CN105959323A - Identity authentication system, method and apparatus - Google Patents
Identity authentication system, method and apparatus Download PDFInfo
- Publication number
- CN105959323A CN105959323A CN201610555428.1A CN201610555428A CN105959323A CN 105959323 A CN105959323 A CN 105959323A CN 201610555428 A CN201610555428 A CN 201610555428A CN 105959323 A CN105959323 A CN 105959323A
- Authority
- CN
- China
- Prior art keywords
- terminal equipment
- response message
- server
- encrypted message
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the application provides an identity authentication system, method and apparatus. User terminal equipment acquires target response information from computing terminal equipment, target user identification and the target response information are sent to a server, and the server acquires target password information according to the target user identification and judges whether identity authentication is successful according to the target password information and the target response information. In the entire authentication process, a user does not need to input the target password information, i.e. the user does not need to memory the target password information, and thus, in order to achieve higher safety, a target password can be set to be more complex. The safety level of the server is much greater than the safety level of the computing terminal equipment and the target password information is stored in the server, and thus, the situation that the user inputs the target password information at the computing terminal equipment to cause leakage of the target password information is avoided. The target password information is obtained on the basis of the target user identification, and thus, one more verification is increased, so that reliability of identity authentication is further improved.
Description
Technical field
The application relates to communication technical field, more particularly relates to identity authorization system, method and device.
Background technology
At present, in order to prevent the information in electronic equipment from being stolen by disabled user, user to electronic equipment
In data when operating, need user to carry out authentication.During carrying out authentication,
Need authenticating device to be connected with electronic equipment, and in authenticating device, input encrypted message, when user's
After entry password and encrypted message are all verified, user just has and grasps the data in electronic equipment
The authority made.Illustrate as a example by encryption equipment below.
When user operates on encryption equipment, need to insert USB KEY in encryption equipment, when user steps on
Record password authentication passes through, and PIN (the Personal Identification that user inputs on USB KEY
Number, PIN) after code is verified, the data in electronic equipment could be grasped by user
Make.
When user forgets Password information, the data in electronic equipment can not be operated by user.
Summary of the invention
In view of this, the invention provides a kind of identity authorization system, method and device, existing to solve
In technology when user forgets Password information, user can not be to asking that the data in electronic equipment operate
Topic.
For achieving the above object, the present invention provides following technical scheme:
A kind of identity authorization system, including: authenticating device, computing terminal equipment, server and user
Terminal unit, wherein:
Described authenticating device, the login authentication request sent for described computing terminal equipment, generate purpose
Response message, and send to described computing terminal equipment;
Described computing terminal equipment, for sending described login authentication request to setting with described computing terminal
The standby described authenticating device setting up communication connection;Receive described purpose response message;
Described subscriber terminal equipment, for obtaining described purpose response message by described computing terminal equipment,
And described purpose response message and purpose ID are sent to described server, described purpose user
Mark includes that the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current purpose logged in are used
Family login banner;
Described server, for according to described purpose ID, it is thus achieved that purpose encrypted message;According to institute
State purpose encrypted message and described purpose response message judges that authentication is the most successful.
Preferably, described computing terminal equipment is additionally operable to:
Described purpose response message is generated answer signal, and described answer signal is response acoustical signal, answers
Answer optical signal or response figure signal;
Described subscriber terminal equipment by described computing terminal equipment obtain described purpose response message time,
Specifically for:
The described answer signal obtained;
Resolve described answer signal, it is thus achieved that described purpose response message.
Wherein, described server is according to described purpose ID, it is thus achieved that during purpose encrypted message, tool
Body is used for:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher
Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose
The described purpose encrypted message that ID is corresponding.
Preferably, described server is additionally operable to:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds
Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
A kind of identity identifying method, is applied to server, and described identity identifying method includes:
Receiving purpose response message and purpose ID that subscriber terminal equipment sends, described purpose should
The information of answering is that the login authentication request that authenticating device sends based on computing terminal equipment generates, described purpose
ID includes the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current use logged in
Family login banner;
According to described purpose ID, it is thus achieved that purpose encrypted message;
According to described purpose encrypted message and described purpose response message, it is judged that authentication is the most successful.
Wherein, described according to described purpose ID, it is thus achieved that purpose encrypted message includes:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher
Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose
The described purpose encrypted message that ID is corresponding.
Preferably, also include:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds
Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
Wherein, described authentication is judged according to described purpose encrypted message and described purpose response message
The most successfully include:
Use described purpose encrypted message that described purpose response message is encrypted, generate authentication code, and
Send to described authenticating device;
Receiving the matching result of described authenticating device feedback, described matching result indicates described authenticating device
The accurate authentication code that the precise code information stored based on self obtains with purpose response message and described certification
The matching result of code, or described authenticating device resolves from described authentication code based on described precise code information
The matching result resolving response message and described purpose response message gone out;
Determine one's identity certification the most successfully according to described matching result.
Wherein, described authentication is judged according to described purpose encrypted message and described purpose response message
The most successfully include:
Receiving what authenticating device sent, precise code information based on self storage obtains with purpose response message
The accurate authentication code obtained;
Determine that matching result, described matching result indicate described server based on described purpose encrypted message
The authentication code obtained with purpose response message and the matching result of described accurate authentication code, or described server
The parsing response message parsed from described accurate authentication code based on described purpose encrypted message and described mesh
The matching result of response message;
Determine one's identity certification the most successfully according to described matching result.
A kind of identification authentication system, is applied to server, and described identification authentication system includes:
Receiver module, for receiving purpose response message and the purpose user mark that subscriber terminal equipment sends
Knowing, described purpose response message is that authenticating device please based on the login authentication that described computing terminal equipment sends
Seeking survival, described purpose ID includes described purpose subscriber terminal equipment mark and/or currently logs in
User's login banner;
Acquisition module, for according to described purpose ID, it is thus achieved that purpose encrypted message;
Judge module, for according to described purpose encrypted message and described purpose response message, it is judged that body
Part certification is the most successful.
Understand via above-mentioned technical scheme, compared with prior art, embodiments provide one
Identity authorization system, subscriber terminal equipment obtains purpose response message from computing terminal equipment, by purpose
ID and purpose response message send to server, and server is according to purpose ID, it is thus achieved that
Purpose encrypted message, and judge whether authentication becomes according to purpose encrypted message and purpose response message
Merit.In whole verification process, it is not necessary to user inputs purpose encrypted message, i.e. user without remembering purpose
Encrypted message, therefore to higher safety, can be arranged by purpose password is more complicated.Due to
The level of security of server is far longer than the level of security of computing terminal equipment, and purpose encrypted message is stored in
In server, it is to avoid user inputs purpose encrypted message at computing terminal equipment, cause revealing purpose close
The situation of code information.Owing to purpose encrypted message obtains based on purpose ID, i.e. get involved the 3rd
Side's electronic equipment i.e. subscriber terminal equipment, adds again a re-examination card, thus further increases identity and test
The reliability of card.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality
Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below,
Accompanying drawing in description is only embodiments of the invention, for those of ordinary skill in the art, not
On the premise of paying creative work, it is also possible to obtain other accompanying drawing according to the accompanying drawing provided.
The information interactive stream of each equipment in a kind of identity authorization system that Fig. 1 provides for the embodiment of the present application
Journey schematic diagram;
In a kind of identity authorization system that Fig. 2 provides for the embodiment of the present application, server is close according to described purpose
Code information and described purpose response message judge the signaling of the most successful a kind of implementation of authentication
Figure;
In a kind of identity authorization system that Fig. 3 provides for the embodiment of the present application, server is close according to described purpose
Code information and described purpose response message judge the signaling of the most successful another implementation of authentication
Figure;
In a kind of identity authorization system that Fig. 4 provides for the embodiment of the present application, server is close according to described purpose
Code information and described purpose response message judge the signaling of the most another implementation of authentication
Figure;
A kind of flow chart of the implementation of the identity identifying method that Fig. 5 provides for the embodiment of the present application;
The structural representation of the identification authentication system being applied to server that Fig. 6 provides for the embodiment of the present application.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out
Clearly and completely describe, it is clear that described embodiment is only a part of embodiment of the present invention, and
It is not all, of embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing
Go out the every other embodiment obtained under creative work premise, broadly fall into the scope of protection of the invention.
The embodiment of the present application provides a kind of identity authorization system, and this identity authorization system includes: certification sets
For 11, computing terminal equipment 12, server 13 and subscriber terminal equipment 14, it is illustrated in figure 1 identity and recognizes
The information interaction flow schematic diagram of each equipment in card system.
Step S101: computing terminal equipment 12 sends login authentication request to authenticating device 11.
Authenticating device 11 and computing terminal equipment 12 set up communication connection (can be wired connection, it is possible to
Think wireless connections) after, computing terminal equipment 12 can send login authentication request to authenticating device 11;
Or, set up communication connection at authenticating device 11 with computing terminal equipment 12, and user's login banner (can
To include user login name and/or user login code) after certification passes through, computing terminal equipment 12 can be to
Authenticating device sends login authentication request;Or, user is by clicking on computing terminal equipment 12 display interface
In certain virtual key or click on computing terminal equipment 12 physical button after, computing terminal equipment 12
Login authentication request can be sent to authenticating device.
Computing terminal equipment 12 can be computer, notebook, PAD, PDA, smart mobile phone etc..
Step S102: authenticating device 11 feeds back purpose response message to computing terminal equipment.
Purpose response message can be random number, i.e. for same user's login banner and same authenticating device
For, computing terminal equipment is every time after authenticating device sends login authentication request, and authenticating device feeds back
Random number can differ.
Purpose response message can also be based on what logging request generated, such as can carry in logging request
There is purpose user's login banner (such as user name or user cipher), mark can be logged according to purpose user
Know and generate purpose response message.
The embodiment of the present application will currently log in the user of computing terminal equipment and subscriber terminal equipment, be referred to as
Purpose user, this purpose user is also the holder of this authenticating device, purpose is used in the embodiment of the present application
The noun that family relates in carrying out authentication process itself, in order to make a distinction with other users, claims respectively
For: purpose ID, purpose user terminal identification, purpose user's login banner, purpose encrypted message,
Purpose response message.Purpose user is also any user.
Step S103: subscriber terminal equipment 14 obtains purpose response message from computing terminal equipment 12.
Can be to pre-build that computing terminal equipment (can be wired with the communication connection of subscriber terminal equipment
Connect, it is also possible to for wireless connections), purpose response message can actively be sent by computing terminal equipment 12
To subscriber terminal equipment, or subscriber terminal equipment 14 actively obtains purpose response message from computing terminal equipment.
Step S104: purpose response message and purpose ID are sent to clothes by subscriber terminal equipment 14
Business device 13.
Purpose ID includes that described purpose subscriber terminal equipment mark and/or the current user logged in log in
Mark.
Purpose subscriber terminal equipment mark can be SIM (Subscriber Identification Module client
Identification module) mark, or the unique sequence numbers of purpose subscriber terminal equipment.
Step S105: server 13 is according to described purpose ID, it is thus achieved that purpose encrypted message.
Concrete, can be according to described purpose ID and described server for encrypting information, generate
Described purpose encrypted message;Or, according to the corresponding relation of the ID prestored with encrypted message,
Determine the described purpose encrypted message that described purpose ID is corresponding.
Purpose encrypted message can be PIN code.
Step S106: server 13 judges according to described purpose encrypted message and described purpose response message
Authentication is the most successful.
Owing to server 13 is according to stating purpose encrypted message and described purpose response message judges authentication
The most successful, relate to server 13, computing terminal equipment 12 and authenticating device 11, therefore this step is such as
Fig. 1 is positioned at below server 13, computing terminal equipment 12 and authenticating device 11.
In the identity authorization system that the embodiment of the present application provides, subscriber terminal equipment 14 is from computing terminal equipment
Obtain purpose response message in 12, purpose ID and purpose response message sent to server 13,
Server 13 is according to purpose ID, it is thus achieved that purpose encrypted message, and according to purpose encrypted message and
Purpose response message judges that authentication is the most successful.In whole verification process, it is not necessary to user inputs mesh
Encrypted message, i.e. user is without remembering purpose encrypted message, therefore to higher safety, permissible
Arranged by purpose password is more complicated.Owing to the level of security of server is far longer than computing terminal equipment
Level of security, purpose encrypted message stores in the server, it is to avoid user is at computing terminal equipment defeated
Enter purpose encrypted message, cause the situation revealing purpose encrypted message.Due to purpose encrypted message be based on
Purpose ID obtains, and i.e. gets involved electronic third-party equipment i.e. subscriber terminal equipment, adds again one
Re-examination is demonstrate,proved, thus further increases the reliability of authentication.
In above-mentioned identity authorization system embodiment, computing terminal equipment is additionally operable to: described purpose response believed
Breath generates answer signal, and described answer signal is response acoustical signal, response optical signal or response figure letter
Number;Accordingly, described subscriber terminal equipment is obtaining described purpose response by described computing terminal equipment
During information, specifically for: the described answer signal of acquisition;Resolve described answer signal, it is thus achieved that described mesh
Response message.
Answer signal can be response acoustical signal, the response sound letter that different purpose response messages is corresponding
Number frequency may different, amplitude may different, wavelength may be different, subscriber terminal equipment 14 can depend on
Purpose answer signal is parsed according to frequency, amplitude and/or the wavelength of response acoustical signal.
Answer signal can be response optical signal, and response optical signal corresponding to different purpose response messages is not
With, such as when purpose response message is 1123, response optical signal can be with this flash red, redness,
The optical signal set of yellow and green, i.e. different colours synthesizes a response optical signal, can believe according to response light
Number determine purpose response message.
Answer signal can be response figure signal, such as Quick Response Code.
Corresponding subscriber terminal equipment 14 has scanning Quick Response Code function.Such as subscriber terminal equipment 14 includes
Photographic head, it is possible to use photographic head scanning Quick Response Code.
Subscriber terminal equipment 14 can be smart mobile phone, PDA (Personal Digital Assistant, palm
Computer), PAD (portable android device, panel computer), notebook etc..
In order to improve the safety of encrypted message further, can be through Preset Time, or identity is tested
After card preset times, update the encrypted message in authenticating device.
If server not prestoring the corresponding relation of ID and encrypted message, but connecing
After receiving purpose ID, add what confidential information generated according to purpose ID and server, that
, the server in above-mentioned identity authorization system is additionally operable to:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds
Confidential information;Confidential information is added, it is thus achieved that update purpose password according to described purpose ID and described renewal
Information;Described renewal purpose encrypted message is stored to described authenticating device.
Optionally, server add what confidential information was just as all users, so can save
Saving the memory space in server, optionally, the confidential information that adds of the server that different user mark is corresponding can
Being different.
If server being previously stored with the corresponding relation of ID and encrypted message, then above-mentioned
Server in identity authorization system is additionally operable to:
When receiving renewal encrypted message instruction, update the purpose message in cipher that described purpose ID is corresponding
Breath.
It is understood that before receiving renewal encrypted message instruction, according to original purpose
Encrypted message is successfully made authentication.
In above-mentioned identity authorization system embodiment, server is according to described purpose encrypted message and described mesh
Response message judge that authentication whether successfully implementation has six kinds, the embodiment of the present application provide but
It is not limited to following six kinds of modes.
In the embodiment of the present application, the encrypted message of self storage in authenticating device is referred to as precise code information,
Authenticating device uses precise code information encrypt purpose response message, it is thus achieved that authentication code, be referred to as accurately
Authentication code.The authentication code that server or computing terminal equipment generate is referred to as authentication code.By server, meter
The response message that calculation terminal unit, authenticating device or subscriber terminal equipment parse is referred to as resolving response message.
The first, it is achieved mode is as shown in Figure 2.
Step S201: purpose response message is encrypted by server 13 application target encrypted message, generates
Authentication code, and authentication code is sent to authenticating device 11.
Authentication code can first be issued computing terminal equipment 12 by server 13, and computing terminal equipment 12 will be recognized again
Card code issues authenticating device 11;Or authentication code is directly sent to authenticating device 11 by server 13.
Assuming that purpose encrypted message is PIN code, purpose response message ACK1 represents, then authentication code
AUTH=CPIHER (PIN, AKC1).CPIHER () is the function using PIN to be ACK1 encryption.
Step S202: authentication code is resolved by the precise code information that authenticating device 11 stores according to self,
Obtain and resolve response message, parsing response message is mated with purpose response message, it is thus achieved that coupling knot
Really;And matching result is sent to server 13.
Matching result can first be sent to computing terminal equipment 12 by authenticating device 11, then is set by computing terminal
Standby 12 send to server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S203: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection
When measuring matching result for not mating, determine one's identity authentication failed.
The second implementation is as shown in Figure 2.
Step S201: purpose response message is encrypted by server 13 application target encrypted message, generates
Authentication code, and authentication code is sent to authenticating device 11.
Step S202: authenticating device 11 uses the precise code information self stored to enter purpose response message
Row encryption, it is thus achieved that accurately authentication code, mates accurate authentication code with authentication code, it is thus achieved that matching result;
And matching result is sent to server 13.
Step S202 in the second implementation is the replacement skill of step S202 in the first implementation
Art scheme, illustrates with dotted line frame the most in fig. 2.
Step S203: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection
When measuring matching result for not mating, determine one's identity authentication failed.
The third implementation is as shown in Figure 3.
Step S301: authenticating device 11 uses the precise code information self stored to enter purpose response message
Row encryption, it is thus achieved that accurately authentication code, sends accurate authentication code to server 13.
Accurate authentication code can first be sent to computing terminal equipment by authenticating device 11, then is set by computing terminal
Preparation delivers to server;Or, accurate authentication code can directly be sent to server by authenticating device 11.
Step S302: server 13 is directed at true authentication code according to purpose encrypted message and resolves, it is thus achieved that solve
Analysis response message, mates parsing response message with purpose response message, it is thus achieved that matching result.
Step S303: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection
When measuring matching result for not mating, determine one's identity authentication failed.
4th kind of implementation is as shown in Figure 3.
Step S301: authenticating device 11 uses the precise code information self stored to enter purpose response message
Row encryption, it is thus achieved that accurately authentication code, sends accurate authentication code to server 13.
Accurate authentication code can first be sent to computing terminal equipment by authenticating device 11, then is set by computing terminal
Preparation delivers to server;Or, accurate authentication code can directly be sent to server by authenticating device 11.
Step S302: purpose response message is encrypted by server 13 application target encrypted message, it is thus achieved that
Authentication code, mates accurate authentication code with authentication code, it is thus achieved that matching result.
Step S302 in 4th kind of implementation is the replacement skill of step S302 in the third implementation
Art scheme, illustrates with dotted line frame the most in figure 3.
Step S303: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection
When measuring matching result for not mating, determine one's identity authentication failed.
5th kind of implementation is as shown in Figure 4.
Step S401: purpose response message and purpose encrypted message are sent to computing terminal by server 13
Equipment 12.
Step S402: purpose response message is encrypted by computing terminal equipment 12 application target encrypted message,
Generate authentication code, and authentication code is sent to authenticating device 11.
Step S403: authentication code is resolved by the precise code information that authenticating device 11 stores according to self,
Obtain and resolve response message, parsing response message is mated with purpose response message, it is thus achieved that coupling knot
Really;And matching result is sent to server 13.
Matching result can first be sent to computing terminal equipment 12 by authenticating device 11, then is set by computing terminal
Standby 12 send to server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S404: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection
When measuring matching result for not mating, determine one's identity authentication failed.
6th kind of implementation is as shown in Figure 4.
Step S401: purpose response message and purpose encrypted message are sent to computing terminal by server 13
Equipment 12.
Step S402: purpose response message is encrypted by computing terminal equipment 12 application target encrypted message,
Generate authentication code, and authentication code is sent to authenticating device 11.
Step S403: authenticating device 11 uses the precise code information self stored to enter purpose response message
Row encryption, it is thus achieved that accurately authentication code, mates accurate authentication code with authentication code, it is thus achieved that matching result;
And matching result is sent to server 13.
Step S403 in 6th kind of implementation is the replacement skill of step S403 in the 5th kind of implementation
Art scheme, illustrates with dotted line frame the most in fig. 2.
Matching result can first be sent to computing terminal equipment 12 by authenticating device 11, then is set by computing terminal
Standby 12 send to server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S404: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection
When measuring matching result for not mating, determine one's identity authentication failed.
The embodiment of the present application additionally provides a kind of identity identifying method, as it is shown in figure 5, be the embodiment of the present application
The flow chart of a kind of implementation of the identity identifying method provided, the method is applied to identity authorization system
In server (server as shown in Figure 1), the method includes:
Step S501: receive purpose response message and purpose ID that subscriber terminal equipment sends.
Described purpose response message is that authenticating device please based on the login authentication that described computing terminal equipment sends
Seeking survival, described ID includes described purpose subscriber terminal equipment mark and/or the current use logged in
Family login banner.
Step S502: according to described purpose ID, it is thus achieved that purpose encrypted message.
Step S503: according to described purpose encrypted message and described purpose response message, it is judged that identity is recognized
Card is the most successful.
In the above-mentioned identity identifying method embodiment being applied to server, according to described purpose ID,
Obtain purpose encrypted message to include:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher
Breath;Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose
The described purpose encrypted message that ID is corresponding.
In the above-mentioned identity identifying method embodiment being applied to server, it is also possible to including: receive renewal
During encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds confidential information;According to institute
State purpose ID and described renewal adds confidential information, it is thus achieved that update purpose encrypted message;By described more
New purpose encrypted message stores to described authenticating device.
In the above-mentioned identity identifying method embodiment being applied to server, according to described purpose encrypted message with
And described purpose response message judges that authentication the most successfully implementation has multiple, concrete grammar is such as
The method that in the six kinds of modes provided in identity authorization system embodiment, server realizes, does not repeats them here.
The embodiment of the present application additionally provides a kind of identity identifying method being applied to computing terminal equipment, the party
Method includes such as the implementation method of the computing terminal equipment mentioned in arbitrary identity authorization system embodiment.
The embodiment of the present application additionally provides a kind of identity identifying method being applied to subscriber terminal equipment, the party
Method includes such as the implementation method of the subscriber terminal equipment mentioned in arbitrary identity authorization system embodiment.
The embodiment of the present application additionally provides a kind of identity identifying method being applied to authenticating device, the method bag
Include such as the implementation method of the authenticating device mentioned in arbitrary identity authorization system embodiment.
The embodiment of the present application additionally provides a kind of identification authentication system being applied to server, as shown in Figure 6,
The authentication dress being applied to server (server as shown in Figure 1) provided for the embodiment of the present application
The structural representation put, this identification authentication system includes: receiver module 61, acquisition module 62 and judgement
Module 63, wherein:
Receiver module 61, for receiving purpose response message and the purpose user that subscriber terminal equipment sends
Mark.
Described purpose response message is that authenticating device please based on the login authentication that described computing terminal equipment sends
Seeking survival, described purpose ID includes described purpose subscriber terminal equipment mark and/or currently logs in
User's login banner.
Acquisition module 62, for according to described purpose ID, it is thus achieved that purpose encrypted message.
Judge module 63, for according to described purpose encrypted message and described purpose response message, it is judged that
Authentication is the most successful.
The acquisition module being applied in the identification authentication system of server may include that signal generating unit, is used for
According to described purpose ID and described server for encrypting information, generate described purpose encrypted message;
Or, first determines unit, for the corresponding relation according to the ID prestored with encrypted message,
Determine the described purpose encrypted message that described purpose ID is corresponding.
It is applied in the identification authentication system of server to include: more new module, is used for receiving more
During new password information command, update described server adds confidential information, it is thus achieved that updates and adds confidential information;Obtain
Update crypto module, for adding confidential information according to described purpose ID and described renewal, it is thus achieved that more
New purpose encrypted message;Memory module, for storing described renewal purpose encrypted message to described certification
Equipment.
The structure that realizes of the judge module being applied in the identification authentication system of server has multiple, specifically real
Existing structure is as follows:
The first realizes structure (corresponding with method shown in Fig. 2 in authentication system), it is judged that module bag
Include:
Generate authentication code unit, be used for using described purpose encrypted message that described purpose response message is carried out
Encryption, generates authentication code, and sends to described authenticating device.
Receive matching result unit, for receiving the matching result of described authenticating device feedback.
Described matching result indicates described authenticating device based on the precise code information self stored and purpose
The matching result of accurate authentication code and described authentication code that response message obtains, or described authenticating device based on
The parsing response message that described precise code information parses from described authentication code is believed with described purpose response
The matching result of breath.
Second determines unit, for determining one's identity certification the most successfully according to described matching result.
The second realizes structure (corresponding with method shown in Fig. 3 in authentication system), it is judged that module bag
Include:
Receive authentication code unit, for receiving what authenticating device sent, precise code based on self storage
The accurate authentication code that information obtains with purpose response message.
3rd determines unit, is used for determining matching result.
Described matching result indicates described server based on described purpose encrypted message and purpose response message
The authentication code obtained and the matching result of described accurate authentication code, or described server is close based on described purpose
What code information parsed from described accurate authentication code resolve response message and described purpose response message
Join result.
4th determines unit, for determining one's identity certification the most successfully according to described matching result.
The third realizes structure (corresponding with method shown in Fig. 4 in authentication system), it is judged that module bag
Include:
Purpose response message and purpose encrypted message are sent to computing terminal equipment.
Receive the matching result of authenticating device feedback.
Matching result indicates described authenticating device and is suitable for the precise code information of self storage to purpose response
Information is encrypted, it is thus achieved that the matching result of authentication code and described accurate authentication code, or described certification sets
The parsing response message parsed from described authentication code for precise code information based on self storage and institute
State the matching result of purpose response message.
It should be noted that each embodiment in this specification all uses the mode gone forward one by one to describe, each
What embodiment stressed is all the difference with other embodiments, identical similar between each embodiment
Part see mutually.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses
The present invention.Multiple amendment to these embodiments will be aobvious and easy for those skilled in the art
See, generic principles defined herein can without departing from the spirit or scope of the present invention,
Realize in other embodiments.Therefore, the present invention is not intended to be limited to the embodiments shown herein,
And it is to fit to the widest scope consistent with principles disclosed herein and features of novelty.
Claims (10)
1. an identity authorization system, it is characterised in that including: authenticating device, computing terminal equipment,
Server and subscriber terminal equipment, wherein:
Described authenticating device, the login authentication request sent for described computing terminal equipment, generate purpose
Response message, and send to described computing terminal equipment;
Described computing terminal equipment, for sending described login authentication request to setting with described computing terminal
The standby described authenticating device setting up communication connection;Receive described purpose response message;
Described subscriber terminal equipment, for obtaining described purpose response message by described computing terminal equipment,
And described purpose response message and purpose ID are sent to described server, described purpose user
Mark includes that the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current purpose logged in are used
Family login banner;
Described server, for according to described purpose ID, it is thus achieved that purpose encrypted message;According to institute
State purpose encrypted message and described purpose response message judges that authentication is the most successful.
Identity authorization system the most according to claim 1, it is characterised in that described computing terminal equipment
It is additionally operable to:
Described purpose response message is generated answer signal, and described answer signal is response acoustical signal, answers
Answer optical signal or response figure signal;
Described subscriber terminal equipment by described computing terminal equipment obtain described purpose response message time,
Specifically for:
The described answer signal obtained;
Resolve described answer signal, it is thus achieved that described purpose response message.
Identity authorization system the most according to claim 1, it is characterised in that described server is in foundation
Described purpose ID, it is thus achieved that during purpose encrypted message, specifically for:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher
Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose
The described purpose encrypted message that ID is corresponding.
Identity authorization system the most according to claim 3, it is characterised in that described server is additionally operable to:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds
Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
5. an identity identifying method, it is characterised in that be applied to server, described identity identifying method
Including:
Receiving purpose response message and purpose ID that subscriber terminal equipment sends, described purpose should
The information of answering is that the login authentication request that authenticating device sends based on computing terminal equipment generates, described purpose
ID includes the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current use logged in
Family login banner;
According to described purpose ID, it is thus achieved that purpose encrypted message;
According to described purpose encrypted message and described purpose response message, it is judged that authentication is the most successful.
Identity identifying method the most according to claim 5, it is characterised in that described according to described purpose
ID, it is thus achieved that purpose encrypted message includes:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher
Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose
The described purpose encrypted message that ID is corresponding.
Identity authorization system the most according to claim 6, it is characterised in that also include:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds
Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
Identity identifying method the most according to claim 5, it is characterised in that described according to described purpose
Encrypted message and described purpose response message judge that authentication the most successfully includes:
Use described purpose encrypted message that described purpose response message is encrypted, generate authentication code, and
Send to described authenticating device;
Receiving the matching result of described authenticating device feedback, described matching result indicates described authenticating device
The accurate authentication code that the precise code information stored based on self obtains with purpose response message and described certification
The matching result of code, or described authenticating device resolves from described authentication code based on described precise code information
The matching result resolving response message and described purpose response message gone out;
Determine one's identity certification the most successfully according to described matching result.
Identity identifying method the most according to claim 5, it is characterised in that described according to described purpose
Encrypted message and described purpose response message judge that authentication the most successfully includes:
Receiving what authenticating device sent, precise code information based on self storage obtains with purpose response message
The accurate authentication code obtained;
Determine that matching result, described matching result indicate described server based on described purpose encrypted message
The authentication code obtained with purpose response message and the matching result of described accurate authentication code, or described server
The parsing response message parsed from described accurate authentication code based on described purpose encrypted message and described mesh
The matching result of response message;
Determine one's identity certification the most successfully according to described matching result.
10. an identification authentication system, it is characterised in that be applied to server, described authentication fills
Put and include:
Receiver module, for receiving purpose response message and the purpose user mark that subscriber terminal equipment sends
Knowing, described purpose response message is that the login authentication that authenticating device sends based on computing terminal equipment please be sought survival
Become, described purpose ID include described subscriber terminal equipment purpose subscriber terminal equipment mark and/
Or the user's login banner currently logged in;
Acquisition module, for according to described purpose ID, it is thus achieved that purpose encrypted message;
Judge module, for according to described purpose encrypted message and described purpose response message, it is judged that body
Part certification is the most successful.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610555428.1A CN105959323B (en) | 2016-07-14 | 2016-07-14 | Identity authorization system, method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610555428.1A CN105959323B (en) | 2016-07-14 | 2016-07-14 | Identity authorization system, method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105959323A true CN105959323A (en) | 2016-09-21 |
CN105959323B CN105959323B (en) | 2019-03-22 |
Family
ID=56901436
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610555428.1A Active CN105959323B (en) | 2016-07-14 | 2016-07-14 | Identity authorization system, method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959323B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109684799A (en) * | 2018-08-21 | 2019-04-26 | 平安普惠企业管理有限公司 | Account logon method, entering device, Account Logon equipment and storage medium |
CN116389168A (en) * | 2023-05-31 | 2023-07-04 | 北京芯盾时代科技有限公司 | Identity authentication method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104202744A (en) * | 2014-08-14 | 2014-12-10 | 腾讯科技(深圳)有限公司 | Operation authentication method for intelligent terminal, terminal and system |
CN105099673A (en) * | 2014-04-15 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Authorization method, authorization requesting method and devices |
-
2016
- 2016-07-14 CN CN201610555428.1A patent/CN105959323B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105099673A (en) * | 2014-04-15 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Authorization method, authorization requesting method and devices |
CN104202744A (en) * | 2014-08-14 | 2014-12-10 | 腾讯科技(深圳)有限公司 | Operation authentication method for intelligent terminal, terminal and system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109684799A (en) * | 2018-08-21 | 2019-04-26 | 平安普惠企业管理有限公司 | Account logon method, entering device, Account Logon equipment and storage medium |
CN109684799B (en) * | 2018-08-21 | 2023-12-26 | Tcl金融科技(深圳)有限公司 | Account login method, login device, account login equipment and storage medium |
CN116389168A (en) * | 2023-05-31 | 2023-07-04 | 北京芯盾时代科技有限公司 | Identity authentication method and device |
CN116389168B (en) * | 2023-05-31 | 2023-08-29 | 北京芯盾时代科技有限公司 | Identity authentication method and device |
Also Published As
Publication number | Publication date |
---|---|
CN105959323B (en) | 2019-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10554420B2 (en) | Wireless connections to a wireless access point | |
US9848328B2 (en) | User authentication in a mobile environment | |
CN108833101B (en) | Data transmission method of Internet of things equipment, internet of things equipment and authentication platform | |
CN104836664B (en) | A kind of methods, devices and systems executing business processing | |
Czeskis et al. | Strengthening user authentication through opportunistic cryptographic identity assertions | |
CN103685311B (en) | A kind of login validation method and equipment | |
JP4755866B2 (en) | Authentication system, authentication server, authentication method, and authentication program | |
CN110324276A (en) | A kind of method, system, terminal and electronic equipment logging in application | |
CN106534143A (en) | Method and system capable of realizing cross-application authentication authorization | |
CN109600223A (en) | Verification method, Activiation method, device, equipment and storage medium | |
CN104917715B (en) | Information processing method, information processing unit, server and electronic equipment | |
US11824854B2 (en) | Communication system and computer readable storage medium | |
CN103945380A (en) | Method and system for network login authentication based on graphic code | |
CN108616360A (en) | User identity verification, register method and device | |
CN107733838A (en) | A kind of mobile terminal client terminal identity identifying method, device and system | |
CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
CN109743696A (en) | Identifying code encryption method, system and readable storage medium storing program for executing | |
CN105898743A (en) | Network connection method, device and system | |
CN108234124A (en) | Auth method, device and system | |
CN105959323A (en) | Identity authentication system, method and apparatus | |
CN110166471A (en) | A kind of portal authentication method and device | |
CN109740319A (en) | Digital identity verification method and server | |
CN109861954A (en) | A kind of authentication method and equipment | |
CN108234412A (en) | Auth method and device | |
CN108234113A (en) | Auth method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |