CN108055288A - Authentication method, terminal device and the medium of identity information - Google Patents

Authentication method, terminal device and the medium of identity information Download PDF

Info

Publication number
CN108055288A
CN108055288A CN201810083958.XA CN201810083958A CN108055288A CN 108055288 A CN108055288 A CN 108055288A CN 201810083958 A CN201810083958 A CN 201810083958A CN 108055288 A CN108055288 A CN 108055288A
Authority
CN
China
Prior art keywords
routing policy
information
data connection
routing
connection passage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810083958.XA
Other languages
Chinese (zh)
Other versions
CN108055288B (en
Inventor
赵增杰
刘�英
陈文博
洪宇明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810083958.XA priority Critical patent/CN108055288B/en
Priority to PCT/CN2018/083566 priority patent/WO2019144522A1/en
Publication of CN108055288A publication Critical patent/CN108055288A/en
Application granted granted Critical
Publication of CN108055288B publication Critical patent/CN108055288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/22Alternate routing

Abstract

The present invention is suitable for Internet technical field, and providing a kind of authentication method of identity information, terminal device and medium, this method includes:When authentication event is triggered, the information to be certified of user is obtained;According to the attribute type of information to be certified, information exchange sequence node corresponding with attribute type is obtained;In information exchange sequence node, the definite and associated information exchange node of a plurality of routing policy calculates the corresponding consumption figures of its associated each routing policy institute;The routing policy of consumption figures minimum and remaining routing policy are identified as main routing policy and alternate routing strategy;Based on main routing policy, it is attached with certificate server;If successful connection, by certificate server, the authentication operation on information to be certified is performed;If connection failure, main routing policy is switched to any alternate routing strategy.The present invention can play the role of mutually standby between multichannel data interface channel, improve the reliability of identity authorization system.

Description

Authentication method, terminal device and the medium of identity information
Technical field
The invention belongs to a kind of Internet technical field more particularly to authentication method of identity information, terminal device and Jie Matter.
Background technology
When user needs to open bank account, stock account when being related to the account of funds transaction, alternatively, when user needs When coming Website login, pay invoice in a manner of emerging brush face, the background server of enterprise web site is usually required for user's True identity is verified.For example, verification active user whether be legal citizen or the currently practical user of verification whether with body User on part card is same user etc..However, the comparison data of legal citizenship information is usually all stored in public security system Certificate server or the certificate server that is provided of third company in, therefore, the background server of above-mentioned enterprise web site Can only above-mentioned certificate server be accessed by a pre-set routing policy, with by pointed by this routing policy Data connection passage carries out the upload of identity information comparison data and download, so as to completing that active user's true identity is tested Card.
However, if the data connection passage between the background server and certificate server of enterprise breaks down, apply System will be unable in real time verify the true identity for asking user, thus reduce the reliability of entire application system.
The content of the invention
In view of this, an embodiment of the present invention provides a kind of authentication method of identity information, terminal device and medium, with solution Certainly in the prior art when the data connection passage between the background server and certificate server of enterprise breaks down, using system System can not in real time verify the true identity for asking user so that the problem of reliability of application system is more low.
The first aspect of the embodiment of the present invention provides a kind of authentication method of identity information, including:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange node sequence corresponding with the attribute type is obtained Row, described information interaction node sequence include multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy, In, the routing policy is for the data connection passage between direction and certificate server;
For the described information interaction node determined, it is corresponding to calculate its associated each routing policy institute Consumption figures;
The routing policy of consumption figures minimum and remaining described routing policy are identified as current time The main routing policy of the information exchange node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If it is connected into the certificate server Work(then by the certificate server, performs the authentication operation on the information to be certified;If with the authentication service The main routing policy is then switched to any alternate routing strategy by device connection failure.
The second aspect of the embodiment of the present invention provides a kind of terminal device, described to deposit including memory and processor Reservoir is stored with the computer program that can be run on the processor, and the processor is realized when performing the computer program Following steps:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange node sequence corresponding with the attribute type is obtained Row, described information interaction node sequence include multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy, In, the routing policy is for the data connection passage between direction and certificate server;
For the described information interaction node determined, it is corresponding to calculate its associated each routing policy institute Consumption figures;
The routing policy of consumption figures minimum and remaining described routing policy are identified as current time The main routing policy of the information exchange node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If it is connected into the certificate server Work(then by the certificate server, performs the authentication operation on the information to be certified;If with the authentication service The main routing policy is then switched to any alternate routing strategy by device connection failure.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer program, and identity information as described in relation to the first aspect is realized when the computer program is executed by processor Authentication method the step of.
In the embodiment of the present invention, when authentication event is triggered, since information relevant with flow for authenticating ID is handed over Mutual node can associate a plurality of routing policy, and each routing policy can be used in the data being directed toward between a certificate server and connect Road is connected, thus by calculating the consumption figures corresponding to each routing policy so that identity authorization system only calls consumption every time It is worth a minimum routing policy, using other routing policies as alternate routing strategy, realizes and ensured with relatively low consumption Each information exchange node performs effectively, and reduces the cost needed for authentication operation;Based on main routing policy come with recognizing When demonstrate,proving server connection, if there is the situation of connection failure, by the way that main routing policy is switched to any alternate routing strategy, energy Enough play the role of mutually standby between multichannel data interface channel, ensure that will not be because the failure of a data interface channel be with regard to nothing Method completes entire flow for authenticating ID, and this improves the reliabilities of identity authorization system.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the realization flow chart of the authentication method of identity information provided in an embodiment of the present invention;
Fig. 2 is the specific implementation flow chart of the authentication method S103 of identity information provided in an embodiment of the present invention;
Fig. 3 is a specific implementation flow chart of the authentication method S104 of identity information provided in an embodiment of the present invention;
Fig. 4 is another specific implementation flow chart of the authentication method S104 of identity information provided in an embodiment of the present invention;
Fig. 5 is the structure diagram of the authentication device of identity information provided in an embodiment of the present invention;
Fig. 6 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In being described below, in order to illustrate rather than in order to limit, it is proposed that such as tool of particular system structure, technology etc Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specifically The present invention can also be realized in the other embodiments of details.In other situations, omit to well-known system, device, electricity Road and the detailed description of method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
The authentication method and device of identity information provided in an embodiment of the present invention can be applied in all kinds of terminal devices, bag Include smart mobile phone, tablet, palm PC (Personal Digital Assistant, PDA), PC (personal Computer, PC) and server, etc..Wherein, above-mentioned terminal device is used for and the certificate server of public security system or the The certificate server that tripartite company is provided is attached, to realize the upload of identity information comparison data and download.
Fig. 1 shows the realization flow of the authentication method of identity information provided in an embodiment of the present invention, and details are as follows:
S101:When authentication event is triggered, the information to be certified of user is obtained.
When receiving the ID authentication request that external equipment is sent, user is received on the terminal device alternatively, working as During the authentication instruction directly sent, determine that authentication event is triggered.For example, when user performs funds transaction account Registration operation when, the identity information of oneself can be inputted and click on proof of identity control, at this point, authentication event is touched Hair.
In the embodiment of the present invention, when authentication event is triggered, the information to be certified that user uploads is read.It is above-mentioned to treat Authentication information includes but not limited to name, ID card No. and personal self-timer head portrait that user to be certified is provided etc..
S102:According to the attribute type of the information to be certified, information exchange section corresponding with the attribute type is obtained Point sequence, described information interaction node sequence include multiple information exchange nodes.
In the embodiment of the present invention, attribute type includes name, a human head picture and ID card No..It waits to recognize to what is received Card information is identified, to determine the attribute type of information to be certified, i.e. the information to be certified for determining to be currently received is surname Name, personal self-timer head portrait or ID card No..
Each attribute type corresponds to different information exchange sequence nodes.Information exchange sequence node is handed over comprising multiple information Mutual node, during authentication information progress identity verification is treated in each information exchange node expression, a step of required circulation It is rapid to perform link.For example, if the attribute type of the information to be certified received is personal self-timer head portrait, obtain and personal self-timer The corresponding information exchange sequence node of head portrait.The information exchange sequence node for example can be:{ whether the personal self-timer head portrait of detection For live body photo;Download pre-stored in the certificate server and matched citizen's head portrait of ID card No.;Extract citizen's head portrait In reticulate pattern information;Judge that citizen's head portrait indicates whether same user with personal self-timer head portrait by comparing reticulate pattern information }.It can See, above- mentioned information interaction node sequence includes 4 information exchange nodes.
S103:In described information interaction node sequence, determine to interact section with the associated described information of a plurality of routing policy Point, wherein, the routing policy is for the data connection passage between direction and certificate server.
In the embodiment of the present invention, the routing policy associated by information exchange node is according to the input instruction of administrative staff come pre- First set.Each information exchange node can be associated with one or more routing policy, can not also be closed with any routing policy Connection.When information exchange node is not associated with any routing policy, the information exchange flow corresponding to the information exchange node exists It is local to carry out.
It is worth noting that, the routing policy in the embodiment of the present invention, is only included for direction and certificate server Between data connection passage routing policy, include for be directed toward and other servers between data connection passage road By strategy.
The quantity of routing policy according to associated by each information exchange node filters out and wherein associates at least two routings The information exchange node of strategy.
For example, in the above example, if " downloading pre-stored in the certificate server and matched citizen of ID card No. Routing policy associated by this information exchange node of head portrait " is 2, then is handed in multiple information of the information exchange sequence node In mutual node, this information exchange node is determined.
As one embodiment of the present of invention, as shown in Fig. 2, above-mentioned steps S103 is specifically included:
S1031:Obtain requesting party's mark entrained by the information to be certified.
In the embodiment of the present invention, since other-end equipment can also receive the information to be certified of user's upload, and other Terminal device may be needed after being accessed by transfer, could be attached with above-mentioned certificate server.Therefore, as it is above-mentioned other The transfer side of terminal device, it is also necessary to which processing is detected to the information to be certified received.
Specifically, the information to be certified received is parsed, to extract the requesting party entrained by information to be certified Mark.Requesting party's mark includes but not limited to network address, host identification number and access account of request method, apparatus etc..
S1032:In default information bank, obtain routing policy corresponding with requesting party mark and call permission.
In the information bank pre-established, it is stored with the corresponding routing policy of each requesting party's mark and calls permission, i.e. It is stored with the routing policy that each requesting party's mark can be called.Therefore, the requesting party's mark extracted based on above-mentioned S1031 Know, routing policy corresponding with requesting party mark can be read in information bank and calls permission.
For example, it is routing policy A to meet the routing policy corresponding to requesting party's mark of mask regular " 10.0.0.1/30 " And routing policy B, then when the requesting party entrained by information to be certified is identified as " 10.0.0.3 ", with requesting party mark It is routing policy A and routing policy B that routing policy, which calls permission,.
S1033:In described information interaction node sequence, determine to interact with the associated described information of a plurality of routing policy Node, wherein, a plurality of routing policy be the routing policy call in permission can regulative strategy.
In the embodiment of the present invention, if for any information interaction node, associated with a plurality of routing policy, but a plurality of road It is not called by strategy in the corresponding routing policy of requesting party's mark within permission, it is determined that it is and a plurality of routing plan not Slightly associated information exchange node.
If information exchange node at least two routing policies corresponding with requesting party's mark associate, just by the information exchange Node is determined as and the associated information exchange node of a plurality of routing policy.
In the embodiment of the present invention, identified by obtaining the requesting party entrained by information to be certified, and in requesting party's mark pair The routing policy answered call determined in extent of competence with the associated information exchange node of a plurality of routing policy, ensure that subsequently from When determining the main routing policy of information exchange node in above-mentioned a plurality of routing policy, the requesting party of information to be certified is that have to visit Ask the permission of the main routing policy, it is invalid routing plan to avoid the main routing policy drawn after more kinds of computings are performed Situation slightly occurs, thus it is guaranteed that the identification accuracy and validity of main routing policy.
S104:For the described information interaction node determined, calculate its associated each routing policy and distinguish Corresponding consumption figures.
At the time of each different, each routing policy corresponds to a consumption figures.Consumption figures represent information to be certified according to Data connection passage pointed by routing policy and when reaching certificate server, the cost value paid needed for system.Consumption figures is used In the value height for weighing routing policy, consumption figures is higher, and the value of routing policy is lower.
If for example, routing policy A and routing policy B be respectively used to be directed toward data connection passage A and data interface channel B, And information to be certified needs 1 yuan of payment when being uploaded to certificate server by data connection passage A every time;Information to be certified is led to When crossing data connection passage B and being uploaded to certificate server, 2 yuan of payment is needed every time;It then understands, disappearing corresponding to routing policy B Consumption value is less than the consumption figures corresponding to routing policy A, therefore the value of routing policy B is with respect to higher.
In the embodiment of the present invention, for each information exchange node determined, calculate associated by the information exchange node The corresponding consumption figures of each routing policy institute.
Wherein, consumption figures consider the factor include but not limited to the preset cost of data connection passage, connect into power with And information response's duration.
Specifically, as one embodiment of the present of invention, Fig. 2 shows recognizing for identity information provided in an embodiment of the present invention The specific implementation flow of card method S104, details are as follows:
S1041:For routing policy described in each associated by the described information interaction node determined, according to the road As the data connection passage pointed by strategy, obtain the preset cost of the data connection passage, connect into power and letter Cease response time.
It, can be real-time when carrying out data interaction by each data connection passage and certificate server in the embodiment of the present invention Obtain the data transmission quality of this interactive operation.Connecting into power and information response's duration and weigh with data connection passage Measure data transmission quality.When sending data interaction request to certificate server by data connection passage, data channel is connected It connects total degree and adds one;In data interaction success, i.e., ought when receiving the connection response information that certificate server is returned The successful connection number of preceding data connection passage adds one, and records the response time of certificate server.According to connection failure number And data channel connection total degree, real-time update data connection passage connect into power;It is successfully interacted according to each secondary data The response time recorded during operation, that is, the average response duration to count according to interface channel, and the average response duration is determined For information response's duration of data connection passage.
In the embodiment of the present invention, the preset cost of data connection passage is pre-set parameter value, according to custodian The fee agreement signed of administrative staff of member and opposite end certificate server determines.Preset cost can be data connection passage It performs the required expense a paid when data interaction operates or N (N is the integer more than 0, and N is preset value) is a The data of byte required expense paid when being transmitted in data connection passage.
The each routing policy associated by information exchange node determined for above-mentioned steps S103, according to the road As the data connection passage pointed by strategy, read the preset cost corresponding to the data connection passage, connect into power and Information response's duration.
S1042:According to default weight ratio, to the preset cost, connect into power and information response when progress Row weighted calculation, to obtain the consumption figures corresponding to this routing policy.
In the embodiment of the present invention, preset cost to each data connection passage, when connecting into power and information response Length is weighted, and the end value that weighting obtains is determined as being directed toward disappearing corresponding to the routing policy of the data connection passage Consumption value.Wherein, preset cost, to connect into the corresponding weight ratio of power and information response duration institute be preset value.
For example, if the preset cost of data connection passage A, to connect into power and information response's duration be respectively x, y, z, And default rate, to connect into the corresponding default weight ratio of power and duration institute of information response be a, b, c, then for referring to For the routing policy of data connection passage A, corresponding consumption figures R is specially:
R=ax+by+cz, (a>0, b<0, c>0)
As it can be seen that ought connect into, power y is higher, and the consumption figures R corresponding to routing policy is smaller.
In the embodiment of the present invention, the preset cost based on the data connection passage pointed by routing policy connects into power And information response's duration is weighted, and realizes comprehensive various aspects and considers the factor to determine the consumption of routing policy Value, this improves the calculating accuracys of the consumption figures corresponding to routing policy, ensure that and are capable of determining that respectively based on consumption figures The more preferred routing policy of aspect.
As one embodiment of the present of invention, Fig. 3 shows that the present invention implements the authentication method of the identity information provided Another specific implementation flow of S1042, details are as follows:
S1043:For routing policy described in each associated by the described information interaction node determined, according to the road As the data connection passage pointed by strategy, a parameter value of highest priority in the data connection passage, institute are obtained Parameter value is stated to be the preset cost, connect into power or information response's duration.
S1044:One parameter value of the highest priority is determined as to the consumption figures corresponding to this routing policy.
Each data connection passage pointed by routing policy has multiple parameters value, including above-mentioned preset cost, connection Success rate and information response's duration.Wherein, each single item parameter value is preset with a corresponding priority.
In the parameters value of data connection passage, the parameter value of highest priority is determined.By the highest priority Parameter value output for be directed toward the data connection passage routing policy corresponding to consumption figures.
Illustratively, if data connection passage B three parameter values (i.e. preset cost, connect into power and information and ring Answer duration) be respectively 0.5 yuan/time, 50%, 0.5 second, and preset cost, connect into corresponding to power and information response's duration Priority be respectively level-one, two level, three-level, then can determine the parameter value of highest priority as information response's duration, therefore Using its information response's duration 0.5 second as the consumption figures corresponding to the routing policy for being directed toward data connection passage B.If at this point, number According to interface channel C information response when a length of 0.6 second, then it is known that being directed toward corresponding to the routing policy of data connection passage B Consumption figures 0.5 be less than be directed toward data connection channel C routing policy corresponding to consumption figures 0.6.
Particularly, for arbitrary two routing policies, if the consumption figures that the parameter value based on highest priority is calculated It is identical, then it is recalculated according to the parameter value of next priority in data connection passage corresponding to above-mentioned two routing policies Consumption figures.
For example, if the parameter value of highest priority is default rate, and data connection passage A and data interface channel B Default rate is 1 yuan/time, then the routing policy A of the direction data connection passage A calculated and direction data connection passage The consumption figures of the routing policy B of B is identical.Therefore, if the high parameter value of preferential level obtains data respectively to connect into power Interface channel A's and data connection passage B connects into power, it is assumed that the two is respectively 50% and 60%, then updated The consumption figures of routing policy A and routing policy B are respectively 0.5 and 0.6, it is thus achieved that the consumption to two routing policies The size of value compares.
Particularly, if there are the identical multiple parameters value of priority, based on the weighted calculation side described in a upper embodiment Processing is weighted to the multiple parameters value in formula, is directed toward with output corresponding to the routing policy of the data connection passage Consumption figures.
S105:The routing policy of consumption figures minimum and remaining described routing policy are identified as currently The main routing policy of the moment information exchange node and alternate routing strategy.
In the embodiment of the present invention, the consumption figures of each routing policy corresponding to by information exchange node is mutually compared Compared with to determine the routing policy of consumption figures minimum.The routing policy of consumption figures minimum is determined as in information exchange node Main routing policy, other each routing policies in addition to the routing policy of consumption figures minimum are determined into the information exchange The alternate routing strategy of node.
Particularly, when it is a plurality of to consume minimum routing policy, made with the routing policy wherein randomly selected For the main routing policy at current time.
S106:Based on the main routing policy, it is attached with the certificate server;If connect with the certificate server Work(is connected into, then by the certificate server, performs the authentication operation on the information to be certified;If with the certification The main routing policy is then switched to any alternate routing strategy by server connection failure.
In the embodiment of the present invention, it is signified to pass through the main routing policy for the main routing policy determined according to current time To data connection passage, which is uploaded to certificate server, so that certificate server is based on pre-stored official Square identity data confirms whether information to be certified is true identity information.Above-mentioned certificate server is in data connection passage Opposite end.In addition, the data connection passage pointed by by the main routing policy, can also send identity information ratio to certificate server To data download request, to download the identity information comparison data stored in certificate server, and according to the identity information ratio Whether the information to be certified of active user, which is true identity information, is judged to data.Wherein, above-mentioned identity information comparison data For the corresponding official's data of information to be certified.For example, if information to be certified is " ID card No. A123, name Li Xiaoming ", then The identity information comparison data downloaded from certificate server can be the name for the user that ID card No. is A123.
In the embodiment of the present invention, if by the data connection passage pointed by main routing policy can not peer end of the connection certification Server, alternatively, not receiving the response message that certificate server is returned still in preset duration, it is determined that current time With certificate server connection failure.At this point, the main routing policy of current information interaction node is switched to any alternate routing plan After slightly, return and perform above-mentioned S106.
Preferably, when being attached based on main routing policy and certificate server, however, it is determined that current time takes with certification Business device connection failure, then add one by the connection failure number of the data connection passage pointed by main routing policy, and update the number Power is connected into according to interface channel.Power is connected into based on updated, recalculates each item routing in information exchange node The consumption figures of strategy after the main routing policy to determine current time again, returns and performs above-mentioned S106.
Preferably, every default time interval, obtain the described of each data connection passage and connect into power;If There are the data connection passages for connecting into power and being less than predetermined threshold value, then delete the institute for being directed toward the data connection passage Routing policy is stated, in the consumption figures for calculating each routing policy associated by information exchange node, directly to ignore to having deleted It is property in the data connection passage pointed by the main routing policy for ensureing to identify except the calculating process of the consumption figures of routing policy Can optimal data connection passage while, improve the recognition speed of main routing policy.
Preferably, the consumption figures of one or more routing policy associated by information exchange node can be according to administrative staff's Input instruction directly determines.Before above-mentioned S104 is performed, if detecting, the consumption figures of any routing policy for preset value, is neglected Slightly to the calculating process of the consumption figures of this routing policy, other each routing policy institutes that consumption figures is not preset value are only calculated Corresponding consumption figures.The embodiment of the present invention causes administrative staff can be with the decision process of the main routing policy of manual intervention, convenient for pipe Reason personnel carry out troubleshooting operation during the system failure.
Preferably, when the O&M prompt message based on any data interface channel for receiving certificate server and being sent When, obtain the O&M duration entrained by the O&M prompt message;In the O&M duration, the data connection passage will be directed toward Routing policy backup after deleted, and after the O&M duration, import this routing policy backed up again. The embodiment of the present invention realizes a data interface channel closed and specified in of short duration duration, avoids and is determined based on consumption figures The data connection passage pointed by main routing policy gone out performs the data connection passage safeguarded for the needs, this improves Power is connected into certificate server.
In the embodiment of the present invention, when authentication event is triggered, since information relevant with flow for authenticating ID is handed over Mutual node can associate a plurality of routing policy, and each routing policy can be used in the data being directed toward between a certificate server and connect Road is connected, thus by calculating the consumption figures corresponding to each routing policy so that identity authorization system only calls consumption every time It is worth a minimum routing policy, using other routing policies as alternate routing strategy, realizes and ensured with relatively low consumption Each information exchange node performs effectively, and reduces the cost needed for authentication operation;Based on main routing policy come with recognizing When demonstrate,proving server connection, if there is the situation of connection failure, by the way that main routing policy is switched to any alternate routing strategy, energy Enough play the role of mutually standby between multichannel data interface channel, ensure that will not be because the failure of a data interface channel be with regard to nothing Method completes entire flow for authenticating ID, and this improves the reliabilities of identity authorization system.
It is to be understood that the size of the sequence number of each step is not meant to the priority of execution sequence, each process in above-described embodiment Execution sequence should determine that the implementation process without tackling the embodiment of the present invention forms any limit with its function and internal logic It is fixed.
Corresponding to the authentication method for the identity information that the embodiment of the present invention is provided, Fig. 5 shows that the embodiment of the present invention carries The structure diagram of the authentication device of the identity information of confession.For convenience of description, part related to the present embodiment is illustrated only.
With reference to Fig. 5, which includes:
First acquisition unit 51, for when authentication event is triggered, obtaining the information to be certified of user.
Second acquisition unit 52 for the attribute type according to the information to be certified, obtains and the attribute type pair The information exchange sequence node answered, described information interaction node sequence include multiple information exchange nodes.
First determination unit 53, in described information interaction node sequence, determining associated with a plurality of routing policy Described information interaction node, wherein, the routing policy is for the data connection passage between direction and certificate server.
Computing unit 54, for for the described information interaction node determined, calculating its associated each routing The corresponding consumption figures of tactful institute.
Second determination unit 55, for by the routing policy and remaining described routing policy of consumption figures minimum It is identified as the main routing policy of the current time information exchange node and alternate routing strategy.
Connection unit 56 for being based on the main routing policy, is attached with the certificate server;If recognize with described Server successful connection is demonstrate,proved, then by the certificate server, performs the authentication operation on the information to be certified;If With the certificate server connection failure, then the main routing policy is switched to any alternate routing strategy.
Optionally, first determination unit 53 includes:
First obtains subelement, for obtaining requesting party's mark entrained by the information to be certified.
Second obtains subelement, in default information bank, obtaining routing plan corresponding with requesting party mark Slightly call permission.
First determination subelement, in described information interaction node sequence, determining to associate with a plurality of routing policy Described information interaction node, wherein, a plurality of routing policy is that the routing policy calls in permission and calls plan Slightly.
Optionally, the computing unit 54 includes:
3rd obtains subelement, for for routing described in each associated by the described information interaction node determined Strategy, the data connection passage according to pointed by the routing policy obtain preset cost, the connection of the data connection passage Success rate and information response's duration.
Weighted calculation subelement, for according to default weight ratio, to the preset cost, connecting into power and letter Breath response time is weighted, to obtain the consumption figures corresponding to this routing policy.
Optionally, the computing unit 54 includes:
4th obtains subelement, for for routing described in each associated by the described information interaction node determined Strategy, the data connection passage according to pointed by the routing policy obtain highest priority in the data connection passage One parameter value, the parameter value are the preset cost, connect into power or information response's duration.
Second determination subelement is right for the highest priority a parameter value to be determined as this routing policy institute The consumption figures answered.
Optionally, the authentication device of the identity information further includes:
3rd acquiring unit 57, for every default time interval, obtaining the described of each data connection passage Connect into power.
Unit 58 is deleted, if for connecting into the data connection passage that power is less than predetermined threshold value in the presence of described in, Delete the routing policy for being directed toward the data connection passage.
In the embodiment of the present invention, when authentication event is triggered, since information relevant with flow for authenticating ID is handed over Mutual node can associate a plurality of routing policy, and each routing policy can be used in the data being directed toward between a certificate server and connect Road is connected, thus by calculating the consumption figures corresponding to each routing policy so that identity authorization system only calls consumption every time It is worth a minimum routing policy, using other routing policies as alternate routing strategy, realizes and ensured with relatively low consumption Each information exchange node performs effectively, and reduces the cost needed for authentication operation;Based on main routing policy come with recognizing When demonstrate,proving server connection, if there is the situation of connection failure, by the way that main routing policy is switched to any alternate routing strategy, energy Enough play the role of mutually standby between multichannel data interface channel, ensure that will not be because the failure of a data interface channel be with regard to nothing Method completes entire flow for authenticating ID, and this improves the reliabilities of identity authorization system.
Fig. 6 is the schematic diagram for the terminal device that one embodiment of the invention provides.As shown in fig. 6, the terminal of the embodiment is set Standby 6 include:Processor 60, memory 61 and it is stored in the meter that can be run in the memory 61 and on the processor 60 Calculation machine program 62, such as the authentication procedure of identity information.The processor 60 is realized above-mentioned when performing the computer program 62 Step in the authentication method embodiment of each identity information, such as step 101 shown in FIG. 1 is to 106.Alternatively, the processing Device 60 realizes the function of each module/unit in above-mentioned each device embodiment when performing the computer program 62, such as shown in Fig. 5 The function of unit 51 to 58.
Illustratively, the computer program 62 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 61, and are performed by the processor 60, to complete the present invention.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 62 in the terminal device 6 is described.
The terminal device 6 can be that the calculating such as desktop PC, notebook, palm PC and cloud server are set It is standby.The terminal device may include, but be not limited only to, processor 60, memory 61.It will be understood by those skilled in the art that Fig. 6 The only example of terminal device 6 does not form the restriction to terminal device 6, can include than illustrating more or fewer portions Part either combines some components or different components, such as the terminal device can also include input-output equipment, net Network access device, bus etc..
Alleged processor 60 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
The memory 61 can be the internal storage unit of the terminal device 6, such as the hard disk of terminal device 6 or interior It deposits.The memory 61 can also be the External memory equipment of the terminal device 6, such as be equipped on the terminal device 6 Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge Deposit card (Flash Card) etc..Further, the memory 61 can also both include the storage inside list of the terminal device 6 Member also includes External memory equipment.The memory 61 is used to store needed for the computer program and the terminal device Other programs and data.The memory 61 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work( Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used To be that unit is individually physically present, can also two or more units integrate in a unit, it is above-mentioned integrated The form that hardware had both may be employed in unit is realized, can also be realized in the form of SFU software functional unit.In addition, each function list Member, the specific name of module are not limited to the protection domain of the application also only to facilitate mutually distinguish.Above system The specific work process of middle unit, module may be referred to the corresponding process in preceding method embodiment, and details are not described herein.
In the above-described embodiments, all emphasize particularly on different fields to the description of each embodiment, be not described in detail or remember in some embodiment The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may realize that each exemplary lists described with reference to the embodiments described herein Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is performed with hardware or software mode, specific application and design constraint depending on technical solution.Professional technician Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute The division of module or unit is stated, is only a kind of division of logic function, there can be other dividing mode in actual implementation, such as Multiple units or component may be combined or can be integrated into another system or some features can be ignored or does not perform.Separately A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be by some interfaces, device Or the INDIRECT COUPLING of unit or communication connection, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit The component shown may or may not be physical location, you can be located at a place or can also be distributed to multiple In network element.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also That unit is individually physically present, can also two or more units integrate in a unit.Above-mentioned integrated list The form that hardware had both may be employed in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated module/unit realized in the form of SFU software functional unit and be independent production marketing or In use, it can be stored in a computer read/write memory medium.Based on such understanding, the present invention realizes above-mentioned implementation All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method..Wherein, the computer program includes computer program code, the computer program Code can be source code form, object identification code form, executable file or some intermediate forms etc..Computer-readable Jie Matter can include:Can carry the computer program code any entity or device, recording medium, USB flash disk, mobile hard disk, Magnetic disc, CD, computer storage, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the meter The content that calculation machine readable medium includes can carry out appropriate increase and decrease according to legislation in jurisdiction and the requirement of patent practice, Such as in some jurisdictions, according to legislation and patent practice, computer-readable medium does not include electric carrier signal and telecommunications Signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to foregoing reality Example is applied the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to foregoing each Technical solution recorded in embodiment modifies or carries out equivalent substitution to which part technical characteristic;And these are changed Or replace, the essence of appropriate technical solution is not made to depart from the spirit and scope of various embodiments of the present invention technical solution, it should all It is included within protection scope of the present invention.

Claims (10)

1. a kind of authentication method of identity information, which is characterized in that including:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange sequence node corresponding with the attribute type, institute are obtained Stating information exchange sequence node includes multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy, wherein, institute State routing policy for be directed toward and certificate server between data connection passage;
For the described information interaction node determined, the corresponding consumption of its associated each routing policy institute is calculated Value;
The routing policy of consumption figures minimum and remaining described routing policy are identified as the current time letter Cease the main routing policy of interaction node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If with the certificate server successful connection, By the certificate server, the authentication operation on the information to be certified is performed;If connect with the certificate server Failure is connect, then the main routing policy is switched to any alternate routing strategy.
2. authentication method as described in claim 1, which is characterized in that it is described in described information interaction node sequence, it determines With the associated described information interaction node of a plurality of routing policy, including:
Obtain requesting party's mark entrained by the information to be certified;
In default information bank, obtain routing policy corresponding with requesting party mark and call permission;
In described information interaction node sequence, determine with the associated described information interaction node of a plurality of routing policy, wherein, The a plurality of routing policy be the routing policy call in permission can regulative strategy.
3. authentication method as claimed in claim 1 or 2, which is characterized in that the described information for determining interacts section Point calculates the corresponding consumption figures of its associated each routing policy institute, including:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined To the data connection passage, obtain the preset cost of the data connection passage, connect into power and information response's duration;
According to default weight ratio, to the preset cost, power is connected into and information response's duration is weighted, To obtain the consumption figures corresponding to this routing policy.
4. authentication method as claimed in claim 1 or 2, which is characterized in that the described information for determining interacts section Point calculates the corresponding consumption figures of its associated each routing policy institute, including:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined To the data connection passage, obtain a parameter value of highest priority in the data connection passage, the parameter value is The preset cost connects into power or information response's duration;
One parameter value of the highest priority is determined as to the consumption figures corresponding to this routing policy.
5. authentication method as described in claim 1, which is characterized in that further include:
Every default time interval, obtain the described of each data connection passage and connect into power;
If connected into the presence of described in power be less than predetermined threshold value the data connection passage, delete be directed toward the data connection lead to The routing policy in road.
6. a kind of terminal device, including memory and processor, the memory storage has and can run on the processor Computer program, which is characterized in that the processor realizes following steps when performing the computer program:
When authentication event is triggered, the information to be certified of user is obtained;
According to the attribute type of the information to be certified, information exchange sequence node corresponding with the attribute type, institute are obtained Stating information exchange sequence node includes multiple information exchange nodes;
In described information interaction node sequence, the definite and associated described information interaction node of a plurality of routing policy, wherein, institute State routing policy for be directed toward and certificate server between data connection passage;
For the described information interaction node determined, the corresponding consumption of its associated each routing policy institute is calculated Value;
The routing policy of consumption figures minimum and remaining described routing policy are identified as the current time letter Cease the main routing policy of interaction node and alternate routing strategy;
Based on the main routing policy, it is attached with the certificate server;If with the certificate server successful connection, By the certificate server, the authentication operation on the information to be certified is performed;If connect with the certificate server Failure is connect, then the main routing policy is switched to any alternate routing strategy.
7. terminal device as claimed in claim 6, which is characterized in that it is described in described information interaction node sequence, it determines It the step of described information interaction node associated with a plurality of routing policy, specifically includes:
Obtain requesting party's mark entrained by the information to be certified;
In default information bank, obtain routing policy corresponding with requesting party mark and call permission;
In described information interaction node sequence, determine with the associated described information interaction node of a plurality of routing policy, wherein, The a plurality of routing policy be the routing policy call in permission can regulative strategy.
8. terminal device as claimed in claims 6 or 7, which is characterized in that the described information for determining interacts section It the step of point, calculating its associated each routing policy corresponding consumption figures, specifically includes:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined To the data connection passage, obtain the preset cost of the data connection passage, connect into power and information response's duration;
According to default weight ratio, to the preset cost, power is connected into and information response's duration is weighted, To obtain the consumption figures corresponding to this routing policy.
9. terminal device as claimed in claims 6 or 7, which is characterized in that the described information for determining interacts section It the step of point, calculating its associated each routing policy corresponding consumption figures, specifically includes:
It is signified according to the routing policy for routing policy described in each associated by the described information interaction node determined To the data connection passage, obtain a parameter value of highest priority in the data connection passage, the parameter value is The preset cost connects into power or information response's duration;
One parameter value of the highest priority is determined as to the consumption figures corresponding to this routing policy.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In when the computer program is executed by processor the step of realization such as any one of claim 1 to 5 the method.
CN201810083958.XA 2018-01-29 2018-01-29 Authentication method, terminal device and the medium of identity information Active CN108055288B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810083958.XA CN108055288B (en) 2018-01-29 2018-01-29 Authentication method, terminal device and the medium of identity information
PCT/CN2018/083566 WO2019144522A1 (en) 2018-01-29 2018-04-18 Identity information authentication method and apparatus, terminal device, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810083958.XA CN108055288B (en) 2018-01-29 2018-01-29 Authentication method, terminal device and the medium of identity information

Publications (2)

Publication Number Publication Date
CN108055288A true CN108055288A (en) 2018-05-18
CN108055288B CN108055288B (en) 2019-09-17

Family

ID=62124971

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810083958.XA Active CN108055288B (en) 2018-01-29 2018-01-29 Authentication method, terminal device and the medium of identity information

Country Status (2)

Country Link
CN (1) CN108055288B (en)
WO (1) WO2019144522A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114257650A (en) * 2021-10-29 2022-03-29 四川新网银行股份有限公司 Bank individual user online checking method, system and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800753A (en) * 2010-03-16 2010-08-11 中国电子科技集团公司第三十研究所 Comprehensive safety protecting method based on integral network safety service framework
CN103428220A (en) * 2013-08-23 2013-12-04 中国人民解放军理工大学 Virtual reconstruction ubiquitous network architecture based on identity-position separation
CN104780535A (en) * 2014-01-14 2015-07-15 中兴通讯股份有限公司 Method and device for authenticating safe center node in multi-terminal cooperative process
CN104836777A (en) * 2014-02-10 2015-08-12 腾讯科技(深圳)有限公司 Identity verification method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800753A (en) * 2010-03-16 2010-08-11 中国电子科技集团公司第三十研究所 Comprehensive safety protecting method based on integral network safety service framework
CN103428220A (en) * 2013-08-23 2013-12-04 中国人民解放军理工大学 Virtual reconstruction ubiquitous network architecture based on identity-position separation
CN104780535A (en) * 2014-01-14 2015-07-15 中兴通讯股份有限公司 Method and device for authenticating safe center node in multi-terminal cooperative process
CN104836777A (en) * 2014-02-10 2015-08-12 腾讯科技(深圳)有限公司 Identity verification method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114257650A (en) * 2021-10-29 2022-03-29 四川新网银行股份有限公司 Bank individual user online checking method, system and equipment
CN114257650B (en) * 2021-10-29 2024-03-12 四川新网银行股份有限公司 Bank personal user networking checking method, system and equipment

Also Published As

Publication number Publication date
CN108055288B (en) 2019-09-17
WO2019144522A1 (en) 2019-08-01

Similar Documents

Publication Publication Date Title
CN112132447B (en) Block chain-based algorithm for evaluating and guaranteeing trust of computing power network
KR102211374B1 (en) Method and device for outputting risk information and constructing risk information
CN109246211B (en) Resource uploading and resource requesting method in block chain
CN107682397B (en) Customer resources acquisition methods, device, terminal device and storage medium
CN107257340A (en) A kind of authentication method, authentication data processing method and equipment based on block chain
CN110535777A (en) Access request control method, device, electronic equipment and readable storage medium storing program for executing
CN109102299A (en) Resource transfers data managing method, device and storage medium
CN107704765A (en) A kind of interface access method, server and computer-readable recording medium
CN106651303A (en) Intelligent contract processing method and system based on templates
CN106100902A (en) High in the clouds index monitoring method and apparatus
CN105590055A (en) Method and apparatus for identifying trustworthy user behavior in network interaction system
CN105207780B (en) A kind of certification user method and device
CN109639723A (en) A kind of micro services access method and server based on ERP system
CN101651541A (en) System and method for authentication of network user
CN112087502B (en) Method, device and equipment for processing request and storage medium
US10192262B2 (en) System for periodically updating backings for resource requests
CN110457629A (en) Permission processing, authority control method and device
CN107480540A (en) Data access control system and method
CN109802915A (en) A kind of telecommunication fraud detection processing method and device
CN106713235A (en) Account registration and login method and additional network storage system using the method
CN110597919A (en) Data management method, device and equipment based on block chain and storage medium
CN109889558A (en) Data transmission method, middleware and the system of internet of things oriented application
US20170024187A1 (en) Automated approval
CN108055288B (en) Authentication method, terminal device and the medium of identity information
CN106874371A (en) A kind of data processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant