CN108055288A - Authentication method, terminal device and the medium of identity information - Google Patents
Authentication method, terminal device and the medium of identity information Download PDFInfo
- Publication number
- CN108055288A CN108055288A CN201810083958.XA CN201810083958A CN108055288A CN 108055288 A CN108055288 A CN 108055288A CN 201810083958 A CN201810083958 A CN 201810083958A CN 108055288 A CN108055288 A CN 108055288A
- Authority
- CN
- China
- Prior art keywords
- routing policy
- information
- data connection
- routing
- connection passage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/22—Alternate routing
Abstract
The present invention is suitable for Internet technical field, and providing a kind of authentication method of identity information, terminal device and medium, this method includes:When authentication event is triggered, the information to be certified of user is obtained;According to the attribute type of information to be certified, information exchange sequence node corresponding with attribute type is obtained;In information exchange sequence node, the definite and associated information exchange node of a plurality of routing policy calculates the corresponding consumption figures of its associated each routing policy institute;The routing policy of consumption figures minimum and remaining routing policy are identified as main routing policy and alternate routing strategy;Based on main routing policy, it is attached with certificate server;If successful connection, by certificate server, the authentication operation on information to be certified is performed;If connection failure, main routing policy is switched to any alternate routing strategy.The present invention can play the role of mutually standby between multichannel data interface channel, improve the reliability of identity authorization system.
Description
Technical field
The invention belongs to a kind of Internet technical field more particularly to authentication method of identity information, terminal device and Jie
Matter.
Background technology
When user needs to open bank account, stock account when being related to the account of funds transaction, alternatively, when user needs
When coming Website login, pay invoice in a manner of emerging brush face, the background server of enterprise web site is usually required for user's
True identity is verified.For example, verification active user whether be legal citizen or the currently practical user of verification whether with body
User on part card is same user etc..However, the comparison data of legal citizenship information is usually all stored in public security system
Certificate server or the certificate server that is provided of third company in, therefore, the background server of above-mentioned enterprise web site
Can only above-mentioned certificate server be accessed by a pre-set routing policy, with by pointed by this routing policy
Data connection passage carries out the upload of identity information comparison data and download, so as to completing that active user's true identity is tested
Card.
However, if the data connection passage between the background server and certificate server of enterprise breaks down, apply
System will be unable in real time verify the true identity for asking user, thus reduce the reliability of entire application system.
The content of the invention
In view of this, an embodiment of the present invention provides a kind of authentication method of identity information, terminal device and medium, with solution
Certainly in the prior art when the data connection passage between the background server and certificate server of enterprise breaks down, using system
System can not in real time verify the true identity for asking user so that the problem of reliability of application system is more low.
The first aspect of the embodiment of the present invention provides a kind of authentication method of identity information, including:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange node sequence corresponding with the attribute type is obtained
Row, described information interaction node sequence include multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy,
In, the routing policy is for the data connection passage between direction and certificate server;
For the described information interaction node determined, it is corresponding to calculate its associated each routing policy institute
Consumption figures;
The routing policy of consumption figures minimum and remaining described routing policy are identified as current time
The main routing policy of the information exchange node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If it is connected into the certificate server
Work(then by the certificate server, performs the authentication operation on the information to be certified;If with the authentication service
The main routing policy is then switched to any alternate routing strategy by device connection failure.
The second aspect of the embodiment of the present invention provides a kind of terminal device, described to deposit including memory and processor
Reservoir is stored with the computer program that can be run on the processor, and the processor is realized when performing the computer program
Following steps:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange node sequence corresponding with the attribute type is obtained
Row, described information interaction node sequence include multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy,
In, the routing policy is for the data connection passage between direction and certificate server;
For the described information interaction node determined, it is corresponding to calculate its associated each routing policy institute
Consumption figures;
The routing policy of consumption figures minimum and remaining described routing policy are identified as current time
The main routing policy of the information exchange node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If it is connected into the certificate server
Work(then by the certificate server, performs the authentication operation on the information to be certified;If with the authentication service
The main routing policy is then switched to any alternate routing strategy by device connection failure.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, and identity information as described in relation to the first aspect is realized when the computer program is executed by processor
Authentication method the step of.
