CN105959323A - Identity authentication system, method and apparatus - Google Patents

Identity authentication system, method and apparatus Download PDF

Info

Publication number
CN105959323A
CN105959323A CN201610555428.1A CN201610555428A CN105959323A CN 105959323 A CN105959323 A CN 105959323A CN 201610555428 A CN201610555428 A CN 201610555428A CN 105959323 A CN105959323 A CN 105959323A
Authority
CN
China
Prior art keywords
terminal equipment
response message
server
encrypted message
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610555428.1A
Other languages
Chinese (zh)
Other versions
CN105959323B (en
Inventor
李刚
杨利民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CENTURY LONGMAI TECHNOLOGY Co Ltd
Original Assignee
CENTURY LONGMAI TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CENTURY LONGMAI TECHNOLOGY Co Ltd filed Critical CENTURY LONGMAI TECHNOLOGY Co Ltd
Priority to CN201610555428.1A priority Critical patent/CN105959323B/en
Publication of CN105959323A publication Critical patent/CN105959323A/en
Application granted granted Critical
Publication of CN105959323B publication Critical patent/CN105959323B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the application provides an identity authentication system, method and apparatus. User terminal equipment acquires target response information from computing terminal equipment, target user identification and the target response information are sent to a server, and the server acquires target password information according to the target user identification and judges whether identity authentication is successful according to the target password information and the target response information. In the entire authentication process, a user does not need to input the target password information, i.e. the user does not need to memory the target password information, and thus, in order to achieve higher safety, a target password can be set to be more complex. The safety level of the server is much greater than the safety level of the computing terminal equipment and the target password information is stored in the server, and thus, the situation that the user inputs the target password information at the computing terminal equipment to cause leakage of the target password information is avoided. The target password information is obtained on the basis of the target user identification, and thus, one more verification is increased, so that reliability of identity authentication is further improved.

Description

Identity authorization system, method and device
Technical field
The application relates to communication technical field, more particularly relates to identity authorization system, method and device.
Background technology
At present, in order to prevent the information in electronic equipment from being stolen by disabled user, user to electronic equipment In data when operating, need user to carry out authentication.During carrying out authentication, Need authenticating device to be connected with electronic equipment, and in authenticating device, input encrypted message, when user's After entry password and encrypted message are all verified, user just has and grasps the data in electronic equipment The authority made.Illustrate as a example by encryption equipment below.
When user operates on encryption equipment, need to insert USB KEY in encryption equipment, when user steps on Record password authentication passes through, and PIN (the Personal Identification that user inputs on USB KEY Number, PIN) after code is verified, the data in electronic equipment could be grasped by user Make.
When user forgets Password information, the data in electronic equipment can not be operated by user.
Summary of the invention
In view of this, the invention provides a kind of identity authorization system, method and device, existing to solve In technology when user forgets Password information, user can not be to asking that the data in electronic equipment operate Topic.
For achieving the above object, the present invention provides following technical scheme:
A kind of identity authorization system, including: authenticating device, computing terminal equipment, server and user Terminal unit, wherein:
Described authenticating device, the login authentication request sent for described computing terminal equipment, generate purpose Response message, and send to described computing terminal equipment;
Described computing terminal equipment, for sending described login authentication request to setting with described computing terminal The standby described authenticating device setting up communication connection;Receive described purpose response message;
Described subscriber terminal equipment, for obtaining described purpose response message by described computing terminal equipment, And described purpose response message and purpose ID are sent to described server, described purpose user Mark includes that the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current purpose logged in are used Family login banner;
Described server, for according to described purpose ID, it is thus achieved that purpose encrypted message;According to institute State purpose encrypted message and described purpose response message judges that authentication is the most successful.
Preferably, described computing terminal equipment is additionally operable to:
Described purpose response message is generated answer signal, and described answer signal is response acoustical signal, answers Answer optical signal or response figure signal;
Described subscriber terminal equipment by described computing terminal equipment obtain described purpose response message time, Specifically for:
The described answer signal obtained;
Resolve described answer signal, it is thus achieved that described purpose response message.
Wherein, described server is according to described purpose ID, it is thus achieved that during purpose encrypted message, tool Body is used for:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose The described purpose encrypted message that ID is corresponding.
Preferably, described server is additionally operable to:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
A kind of identity identifying method, is applied to server, and described identity identifying method includes:
Receiving purpose response message and purpose ID that subscriber terminal equipment sends, described purpose should The information of answering is that the login authentication request that authenticating device sends based on computing terminal equipment generates, described purpose ID includes the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current use logged in Family login banner;
According to described purpose ID, it is thus achieved that purpose encrypted message;
According to described purpose encrypted message and described purpose response message, it is judged that authentication is the most successful.
Wherein, described according to described purpose ID, it is thus achieved that purpose encrypted message includes:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose The described purpose encrypted message that ID is corresponding.
Preferably, also include:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
Wherein, described authentication is judged according to described purpose encrypted message and described purpose response message The most successfully include:
Use described purpose encrypted message that described purpose response message is encrypted, generate authentication code, and Send to described authenticating device;
Receiving the matching result of described authenticating device feedback, described matching result indicates described authenticating device The accurate authentication code that the precise code information stored based on self obtains with purpose response message and described certification The matching result of code, or described authenticating device resolves from described authentication code based on described precise code information The matching result resolving response message and described purpose response message gone out;
Determine one's identity certification the most successfully according to described matching result.
Wherein, described authentication is judged according to described purpose encrypted message and described purpose response message The most successfully include:
Receiving what authenticating device sent, precise code information based on self storage obtains with purpose response message The accurate authentication code obtained;
Determine that matching result, described matching result indicate described server based on described purpose encrypted message The authentication code obtained with purpose response message and the matching result of described accurate authentication code, or described server The parsing response message parsed from described accurate authentication code based on described purpose encrypted message and described mesh The matching result of response message;
Determine one's identity certification the most successfully according to described matching result.
A kind of identification authentication system, is applied to server, and described identification authentication system includes:
Receiver module, for receiving purpose response message and the purpose user mark that subscriber terminal equipment sends Knowing, described purpose response message is that authenticating device please based on the login authentication that described computing terminal equipment sends Seeking survival, described purpose ID includes described purpose subscriber terminal equipment mark and/or currently logs in User's login banner;
Acquisition module, for according to described purpose ID, it is thus achieved that purpose encrypted message;
Judge module, for according to described purpose encrypted message and described purpose response message, it is judged that body Part certification is the most successful.
Understand via above-mentioned technical scheme, compared with prior art, embodiments provide one Identity authorization system, subscriber terminal equipment obtains purpose response message from computing terminal equipment, by purpose ID and purpose response message send to server, and server is according to purpose ID, it is thus achieved that Purpose encrypted message, and judge whether authentication becomes according to purpose encrypted message and purpose response message Merit.In whole verification process, it is not necessary to user inputs purpose encrypted message, i.e. user without remembering purpose Encrypted message, therefore to higher safety, can be arranged by purpose password is more complicated.Due to The level of security of server is far longer than the level of security of computing terminal equipment, and purpose encrypted message is stored in In server, it is to avoid user inputs purpose encrypted message at computing terminal equipment, cause revealing purpose close The situation of code information.Owing to purpose encrypted message obtains based on purpose ID, i.e. get involved the 3rd Side's electronic equipment i.e. subscriber terminal equipment, adds again a re-examination card, thus further increases identity and test The reliability of card.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below, Accompanying drawing in description is only embodiments of the invention, for those of ordinary skill in the art, not On the premise of paying creative work, it is also possible to obtain other accompanying drawing according to the accompanying drawing provided.
The information interactive stream of each equipment in a kind of identity authorization system that Fig. 1 provides for the embodiment of the present application Journey schematic diagram;
In a kind of identity authorization system that Fig. 2 provides for the embodiment of the present application, server is close according to described purpose Code information and described purpose response message judge the signaling of the most successful a kind of implementation of authentication Figure;
In a kind of identity authorization system that Fig. 3 provides for the embodiment of the present application, server is close according to described purpose Code information and described purpose response message judge the signaling of the most successful another implementation of authentication Figure;
In a kind of identity authorization system that Fig. 4 provides for the embodiment of the present application, server is close according to described purpose Code information and described purpose response message judge the signaling of the most another implementation of authentication Figure;
A kind of flow chart of the implementation of the identity identifying method that Fig. 5 provides for the embodiment of the present application;
The structural representation of the identification authentication system being applied to server that Fig. 6 provides for the embodiment of the present application.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out Clearly and completely describe, it is clear that described embodiment is only a part of embodiment of the present invention, and It is not all, of embodiment.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing Go out the every other embodiment obtained under creative work premise, broadly fall into the scope of protection of the invention.
The embodiment of the present application provides a kind of identity authorization system, and this identity authorization system includes: certification sets For 11, computing terminal equipment 12, server 13 and subscriber terminal equipment 14, it is illustrated in figure 1 identity and recognizes The information interaction flow schematic diagram of each equipment in card system.
Step S101: computing terminal equipment 12 sends login authentication request to authenticating device 11.
Authenticating device 11 and computing terminal equipment 12 set up communication connection (can be wired connection, it is possible to Think wireless connections) after, computing terminal equipment 12 can send login authentication request to authenticating device 11; Or, set up communication connection at authenticating device 11 with computing terminal equipment 12, and user's login banner (can To include user login name and/or user login code) after certification passes through, computing terminal equipment 12 can be to Authenticating device sends login authentication request;Or, user is by clicking on computing terminal equipment 12 display interface In certain virtual key or click on computing terminal equipment 12 physical button after, computing terminal equipment 12 Login authentication request can be sent to authenticating device.
Computing terminal equipment 12 can be computer, notebook, PAD, PDA, smart mobile phone etc..
Step S102: authenticating device 11 feeds back purpose response message to computing terminal equipment.
Purpose response message can be random number, i.e. for same user's login banner and same authenticating device For, computing terminal equipment is every time after authenticating device sends login authentication request, and authenticating device feeds back Random number can differ.
Purpose response message can also be based on what logging request generated, such as can carry in logging request There is purpose user's login banner (such as user name or user cipher), mark can be logged according to purpose user Know and generate purpose response message.
The embodiment of the present application will currently log in the user of computing terminal equipment and subscriber terminal equipment, be referred to as Purpose user, this purpose user is also the holder of this authenticating device, purpose is used in the embodiment of the present application The noun that family relates in carrying out authentication process itself, in order to make a distinction with other users, claims respectively For: purpose ID, purpose user terminal identification, purpose user's login banner, purpose encrypted message, Purpose response message.Purpose user is also any user.
Step S103: subscriber terminal equipment 14 obtains purpose response message from computing terminal equipment 12.
Can be to pre-build that computing terminal equipment (can be wired with the communication connection of subscriber terminal equipment Connect, it is also possible to for wireless connections), purpose response message can actively be sent by computing terminal equipment 12 To subscriber terminal equipment, or subscriber terminal equipment 14 actively obtains purpose response message from computing terminal equipment.
Step S104: purpose response message and purpose ID are sent to clothes by subscriber terminal equipment 14 Business device 13.
Purpose ID includes that described purpose subscriber terminal equipment mark and/or the current user logged in log in Mark.
Purpose subscriber terminal equipment mark can be SIM (Subscriber Identification Module client Identification module) mark, or the unique sequence numbers of purpose subscriber terminal equipment.
Step S105: server 13 is according to described purpose ID, it is thus achieved that purpose encrypted message.
Concrete, can be according to described purpose ID and described server for encrypting information, generate Described purpose encrypted message;Or, according to the corresponding relation of the ID prestored with encrypted message, Determine the described purpose encrypted message that described purpose ID is corresponding.
Purpose encrypted message can be PIN code.
Step S106: server 13 judges according to described purpose encrypted message and described purpose response message Authentication is the most successful.
Owing to server 13 is according to stating purpose encrypted message and described purpose response message judges authentication The most successful, relate to server 13, computing terminal equipment 12 and authenticating device 11, therefore this step is such as Fig. 1 is positioned at below server 13, computing terminal equipment 12 and authenticating device 11.
In the identity authorization system that the embodiment of the present application provides, subscriber terminal equipment 14 is from computing terminal equipment Obtain purpose response message in 12, purpose ID and purpose response message sent to server 13, Server 13 is according to purpose ID, it is thus achieved that purpose encrypted message, and according to purpose encrypted message and Purpose response message judges that authentication is the most successful.In whole verification process, it is not necessary to user inputs mesh Encrypted message, i.e. user is without remembering purpose encrypted message, therefore to higher safety, permissible Arranged by purpose password is more complicated.Owing to the level of security of server is far longer than computing terminal equipment Level of security, purpose encrypted message stores in the server, it is to avoid user is at computing terminal equipment defeated Enter purpose encrypted message, cause the situation revealing purpose encrypted message.Due to purpose encrypted message be based on Purpose ID obtains, and i.e. gets involved electronic third-party equipment i.e. subscriber terminal equipment, adds again one Re-examination is demonstrate,proved, thus further increases the reliability of authentication.
In above-mentioned identity authorization system embodiment, computing terminal equipment is additionally operable to: described purpose response believed Breath generates answer signal, and described answer signal is response acoustical signal, response optical signal or response figure letter Number;Accordingly, described subscriber terminal equipment is obtaining described purpose response by described computing terminal equipment During information, specifically for: the described answer signal of acquisition;Resolve described answer signal, it is thus achieved that described mesh Response message.
Answer signal can be response acoustical signal, the response sound letter that different purpose response messages is corresponding Number frequency may different, amplitude may different, wavelength may be different, subscriber terminal equipment 14 can depend on Purpose answer signal is parsed according to frequency, amplitude and/or the wavelength of response acoustical signal.
Answer signal can be response optical signal, and response optical signal corresponding to different purpose response messages is not With, such as when purpose response message is 1123, response optical signal can be with this flash red, redness, The optical signal set of yellow and green, i.e. different colours synthesizes a response optical signal, can believe according to response light Number determine purpose response message.
Answer signal can be response figure signal, such as Quick Response Code.
Corresponding subscriber terminal equipment 14 has scanning Quick Response Code function.Such as subscriber terminal equipment 14 includes Photographic head, it is possible to use photographic head scanning Quick Response Code.
Subscriber terminal equipment 14 can be smart mobile phone, PDA (Personal Digital Assistant, palm Computer), PAD (portable android device, panel computer), notebook etc..
In order to improve the safety of encrypted message further, can be through Preset Time, or identity is tested After card preset times, update the encrypted message in authenticating device.
If server not prestoring the corresponding relation of ID and encrypted message, but connecing After receiving purpose ID, add what confidential information generated according to purpose ID and server, that , the server in above-mentioned identity authorization system is additionally operable to:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds Confidential information;Confidential information is added, it is thus achieved that update purpose password according to described purpose ID and described renewal Information;Described renewal purpose encrypted message is stored to described authenticating device.
Optionally, server add what confidential information was just as all users, so can save Saving the memory space in server, optionally, the confidential information that adds of the server that different user mark is corresponding can Being different.
If server being previously stored with the corresponding relation of ID and encrypted message, then above-mentioned Server in identity authorization system is additionally operable to:
When receiving renewal encrypted message instruction, update the purpose message in cipher that described purpose ID is corresponding Breath.
It is understood that before receiving renewal encrypted message instruction, according to original purpose Encrypted message is successfully made authentication.
In above-mentioned identity authorization system embodiment, server is according to described purpose encrypted message and described mesh Response message judge that authentication whether successfully implementation has six kinds, the embodiment of the present application provide but It is not limited to following six kinds of modes.
In the embodiment of the present application, the encrypted message of self storage in authenticating device is referred to as precise code information, Authenticating device uses precise code information encrypt purpose response message, it is thus achieved that authentication code, be referred to as accurately Authentication code.The authentication code that server or computing terminal equipment generate is referred to as authentication code.By server, meter The response message that calculation terminal unit, authenticating device or subscriber terminal equipment parse is referred to as resolving response message.
The first, it is achieved mode is as shown in Figure 2.
Step S201: purpose response message is encrypted by server 13 application target encrypted message, generates Authentication code, and authentication code is sent to authenticating device 11.
Authentication code can first be issued computing terminal equipment 12 by server 13, and computing terminal equipment 12 will be recognized again Card code issues authenticating device 11;Or authentication code is directly sent to authenticating device 11 by server 13.
Assuming that purpose encrypted message is PIN code, purpose response message ACK1 represents, then authentication code AUTH=CPIHER (PIN, AKC1).CPIHER () is the function using PIN to be ACK1 encryption.
Step S202: authentication code is resolved by the precise code information that authenticating device 11 stores according to self, Obtain and resolve response message, parsing response message is mated with purpose response message, it is thus achieved that coupling knot Really;And matching result is sent to server 13.
Matching result can first be sent to computing terminal equipment 12 by authenticating device 11, then is set by computing terminal Standby 12 send to server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S203: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection When measuring matching result for not mating, determine one's identity authentication failed.
The second implementation is as shown in Figure 2.
Step S201: purpose response message is encrypted by server 13 application target encrypted message, generates Authentication code, and authentication code is sent to authenticating device 11.
Step S202: authenticating device 11 uses the precise code information self stored to enter purpose response message Row encryption, it is thus achieved that accurately authentication code, mates accurate authentication code with authentication code, it is thus achieved that matching result; And matching result is sent to server 13.
Step S202 in the second implementation is the replacement skill of step S202 in the first implementation Art scheme, illustrates with dotted line frame the most in fig. 2.
Step S203: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection When measuring matching result for not mating, determine one's identity authentication failed.
The third implementation is as shown in Figure 3.
Step S301: authenticating device 11 uses the precise code information self stored to enter purpose response message Row encryption, it is thus achieved that accurately authentication code, sends accurate authentication code to server 13.
Accurate authentication code can first be sent to computing terminal equipment by authenticating device 11, then is set by computing terminal Preparation delivers to server;Or, accurate authentication code can directly be sent to server by authenticating device 11.
Step S302: server 13 is directed at true authentication code according to purpose encrypted message and resolves, it is thus achieved that solve Analysis response message, mates parsing response message with purpose response message, it is thus achieved that matching result.
Step S303: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection When measuring matching result for not mating, determine one's identity authentication failed.
4th kind of implementation is as shown in Figure 3.
Step S301: authenticating device 11 uses the precise code information self stored to enter purpose response message Row encryption, it is thus achieved that accurately authentication code, sends accurate authentication code to server 13.
Accurate authentication code can first be sent to computing terminal equipment by authenticating device 11, then is set by computing terminal Preparation delivers to server;Or, accurate authentication code can directly be sent to server by authenticating device 11.
Step S302: purpose response message is encrypted by server 13 application target encrypted message, it is thus achieved that Authentication code, mates accurate authentication code with authentication code, it is thus achieved that matching result.
Step S302 in 4th kind of implementation is the replacement skill of step S302 in the third implementation Art scheme, illustrates with dotted line frame the most in figure 3.
Step S303: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection When measuring matching result for not mating, determine one's identity authentication failed.
5th kind of implementation is as shown in Figure 4.
Step S401: purpose response message and purpose encrypted message are sent to computing terminal by server 13 Equipment 12.
Step S402: purpose response message is encrypted by computing terminal equipment 12 application target encrypted message, Generate authentication code, and authentication code is sent to authenticating device 11.
Step S403: authentication code is resolved by the precise code information that authenticating device 11 stores according to self, Obtain and resolve response message, parsing response message is mated with purpose response message, it is thus achieved that coupling knot Really;And matching result is sent to server 13.
Matching result can first be sent to computing terminal equipment 12 by authenticating device 11, then is set by computing terminal Standby 12 send to server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S404: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection When measuring matching result for not mating, determine one's identity authentication failed.
6th kind of implementation is as shown in Figure 4.
Step S401: purpose response message and purpose encrypted message are sent to computing terminal by server 13 Equipment 12.
Step S402: purpose response message is encrypted by computing terminal equipment 12 application target encrypted message, Generate authentication code, and authentication code is sent to authenticating device 11.
Step S403: authenticating device 11 uses the precise code information self stored to enter purpose response message Row encryption, it is thus achieved that accurately authentication code, mates accurate authentication code with authentication code, it is thus achieved that matching result; And matching result is sent to server 13.
Step S403 in 6th kind of implementation is the replacement skill of step S403 in the 5th kind of implementation Art scheme, illustrates with dotted line frame the most in fig. 2.
Matching result can first be sent to computing terminal equipment 12 by authenticating device 11, then is set by computing terminal Standby 12 send to server 13;Or matching result is directly sent to server 13 by authenticating device 11.
Step S404: server 13 detects when matching result is coupling, determines one's identity and is proved to be successful;Inspection When measuring matching result for not mating, determine one's identity authentication failed.
The embodiment of the present application additionally provides a kind of identity identifying method, as it is shown in figure 5, be the embodiment of the present application The flow chart of a kind of implementation of the identity identifying method provided, the method is applied to identity authorization system In server (server as shown in Figure 1), the method includes:
Step S501: receive purpose response message and purpose ID that subscriber terminal equipment sends.
Described purpose response message is that authenticating device please based on the login authentication that described computing terminal equipment sends Seeking survival, described ID includes described purpose subscriber terminal equipment mark and/or the current use logged in Family login banner.
Step S502: according to described purpose ID, it is thus achieved that purpose encrypted message.
Step S503: according to described purpose encrypted message and described purpose response message, it is judged that identity is recognized Card is the most successful.
In the above-mentioned identity identifying method embodiment being applied to server, according to described purpose ID, Obtain purpose encrypted message to include:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher Breath;Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose The described purpose encrypted message that ID is corresponding.
In the above-mentioned identity identifying method embodiment being applied to server, it is also possible to including: receive renewal During encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds confidential information;According to institute State purpose ID and described renewal adds confidential information, it is thus achieved that update purpose encrypted message;By described more New purpose encrypted message stores to described authenticating device.
In the above-mentioned identity identifying method embodiment being applied to server, according to described purpose encrypted message with And described purpose response message judges that authentication the most successfully implementation has multiple, concrete grammar is such as The method that in the six kinds of modes provided in identity authorization system embodiment, server realizes, does not repeats them here.
The embodiment of the present application additionally provides a kind of identity identifying method being applied to computing terminal equipment, the party Method includes such as the implementation method of the computing terminal equipment mentioned in arbitrary identity authorization system embodiment.
The embodiment of the present application additionally provides a kind of identity identifying method being applied to subscriber terminal equipment, the party Method includes such as the implementation method of the subscriber terminal equipment mentioned in arbitrary identity authorization system embodiment.
The embodiment of the present application additionally provides a kind of identity identifying method being applied to authenticating device, the method bag Include such as the implementation method of the authenticating device mentioned in arbitrary identity authorization system embodiment.
The embodiment of the present application additionally provides a kind of identification authentication system being applied to server, as shown in Figure 6, The authentication dress being applied to server (server as shown in Figure 1) provided for the embodiment of the present application The structural representation put, this identification authentication system includes: receiver module 61, acquisition module 62 and judgement Module 63, wherein:
Receiver module 61, for receiving purpose response message and the purpose user that subscriber terminal equipment sends Mark.
Described purpose response message is that authenticating device please based on the login authentication that described computing terminal equipment sends Seeking survival, described purpose ID includes described purpose subscriber terminal equipment mark and/or currently logs in User's login banner.
Acquisition module 62, for according to described purpose ID, it is thus achieved that purpose encrypted message.
Judge module 63, for according to described purpose encrypted message and described purpose response message, it is judged that Authentication is the most successful.
The acquisition module being applied in the identification authentication system of server may include that signal generating unit, is used for According to described purpose ID and described server for encrypting information, generate described purpose encrypted message; Or, first determines unit, for the corresponding relation according to the ID prestored with encrypted message, Determine the described purpose encrypted message that described purpose ID is corresponding.
It is applied in the identification authentication system of server to include: more new module, is used for receiving more During new password information command, update described server adds confidential information, it is thus achieved that updates and adds confidential information;Obtain Update crypto module, for adding confidential information according to described purpose ID and described renewal, it is thus achieved that more New purpose encrypted message;Memory module, for storing described renewal purpose encrypted message to described certification Equipment.
The structure that realizes of the judge module being applied in the identification authentication system of server has multiple, specifically real Existing structure is as follows:
The first realizes structure (corresponding with method shown in Fig. 2 in authentication system), it is judged that module bag Include:
Generate authentication code unit, be used for using described purpose encrypted message that described purpose response message is carried out Encryption, generates authentication code, and sends to described authenticating device.
Receive matching result unit, for receiving the matching result of described authenticating device feedback.
Described matching result indicates described authenticating device based on the precise code information self stored and purpose The matching result of accurate authentication code and described authentication code that response message obtains, or described authenticating device based on The parsing response message that described precise code information parses from described authentication code is believed with described purpose response The matching result of breath.
Second determines unit, for determining one's identity certification the most successfully according to described matching result.
The second realizes structure (corresponding with method shown in Fig. 3 in authentication system), it is judged that module bag Include:
Receive authentication code unit, for receiving what authenticating device sent, precise code based on self storage The accurate authentication code that information obtains with purpose response message.
3rd determines unit, is used for determining matching result.
Described matching result indicates described server based on described purpose encrypted message and purpose response message The authentication code obtained and the matching result of described accurate authentication code, or described server is close based on described purpose What code information parsed from described accurate authentication code resolve response message and described purpose response message Join result.
4th determines unit, for determining one's identity certification the most successfully according to described matching result.
The third realizes structure (corresponding with method shown in Fig. 4 in authentication system), it is judged that module bag Include:
Purpose response message and purpose encrypted message are sent to computing terminal equipment.
Receive the matching result of authenticating device feedback.
Matching result indicates described authenticating device and is suitable for the precise code information of self storage to purpose response Information is encrypted, it is thus achieved that the matching result of authentication code and described accurate authentication code, or described certification sets The parsing response message parsed from described authentication code for precise code information based on self storage and institute State the matching result of purpose response message.
It should be noted that each embodiment in this specification all uses the mode gone forward one by one to describe, each What embodiment stressed is all the difference with other embodiments, identical similar between each embodiment Part see mutually.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses The present invention.Multiple amendment to these embodiments will be aobvious and easy for those skilled in the art See, generic principles defined herein can without departing from the spirit or scope of the present invention, Realize in other embodiments.Therefore, the present invention is not intended to be limited to the embodiments shown herein, And it is to fit to the widest scope consistent with principles disclosed herein and features of novelty.

Claims (10)

1. an identity authorization system, it is characterised in that including: authenticating device, computing terminal equipment, Server and subscriber terminal equipment, wherein:
Described authenticating device, the login authentication request sent for described computing terminal equipment, generate purpose Response message, and send to described computing terminal equipment;
Described computing terminal equipment, for sending described login authentication request to setting with described computing terminal The standby described authenticating device setting up communication connection;Receive described purpose response message;
Described subscriber terminal equipment, for obtaining described purpose response message by described computing terminal equipment, And described purpose response message and purpose ID are sent to described server, described purpose user Mark includes that the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current purpose logged in are used Family login banner;
Described server, for according to described purpose ID, it is thus achieved that purpose encrypted message;According to institute State purpose encrypted message and described purpose response message judges that authentication is the most successful.
Identity authorization system the most according to claim 1, it is characterised in that described computing terminal equipment It is additionally operable to:
Described purpose response message is generated answer signal, and described answer signal is response acoustical signal, answers Answer optical signal or response figure signal;
Described subscriber terminal equipment by described computing terminal equipment obtain described purpose response message time, Specifically for:
The described answer signal obtained;
Resolve described answer signal, it is thus achieved that described purpose response message.
Identity authorization system the most according to claim 1, it is characterised in that described server is in foundation Described purpose ID, it is thus achieved that during purpose encrypted message, specifically for:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose The described purpose encrypted message that ID is corresponding.
Identity authorization system the most according to claim 3, it is characterised in that described server is additionally operable to:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
5. an identity identifying method, it is characterised in that be applied to server, described identity identifying method Including:
Receiving purpose response message and purpose ID that subscriber terminal equipment sends, described purpose should The information of answering is that the login authentication request that authenticating device sends based on computing terminal equipment generates, described purpose ID includes the purpose subscriber terminal equipment mark of described subscriber terminal equipment and/or the current use logged in Family login banner;
According to described purpose ID, it is thus achieved that purpose encrypted message;
According to described purpose encrypted message and described purpose response message, it is judged that authentication is the most successful.
Identity identifying method the most according to claim 5, it is characterised in that described according to described purpose ID, it is thus achieved that purpose encrypted message includes:
According to described purpose ID and described server for encrypting information, generate described purpose message in cipher Breath;
Or, according to the corresponding relation of the ID prestored with encrypted message, determine described purpose The described purpose encrypted message that ID is corresponding.
Identity authorization system the most according to claim 6, it is characterised in that also include:
When receiving renewal encrypted message instruction, update described server adds confidential information, it is thus achieved that updates and adds Confidential information;
Confidential information is added, it is thus achieved that update purpose encrypted message according to described purpose ID and described renewal;
Described renewal purpose encrypted message is stored to described authenticating device.
Identity identifying method the most according to claim 5, it is characterised in that described according to described purpose Encrypted message and described purpose response message judge that authentication the most successfully includes:
Use described purpose encrypted message that described purpose response message is encrypted, generate authentication code, and Send to described authenticating device;
Receiving the matching result of described authenticating device feedback, described matching result indicates described authenticating device The accurate authentication code that the precise code information stored based on self obtains with purpose response message and described certification The matching result of code, or described authenticating device resolves from described authentication code based on described precise code information The matching result resolving response message and described purpose response message gone out;
Determine one's identity certification the most successfully according to described matching result.
Identity identifying method the most according to claim 5, it is characterised in that described according to described purpose Encrypted message and described purpose response message judge that authentication the most successfully includes:
Receiving what authenticating device sent, precise code information based on self storage obtains with purpose response message The accurate authentication code obtained;
Determine that matching result, described matching result indicate described server based on described purpose encrypted message The authentication code obtained with purpose response message and the matching result of described accurate authentication code, or described server The parsing response message parsed from described accurate authentication code based on described purpose encrypted message and described mesh The matching result of response message;
Determine one's identity certification the most successfully according to described matching result.
10. an identification authentication system, it is characterised in that be applied to server, described authentication fills Put and include:
Receiver module, for receiving purpose response message and the purpose user mark that subscriber terminal equipment sends Knowing, described purpose response message is that the login authentication that authenticating device sends based on computing terminal equipment please be sought survival Become, described purpose ID include described subscriber terminal equipment purpose subscriber terminal equipment mark and/ Or the user's login banner currently logged in;
Acquisition module, for according to described purpose ID, it is thus achieved that purpose encrypted message;
Judge module, for according to described purpose encrypted message and described purpose response message, it is judged that body Part certification is the most successful.
CN201610555428.1A 2016-07-14 2016-07-14 Identity authorization system, method and device Active CN105959323B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610555428.1A CN105959323B (en) 2016-07-14 2016-07-14 Identity authorization system, method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610555428.1A CN105959323B (en) 2016-07-14 2016-07-14 Identity authorization system, method and device

Publications (2)

Publication Number Publication Date
CN105959323A true CN105959323A (en) 2016-09-21
CN105959323B CN105959323B (en) 2019-03-22

Family

ID=56901436

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610555428.1A Active CN105959323B (en) 2016-07-14 2016-07-14 Identity authorization system, method and device

Country Status (1)

Country Link
CN (1) CN105959323B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109684799A (en) * 2018-08-21 2019-04-26 平安普惠企业管理有限公司 Account logon method, entering device, Account Logon equipment and storage medium
CN116389168A (en) * 2023-05-31 2023-07-04 北京芯盾时代科技有限公司 Identity authentication method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104202744A (en) * 2014-08-14 2014-12-10 腾讯科技(深圳)有限公司 Operation authentication method for intelligent terminal, terminal and system
CN105099673A (en) * 2014-04-15 2015-11-25 阿里巴巴集团控股有限公司 Authorization method, authorization requesting method and devices

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105099673A (en) * 2014-04-15 2015-11-25 阿里巴巴集团控股有限公司 Authorization method, authorization requesting method and devices
CN104202744A (en) * 2014-08-14 2014-12-10 腾讯科技(深圳)有限公司 Operation authentication method for intelligent terminal, terminal and system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109684799A (en) * 2018-08-21 2019-04-26 平安普惠企业管理有限公司 Account logon method, entering device, Account Logon equipment and storage medium
CN109684799B (en) * 2018-08-21 2023-12-26 Tcl金融科技(深圳)有限公司 Account login method, login device, account login equipment and storage medium
CN116389168A (en) * 2023-05-31 2023-07-04 北京芯盾时代科技有限公司 Identity authentication method and device
CN116389168B (en) * 2023-05-31 2023-08-29 北京芯盾时代科技有限公司 Identity authentication method and device

Also Published As

Publication number Publication date
CN105959323B (en) 2019-03-22

Similar Documents

Publication Publication Date Title
US10554420B2 (en) Wireless connections to a wireless access point
US9848328B2 (en) User authentication in a mobile environment
CN108833101B (en) Data transmission method of Internet of things equipment, internet of things equipment and authentication platform
CN104836664B (en) A kind of methods, devices and systems executing business processing
Czeskis et al. Strengthening user authentication through opportunistic cryptographic identity assertions
CN103685311B (en) A kind of login validation method and equipment
JP4755866B2 (en) Authentication system, authentication server, authentication method, and authentication program
CN110324276A (en) A kind of method, system, terminal and electronic equipment logging in application
CN106534143A (en) Method and system capable of realizing cross-application authentication authorization
CN109600223A (en) Verification method, Activiation method, device, equipment and storage medium
CN104917715B (en) Information processing method, information processing unit, server and electronic equipment
US11824854B2 (en) Communication system and computer readable storage medium
CN103945380A (en) Method and system for network login authentication based on graphic code
CN108616360A (en) User identity verification, register method and device
CN107733838A (en) A kind of mobile terminal client terminal identity identifying method, device and system
CN102143492B (en) Method for establishing virtual private network (VPN) connection, mobile terminal and server
CN109743696A (en) Identifying code encryption method, system and readable storage medium storing program for executing
CN105898743A (en) Network connection method, device and system
CN108234124A (en) Auth method, device and system
CN105959323A (en) Identity authentication system, method and apparatus
CN110166471A (en) A kind of portal authentication method and device
CN109740319A (en) Digital identity verification method and server
CN109861954A (en) A kind of authentication method and equipment
CN108234412A (en) Auth method and device
CN108234113A (en) Auth method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant