devices, network PC, minicom, mainframe computer, the distributed computing environment (DCE) comprising above any system or equipment etc. based on microprocessor.

The application can describe in the general context of computer executable instructions, such as program module.Usually, program module comprises the routine, program, object, assembly, data structure etc. that perform particular task or realize particular abstract data type.Also can put into practice the application in a distributed computing environment, in these distributed computing environment (DCE), be executed the task by the remote processing devices be connected by communication network.In a distributed computing environment, program module can be arranged in the local and remote computer-readable storage medium comprising memory device.

Although depict the application by embodiment, those of ordinary skill in the art know, the application has many distortion and change and do not depart from the spirit of the application, and the claim appended by wishing comprises these distortion and change and do not depart from the spirit of the application.

Claims

1. an auth method, is characterized in that, described method comprises:

2. an auth method, is characterized in that, described method comprises:

3. a kind of auth method as claimed in claim 2, is characterized in that, described client is sent to comprising the decrypted result of the first identifying code after described encryption of server:

4. a kind of auth method as claimed in claim 2, is characterized in that, described client is sent to comprising the decrypted result of the first identifying code after described encryption of server:

Client is decrypted the second identifying code of acquisition to the first identifying code after described encryption;

Accordingly, described server receives described decrypted result, and carries out authentication according to described decrypted result and comprise: described server receives described decrypted result, and from described decrypted result, extract described second identifying code; Whether more described second identifying code of described server is identical with described first identifying code, and passes through authentication when comparative result is identical.

5. an auth method, is characterized in that, described method comprises:

6. a kind of auth method as claimed in claim 5, is characterized in that, described server comprises according to carrying out authentication to the decrypted result of the 3rd identifying code after described encryption:

Described server, when to the 3rd identifying code successful decryption after described encryption, obtains the 4th identifying code after deciphering; Whether more described 4th identifying code of described server is identical with the initialize verification code of server, and passes through authentication when comparative result is identical.

7. a kind of auth method as claimed in claim 6, is characterized in that,

3rd identifying code of described client comprises described client is decrypted acquisition the second identifying code to the first identifying code after described encryption, and the initialize verification code of described server comprises the first identifying code of described server;

Accordingly, whether more described 4th identifying code of described server is identical with the initialize verification code of server comprises: whether the first identifying code of more described second identifying code of described server and described server is identical;

Or,

8. an auth method, is characterized in that, described method comprises:

9. an auth method, is characterized in that, described method comprises:

10. a kind of auth method as claimed in claim 9, is characterized in that, described client is sent to comprising the decrypted result of the first identifying code after described encryption of trunking:

11. a kind of auth methods as claimed in claim 9, is characterized in that, described client is sent to comprising the decrypted result of the first identifying code after described encryption of trunking:

Accordingly, described server receives the described decrypted result that trunking sends, and carries out authentication according to described decrypted result and comprise: described server receives described decrypted result, and the second identifying code extract described deciphering from described decrypted result after; Whether more described second identifying code of described server is identical with the first identifying code of server, and passes through ID card verification when comparative result is identical.

12. 1 kinds of auth methods, is characterized in that, described method comprises:

13. a kind of auth methods as claimed in claim 12, is characterized in that, described server comprises according to carrying out authentication to the decrypted result of the 3rd identifying code after described encryption:

14. a kind of auth methods as claimed in claim 13, is characterized in that,

3rd identifying code of described client comprises described client is decrypted acquisition the second identifying code to the first identifying code after described encryption, and described initialize verification code comprises the first identifying code of described server;

Accordingly, whether more described 4th identifying code of described server is identical with the initialize verification code of server comprises: whether more described second identifying code of described server is identical with server first identifying code;

Or,

The third yard of described client comprises the account information of client user, and the initialize verification code of described server comprises the account information of the user of server stores;

15. 1 kinds of auth methods, is characterized in that, described method comprises:

16. a kind of auth methods as claimed in claim 15, is characterized in that,

Described server also receives the decrypted result to the first identifying code after encryption of client or trunking transmission, and carries out authentication according to described decrypted result.

17. a kind of auth methods as claimed in claim 16, is characterized in that, what described server received comprises the decrypted result of the first identifying code after encryption:

Or,

Accordingly, described server also receives the decrypted result to the first identifying code after encryption of client or trunking transmission, and carry out authentication according to described decrypted result and comprise: the decrypted result that described server receives client or trunking send, and the second identifying code extract deciphering from described decrypted result after; Whether more described second identifying code of described server is identical with the first identifying code of described server, and carries out ID card verification when comparative result is identical.

18. a kind of auth methods as claimed in claim 15, it is characterized in that, described server also receives the 3rd identifying code after the encryption of client or trunking transmission, and utilizes the cryptographic algorithm corresponding with the account information of the user obtained to be decrypted the 3rd identifying code after described encryption; Described server carries out authentication according to the decrypted result of the 3rd identifying code after described encryption.

19. a kind of auth methods as claimed in claim 18, is characterized in that, described server comprises according to carrying out authentication to the decrypted result of the 3rd identifying code after described encryption:

Described server, when to the 3rd identifying code successful decryption after described encryption, obtains the 4th identifying code after deciphering; Whether more described 4th identifying code of described server is identical with the initialize verification code of server, and carries out authentication according to described 4th identifying code and described comparative result.

20. a kind of auth methods as claimed in claim 19, is characterized in that,

3rd identifying code of described client comprises described client and is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after encryption, and the initialize verification code of described server comprises the first identifying code of described server;

Or,

3rd identifying code of described client comprises the account information of the user of client, and the preset features code of described server comprises the account information of the user of server stores;

21. 1 kinds of auth methods, is characterized in that, described method comprises:

The network name of client scan wireless network;

22. 1 kinds of auth methods, is characterized in that, described method comprises:

The network name of client scan wireless network;

23. a kind of auth methods as claimed in claim 22, is characterized in that, described client is sent to comprising the decrypted result of the first identifying code after described encryption of server or trunking:

Or,

24. 1 kinds of auth methods, is characterized in that, described method comprises:

The network name of client scan wireless network;

25. a kind of auth methods as claimed in claim 24, is characterized in that, the 3rd identifying code of described client comprises:

Described client is decrypted the second identifying code after the deciphering of acquisition to the first identifying code after described encryption;

Or,

The account information of the user of client.

26. 1 kinds of auth methods, is characterized in that, described method comprises:

Trunking obtains the account information of user, and the account information of described acquisition is sent to server;

The cryptographic algorithm that trunking reception server sends, and utilize first identifying code of the cryptographic algorithm of described reception to described trunking to be encrypted, form the first identifying code after encryption;

Wireless network set up by trunking, and arranges the network name of agreement form for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption.

27. a kind of auth methods as claimed in claim 26, is characterized in that,

Described trunking also receives the feedback result that client sends, and the feedback result of described reception is sent to server;

The feedback result that the client that described trunking receives sends comprises:

Or,

The server of 28. 1 kinds of authentications, is characterized in that, comprising:

Account acquiring unit, for obtaining the account information of user;

The server of 29. a kind of authentications as claimed in claim 28, is characterized in that, also comprise:

First receiving element, for receiving the decrypted result to the first identifying code after encryption of client or trunking transmission;

First identity authenticating unit, carries out authentication for the decrypted result according to described receiving element.

The server of 30. a kind of authentications as claimed in claim 29, is characterized in that, described first identity authenticating unit comprises:

First extraction unit, for extracting rear first identifying code of deciphering from described decrypted result;

Whether the first comparing unit is identical with the first identifying code that ciphering unit generates for the first identifying code after the deciphering of more described extraction;

First authentication unit, the comparative result for the first identifying code generated according to the first identifying code after the deciphering of described extraction and ciphering unit carries out authentication.

The server of 31. a kind of authentications as claimed in claim 28, is characterized in that, also comprise:

Second receiving element, for receiving the 3rd identifying code after encryption that client or trunking send;

Decryption unit, is decrypted the 3rd identifying code after described encryption for utilizing cryptographic algorithm corresponding with the user account obtained in customer data base;

Second identity authenticating unit, carries out authentication for basis to the decrypted result of the 3rd identifying code after described encryption.

The server of 32. a kind of authentications as claimed in claim 31, is characterized in that, described second identity authenticating unit comprises:

Second extraction unit, for extracting the 4th identifying code that described decryption unit obtains the 3rd identifying code deciphering after described encryption;

Whether the second comparing unit is identical with the initialize verification code of storage for more described 4th identifying code;

Second authentication unit, the comparative result for the initialize verification code according to described 4th identifying code and storage carries out authentication.

The server of 33. a kind of authentications as claimed in claim 32, is characterized in that, the initialize verification code that described second comparing unit stores comprises:

The first identifying code that ciphering unit generates;

Or,

The user account information of user data library storage.

34. 1 kinds of authentication clients, is characterized in that, comprising:

The client of 35. a kind of authentications as claimed in claim 34, is characterized in that, also comprise:

Identity authenticating unit, for carrying out authentication based on the decrypted result of described first decryption unit.

The client of 36. a kind of authentications as claimed in claim 34, is characterized in that, also comprise:

First transmitting element, for being sent to server or trunking by the decrypted result of the first identifying code after the encryption to described extraction by described wireless network.

The client of 37. a kind of authentications as claimed in claim 36, is characterized in that, described client is sent to comprising the decrypted result of the first identifying code after described encryption of server or trunking:

Or,

The client of 38. a kind of authentications as claimed in claim 34, is characterized in that, also comprise:

First ciphering unit, when being decrypted successfully for the first identifying code after the encryption to described extraction, utilizing three identifying code of decipherment algorithm to client stored to be encrypted, forms the 3rd identifying code after encryption;

Second transmitting element, is sent to server or trunking by the 3rd identifying code after described encryption by described wireless network.

The client of 39. a kind of authentications as claimed in claim 38, is characterized in that, the 3rd identifying code of described client comprises:

Or,

The account information of the user of client.

The trunking of 40. 1 kinds of authentications, is characterized in that, comprising:

Information acquisition unit, for obtaining the account information of user;

The trunking of 41. a kind of authentications as claimed in claim 40, is characterized in that, also comprise:

Feedback reception unit, for receiving the feedback result that client sends;

Feedback transmitting element, for being sent to server by the client feedback result of described reception.

The trunking of 42. a kind of authentications as claimed in claim 41, is characterized in that, the feedback result that the client that described trunking receives sends comprises:

Or,

43. 1 kinds of authentication systems, is characterized in that, comprising:

Client, for scanning the network name of wireless network; Described client extracts the first identifying code after described encryption from meeting the network name of described agreement form of scanning; Also for utilizing the decipherment algorithm of storage to be decrypted the first identifying code after the encryption of described extraction; Also for the decrypted result of the first identifying code after the encryption to described extraction is sent to described server by described wireless network;

Server, for obtaining the account information of user, and inquires about the cryptographic algorithm corresponding with the account information of described acquisition based on the user profile stored; First identifying code of cryptographic algorithm to server also for inquiring described in utilizing is encrypted, and forms the first identifying code after encryption; Also for setting up wireless network, and the network name of agreement form is set for the wireless network of described foundation; Described network name comprises the first identifying code after described encryption; Also for receiving described decrypted result, and carry out authentication according to described decrypted result.