In the embodiment of the present invention, when authentication event is triggered, since information relevant with flow for authenticating ID is handed over
Mutual node can associate a plurality of routing policy, and each routing policy can be used in the data being directed toward between a certificate server and connect
Road is connected, thus by calculating the consumption figures corresponding to each routing policy so that identity authorization system only calls consumption every time
It is worth a minimum routing policy, using other routing policies as alternate routing strategy, realizes and ensured with relatively low consumption
Each information exchange node performs effectively, and reduces the cost needed for authentication operation;Based on main routing policy come with recognizing
When demonstrate,proving server connection, if there is the situation of connection failure, by the way that main routing policy is switched to any alternate routing strategy, energy
Enough play the role of mutually standby between multichannel data interface channel, ensure that will not be because the failure of a data interface channel be with regard to nothing
Method completes entire flow for authenticating ID, and this improves the reliabilities of identity authorization system.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the realization flow chart of the authentication method of identity information provided in an embodiment of the present invention;
Fig. 2 is the specific implementation flow chart of the authentication method S103 of identity information provided in an embodiment of the present invention;
Fig. 3 is a specific implementation flow chart of the authentication method S104 of identity information provided in an embodiment of the present invention;
Fig. 4 is another specific implementation flow chart of the authentication method S104 of identity information provided in an embodiment of the present invention;
Fig. 5 is the structure diagram of the authentication device of identity information provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In being described below, in order to illustrate rather than in order to limit, it is proposed that such as tool of particular system structure, technology etc
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specifically
The present invention can also be realized in the other embodiments of details.In other situations, omit to well-known system, device, electricity
Road and the detailed description of method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
The authentication method and device of identity information provided in an embodiment of the present invention can be applied in all kinds of terminal devices, bag
Include smart mobile phone, tablet, palm PC (Personal Digital Assistant, PDA), PC (personal
Computer, PC) and server, etc..Wherein, above-mentioned terminal device is used for and the certificate server of public security system or the
The certificate server that tripartite company is provided is attached, to realize the upload of identity information comparison data and download.
Fig. 1 shows the realization flow of the authentication method of identity information provided in an embodiment of the present invention, and details are as follows:
S101:When authentication event is triggered, the information to be certified of user is obtained.
When receiving the ID authentication request that external equipment is sent, user is received on the terminal device alternatively, working as
During the authentication instruction directly sent, determine that authentication event is triggered.For example, when user performs funds transaction account
Registration operation when, the identity information of oneself can be inputted and click on proof of identity control, at this point, authentication event is touched
Hair.
In the embodiment of the present invention, when authentication event is triggered, the information to be certified that user uploads is read.It is above-mentioned to treat
Authentication information includes but not limited to name, ID card No. and personal self-timer head portrait that user to be certified is provided etc..
S102:According to the attribute type of the information to be certified, information exchange section corresponding with the attribute type is obtained
Point sequence, described information interaction node sequence include multiple information exchange nodes.
In the embodiment of the present invention, attribute type includes name, a human head picture and ID card No..It waits to recognize to what is received
Card information is identified, to determine the attribute type of information to be certified, i.e. the information to be certified for determining to be currently received is surname
Name, personal self-timer head portrait or ID card No..
Each attribute type corresponds to different information exchange sequence nodes.Information exchange sequence node is handed over comprising multiple information
Mutual node, during authentication information progress identity verification is treated in each information exchange node expression, a step of required circulation
It is rapid to perform link.For example, if the attribute type of the information to be certified received is personal self-timer head portrait, obtain and personal self-timer
The corresponding information exchange sequence node of head portrait.The information exchange sequence node for example can be:{ whether the personal self-timer head portrait of detection
For live body photo;Download pre-stored in the certificate server and matched citizen's head portrait of ID card No.;Extract citizen's head portrait
In reticulate pattern information;Judge that citizen's head portrait indicates whether same user with personal self-timer head portrait by comparing reticulate pattern information }.It can
See, above- mentioned information interaction node sequence includes 4 information exchange nodes.
S103:In described information interaction node sequence, determine to interact section with the associated described information of a plurality of routing policy
Point, wherein, the routing policy is for the data connection passage between direction and certificate server.
In the embodiment of the present invention, the routing policy associated by information exchange node is according to the input instruction of administrative staff come pre-
First set.Each information exchange node can be associated with one or more routing policy, can not also be closed with any routing policy
Connection.When information exchange node is not associated with any routing policy, the information exchange flow corresponding to the information exchange node exists
It is local to carry out.
It is worth noting that, the routing policy in the embodiment of the present invention, is only included for direction and certificate server
Between data connection passage routing policy, include for be directed toward and other servers between data connection passage road
By strategy.
The quantity of routing policy according to associated by each information exchange node filters out and wherein associates at least two routings
The information exchange node of strategy.
For example, in the above example, if " downloading pre-stored in the certificate server and matched citizen of ID card No.
Routing policy associated by this information exchange node of head portrait " is 2, then is handed in multiple information of the information exchange sequence node
In mutual node, this information exchange node is determined.
As one embodiment of the present of invention, as shown in Fig. 2, above-mentioned steps S103 is specifically included:
S1031:Obtain requesting party's mark entrained by the information to be certified.
In the embodiment of the present invention, since other-end equipment can also receive the information to be certified of user's upload, and other
Terminal device may be needed after being accessed by transfer, could be attached with above-mentioned certificate server.Therefore, as it is above-mentioned other
The transfer side of terminal device, it is also necessary to which processing is detected to the information to be certified received.
Specifically, the information to be certified received is parsed, to extract the requesting party entrained by information to be certified
Mark.Requesting party's mark includes but not limited to network address, host identification number and access account of request method, apparatus etc..
S1032:In default information bank, obtain routing policy corresponding with requesting party mark and call permission.
In the information bank pre-established, it is stored with the corresponding routing policy of each requesting party's mark and calls permission, i.e.
It is stored with the routing policy that each requesting party's mark can be called.Therefore, the requesting party's mark extracted based on above-mentioned S1031
Know, routing policy corresponding with requesting party mark can be read in information bank and calls permission.
For example, it is routing policy A to meet the routing policy corresponding to requesting party's mark of mask regular " 10.0.0.1/30 "
And routing policy B, then when the requesting party entrained by information to be certified is identified as " 10.0.0.3 ", with requesting party mark
It is routing policy A and routing policy B that routing policy, which calls permission,.
S1033:In described information interaction node sequence, determine to interact with the associated described information of a plurality of routing policy
Node, wherein, a plurality of routing policy be the routing policy call in permission can regulative strategy.
In the embodiment of the present invention, if for any information interaction node, associated with a plurality of routing policy, but a plurality of road
It is not called by strategy in the corresponding routing policy of requesting party's mark within permission, it is determined that it is and a plurality of routing plan not
Slightly associated information exchange node.
If information exchange node at least two routing policies corresponding with requesting party's mark associate, just by the information exchange
Node is determined as and the associated information exchange node of a plurality of routing policy.
In the embodiment of the present invention, identified by obtaining the requesting party entrained by information to be certified, and in requesting party's mark pair
The routing policy answered call determined in extent of competence with the associated information exchange node of a plurality of routing policy, ensure that subsequently from
When determining the main routing policy of information exchange node in above-mentioned a plurality of routing policy, the requesting party of information to be certified is that have to visit
Ask the permission of the main routing policy, it is invalid routing plan to avoid the main routing policy drawn after more kinds of computings are performed
Situation slightly occurs, thus it is guaranteed that the identification accuracy and validity of main routing policy.
S104:For the described information interaction node determined, calculate its associated each routing policy and distinguish
Corresponding consumption figures.
At the time of each different, each routing policy corresponds to a consumption figures.Consumption figures represent information to be certified according to
Data connection passage pointed by routing policy and when reaching certificate server, the cost value paid needed for system.Consumption figures is used
In the value height for weighing routing policy, consumption figures is higher, and the value of routing policy is lower.
If for example, routing policy A and routing policy B be respectively used to be directed toward data connection passage A and data interface channel B,
And information to be certified needs 1 yuan of payment when being uploaded to certificate server by data connection passage A every time;Information to be certified is led to
When crossing data connection passage B and being uploaded to certificate server, 2 yuan of payment is needed every time;It then understands, disappearing corresponding to routing policy B
Consumption value is less than the consumption figures corresponding to routing policy A, therefore the value of routing policy B is with respect to higher.
In the embodiment of the present invention, for each information exchange node determined, calculate associated by the information exchange node
The corresponding consumption figures of each routing policy institute.
Wherein, consumption figures consider the factor include but not limited to the preset cost of data connection passage, connect into power with
And information response's duration.
Specifically, as one embodiment of the present of invention, Fig. 2 shows recognizing for identity information provided in an embodiment of the present invention
The specific implementation flow of card method S104, details are as follows:
S1041:For routing policy described in each associated by the described information interaction node determined, according to the road
As the data connection passage pointed by strategy, obtain the preset cost of the data connection passage, connect into power and letter
Cease response time.
It, can be real-time when carrying out data interaction by each data connection passage and certificate server in the embodiment of the present invention
Obtain the data transmission quality of this interactive operation.Connecting into power and information response's duration and weigh with data connection passage
Measure data transmission quality.When sending data interaction request to certificate server by data connection passage, data channel is connected
It connects total degree and adds one;In data interaction success, i.e., ought when receiving the connection response information that certificate server is returned
The successful connection number of preceding data connection passage adds one, and records the response time of certificate server.According to connection failure number
And data channel connection total degree, real-time update data connection passage connect into power;It is successfully interacted according to each secondary data
The response time recorded during operation, that is, the average response duration to count according to interface channel, and the average response duration is determined
For information response's duration of data connection passage.
In the embodiment of the present invention, the preset cost of data connection passage is pre-set parameter value, according to custodian
The fee agreement signed of administrative staff of member and opposite end certificate server determines.Preset cost can be data connection passage
It performs the required expense a paid when data interaction operates or N (N is the integer more than 0, and N is preset value) is a
The data of byte required expense paid when being transmitted in data connection passage.
The each routing policy associated by information exchange node determined for above-mentioned steps S103, according to the road
As the data connection passage pointed by strategy, read the preset cost corresponding to the data connection passage, connect into power and
Information response's duration.
S1042:According to default weight ratio, to the preset cost, connect into power and information response when progress
Row weighted calculation, to obtain the consumption figures corresponding to this routing policy.
In the embodiment of the present invention, preset cost to each data connection passage, when connecting into power and information response
Length is weighted, and the end value that weighting obtains is determined as being directed toward disappearing corresponding to the routing policy of the data connection passage
Consumption value.Wherein, preset cost, to connect into the corresponding weight ratio of power and information response duration institute be preset value.
For example, if the preset cost of data connection passage A, to connect into power and information response's duration be respectively x, y, z,
And default rate, to connect into the corresponding default weight ratio of power and duration institute of information response be a, b, c, then for referring to
For the routing policy of data connection passage A, corresponding consumption figures R is specially:
R=ax+by+cz, (a>0, b<0, c>0)
As it can be seen that ought connect into, power y is higher, and the consumption figures R corresponding to routing policy is smaller.
In the embodiment of the present invention, the preset cost based on the data connection passage pointed by routing policy connects into power
And information response's duration is weighted, and realizes comprehensive various aspects and considers the factor to determine the consumption of routing policy
Value, this improves the calculating accuracys of the consumption figures corresponding to routing policy, ensure that and are capable of determining that respectively based on consumption figures
The more preferred routing policy of aspect.
As one embodiment of the present of invention, Fig. 3 shows that the present invention implements the authentication method of the identity information provided
Another specific implementation flow of S1042, details are as follows:
S1043:For routing policy described in each associated by the described information interaction node determined, according to the road
As the data connection passage pointed by strategy, a parameter value of highest priority in the data connection passage, institute are obtained
Parameter value is stated to be the preset cost, connect into power or information response's duration.
S1044:One parameter value of the highest priority is determined as to the consumption figures corresponding to this routing policy.
Each data connection passage pointed by routing policy has multiple parameters value, including above-mentioned preset cost, connection
Success rate and information response's duration.Wherein, each single item parameter value is preset with a corresponding priority.
In the parameters value of data connection passage, the parameter value of highest priority is determined.By the highest priority
Parameter value output for be directed toward the data connection passage routing policy corresponding to consumption figures.
Illustratively, if data connection passage B three parameter values (i.e. preset cost, connect into power and information and ring
Answer duration) be respectively 0.5 yuan/time, 50%, 0.5 second, and preset cost, connect into corresponding to power and information response's duration
Priority be respectively level-one, two level, three-level, then can determine the parameter value of highest priority as information response's duration, therefore
Using its information response's duration 0.5 second as the consumption figures corresponding to the routing policy for being directed toward data connection passage B.If at this point, number
According to interface channel C information response when a length of 0.6 second, then it is known that being directed toward corresponding to the routing policy of data connection passage B
Consumption figures 0.5 be less than be directed toward data connection channel C routing policy corresponding to consumption figures 0.6.
Particularly, for arbitrary two routing policies, if the consumption figures that the parameter value based on highest priority is calculated
It is identical, then it is recalculated according to the parameter value of next priority in data connection passage corresponding to above-mentioned two routing policies
Consumption figures.
For example, if the parameter value of highest priority is default rate, and data connection passage A and data interface channel B
Default rate is 1 yuan/time, then the routing policy A of the direction data connection passage A calculated and direction data connection passage
The consumption figures of the routing policy B of B is identical.Therefore, if the high parameter value of preferential level obtains data respectively to connect into power
Interface channel A's and data connection passage B connects into power, it is assumed that the two is respectively 50% and 60%, then updated
The consumption figures of routing policy A and routing policy B are respectively 0.5 and 0.6, it is thus achieved that the consumption to two routing policies
The size of value compares.
Particularly, if there are the identical multiple parameters value of priority, based on the weighted calculation side described in a upper embodiment
Processing is weighted to the multiple parameters value in formula, is directed toward with output corresponding to the routing policy of the data connection passage
Consumption figures.
S105:The routing policy of consumption figures minimum and remaining described routing policy are identified as currently
The main routing policy of the moment information exchange node and alternate routing strategy.
In the embodiment of the present invention, the consumption figures of each routing policy corresponding to by information exchange node is mutually compared
Compared with to determine the routing policy of consumption figures minimum.The routing policy of consumption figures minimum is determined as in information exchange node
Main routing policy, other each routing policies in addition to the routing policy of consumption figures minimum are determined into the information exchange
The alternate routing strategy of node.
Particularly, when it is a plurality of to consume minimum routing policy, made with the routing policy wherein randomly selected
For the main routing policy at current time.
S106:Based on the main routing policy, it is attached with the certificate server;If connect with the certificate server
Work(is connected into, then by the certificate server, performs the authentication operation on the information to be certified;If with the certification
The main routing policy is then switched to any alternate routing strategy by server connection failure.
In the embodiment of the present invention, it is signified to pass through the main routing policy for the main routing policy determined according to current time
To data connection passage, which is uploaded to certificate server, so that certificate server is based on pre-stored official
Square identity data confirms whether information to be certified is true identity information.Above-mentioned certificate server is in data connection passage
Opposite end.In addition, the data connection passage pointed by by the main routing policy, can also send identity information ratio to certificate server
To data download request, to download the identity information comparison data stored in certificate server, and according to the identity information ratio
Whether the information to be certified of active user, which is true identity information, is judged to data.Wherein, above-mentioned identity information comparison data
For the corresponding official's data of information to be certified.For example, if information to be certified is " ID card No. A123, name Li Xiaoming ", then
The identity information comparison data downloaded from certificate server can be the name for the user that ID card No. is A123.
In the embodiment of the present invention, if by the data connection passage pointed by main routing policy can not peer end of the connection certification
Server, alternatively, not receiving the response message that certificate server is returned still in preset duration, it is determined that current time
With certificate server connection failure.At this point, the main routing policy of current information interaction node is switched to any alternate routing plan
After slightly, return and perform above-mentioned S106.
Preferably, when being attached based on main routing policy and certificate server, however, it is determined that current time takes with certification
Business device connection failure, then add one by the connection failure number of the data connection passage pointed by main routing policy, and update the number
Power is connected into according to interface channel.Power is connected into based on updated, recalculates each item routing in information exchange node
The consumption figures of strategy after the main routing policy to determine current time again, returns and performs above-mentioned S106.
Preferably, every default time interval, obtain the described of each data connection passage and connect into power;If
There are the data connection passages for connecting into power and being less than predetermined threshold value, then delete the institute for being directed toward the data connection passage
Routing policy is stated, in the consumption figures for calculating each routing policy associated by information exchange node, directly to ignore to having deleted
It is property in the data connection passage pointed by the main routing policy for ensureing to identify except the calculating process of the consumption figures of routing policy
Can optimal data connection passage while, improve the recognition speed of main routing policy.
Preferably, the consumption figures of one or more routing policy associated by information exchange node can be according to administrative staff's
Input instruction directly determines.Before above-mentioned S104 is performed, if detecting, the consumption figures of any routing policy for preset value, is neglected
Slightly to the calculating process of the consumption figures of this routing policy, other each routing policy institutes that consumption figures is not preset value are only calculated
Corresponding consumption figures.The embodiment of the present invention causes administrative staff can be with the decision process of the main routing policy of manual intervention, convenient for pipe
Reason personnel carry out troubleshooting operation during the system failure.
Preferably, when the O&M prompt message based on any data interface channel for receiving certificate server and being sent
When, obtain the O&M duration entrained by the O&M prompt message;In the O&M duration, the data connection passage will be directed toward
Routing policy backup after deleted, and after the O&M duration, import this routing policy backed up again.
The embodiment of the present invention realizes a data interface channel closed and specified in of short duration duration, avoids and is determined based on consumption figures
The data connection passage pointed by main routing policy gone out performs the data connection passage safeguarded for the needs, this improves
Power is connected into certificate server.
In the embodiment of the present invention, when authentication event is triggered, since information relevant with flow for authenticating ID is handed over
Mutual node can associate a plurality of routing policy, and each routing policy can be used in the data being directed toward between a certificate server and connect
Road is connected, thus by calculating the consumption figures corresponding to each routing policy so that identity authorization system only calls consumption every time
It is worth a minimum routing policy, using other routing policies as alternate routing strategy, realizes and ensured with relatively low consumption
Each information exchange node performs effectively, and reduces the cost needed for authentication operation;Based on main routing policy come with recognizing
When demonstrate,proving server connection, if there is the situation of connection failure, by the way that main routing policy is switched to any alternate routing strategy, energy
Enough play the role of mutually standby between multichannel data interface channel, ensure that will not be because the failure of a data interface channel be with regard to nothing
Method completes entire flow for authenticating ID, and this improves the reliabilities of identity authorization system.
It is to be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment
Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic
It is fixed.
Corresponding to the authentication method for the identity information that the embodiment of the present invention is provided, Fig. 5 shows that the embodiment of the present invention carries
The structure diagram of the authentication device of the identity information of confession.For convenience of description, part related to the present embodiment is illustrated only.
With reference to Fig. 5, which includes:
First acquisition unit 51, for when authentication event is triggered, obtaining the information to be certified of user.
Second acquisition unit 52 for the attribute type according to the information to be certified, obtains and the attribute type pair
The information exchange sequence node answered, described information interaction node sequence include multiple information exchange nodes.
First determination unit 53, in described information interaction node sequence, determining associated with a plurality of routing policy
Described information interaction node, wherein, the routing policy is for the data connection passage between direction and certificate server.
Computing unit 54, for for the described information interaction node determined, calculating its associated each routing
The corresponding consumption figures of tactful institute.
Second determination unit 55, for by the routing policy and remaining described routing policy of consumption figures minimum
It is identified as the main routing policy of the current time information exchange node and alternate routing strategy.
Connection unit 56 for being based on the main routing policy, is attached with the certificate server;If recognize with described
Server successful connection is demonstrate,proved, then by the certificate server, performs the authentication operation on the information to be certified;If
With the certificate server connection failure, then the main routing policy is switched to any alternate routing strategy.
Optionally, first determination unit 53 includes:
First obtains subelement, for obtaining requesting party's mark entrained by the information to be certified.
Second obtains subelement, in default information bank, obtaining routing plan corresponding with requesting party mark
Slightly call permission.
First determination subelement, in described information interaction node sequence, determining to associate with a plurality of routing policy
Described information interaction node, wherein, a plurality of routing policy is that the routing policy calls in permission and calls plan
Slightly.
Optionally, the computing unit 54 includes:
3rd obtains subelement, for for routing described in each associated by the described information interaction node determined
Strategy, the data connection passage according to pointed by the routing policy obtain preset cost, the connection of the data connection passage
Success rate and information response's duration.
Weighted calculation subelement, for according to default weight ratio, to the preset cost, connecting into power and letter
Breath response time is weighted, to obtain the consumption figures corresponding to this routing policy.
Optionally, the computing unit 54 includes:
4th obtains subelement, for for routing described in each associated by the described information interaction node determined
Strategy, the data connection passage according to pointed by the routing policy obtain highest priority in the data connection passage
One parameter value, the parameter value are the preset cost, connect into power or information response's duration.
Second determination subelement is right for the highest priority a parameter value to be determined as this routing policy institute
The consumption figures answered.
Optionally, the authentication device of the identity information further includes:
3rd acquiring unit 57, for every default time interval, obtaining the described of each data connection passage
Connect into power.
Unit 58 is deleted, if for connecting into the data connection passage that power is less than predetermined threshold value in the presence of described in,
Delete the routing policy for being directed toward the data connection passage.
In the embodiment of the present invention, when authentication event is triggered, since information relevant with flow for authenticating ID is handed over
Mutual node can associate a plurality of routing policy, and each routing policy can be used in the data being directed toward between a certificate server and connect
Road is connected, thus by calculating the consumption figures corresponding to each routing policy so that identity authorization system only calls consumption every time
It is worth a minimum routing policy, using other routing policies as alternate routing strategy, realizes and ensured with relatively low consumption
Each information exchange node performs effectively, and reduces the cost needed for authentication operation;Based on main routing policy come with recognizing
When demonstrate,proving server connection, if there is the situation of connection failure, by the way that main routing policy is switched to any alternate routing strategy, energy
Enough play the role of mutually standby between multichannel data interface channel, ensure that will not be because the failure of a data interface channel be with regard to nothing
Method completes entire flow for authenticating ID, and this improves the reliabilities of identity authorization system.
Fig. 6 is the schematic diagram for the terminal device that one embodiment of the invention provides.As shown in fig. 6, the terminal of the embodiment is set
Standby 6 include:Processor 60, memory 61 and it is stored in the meter that can be run in the memory 61 and on the processor 60
Calculation machine program 62, such as the authentication procedure of identity information.The processor 60 is realized above-mentioned when performing the computer program 62
Step in the authentication method embodiment of each identity information, such as step 101 shown in FIG. 1 is to 106.Alternatively, the processing
Device 60 realizes the function of each module/unit in above-mentioned each device embodiment when performing the computer program 62, such as shown in Fig. 5
The function of unit 51 to 58.
Illustratively, the computer program 62 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 61, and are performed by the processor 60, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 62 in the terminal device 6 is described.
The terminal device 6 can be that the calculating such as desktop PC, notebook, palm PC and cloud server are set
It is standby.The terminal device may include, but be not limited only to, processor 60, memory 61.It will be understood by those skilled in the art that Fig. 6
The only example of terminal device 6 does not form the restriction to terminal device 6, can include than illustrating more or fewer portions
Part either combines some components or different components, such as the terminal device can also include input-output equipment, net
Network access device, bus etc..
Alleged processor 60 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
The memory 61 can be the internal storage unit of the terminal device 6, such as the hard disk of terminal device 6 or interior
It deposits.The memory 61 can also be the External memory equipment of the terminal device 6, such as be equipped on the terminal device 6
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory 61 can also both include the storage inside list of the terminal device 6
Member also includes External memory equipment.The memory 61 is used to store needed for the computer program and the terminal device
Other programs and data.The memory 61 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work(
Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion
The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used
To be that unit is individually physically present, can also two or more units integrate in a unit, it is above-mentioned integrated
The form that hardware had both may be employed in unit is realized, can also be realized in the form of SFU software functional unit.In addition, each function list
Member, the specific name of module are not limited to the protection domain of the application also only to facilitate mutually distinguish.Above system
The specific work process of middle unit, module may be referred to the corresponding process in preceding method embodiment, and details are not described herein.
In the above-described embodiments, all emphasize particularly on different fields to the description of each embodiment, be not described in detail or remember in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may realize that each exemplary lists described with reference to the embodiments described herein
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is performed with hardware or software mode, specific application and design constraint depending on technical solution.Professional technician
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, is only a kind of division of logic function, there can be other dividing mode in actual implementation, such as
Multiple units or component may be combined or can be integrated into another system or some features can be ignored or does not perform.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be by some interfaces, device
Or the INDIRECT COUPLING of unit or communication connection, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit
The component shown may or may not be physical location, you can be located at a place or can also be distributed to multiple
In network element.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list
The form that hardware had both may be employed in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated module/unit realized in the form of SFU software functional unit and be independent production marketing or
In use, it can be stored in a computer read/write memory medium.Based on such understanding, the present invention realizes above-mentioned implementation
All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method..Wherein, the computer program includes computer program code, the computer program
Code can be source code form, object identification code form, executable file or some intermediate forms etc..Computer-readable Jie
Matter can include:Can carry the computer program code any entity or device, recording medium, USB flash disk, mobile hard disk,
Magnetic disc, CD, computer storage, read-only memory (Read-Only Memory, ROM), random access memory (Random
Access Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the meter
The content that calculation machine readable medium includes can carry out appropriate increase and decrease according to legislation in jurisdiction and the requirement of patent practice,
Such as in some jurisdictions, according to legislation and patent practice, computer-readable medium does not include electric carrier signal and telecommunications
Signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality
Example is applied the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to foregoing each
Technical solution recorded in embodiment modifies or carries out equivalent substitution to which part technical characteristic;And these are changed
Or replace, the essence of appropriate technical solution is not made to depart from the spirit and scope of various embodiments of the present invention technical solution, it should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of authentication method of identity information, which is characterized in that including:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange sequence node corresponding with the attribute type, institute are obtained
Stating information exchange sequence node includes multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy, wherein, institute
State routing policy for be directed toward and certificate server between data connection passage;
For the described information interaction node determined, the corresponding consumption of its associated each routing policy institute is calculated
Value;
The routing policy of consumption figures minimum and remaining described routing policy are identified as the current time letter
Cease the main routing policy of interaction node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If with the certificate server successful connection,
By the certificate server, the authentication operation on the information to be certified is performed;If connect with the certificate server
Failure is connect, then the main routing policy is switched to any alternate routing strategy.
2. authentication method as described in claim 1, which is characterized in that it is described in described information interaction node sequence, it determines
With the associated described information interaction node of a plurality of routing policy, including:
Obtain requesting party's mark entrained by the information to be certified;
In default information bank, obtain routing policy corresponding with requesting party mark and call permission;
In described information interaction node sequence, determine with the associated described information interaction node of a plurality of routing policy, wherein,
The a plurality of routing policy be the routing policy call in permission can regulative strategy.
3. authentication method as claimed in claim 1 or 2, which is characterized in that the described information for determining interacts section
Point calculates the corresponding consumption figures of its associated each routing policy institute, including:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined
To the data connection passage, obtain the preset cost of the data connection passage, connect into power and information response's duration;
According to default weight ratio, to the preset cost, power is connected into and information response's duration is weighted,
To obtain the consumption figures corresponding to this routing policy.
4. authentication method as claimed in claim 1 or 2, which is characterized in that the described information for determining interacts section
Point calculates the corresponding consumption figures of its associated each routing policy institute, including:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined
To the data connection passage, obtain a parameter value of highest priority in the data connection passage, the parameter value is
The preset cost connects into power or information response's duration;
One parameter value of the highest priority is determined as to the consumption figures corresponding to this routing policy.
5. authentication method as described in claim 1, which is characterized in that further include:
Every default time interval, obtain the described of each data connection passage and connect into power;
If connected into the presence of described in power be less than predetermined threshold value the data connection passage, delete be directed toward the data connection lead to
The routing policy in road.
6. a kind of terminal device, including memory and processor, the memory storage has and can run on the processor
Computer program, which is characterized in that the processor realizes following steps when performing the computer program:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange sequence node corresponding with the attribute type, institute are obtained
Stating information exchange sequence node includes multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy, wherein, institute
State routing policy for be directed toward and certificate server between data connection passage;
For the described information interaction node determined, the corresponding consumption of its associated each routing policy institute is calculated
Value;
The routing policy of consumption figures minimum and remaining described routing policy are identified as the current time letter
Cease the main routing policy of interaction node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If with the certificate server successful connection,
By the certificate server, the authentication operation on the information to be certified is performed;If connect with the certificate server
Failure is connect, then the main routing policy is switched to any alternate routing strategy.
7. terminal device as claimed in claim 6, which is characterized in that it is described in described information interaction node sequence, it determines
It the step of described information interaction node associated with a plurality of routing policy, specifically includes:
Obtain requesting party's mark entrained by the information to be certified;
In default information bank, obtain routing policy corresponding with requesting party mark and call permission;
In described information interaction node sequence, determine with the associated described information interaction node of a plurality of routing policy, wherein,
The a plurality of routing policy be the routing policy call in permission can regulative strategy.
8. terminal device as claimed in claims 6 or 7, which is characterized in that the described information for determining interacts section
It the step of point, calculating its associated each routing policy corresponding consumption figures, specifically includes:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined
To the data connection passage, obtain the preset cost of the data connection passage, connect into power and information response's duration;
According to default weight ratio, to the preset cost, power is connected into and information response's duration is weighted,
To obtain the consumption figures corresponding to this routing policy.
9. terminal device as claimed in claims 6 or 7, which is characterized in that the described information for determining interacts section
It the step of point, calculating its associated each routing policy corresponding consumption figures, specifically includes:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined
To the data connection passage, obtain a parameter value of highest priority in the data connection passage, the parameter value is
The preset cost connects into power or information response's duration;
One parameter value of the highest priority is determined as to the consumption figures corresponding to this routing policy.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In when the computer program is executed by processor the step of realization such as any one of claim 1 to 5 the method.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810083958.XA CN108055288B (en) | 2018-01-29 | 2018-01-29 | Authentication method, terminal device and the medium of identity information |
PCT/CN2018/083566 WO2019144522A1 (en) | 2018-01-29 | 2018-04-18 | Identity information authentication method and apparatus, terminal device, and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810083958.XA CN108055288B (en) | 2018-01-29 | 2018-01-29 | Authentication method, terminal device and the medium of identity information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108055288A true CN108055288A (en) | 2018-05-18 |
CN108055288B CN108055288B (en) | 2019-09-17 |
Family
ID=62124971
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810083958.XA Active CN108055288B (en) | 2018-01-29 | 2018-01-29 | Authentication method, terminal device and the medium of identity information |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108055288B (en) |
WO (1) | WO2019144522A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114257650A (en) * | 2021-10-29 | 2022-03-29 | 四川新网银行股份有限公司 | Bank individual user online checking method, system and equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800753A (en) * | 2010-03-16 | 2010-08-11 | 中国电子科技集团公司第三十研究所 | Comprehensive safety protecting method based on integral network safety service framework |
CN103428220A (en) * | 2013-08-23 | 2013-12-04 | 中国人民解放军理工大学 | Virtual reconstruction ubiquitous network architecture based on identity-position separation |
CN104780535A (en) * | 2014-01-14 | 2015-07-15 | 中兴通讯股份有限公司 | Method and device for authenticating safe center node in multi-terminal cooperative process |
CN104836777A (en) * | 2014-02-10 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Identity verification method and system |
-
2018
- 2018-01-29 CN CN201810083958.XA patent/CN108055288B/en active Active
- 2018-04-18 WO PCT/CN2018/083566 patent/WO2019144522A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101800753A (en) * | 2010-03-16 | 2010-08-11 | 中国电子科技集团公司第三十研究所 | Comprehensive safety protecting method based on integral network safety service framework |
CN103428220A (en) * | 2013-08-23 | 2013-12-04 | 中国人民解放军理工大学 | Virtual reconstruction ubiquitous network architecture based on identity-position separation |
CN104780535A (en) * | 2014-01-14 | 2015-07-15 | 中兴通讯股份有限公司 | Method and device for authenticating safe center node in multi-terminal cooperative process |
CN104836777A (en) * | 2014-02-10 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Identity verification method and system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114257650A (en) * | 2021-10-29 | 2022-03-29 | 四川新网银行股份有限公司 | Bank individual user online checking method, system and equipment |
CN114257650B (en) * | 2021-10-29 | 2024-03-12 | 四川新网银行股份有限公司 | Bank personal user networking checking method, system and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN108055288B (en) | 2019-09-17 |
WO2019144522A1 (en) | 2019-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112132447B (en) | Block chain-based algorithm for evaluating and guaranteeing trust of computing power network | |
KR102211374B1 (en) | Method and device for outputting risk information and constructing risk information | |
CN109246211B (en) | Resource uploading and resource requesting method in block chain | |
CN107682397B (en) | Customer resources acquisition methods, device, terminal device and storage medium | |
CN107257340A (en) | A kind of authentication method, authentication data processing method and equipment based on block chain | |
CN110535777A (en) | Access request control method, device, electronic equipment and readable storage medium storing program for executing | |
CN109102299A (en) | Resource transfers data managing method, device and storage medium | |
CN107704765A (en) | A kind of interface access method, server and computer-readable recording medium | |
CN106651303A (en) | Intelligent contract processing method and system based on templates | |
CN106100902A (en) | High in the clouds index monitoring method and apparatus | |
CN105590055A (en) | Method and apparatus for identifying trustworthy user behavior in network interaction system | |
CN105207780B (en) | A kind of certification user method and device | |
CN109639723A (en) | A kind of micro services access method and server based on ERP system | |
CN101651541A (en) | System and method for authentication of network user | |
CN112087502B (en) | Method, device and equipment for processing request and storage medium | |
US10192262B2 (en) | System for periodically updating backings for resource requests | |
CN110457629A (en) | Permission processing, authority control method and device | |
CN107480540A (en) | Data access control system and method | |
CN109802915A (en) | A kind of telecommunication fraud detection processing method and device | |
CN106713235A (en) | Account registration and login method and additional network storage system using the method | |
CN110597919A (en) | Data management method, device and equipment based on block chain and storage medium | |
CN109889558A (en) | Data transmission method, middleware and the system of internet of things oriented application | |
US20170024187A1 (en) | Automated approval | |
CN108055288B (en) | Authentication method, terminal device and the medium of identity information | |
CN106874371A (en) | A kind of data processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |