CN106533685B - Identity authentication method, device and system - Google Patents

Identity authentication method, device and system Download PDF

Info

Publication number
CN106533685B
CN106533685B CN201510571618.8A CN201510571618A CN106533685B CN 106533685 B CN106533685 B CN 106533685B CN 201510571618 A CN201510571618 A CN 201510571618A CN 106533685 B CN106533685 B CN 106533685B
Authority
CN
China
Prior art keywords
session
password
verification
terminal
loan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510571618.8A
Other languages
Chinese (zh)
Other versions
CN106533685A (en
Inventor
郭懿心
韦德志
郑伟涛
吴文勤
王兆创
王�章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201510571618.8A priority Critical patent/CN106533685B/en
Publication of CN106533685A publication Critical patent/CN106533685A/en
Application granted granted Critical
Publication of CN106533685B publication Critical patent/CN106533685B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to an identity authentication method, which comprises the following steps: receiving a first operation request of a terminal, and acquiring a password certificate corresponding to a password input by a user; creating a session, wherein the session has a unique session identifier, the session contains the password credential, and the session identifier is returned to the terminal; receiving a second operation request of the terminal, wherein the second operation request carries the session identifier, and searching a corresponding session according to the session identifier; and acquiring the password voucher in the session, and verifying according to the password voucher. By adopting the identity authentication method, the operation step that the user inputs the password again for verification is omitted, the operation efficiency is improved, and the password leakage caused by inputting the password for many times is avoided, so that the safety is improved. In addition, an identity authentication device, another identity authentication method and device and an identity authentication system are also provided.

Description

Identity authentication method, device and system
Technical Field
The invention relates to the technical field of internet, in particular to an identity authentication method, device and system.
Background
With the rapid development of internet technology, the number of online information open platforms is increasing, and in order to ensure the security of using platform services, the identity of a user needs to be authenticated. In some service flows provided by the platform, the identity of the user often needs to be authenticated for many times, so that the user needs to input a password for many times.
For example, for a loan system platform, a user needs to set a payment password when registering on the platform, if the user wants to use the loan service of the platform to perform loan operation, the user needs to open an account first, and when opening the account, the user needs to input the payment password, and after the verification is passed, a loan amount is provided to the user. If the subsequent user directly performs the borrowing operation, the user needs to input the payment password again for performing the verification again. Therefore, the user is required to input the password twice to complete the borrowing operation.
Therefore, in the conventional technology, a user needs to input a password for many times when a platform service is realized by many platforms, however, the operation efficiency is low, and the password leakage is easily caused by inputting the password for many times, so that the safety is reduced.
Disclosure of Invention
In view of the above, it is desirable to provide an identity authentication method, device and system that can improve operation efficiency while ensuring security.
A method of identity authentication, the method comprising:
receiving a first operation request of a terminal, and acquiring a password input by a user;
obtaining a password certificate according to the password;
creating a session, wherein the session has a unique session identifier, the session contains the password credential, and the session identifier is returned to the terminal;
receiving a second operation request of the terminal, wherein the second operation request carries the session identifier, and searching a corresponding session according to the session identifier;
and acquiring the password voucher in the session, and verifying according to the password voucher.
A method of identity authentication, the method comprising:
receiving an account opening request of a terminal, and acquiring a payment password input by a user;
verifying the payment password;
after the verification is passed, obtaining payment password certificates and loan amount information;
creating a session, wherein the session has a unique session identifier, the session comprises the payment password certificate, and the debit and credit limit information and the session identifier are returned to the terminal;
receiving a loan operation request of a terminal, wherein the loan operation request carries the session identifier, and searching a corresponding session according to the session identifier;
and performing secondary verification according to the session, and executing loan operation if the verification is passed.
An identity authentication apparatus, the apparatus comprising:
the first receiving module is used for receiving a first operation request of the terminal and acquiring a password input by a user;
the first obtaining module is used for obtaining a password certificate according to the password;
the first session creating module is used for creating a session, wherein the session has a unique session identifier, the session comprises the password credential, and the session identifier is returned to the terminal;
a second receiving module, configured to receive a second operation request of the terminal, where the second operation request carries the session identifier, and search for a corresponding session according to the session identifier;
and the session verification module is used for acquiring the password certificate in the session and verifying according to the password certificate.
An identity authentication apparatus, the apparatus comprising:
the third receiving module is used for receiving an account opening request of the terminal and acquiring a payment password input by the user;
the first verification module is used for verifying the payment password;
the second acquisition module is used for acquiring the payment password certificate and the loan amount information after the verification is passed;
the second session creating module is used for creating a session, the session has a unique session identifier, the session comprises the payment password certificate, and the debit and credit limit information and the session identifier are returned to the terminal;
a fourth receiving module, configured to receive a loan operation request of the terminal, where the loan operation request carries the session identifier, and search for a corresponding session according to the session identifier;
and the second verification module is used for performing secondary verification according to the session, and executing loan operation if the verification is passed.
According to the identity authentication method and device, the session with the unique session identifier is created, the password certificate corresponding to the password input by the user for the first time is stored, the session identifier is returned to the terminal, when the second operation request of the terminal is received, the corresponding session is searched according to the session identifier carried in the second operation request, and the identity authentication is performed according to the searched corresponding session, so that the operation step that the user inputs the password again for authentication is omitted, the operation efficiency is improved, meanwhile, the password leakage caused by inputting the password for many times is avoided, and the safety is improved.
An identity authentication system comprises a terminal and a loan server;
the terminal is used for sending an account opening request to the loan server;
the loan server is used for receiving an account opening request sent by the terminal and acquiring a payment password input by a user; verifying the payment password; after the verification is passed, a payment password certificate is obtained, and loan amount information returned by the bank server after the account opening is successful is obtained;
the loan server is also used for creating a session, the session has a unique session identifier, the session contains the payment password certificate, and the loan amount information and the session identifier are returned to the terminal;
the terminal is further configured to send a loan operation request to the loan server, where the loan operation request carries the session identifier;
the loan server is further configured to receive a loan operation request sent by the terminal, and search for a corresponding session according to the session identifier carried in the loan operation request; and performing secondary verification according to the session, and executing loan operation if the verification is passed.
According to the identity authentication system, the loan server creates a session with a unique session identifier, the session stores the password certificate corresponding to the password first input by the user in the account opening operation request sent by the terminal, the session identifier is returned to the terminal, when the loan operation request of the terminal is received, the corresponding session is searched according to the session identifier carried in the loan operation request, and identity authentication is carried out according to the searched corresponding session, so that the operation step that the user inputs the password again for authentication is omitted, the operation efficiency is improved, meanwhile, password leakage caused by inputting the password for many times is avoided, and the safety is improved.
Drawings
FIG. 1 is a diagram of an application environment of a method of identity authentication in one embodiment; FIG. 2 is an internal schematic diagram of a server in one embodiment;
FIG. 3 is a flow diagram of a method of identity authentication in one embodiment;
FIG. 4 is a flow chart of a method of identity authentication in another embodiment;
FIG. 5 is a flow chart of a method of identity authentication in a further embodiment;
FIG. 6 is a flow diagram of secondary authentication according to a session in one embodiment;
FIG. 7 is a timing diagram of a method of identity authentication in one embodiment;
FIG. 8A is a schematic diagram of an embodiment of an authentication device;
FIG. 8B is a schematic diagram of the structure of the authentication device in another embodiment;
fig. 9 is a schematic structural diagram of an authentication device in a further embodiment;
fig. 10 is a block diagram showing components of the authentication system in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The identity authentication method provided by the embodiment of the present invention can be applied to the application environment shown in fig. 1, as shown in fig. 1, the terminal 110 communicates with the server 120 through a network. Various applications can be installed and run on the terminal 110, the terminal 110 generates an operation request through the applications, the operation request is sent to the server 120 through the network, and the server 120 determines whether identity authentication is required according to the operation request. In order to ensure the continuity of the service flow provided by the server 120, the server 120 receives two operation requests sent by the terminal 110, and both operation requests need to authenticate the user identity. In the embodiment of the present invention, the server 120 stores the password credential obtained by processing the first operation request into the session, and manages the password credential through the session, so that when the second operation request is received, the password credential in the session can be used for verification, thereby avoiding the user from inputting the password many times. It is understood that the terminal 110 includes, but is not limited to, various personal computers, smart phones, tablet computers, notebook computers, portable wearable devices, and the like, which are not listed herein.
Fig. 2 shows an internal schematic diagram of the server 120 in one embodiment, which includes a processor, storage media, memory, and network interface connected by a system bus. The storage medium of the server is provided with an operating system, a database and an identity authentication device, wherein the database is used for storing data, such as created session and the like, and the identity authentication device is used for realizing an identity authentication method. The processor of the server is used for providing calculation and control capacity and supporting the operation of the whole server. The memory of the server provides an environment for the operation of the authentication means in the storage medium. The network interface of the server is used for communicating with an external terminal or server through network connection, such as receiving an operation request sent by the terminal 110, returning a session identifier to the terminal 110, and the like.
As shown in fig. 3, in an embodiment, an identity authentication method is provided, which is exemplified by being applied to a server, and specifically includes the following steps:
step 302, receiving a first operation request of the terminal, and acquiring a password input by a user.
In this embodiment, when the terminal needs to perform a certain operation, a first operation request is sent to the server. The server receives a first operation request of the terminal, can send a request which requires a user to perform identity authentication to the terminal, the terminal can generate a password input interface according to the request so that the user can input a password, the terminal obtains the password input by the user, and the password original text is encrypted through algorithm calculation and then sent to the server. And step 303, obtaining a password certificate according to the password.
In this embodiment, the server encrypts the obtained password again to generate a password credential.
In one embodiment, before the server generates the password credential, the correctness of the acquired password can be verified, that is, the acquired password is compared with the password stored in advance, if the acquired password is consistent with the password stored in advance, the verification is passed, the password is encrypted again to generate the password credential, and otherwise, the verification is not passed. If the server acquires the password for the first time, for example, the password acquired when the registration request of the terminal is received, the password is directly encrypted again to generate the password credential without verification.
Step 304, creating a session, the session having a unique session identifier, the session including the cryptographic credentials, and returning the session identifier to the terminal.
In this embodiment, the server may randomly generate a non-repeating serial number as a session identifier of the created session, and store the acquired password credential in the session. In addition, when the terminal sends the first operation request to the server, the terminal carries information related to the first operation request, so that the session may further include the information related to the first operation request.
Further, after the server creates the session, the session is stored, and the session identifier is returned to the terminal.
Step 306, receiving a second operation request of the terminal, where the second operation request carries a session identifier, and searching for a corresponding session according to the session identifier.
In this embodiment, the second operation request is an operation request immediately after the first operation request, and the second operation request and the first operation request make the service provided by the server have consistency. The second operation request usually requires authentication of the user, such as a download, payment or loan operation request.
When the terminal sends a second operation request to the server, the second operation request carries a session identifier, and the server receives the second operation request, acquires the session identifier therein, and searches for a stored session according to the session identifier. In this way, the session content is not propagated in the network, and only the session identification is propagated.
And 308, acquiring the password certificate in the session, and verifying according to the password certificate.
In this embodiment, the server obtains the password credential stored in the searched session, and performs authentication on the second operation request by using the password credential. Specifically, whether the password credential in the session is correct or not can be verified, that is, whether the password in the password credential is consistent with the password stored in advance or not can be verified, if so, the verification is passed, and otherwise, the verification is not passed.
According to the identity authentication method, the session with the unique session identifier is created, the password credential corresponding to the password input by the user for the first time is stored, the session identifier is returned to the terminal, when the second operation request of the terminal is received, the corresponding session is searched according to the session identifier carried in the second operation request, and the identity authentication is performed on the second operation request according to the searched password credential in the corresponding session, so that the operation step that the user inputs the password again for authentication is omitted, the operation efficiency is improved, meanwhile, the password leakage caused by inputting the password for many times is avoided, and the safety is improved.
In one embodiment, before obtaining the password credential in the session and performing the authentication according to the password credential, the method further comprises the following steps: and detecting whether the session is in an effective state, if so, acquiring the password certificate in the session, and verifying according to the password certificate, otherwise, not processing.
In another embodiment, before obtaining the password credential in the session and performing the authentication according to the password credential, the method further comprises the following steps: and detecting whether the content of the session is not tampered, if so, acquiring the password certificate in the session, and verifying according to the password certificate, and if not, not processing.
As shown in fig. 4, in an embodiment, an identity verification method is provided, which is exemplified by being applied to a server, and specifically includes:
step 402, receiving a first operation request of the terminal, and acquiring a password input by a user.
In this embodiment, the obtained password input by the user is an encrypted password obtained by encrypting a password original text through algorithm calculation by the terminal.
Step 404, verifying the password input by the user. And step 406, obtaining the password credential if the authentication is passed, and creating a session, wherein the session has a unique session identifier, the session comprises the password credential, and the session identifier is returned to the terminal. In this embodiment, after the password input by the user is verified, the password is encrypted again to generate the password credential.
And step 408, receiving a second operation request of the terminal, wherein the second operation request carries a session identifier, and searching for a corresponding session according to the session identifier.
Step 410, detecting whether the searched session is in an effective state, if so, entering step 412, otherwise, not processing.
In this embodiment, the session is time-efficient, that is, the session automatically fails after a certain time has elapsed since the session was created. Specifically, the server records session creation time when creating a session, obtains a time interval between current time and the session creation time after the server finds a corresponding session according to the session identifier, and judges whether the time interval exceeds preset time, if so, the session is overtime and is in a failure state, otherwise, the session is in an effective state. Or, the server starts timing after establishing the session, judges whether the current timing of the session exceeds the preset time or not when the server finds the corresponding session according to the session identifier, if so, the session is overtime, the session is in a failure state, and otherwise, the session is in an effective state. If the session is in failure state, the server does not process and the verification is not passed.
By setting timeliness for the session, the content in the session is verified only when the session is in a valid state in time, so that the security of the content in the session is ensured.
Step 412, detecting whether the content of the session is not tampered, if so, entering step 414, otherwise, not processing.
In one embodiment, the session content may be encrypted by using a symmetric encryption algorithm, and then the encrypted session content is encrypted by using a hash algorithm to generate a digital digest, which is stored together with the symmetrically encrypted session content. And after the corresponding session is found, encrypting the encrypted session content by using a Hash algorithm to generate another digital abstract, comparing the regenerated abstract with the received abstract, and if the regenerated abstract is consistent with the received abstract, indicating that the session content is not tampered.
Further, the session content may be decrypted using a key of a symmetric encryption algorithm to obtain the session content.
In another embodiment, an integrity check value for a created session, which is unique to the session, may be calculated by a one-way hash function. The integrity check value is saved appended after the session. And after the corresponding session is found, calculating the integrity check value of the found session by using the same one-way hash function, and if the two values are the same, judging that the session is not tampered. If a third party attempts to modify the session, the new integrity check value calculated by the one-way hash function must be different from the original integrity check value, thereby ensuring that the contents of the session have not been tampered with.
In this embodiment, before verifying whether the password credential in the session is correct, whether the content of the session is tampered is detected by verifying the integrity of the session, and the like, thereby ensuring the security of the content in the session.
And 414, acquiring the password certificate in the session, verifying whether the password certificate in the session is correct, if so, passing the verification, otherwise, failing to pass the verification.
In this embodiment, before verifying whether the password credential in the session is correct, it is first detected whether the session is valid and whether the content is not tampered, so as to ensure the security of the content in the session. The password credential corresponding to the password input for the first time is recorded through the session, and the password credential in the session is acquired for verification when the password needs to be input subsequently, so that the user does not need to input the password again, the process is simplified, and the operation efficiency is improved. And because the user does not need to input the password again, the leakage of the password is avoided, and the transmission of the password in the network is reduced, thereby improving the safety.
As shown in fig. 5, in an embodiment, an identity authentication method is provided, which is exemplified by being applied to a server, and specifically includes:
step 502, receiving an account opening request of a terminal, and acquiring a payment password input by a user.
In this embodiment, when the terminal needs to perform a loan operation, an account is first opened, and an account opening request is sent to the server. The server receives an account opening request of the terminal, can send a request which requires a user to perform identity authentication to the terminal, the terminal can generate a payment password input interface according to the request so that the user can input a payment password, the terminal obtains the payment password input by the user, and the payment password is encrypted through algorithm calculation and then sent to the server.
Step 504, the payment password is verified.
In this embodiment, the server may verify the correctness of the payment password, that is, compare the payment password with the payment password stored in advance, if the two are consistent, the verification is passed, otherwise, the verification is not passed.
Step 506, obtaining payment password credentials and loan amount information after the verification is passed.
In this embodiment, after the payment password is verified, the lending server may encrypt the obtained payment password again to generate a payment password credential. And the loan server calls an interface of the bank server to execute account opening operation, the bank server returns account information and loan amount information after account opening is completed, and the loan server acquires the loan amount information.
And step 508, creating a session, wherein the session has a unique session identifier, the session comprises the payment password certificate, and the debit and credit limit information and the session identifier are returned to the terminal.
In this embodiment, the server may randomly generate a non-repeating serial number as a session identifier of the created session, and store the obtained payment password credential in the session. In addition, when the terminal sends the account opening request to the server, the terminal carries information related to the account opening request, so that the session can also contain the information related to the account opening request.
Further, after the server creates the session, the session is stored, and the loan limit information and the session identifier are returned to the terminal.
And step 510, receiving a loan operation request of the terminal, wherein the loan operation request carries a session identifier, and searching a corresponding session according to the session identifier.
In this embodiment, the loan operation request is received immediately after the account opening request, and the loan operation request and the account opening request make the service provided by the server coherent.
When the terminal sends a loan operation request to the server, the loan operation request carries a session identifier, the server receives the loan operation request, obtains the session identifier therein, and searches for a stored session according to the session identifier. In this way, the session content is not propagated in the network, and only the session identification is propagated.
And step 512, performing secondary verification according to the session, and executing loan operation if the verification is passed.
In this embodiment, the server performs secondary authentication according to the searched session, and because the payment password credential is stored in the session, the identity authentication can be performed on the loan operation request according to the session.
Further, after the verification is passed, the loan server calls an interface of the bank server to execute the loan operation.
According to the identity authentication method, the session with the unique session identifier is created, the payment password certificate corresponding to the payment password input by the user for the first time is stored, the session identifier is returned to the terminal, when the loan operation request of the terminal is received, the corresponding session is searched according to the session identifier carried in the loan operation request, and the identity authentication is carried out according to the searched corresponding session, so that the operation step that the user inputs the payment password again for authentication is omitted, the operation efficiency is improved, the password leakage caused by inputting the payment password for many times is prevented, and the safety is improved.
As shown in fig. 6, in one embodiment, the step of performing secondary authentication according to the session includes:
step 602, detecting whether the session is in an active state.
In this embodiment, the session is time-efficient, that is, the session automatically fails after a certain time has elapsed since the session was created. Specifically, the server records session creation time when creating a session, obtains a time interval between current time and the session creation time after the server finds a corresponding session according to the session identifier, and judges whether the time interval exceeds preset time, if so, the session is overtime and is in a failure state, otherwise, the session is in an effective state. Or, the server starts timing after establishing the session, judges whether the current timing of the session exceeds the preset time or not when the server finds the corresponding session according to the session identifier, if so, the session is overtime, the session is in a failure state, and otherwise, the session is in an effective state. If the session is in failure state, the server does not process and the verification is not passed.
By setting timeliness for the session, the content in the session is verified only when the session is in a valid state in time, so that the security of the content in the session is ensured.
If the session is in a valid state, step 604, it is detected whether the content of the session has not been tampered with.
In one embodiment, the session content may be encrypted by using a symmetric encryption algorithm, and then the encrypted session content is encrypted by using a hash algorithm to generate a digital digest, which is stored together with the symmetrically encrypted session content. And after the corresponding session is found, encrypting the encrypted session content by using a Hash algorithm to generate another digital abstract, comparing the regenerated abstract with the received abstract, and if the regenerated abstract is consistent with the received abstract, indicating that the session content is not tampered.
Further, the session content may be decrypted using a key of a symmetric encryption algorithm to obtain the session content.
In another embodiment, an integrity check value for a created session, which is unique to the session, may be calculated by a one-way hash function. The integrity check value is saved appended after the session. And after the corresponding session is found, calculating the integrity check value of the found session by using the same one-way hash function, and if the two values are the same, judging that the session is not tampered. If a third party attempts to modify the session, the new integrity check value calculated by the one-way hash function must be different from the original integrity check value, thereby ensuring that the contents of the session have not been tampered with.
In this embodiment, before verifying whether the payment password credential in the session is correct, whether the content of the session is tampered is detected by verifying the integrity of the session, and the like, so that the security of the content in the session is ensured.
Step 606, if the content of the session is not tampered, the payment password voucher in the session is obtained, whether the payment password voucher is correct or not is verified, if yes, the verification is passed, and if not, the verification is not passed.
In this embodiment, whether the payment password credential is correct is verified, that is, whether the payment password in the payment password credential is consistent with the pre-stored payment password is verified, if yes, the verification is passed, and if not, the verification is not passed.
In this embodiment, before verifying whether the payment password credential in the session is correct, it is first detected whether the session is valid and whether the content is not tampered, so as to ensure the security of the content in the session. The payment password voucher corresponding to the payment password input for the first time is recorded through the session, the payment password voucher in the session is obtained for verification when the payment password needs to be input subsequently, and the user does not need to input the payment password again, so that the process is simplified, and the operation efficiency is improved. And because the user does not need to input the payment password again, the leakage of the payment password is avoided, the transmission of the payment password in the network is reduced, and the safety is improved.
Fig. 7 is a timing diagram of the above-described method of identity authentication in one embodiment. In this embodiment, the specific process of the identity authentication method is as follows:
1) the terminal sends an account opening request to the loan server, and the account opening request contains a payment password input by the user.
The payment password input by the user in the account opening request is obtained by encrypting the original text of the payment password through algorithm calculation by the terminal.
2) And after the loan server acquires the payment password in the account opening request, verifying the payment password.
The lending server can verify the correctness of the payment password, namely, the payment password is compared with the payment password stored in advance, if the payment password is consistent with the payment password, the verification is passed, otherwise, the verification is not passed.
3) And after the verification is passed, the loan server acquires the payment password certificate and calls a bank server interface to execute account opening operation.
4) After the account opening is completed, the bank server returns the information of the borrowing amount to the borrowing server.
5) The lending server creates a session to store the payment cryptographic credentials and generates a unique session identification.
6) And the lending server returns the session identification and the loan amount information to the terminal.
7) The terminal sends a borrowing operation request to the borrowing server, and the borrowing operation request carries borrowing information such as session identification, borrowing amount and the like.
8) And the lending server searches the corresponding session according to the session identifier.
9.1) the lending server checks whether the found session is valid.
9.2) if the session is in a valid state, the lending server detects whether the session content has not been tampered with.
9.3) if the conversation content is not tampered, the loan server acquires the payment password voucher stored in the conversation and verifies whether the payment password voucher is correct.
10) If the payment password voucher is correct, the verification is passed, and the loan server calls a bank server interface to execute the loan operation.
As shown in fig. 8A, in one embodiment, there is provided an identity authentication apparatus, the apparatus comprising:
the first receiving module 802 is configured to receive a first operation request of the terminal, and obtain a password input by a user.
A first obtaining module 803, configured to obtain a password credential according to the password.
A first session creation module 804 configured to create a session having a unique session identifier, the session including cryptographic credentials, and return the session identifier to the terminal.
A second receiving module 806, configured to receive a second operation request of the terminal, where the second operation request carries a session identifier, and search for a corresponding session according to the session identifier.
And the session authentication module 808 is configured to acquire the password credential in the session and perform authentication according to the password credential.
In this embodiment, the session verification module 808 is further configured to verify whether the password credential in the session is correct, if so, the verification is passed, otherwise, the verification is not passed.
As shown in fig. 8B, in an embodiment, the identity authentication apparatus further includes:
and the state detection module 810 is configured to detect whether the session is in an effective state, notify the session verification module to obtain the password credential in the session if the session is in the effective state, perform verification according to the password credential, and perform no processing if the session is not in the effective state.
And a content detection module 812, configured to detect whether the content of the session is not tampered, if so, notify the session verification module to obtain the password credential in the session, and perform verification according to the password credential, and if not, perform no processing. And a password verifying module 814, configured to verify the password input by the user, and notify the first obtaining module to obtain the password credential according to the password input by the user if the verification is passed.
It is understood that in other embodiments, the identity authentication device may further comprise at least one of a state detection module 810, a content detection module 812, and a password verification module 814, based on the device shown in fig. 8A.
As shown in fig. 9, in one embodiment, there is also provided an identity authentication apparatus, including:
a third receiving module 902, configured to receive an account opening request of the terminal, and obtain a payment password input by the user.
A first verification module 904, configured to verify the payment password.
The second obtaining module 906 is configured to obtain the payment password credential and the loan amount information after the verification is passed.
A second session creation module 908 for creating a session having a unique session identifier, the session including the payment password credentials, and returning the credit limit information and the session to the terminal.
The fourth receiving module 910 is configured to receive a loan operation request of the terminal, where the loan operation request carries a session identifier, and a corresponding session is searched according to the session identifier.
And a second verification module 912 for performing a second verification according to the session, wherein the second verification is performed after the second verification passes.
In one embodiment, the second authentication module 912 is further configured to detect whether the session is in a valid state; if the session is in a valid state, detecting whether the content of the session is not tampered; and if the content of the session is not tampered, acquiring the payment password voucher in the session, verifying whether the payment password voucher is correct or not, if so, passing the verification, and otherwise, failing to pass the verification.
As shown in fig. 10, in one embodiment, an identity authentication system is provided that includes a terminal 1002 and a lending server 1004.
The terminal 1002 is used to send an account opening request to the lending server 1004.
The lending server 1004 is configured to receive an account opening request sent by the terminal 1002, and obtain a payment password input by a user; verifying the payment password; and after the verification is passed, obtaining a payment password certificate and obtaining the debit amount information returned by the bank server after the account opening is successful.
The loan server 1004 is also used for receiving the information of the loan amount returned by the bank server 1006; a session is created with a unique session identification, the session contains payment password credentials, and credit limit information and the session identification are returned to the terminal 1002.
The terminal 1002 is further configured to send a loan operation request to the loan server 1004, where the loan operation request carries the session identifier.
The loan server 1004 is further configured to receive a loan operation request sent by the terminal 1002, and search for a corresponding session according to a session identifier carried in the loan operation request; and performing secondary verification according to the session, and executing loan operation if the verification is passed.
In one embodiment, the loan server 1004 is further configured to detect whether the session is in a valid state; if the session is in a valid state, detecting whether the content of the session is not tampered; and if the content of the session is not tampered, acquiring the payment password voucher in the session, verifying whether the payment password voucher is correct or not, if so, passing the verification, and otherwise, failing to pass the verification.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A method of identity authentication, the method comprising:
receiving a first operation request of a terminal, and acquiring a password input by a user; the first operation request is an account opening request; the password is a payment password;
verifying the password input by the user, and obtaining a password certificate according to the password after the password passes the verification;
creating a session, wherein the session has a unique session identifier, the session contains the password credential, and the session identifier is returned to the terminal;
receiving a second operation request of the terminal, wherein the second operation request carries the session identifier, and searching a corresponding session according to the session identifier; the second operation request is a loan operation request;
detecting whether the timeliness of the session is in an effective state, if so, acquiring the password certificate in the session, and verifying whether the password in the password certificate is consistent with a pre-stored password;
if not, no processing is performed.
2. The method of claim 1, wherein prior to the steps of obtaining the cryptographic credentials in the session and verifying according to the cryptographic credentials, further comprising:
and detecting whether the content of the session is not tampered, if so, executing the step of acquiring the password certificate in the session and verifying according to the password certificate, and if not, not processing.
3. A method of identity authentication, the method comprising:
receiving an account opening request of a terminal, and acquiring a payment password input by a user;
verifying the payment password;
after the verification is passed, obtaining payment password certificates and loan amount information;
creating a session, wherein the session has a unique session identifier, the session comprises the payment password certificate, and the debit and credit limit information and the session identifier are returned to the terminal;
receiving a loan operation request of a terminal, wherein the loan operation request carries the session identifier, and searching a corresponding session according to the session identifier;
performing secondary verification according to the session, and executing loan operation if the verification is passed;
the step of performing secondary authentication according to the session includes:
detecting whether the session is in a valid state;
if the timeliness of the session is in a valid state, detecting whether the content of the session is not tampered;
if the content of the session is not tampered, obtaining a payment password voucher in the session, verifying whether a payment password in the payment password voucher is consistent with a pre-stored payment password or not, if so, passing the verification, otherwise, failing to pass the verification.
4. An identity authentication apparatus, the apparatus comprising:
the first receiving module is used for receiving a first operation request of the terminal and acquiring a password input by a user; the first operation request is an account opening request; the password is a payment password;
the password verification module is used for verifying the password input by the user;
the first obtaining module is used for obtaining a password certificate according to the password if the password verification module passes the verification;
the first session creating module is used for creating a session, wherein the session has a unique session identifier, the session comprises the password credential, and the session identifier is returned to the terminal;
a second receiving module, configured to receive a second operation request of the terminal, where the second operation request carries the session identifier, and search for a corresponding session according to the session identifier; the second operation request is a loan operation request;
the state detection module is used for detecting whether the timeliness of the session is in an effective state; if not, no processing is carried out;
and the session verification module is used for acquiring the password certificate in the session and verifying whether the password in the password certificate is consistent with the password stored in advance when the detection result of the state detection module is positive.
5. The apparatus of claim 4, further comprising:
and the content detection module is used for detecting whether the content of the session is not tampered, if so, the session verification module is informed to obtain the password certificate in the session, verification is carried out according to the password certificate, and if not, no processing is carried out.
6. An identity authentication apparatus, the apparatus comprising:
the third receiving module is used for receiving an account opening request of the terminal and acquiring a payment password input by the user;
the first verification module is used for verifying the payment password;
the second acquisition module is used for acquiring the payment password certificate and the loan amount information after the verification is passed;
the second session creating module is used for creating a session, the session has a unique session identifier, the session comprises the payment password certificate, and the debit and credit limit information and the session identifier are returned to the terminal;
a fourth receiving module, configured to receive a loan operation request of the terminal, where the loan operation request carries the session identifier, and search for a corresponding session according to the session identifier;
the second verification module is used for performing secondary verification according to the session, and if the verification is passed, the loan operation is executed;
the second verification module is further used for detecting whether the timeliness of the session is in a valid state; if the session is in a valid state, detecting whether the content of the session is not tampered; if the content of the session is not tampered, obtaining a payment password voucher in the session, verifying whether a payment password in the payment password voucher is consistent with a pre-stored payment password or not, if so, passing the verification, otherwise, failing to pass the verification.
7. An identity authentication system is characterized in that the system comprises a terminal and a loan server;
the terminal is used for sending an account opening request to the loan server;
the loan server is used for receiving an account opening request sent by the terminal and acquiring a payment password input by a user; verifying the payment password; after the verification is passed, a payment password certificate is obtained, and loan amount information returned by the bank server after the account opening is successful is obtained;
the loan server is also used for creating a session, the session has a unique session identifier, the session contains the payment password certificate, and the loan amount information and the session identifier are returned to the terminal;
the terminal is further configured to send a loan operation request to the loan server, where the loan operation request carries the session identifier;
the loan server is further configured to receive a loan operation request sent by the terminal, and search for a corresponding session according to the session identifier carried in the loan operation request; performing secondary verification according to the session, and executing loan operation if the verification is passed;
the loan server is also used for detecting whether the timeliness of the session is in a valid state; if the session is in a valid state, detecting whether the content of the session is not tampered; if the content of the session is not tampered, obtaining a payment password voucher in the session, verifying whether a payment password in the payment password voucher is consistent with a pre-stored payment password or not, if so, passing the verification, otherwise, failing to pass the verification.
8. A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to carry out the steps of the method according to any one of claims 1 to 3.
9. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method according to any one of claims 1 to 3.
CN201510571618.8A 2015-09-09 2015-09-09 Identity authentication method, device and system Active CN106533685B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510571618.8A CN106533685B (en) 2015-09-09 2015-09-09 Identity authentication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510571618.8A CN106533685B (en) 2015-09-09 2015-09-09 Identity authentication method, device and system

Publications (2)

Publication Number Publication Date
CN106533685A CN106533685A (en) 2017-03-22
CN106533685B true CN106533685B (en) 2020-12-08

Family

ID=58345600

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510571618.8A Active CN106533685B (en) 2015-09-09 2015-09-09 Identity authentication method, device and system

Country Status (1)

Country Link
CN (1) CN106533685B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110445757A (en) * 2019-07-05 2019-11-12 中国平安人寿保险股份有限公司 Personnel information encryption method, device, computer equipment and storage medium
CN114598489B (en) * 2020-11-20 2023-07-11 华为技术有限公司 Method and related device for determining trust terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051631A (en) * 2012-12-21 2013-04-17 国云科技股份有限公司 Unified security authentication method for PaaS (Platform as a Service) platform and SaaS (Software as a Service) application system
CN103391292A (en) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 Mobile-application-oriented safe login method, system and device
CN103532919A (en) * 2012-07-06 2014-01-22 腾讯科技(深圳)有限公司 Method and system for maintaining login state of user account
CN103685282A (en) * 2013-12-18 2014-03-26 飞天诚信科技股份有限公司 Identity authentication method based on single sign on
CN104135494A (en) * 2014-08-22 2014-11-05 北京京东尚科信息技术有限公司 Same-account incredible terminal login method and system based on credible terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095662B (en) * 2011-11-04 2016-08-03 阿里巴巴集团控股有限公司 A kind of online transaction safety certifying method and online transaction security certification system
CN103634316A (en) * 2013-11-26 2014-03-12 乐视网信息技术(北京)股份有限公司 Account login method and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532919A (en) * 2012-07-06 2014-01-22 腾讯科技(深圳)有限公司 Method and system for maintaining login state of user account
CN103051631A (en) * 2012-12-21 2013-04-17 国云科技股份有限公司 Unified security authentication method for PaaS (Platform as a Service) platform and SaaS (Software as a Service) application system
CN103391292A (en) * 2013-07-18 2013-11-13 百度在线网络技术(北京)有限公司 Mobile-application-oriented safe login method, system and device
CN103685282A (en) * 2013-12-18 2014-03-26 飞天诚信科技股份有限公司 Identity authentication method based on single sign on
CN104135494A (en) * 2014-08-22 2014-11-05 北京京东尚科信息技术有限公司 Same-account incredible terminal login method and system based on credible terminal

Also Published As

Publication number Publication date
CN106533685A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN106575416B (en) System and method for authenticating a client to a device
EP3138265B1 (en) Enhanced security for registration of authentication devices
CN106330850B (en) Security verification method based on biological characteristics, client and server
EP3100171B1 (en) Client authentication using social relationship data
TWI635409B (en) Query system, method and non-transitory machine-readable medium to determine authentication capabilities
CN106575281B (en) System and method for implementing hosted authentication services
US20080305769A1 (en) Device Method & System For Facilitating Mobile Transactions
CN109325342A (en) Identity information management method, apparatus, computer equipment and storage medium
JP2018532301A (en) User authentication method and apparatus
CN112333198A (en) Secure cross-domain login method, system and server
CN109474437B (en) Method for applying digital certificate based on biological identification information
CN111431719A (en) Mobile terminal password protection module, mobile terminal and password protection method
EP3358783A1 (en) Integrated authentication system for authentication using single-use random numbers
EP3206329B1 (en) Security check method, device, terminal and server
EP3933624B1 (en) Blockchain-based identity verification method and related hardware
KR20130107188A (en) Server and method for authentication using sound code
US11218464B2 (en) Information registration and authentication method and device
EP2875460A1 (en) Anti-cloning system and method
WO2017084569A1 (en) Method for acquiring login credential in smart terminal, smart terminal, and operating systems
KR20210142180A (en) System and method for efficient challenge-response authentication
CN105577619B (en) Client login method, client and system
CN111125665A (en) Authentication method and device
CN106533685B (en) Identity authentication method, device and system
TW202207667A (en) Authentication and validation procedure for improved security in communications systems
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant