CN107634834A - A kind of trusted identity authentication method based on the more scenes in multiple terminals - Google Patents
A kind of trusted identity authentication method based on the more scenes in multiple terminals Download PDFInfo
- Publication number
- CN107634834A CN107634834A CN201710790862.2A CN201710790862A CN107634834A CN 107634834 A CN107634834 A CN 107634834A CN 201710790862 A CN201710790862 A CN 201710790862A CN 107634834 A CN107634834 A CN 107634834A
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal device
- authenticator
- scenes
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of trusted identity authentication method based on the more scenes in multiple terminals, based on the terminal device with biological characteristic identification function, make authentication mode full decoupled with authentication protocol, authentication authorization and accounting mode plug and play on the terminal device, complete the safety certification of user identity;Meanwhile the unified standardized attestation agreement for only having client and service end, any terminal device is used the client in authentication protocol.The present invention can overcome prior art insufficient, make full use of the ability of the safety chip built in equipment, decouple authentication mode and authentication protocol, make authentication more safe and efficient quick.
Description
Technical field
The present invention relates to identity identifying technology field, is a kind of trusted identity based on the more scenes in multiple terminals specifically
Authentication method.
Background technology
Due to the continuous development that large and medium-sized enterprise is information-based, the continuous lifting of the level of IT application, service application scene by
Original monomer architecture environment is changed to more complicated diversification application scenarios.Meanwhile flourishing in Internet technology
Today, many emerging technologies lead the traditional forms of enterprises to be changed, and most enterprises even all will apply to enter to cloud environment
Row migration and covering.But the transformation of enterprise's application identity Validation Mode, which is one, to be first had to solve the problems, such as, because enterprise believes
The continuous propulsion of breathization process, is ultimately resulted in using islanding problem.At present traditional authentication islanding problem is predominantly following
Several aspects:1)The centralised storage problem of identity information;2)The more cipher memories of user and weak passwurd problem;3)Certification integrates
Diversification complicates, and increases identity data leakage problem;4)The convenience authentication question of Internet era smart machine.
According to the identity of GARTER 2016 reveal statistical reports, have more than half enterprise network security accident and
Authentication authority is usurped relevant.Also become more and more important using the identity identifying technology more efficiently with safety, it is traditional
This single authentication mode of account number cipher can not meet enterprise-level unified certification demand, also no longer adapt to the demand in future.
How for application system convenient, safe, efficient identity authentication service is provided, turn into the class that pendulum has to face in face of us
Topic.Data safety is the major issue that each information system information interactive process will face all the time.
However, the verification mode and problem of legacy user's password are described in detail above, the traditional forms of enterprises should
With the pattern of structure, identification authentication mode let us has to be remembered various passwords with brain or notes or even forgotten
The password of oneself, always worry that password and core identity data seize equivalent risk on both sides by the arms by security attack.
Problem above based on traditional scheme, typical technology way mainly have following two:
1)At present the biological identification technology of main flow
As shown in Fig. 2 at present, in advanced enterprises, especially in Internet firm, application is more, also by the certification of masses' accreditation
Mode mainly passes through biological identification technology(Quick Response Code, fingerprint, face, iris, vocal print, vein, UKEY, wearable device etc.),
To replace traditional user cipher to verify, it is more from difficult problem to solve user cipher memory and protocol integration etc..This mode
The advantages of be convenient and swift, and user does not have to remember many passwords.Shortcoming, which is complexity, redundancy, is inconvenient to carry etc. asks
Topic, and equipment component price is not also low.
2)The more scene trusted identity verification techniques in multiple terminals
As shown in figure 3, the way of this mode is to be primarily based on a kind of international lightweight identity security authentication protocol, core
The heart is the ability of the safety chip embedded using terminal device, under different security level requireds, by the authentication mode of equipment
It is configured with strategy, realizes the support to generic identity secure authentication protocol, so as to completes to be based on the existing mobile terminal of user
Authentication.The advantages of this mode is:The existing handheld device of user is taken full advantage of, the work of authentication is given
Safety chip processing built in equipment, realize that the separation of authentication mode and authentication protocol decouples, make authentication more safety high
Imitate, be cheap.Shortcoming is that current excessively outmoded or some mountain vallages mobile terminal wouldn't support this general identity
Secure authentication protocol.
The content of the invention
It is an object of the invention to:A kind of trusted identity authentication method based on the more scenes in multiple terminals is provided, made full use of
The ability of the embedded authenticator of terminal device, authentication mode and authentication protocol are decoupled, and protect user data privacy, with solution
The certainly various challenges of conventional authentication.
The present invention is achieved through the following technical solutions:A kind of trusted identity authentication method based on the more scenes in multiple terminals, base
In the terminal device with biological characteristic identification function, make authentication mode full decoupled with authentication protocol, authentication authorization and accounting mode is at end
Plug and play in end equipment, complete the safety certification of user identity;Meanwhile the unified standardization for only having client and service end is recognized
Agreement is demonstrate,proved, any terminal device is used the client in authentication protocol.
Further, in order to preferably realize the present invention, the terminal device is embedded with integration standard authentication protocol
Authenticator;Authentication mode built in terminal device and strategy are configured by the authenticator under different security level requireds,
User data privacy is protected, completes the diversified certification of all user's all devices, i.e., any terminal device can use certification
Client in agreement.
Authenticator refers to safety chip built-in in terminal device in the present invention, such as:TEE chips, TPM chips, SE chips.
The specific key of the authenticator unblock different authentication mode simultaneously generates a public private key pair;It is private in the public private key pair
Key is stored in the inside of authenticator, and public key is by standardized attestation agreement and represents user to service end request certification.
For the present invention based on the terminal device that can identify biological attribute data, biological attribute data is stored securely in retention private key
Inside the authenticator of information;Server does not store privacy of user data, only retains client public key information, further improves data peace
Quan Xing.
Further, in order to preferably realize the present invention, the authentication mode on the terminal device mainly wrap by plug and play
Include below scheme:Facility registration, authenticator discriminating, data encryption, identification flow, transaction flow, revocation flow.
Further, in order to preferably realize the present invention, the facility registration specifically includes the step of next coming in order are carried out:
Step A:User is registered the mobile terminal device of embedded authenticator;
Step B:The application of integration standard authentication protocol is logged on a web browser;
Step C:Initialization registration is submitted;
Step D:Then service end can forward message and policy data the recognizing to its terminal device of client that user's registration is asked
Demonstrate,prove device;
Step E:After authenticator receives, complete user's registration and a public private key pair can be generated, the private key in the public private key pair is deposited
Store up the public key in the inside of authenticator, the public private key pair and user's registration notice is sent to by standardized attestation agreement
Service end;
Step F:Service end verifies the message of transmission and the legitimacy of authenticator to complete to register.
Further, in order to preferably realize the present invention, the process that the authenticator differentiates mainly should by client
Authenticated with the mode for carrying out digital certificate signature and service end checking signature.
Further, in order to preferably realize the present invention, the data encryption refers to whole registration, accessed, responding process
Traffic encryption will be carried out, and traffic encryption carries out data encrypting and deciphering using asymmetrical public private key pair.
Further, in order to preferably realize the present invention, the identification flow refers to:Application end initiates one and differentiates stream
Journey, subscriber authentication and signature are finally completed on the terminal device, service end completes the verification of signature, and identification flow is completed.
Further, in order to preferably realize the present invention, the transaction flow refers to:Application end initiates a transaction flow
Journey, transaction verification and signature are finally completed on the terminal device and calculates HASH values, service end completes the verification of signature, legitimacy
And text HASH, transaction are completed.
Further, in order to preferably realize the present invention, the revocation flow refers to:Application end initializes a cancellation please
Ask, the legitimacy of service end authentication verification device and after deleting the related authenticator data of local user, send logout message to
Terminal device, terminal device are deleted and data are locally registered to complete to nullify.
It was found from background technology, the bio-identification way of main flow at present, solve user ID data and concentrate memory and weak
The problem of password, but safety means acquisition expenses is expensive, it is inconvenient to carry.In addition, need to be directed on data are safe to use
Terminal is run business into strong one security hardening etc., the collaboration certification between different biological identification technologies also to safety belt come one it is new the problem of,
The degree of coupling problem of authentication mode and authentication protocol causes the upgrading of security module also to change therewith.
A kind of trusted identity authentication method based on the more scenes in multiple terminals proposed by the present invention, not only solves user identity
Memory and the problem of weak passwurd in data set, also technically realizes the loose coupling of authentication mode and authentication protocol, module liter
Level is full decoupled, makes full use of the ability of the safety chip built in equipment, makes authentication more safe and efficient quick.
The present invention compared with prior art, has advantages below and beneficial effect:
(1)The present invention uses the plug and play on the terminal device of user by the decoupling of authentication mode and authentication protocol
Authentication mode, and make full use of the authenticator built in terminal device(Safety chip)Ability, make authentication safer, high
Imitate, be quick.In addition, unified standardization authentication protocol, the Authentication Client that any equipment can use.
(2)Same service end corresponds to any different authentication mode in the present invention, solves the islanding problem of authentication.
(3)Based on the terminal device that can identify biological attribute data in the present invention, by the safety chip pair as authenticator
Biological attribute data carries out safe storage;Server does not store privacy of user data, only retains client public key information, further carries
High Information Security.
(4)The present invention has the Unlinkability of authentication protocol:For different service ends(Relying party)And terminal device,
User key is all different, and it is not that every equipment is all unique that authenticator, which discerns key, prevents from causing due to uniqueness
Trackability, in the absence of a global equipment unique mark, prevent from leaving " footmark ".
(5)Authentication protocol participates in without any third party in the present invention:Authentication protocol only has client and service end, and mechanism is clear
Clear, easy realization, every layer of API that standardization is all provided upwards.In addition, client provides standard compliant agreement, service end(Rely on
Side)Application is simultaneously changed in deployment services end, without introducing third party CA etc., reduces certification link, reduces cost.
Brief description of the drawings
Fig. 1 is the Organization Chart of scheme in embodiment 1;
Fig. 2 is the biological identification technology schematic diagram of main flow at present;
Fig. 3 is the more scene trusted identity verification technique schematic diagrames in multiple terminals;
Fig. 4 is the deployment scheme of Plays authentication protocol of the present invention.
Embodiment
The present invention is described in further detail with reference to embodiment, but the implementation of the present invention is not limited to this.
The invention provides a kind of trusted identity authentication method based on the more scenes in multiple terminals, and following noun is carried out first
Explain:
Multiple terminals:Different classes of certification terminal is referred here to, it is serious to be primarily due to the fragmentation of authenticating device, interface mark
Quasi- specification disunity, certification islanding problem is serious caused by.
More scenes:Authentication mode method disunity is referred here to, the authentication interface disunity of application is primarily due to, recognizes
Card mode is various, and certification islanding problem is serious caused by.
Authentication:Refer to carrying out the proof of identification of specific transactions scene using specific equipment and mode.
Embodiment 1:
A kind of trusted identity authentication method based on the more scenes in multiple terminals, is set based on the terminal with biological characteristic identification function
It is standby, make authentication mode full decoupled with authentication protocol, authentication authorization and accounting mode plug and play on the terminal device, complete user identity
Safety certification;Meanwhile the unified standardized attestation agreement for only having client and service end, make any terminal device can use recognize
Demonstrate,prove the client in agreement.
The terminal device is embedded with the authenticator of integration standard authentication protocol;The authenticator is in different level of securitys
The authentication mode built in terminal device and strategy are configured under it is required that, user data privacy is protected, completes all user institutes
There is the diversified certification of equipment, i.e., any terminal device can use the client in authentication protocol.
As shown in figure 1, standardized attestation agreement unified in the present embodiment is universal safety identity authentication protocol.User is led to
Cross built-in authentication device, can identify that the intelligent terminal of biological characteristic carries out local authentication, general peace is passed through by authenticator
Whole body part authentication protocol is authenticated to service end.
The present invention is a kind of trusted identity verification technique towards the more scenes in multiple terminals, and basic technology is:It is special based on the mankind
The uniqueness and stability of sign carry out the authentication techniques of identity discriminating.Present novel intelligent terminal has been integrated with fingerprint recognition
The smart machines such as device, high-definition camera and memory microphone, fingerprint collecting, face's figure collection and sound collection can be carried out
Turn into Deng, these data and identification is carried out on intelligent terminal lay a solid foundation.
The present invention stems primarily from the large-scale application of mobile Internet, the biometric authentication skill based on main flow at present
Art, for applying a kind of of realization to realize the new certificate scheme based on terminal device authentication device on line, it has drawn internet
And the Advanced Idea of traditional authentication schemes, simplify enterprise's conventional authentication process, Optimal improvements certification integration mode, strengthen
Identification authentication data and the protection of the security of privacy of user, improve identification safety authentication efficiency.
In the present invention, pass through International standardization open protocol U2F, UAF, the purpose of realization unified standardization authentication protocol.
As shown in figure 4, the deployment scheme of the present embodiment Plays authentication protocol.The present embodiment ensures each manufacturer by U2F, UAF
Interoperability between the strong authentication techniques of exploitation, change the mode of current main flow online verification(Password is used as master
Verify means), eliminate or weaken dependence of the user to password.
The present invention is different from FIDO(Quick online identity certification)Technology, although FIDO technologies can also realize authentication mode
With the separation of authentication protocol, but the invention has the characteristics that:
(One)Lightweight certification integrates:Based on unified standardized attestation agreement so that authentication mode and authentication protocol break off relations, i.e.,
The authentication mode of plug and play on a user device, by being assisted in accordance with unified standardization certification between authentication mode and authentication protocol
The authenticator of view does data conversion;Integration mode is integrated simple to provide the API and SDK of unified standardization, invasive small;
(Two)Unified standardization authentication protocol, the Authentication Client that open any equipment can use;
(Three)Standardized attestation agreement only has client and service end, and mechanism is clear, and the API of standardization is provided in realization;Terminal
Equipment provides standard compliant agreement, and client puppy parc sdk is called, and logic is applied in service end modification, is realized general
Protocol server is disposed, and without introducing third party CA etc., is reduced certification link, is reduced cost;
(Four)Data can obtain safeguard protection:It is that each request uses asymmetric public and private key data encryption first;Next to that at end
Subscriber authentication and signature are completed in end equipment, service end completes signature check.
Embodiment 2:
The present embodiment further public technology scheme on the basis of embodiment 1.U2F, UAF standard agreement is supported a variety of hard
Part equipment, such as USB flash disk (or U-shield), NFC chip, TPM (reliable platform module) chip, and fingerprint scanner, speech recognition,
The biometric hardwares such as face recognition, iris recognition.
In the present embodiment, USB KEY equipment is primarily directed to.The present embodiment is recognized by USB KEY fingerprint recognitions+certificate
The mode of card, realizes finger print data uniform registration and unified login, and certificate signature validation and finger print data are realized in server end
Checking, the collection of finger print data and log-on message are unified to be realized by USB KEY, and USB KEY support unified and open agreement.
The other parts of the present embodiment are same as the previously described embodiments, therefore repeat no more.
Embodiment 3:
The present embodiment further public technology scheme on the basis of embodiment 1, the authentication mode are inserted on the terminal device
Using mainly includes below scheme:Facility registration, authenticator discriminating, data encryption, identification flow, transaction flow, revocation flow.
The facility registration specifically includes the step of next coming in order are carried out:
Step A:User is registered the mobile terminal device of embedded authenticator;
Step B:The application of integration standard authentication protocol is logged on a web browser;
Step C:Initialization registration is submitted;
Step D:Then service end can forward message and policy data the recognizing to its terminal device of client that user's registration is asked
Demonstrate,prove device;
Step E:After authenticator receives, complete user's registration and a public private key pair can be generated, the private key in the public private key pair is deposited
Store up the public key in the inside of authenticator, the public private key pair and user's registration notice is sent to by standardized attestation agreement
Service end;
Step F:Service end verifies the message of transmission and the legitimacy of authenticator to complete to register.
The process that the authenticator differentiates mainly carries out digital certificate signature by client application and service end is tested
The mode of signed certificate name is authenticated.
The data encryption refers to that whole registration, access, responding process can all carry out traffic encryption, and data flow adds
It is close that data encrypting and deciphering is carried out using asymmetrical public private key pair.
The identification flow refers to:Application end initiates an identification flow, finally completes user identity on the terminal device
Checking and signature, service end complete the verification of signature, and identification flow is completed.
The transaction flow refers to:Application end initiates a transaction flow, finally completes transaction verification on the terminal device
And signature and calculating HASH values, service end complete verification, legitimacy and the text HASH of signature, transaction is completed.
The revocation flow refers to:Application end initializes a de-registration request, and the legitimacy of service end authentication verification device is simultaneously
And after deleting the related authenticator data of local user, send logout message and delete and be locally registered to terminal device, terminal device
Data are to complete to nullify.
The other parts of the present embodiment are same as the previously described embodiments, therefore repeat no more.
It is described above, be only presently preferred embodiments of the present invention, any formal limitation not done to the present invention, it is every according to
Any simply modification, the equivalent variations made according to the technical spirit of the present invention to above example, each fall within the protection of the present invention
Within the scope of.
Claims (9)
1. a kind of trusted identity authentication method based on the more scenes in multiple terminals, is set based on the terminal with biological characteristic identification function
It is standby, it is characterised in that:Make authentication mode full decoupled with authentication protocol, authentication authorization and accounting mode plug and play on the terminal device is complete
Into the safety certification of user identity;Meanwhile the unified standardized attestation agreement for only having client and service end, set any terminal
The standby client that can be used in authentication protocol.
A kind of 2. trusted identity authentication method based on the more scenes in multiple terminals according to claim 1, it is characterised in that:Institute
State the authenticator that terminal device is embedded with integration standard authentication protocol;The authenticator will be eventually under different security level requireds
Authentication mode and strategy built in end equipment are configured, and are protected user data privacy, are completed the more of all user's all devices
Sample certification, i.e., any terminal device can use the client in authentication protocol.
A kind of 3. trusted identity authentication method based on the more scenes in multiple terminals according to claim 2, it is characterised in that:Institute
Stating authentication mode, plug and play mainly includes below scheme on the terminal device:Facility registration, authenticator discriminating, data encryption,
Identification flow, transaction flow, revocation flow.
A kind of 4. trusted identity authentication method based on the more scenes in multiple terminals according to claim 3, it is characterised in that:Institute
State facility registration and specifically include the step of next coming in order are carried out:
Step A:User is registered the mobile terminal device of embedded authenticator;
Step B:The application of integration standard authentication protocol is logged on a web browser;
Step C:Initialization registration is submitted;
Step D:Then service end can forward message and policy data the recognizing to its terminal device of client that user's registration is asked
Demonstrate,prove device;
Step E:After authenticator receives, complete user's registration and a public private key pair can be generated, the private key in the public private key pair is deposited
Store up the public key in the inside of authenticator, the public private key pair and user's registration notice is sent to by standardized attestation agreement
Service end;
Step F:Service end verifies the message of transmission and the legitimacy of authenticator to complete to register.
A kind of 5. trusted identity authentication method based on the more scenes in multiple terminals according to claim 3, it is characterised in that:Institute
The process for stating authenticator discriminating is mainly that the side of digital certificate signature and service end checking signature is carried out by client application
Formula is authenticated.
A kind of 6. trusted identity authentication method based on the more scenes in multiple terminals according to claim 3, it is characterised in that:Institute
State data encryption and refer to that whole registration, access, responding process can all carry out traffic encryption, and traffic encryption is using non-right
The public private key pair of title carries out data encrypting and deciphering.
A kind of 7. trusted identity authentication method based on the more scenes in multiple terminals according to claim 3, it is characterised in that:Institute
Identification flow is stated to refer to:Application end initiates an identification flow, finally completes subscriber authentication and signature on the terminal device,
Service end completes the verification of signature, and identification flow is completed.
A kind of 8. trusted identity authentication method based on the more scenes in multiple terminals according to claim 3, it is characterised in that:Institute
Transaction flow is stated to refer to:Application end initiates a transaction flow, finally completes transaction verification and signature and meter on the terminal device
HASH values are calculated, service end completes verification, legitimacy and the text HASH of signature, and transaction is completed.
A kind of 9. trusted identity authentication method based on the more scenes in multiple terminals according to claim 3, it is characterised in that:Institute
Revocation flow is stated to refer to:Application end initializes a de-registration request, the legitimacy of service end authentication verification device and deletes local
After the related authenticator data of user, send logout message and delete and data are locally registered to complete to terminal device, terminal device
Nullify.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710790862.2A CN107634834A (en) | 2017-09-05 | 2017-09-05 | A kind of trusted identity authentication method based on the more scenes in multiple terminals |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710790862.2A CN107634834A (en) | 2017-09-05 | 2017-09-05 | A kind of trusted identity authentication method based on the more scenes in multiple terminals |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107634834A true CN107634834A (en) | 2018-01-26 |
Family
ID=61099835
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710790862.2A Pending CN107634834A (en) | 2017-09-05 | 2017-09-05 | A kind of trusted identity authentication method based on the more scenes in multiple terminals |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107634834A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110401663A (en) * | 2019-07-30 | 2019-11-01 | 飞天诚信科技股份有限公司 | A kind of method and system of fast registration authenticator |
| CN111104658A (en) * | 2018-10-25 | 2020-05-05 | 北京嘀嘀无限科技发展有限公司 | Registration method and device, authentication method and device |
| CN111464553A (en) * | 2020-04-13 | 2020-07-28 | 北京计算机技术及应用研究所 | Identity authentication device and method for protecting biological characteristic privacy |
| JP2020141331A (en) * | 2019-02-28 | 2020-09-03 | キヤノン株式会社 | Service using device, method, and program |
| CN114467283A (en) * | 2021-11-24 | 2022-05-10 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
| CN114884680A (en) * | 2022-06-06 | 2022-08-09 | 四川中电启明星信息技术有限公司 | Multi-server sustainable trust evaluation method based on context authentication |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130160098A1 (en) * | 2011-12-20 | 2013-06-20 | Mark Carlson | Familiar dynamic human challenge response test content |
| CN104969528A (en) * | 2012-12-28 | 2015-10-07 | 诺克诺克实验公司 | Query system and method to determine authentication capabilities |
| CN105656890A (en) * | 2015-12-30 | 2016-06-08 | 深圳数字电视国家工程实验室股份有限公司 | FIDO (Fast Identity Online) authenticator, system and method based on TEE (Trusted Execution Environment) and wireless confirmation |
| CN105827571A (en) * | 2015-01-06 | 2016-08-03 | 华为技术有限公司 | UAF (Universal Authentication Framework) protocol based multi-modal biological characteristic authentication method and equipment |
| CN107070667A (en) * | 2017-06-07 | 2017-08-18 | 国民认证科技(北京)有限公司 | Identity identifying method, user equipment and server |
-
2017
- 2017-09-05 CN CN201710790862.2A patent/CN107634834A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130160098A1 (en) * | 2011-12-20 | 2013-06-20 | Mark Carlson | Familiar dynamic human challenge response test content |
| CN104969528A (en) * | 2012-12-28 | 2015-10-07 | 诺克诺克实验公司 | Query system and method to determine authentication capabilities |
| CN105827571A (en) * | 2015-01-06 | 2016-08-03 | 华为技术有限公司 | UAF (Universal Authentication Framework) protocol based multi-modal biological characteristic authentication method and equipment |
| CN105656890A (en) * | 2015-12-30 | 2016-06-08 | 深圳数字电视国家工程实验室股份有限公司 | FIDO (Fast Identity Online) authenticator, system and method based on TEE (Trusted Execution Environment) and wireless confirmation |
| CN107070667A (en) * | 2017-06-07 | 2017-08-18 | 国民认证科技(北京)有限公司 | Identity identifying method, user equipment and server |
Non-Patent Citations (1)
| Title |
|---|
| 胡可欣: "FIDO UAF认证协议的安全性研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111104658A (en) * | 2018-10-25 | 2020-05-05 | 北京嘀嘀无限科技发展有限公司 | Registration method and device, authentication method and device |
| JP2020141331A (en) * | 2019-02-28 | 2020-09-03 | キヤノン株式会社 | Service using device, method, and program |
| JP7278802B2 (en) | 2019-02-28 | 2023-05-22 | キヤノン株式会社 | Service use device, method, and program |
| CN110401663A (en) * | 2019-07-30 | 2019-11-01 | 飞天诚信科技股份有限公司 | A kind of method and system of fast registration authenticator |
| CN110401663B (en) * | 2019-07-30 | 2021-08-31 | 飞天诚信科技股份有限公司 | Method and system for quickly registering authenticator |
| CN111464553A (en) * | 2020-04-13 | 2020-07-28 | 北京计算机技术及应用研究所 | Identity authentication device and method for protecting biological characteristic privacy |
| CN114467283A (en) * | 2021-11-24 | 2022-05-10 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
| CN114467283B (en) * | 2021-11-24 | 2024-02-09 | 百果园技术(新加坡)有限公司 | Identity authentication method, device, terminal, storage medium and program product |
| CN114884680A (en) * | 2022-06-06 | 2022-08-09 | 四川中电启明星信息技术有限公司 | Multi-server sustainable trust evaluation method based on context authentication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107634834A (en) | A kind of trusted identity authentication method based on the more scenes in multiple terminals | |
| CN104994114B (en) | A kind of identity authorization system and method based on electronic ID card | |
| CN106850201B (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
| CN109981561A (en) | Monomer architecture system moves to the user authen method of micro services framework | |
| US8627424B1 (en) | Device bound OTP generation | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| US11025592B2 (en) | System, method and computer-accessible medium for two-factor authentication during virtual private network sessions | |
| CN107070667A (en) | Identity identifying method, user equipment and server | |
| CN101257489A (en) | Method for protecting account number safety | |
| CN112953970B (en) | Identity authentication method and identity authentication system | |
| US10771451B2 (en) | Mobile authentication and registration for digital certificates | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN107196922A (en) | Identity identifying method, user equipment and server | |
| US20150200935A1 (en) | Biometric reference information registration system, apparatus, and program | |
| CN109145540A (en) | A kind of intelligent terminal identity identifying method and device based on block chain | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| CN104767617A (en) | Message processing method, system and related device | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| CN112383401B (en) | User name generation method and system for providing identity authentication service | |
| CN109981680A (en) | A kind of access control implementation method, device, computer equipment and storage medium | |
| CN113711560A (en) | System and method for efficient challenge-response verification | |
| CN110611647A (en) | Node joining method and device on block chain system | |
| Ziyad et al. | Critical review of authentication mechanisms in cloud computing | |
| US8176533B1 (en) | Complementary client and user authentication scheme | |
| CN112073967B (en) | Method and device for downloading identity certificate of mobile phone shield equipment and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180126 |
|
| RJ01 | Rejection of invention patent application after publication |