CN108449348A - A kind of on-line authentication system and method for supporting user identity secret protection - Google Patents
A kind of on-line authentication system and method for supporting user identity secret protection Download PDFInfo
- Publication number
- CN108449348A CN108449348A CN201810241993.XA CN201810241993A CN108449348A CN 108449348 A CN108449348 A CN 108449348A CN 201810241993 A CN201810241993 A CN 201810241993A CN 108449348 A CN108449348 A CN 108449348A
- Authority
- CN
- China
- Prior art keywords
- user
- identity
- module
- identity information
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Abstract
The invention belongs to transmission control procedure technical fields, disclose a kind of on-line authentication system and method for supporting user identity secret protection, and user submits characteristic information to apply for the registration of;The log-on message for receiving user's submission generates user identity according to characteristic information, and user identity can be stored as subscriber identity information table;Generate user local identity information table;User terminal sequentially searches first available ID in local identity information table, after receiving user terminal request, initiates user identity audit request, whether the user that verification possesses the identity is legal;Selection processing mode is returned the result according to identity server, processing user terminal request is asked if user identity is legal, is otherwise refused.User identity generating process proposed by the present invention can guarantee that user identity is anonymous, and user real identification information only has user itself and identity server to have permission acquisition;Under conditions of user identity audit realizes user identity anonymity, user identity permission is managed, ensure that privacy of user.
Description
Technical field
The invention belongs to transmission control procedure technical field more particularly to a kind of supporting the online of user identity secret protection
Verification System and method.
Background technology
Currently, the prior art commonly used in the trade is such:Field is interacted in shopping at network, network finance and network social intercourse etc.
Under scape, since personal user carries out business operation commonly using same fixed ID or submits service request to server, it is easy quilt
Attacker's statistical analysis user's feature, or know that user is accustomed to by website owner.The privacy of user has to be obtained by criminal
And the risk utilized.The prior art one " a kind of cross-domain anonymous resource sharing platform and its implementation " discloses a kind of cross-domain hide
Name resource platform and its implementation.The core concept of the program is:It is realized to user anonymity identity using anonymous authentication module
Certification realizes the empowerment management to user by access control method.The final anonymous cross-domain authorization management realized to user, with
And realize Modes of Sharing Resources.The prior art two " a kind of anonymous authentication method of curstomer-oriented/server network " discloses one
The anonymous authentication method of kind curstomer-oriented/server network, it is characterized in that there are a trusted party, a server, one
Secure hardware and several clients.Secure hardware carries out client signature and stored previous n-1 effectively signatures
Polymerization, and aggregate signature is issued into given server, only given server is just able to verify that the validity of aggregate signature, and then demonstrate,proves
The validity of bright client signature realizes the anonymity of client with this.
In conclusion problem of the existing technology is:The prior art needs a large amount of mathematical operation, in the field of high concurrent
Scape be easy to cause traffic congestion, and needs independent hardware device, equipment update and safeguard need to inject capital into again and
Energy.
Solve the difficulty and meaning of above-mentioned technical problem:Present solution provides a kind of support user identity privacy anonymity protections
On-line authentication system and method, lead to too small amount of mathematical operation and ensure that user identity is anonymous, in the high concurrent scene system and
Method can also be executed efficiently.
Invention content
In view of the problems of the existing technology, the present invention provides a kind of on-line authentications for supporting user identity secret protection
System and method.
The invention is realized in this way a kind of on-line authentication method for supporting user identity secret protection, the support is used
The on-line authentication method of family privacy of identities protection includes:
Step 1, user submit characteristic information to apply for the registration of;
Step 2 receives the log-on message of user's submission, generates user identity according to characteristic information, user identity can store
For subscriber identity information table;Generate user local identity information table;
Step 3, user terminal sequentially search first available ID in local identity information table, after receiving user terminal request, initiate
Whether user identity audit request, the user that verification possesses the identity are legal;Searched whether in subscriber identity information table include
The identity, and return to verification result;Subscriber identity information table is there are the identity information, then user identity is legal, otherwise illegal;
Step 4 returns the result selection processing mode according to identity server, and processing is asked to be used if user identity is legal
Family end is asked, and is otherwise refused.
Further, the mode for supporting that the on-line authentication method of user identity secret protection generates user identity is:
IDn=F (IDn-1,IV);
Wherein F () is one-way function.
Further, the subscriber identity information generating mode is the identity information of sequentially generation fixed quantity, and according to spy
Surely it is ranked sequentially, each subscriber identity information includes the index of user real identification information;All users generate identity information root
It is organized into a kind of orderly data structure according to particular order.
Further, whether the verification user is that validated user method specifically includes:
(1) whether include inquired identity information by binary search in subscriber identity information table, if user identity
Do not include the user information in information table and return to user identity invalid result, otherwise returns to user identity valid result, and carry out
In next step;
(2) identity information is deleted from subscriber identity information table, and checks the identity that the user for possessing the identity uses
Whether information occurs step-out.If step-out does not occur, according to subscriber identity information generating mode, the last one identity at this time is used
Information generates new identity information, and is added in subscriber identity information table by particular order;Otherwise it carries out in next step;
(3) identity information that step-out all under the user is deleted after the identity information of all step-outs, and root are found
The identity information of new equivalent amount is generated according to subscriber identity information generating mode.
Another object of the present invention is to provide a kind of on-line authentication methods of the support user identity secret protection
Support the on-line authentication system of user identity secret protection, the on-line authentication system packet for supporting user identity secret protection
It includes:
Line module is deployed in user side, and for providing to the user, registration, identity information generates and store function;
Multi-service processing module, is deployed in Service Process Server, for according to subscriber identity information to the body registered
Part authentication module sends user identity audit request, and is asked according to authentication auditing result processing business;
Authentication module is deployed in identity server, and for providing registration to the user, identity information generates and storage work(
Can, and the identity auditing result accepted is returned to multi-service processing module.
Further, the line module includes:
User asks registration module, for the characteristic information submitted according to user, generation log-on message and to authentication
Module submits application for registration;
Service request module, for submitting application for registration;
Subscriber identity information generation module, receives returning the result for user's registration, and registration failure then calls user to ask note
Volume module regenerates log-on message and submits registration request to selected authentication module;It succeeds in registration, is recognized according to identity
The login ID that module returns is demonstrate,proved, initial vector IV and one-way function generate identity information and the storage of user.
Further, the multi-service processing module includes:
Service handling module, receives customer service request, asks type to be delivered to Service Processing Module according to customer service
Service request, and deliver subscriber identity information to user identity requests verification module;
Service Processing Module receives the authentication result of authentication module according to user identity requests verification module
Business processing is carried out, the service request of the user is handled if the authentication of service request user is legal, otherwise refuses business
Request.Handling result is back to line module;
User identity requests verification module, according to subscriber identity information and institute's enrollment status authentication module information, to registration
Authentication module send user identity audit request, and receive identity auditing result and transfer to user's processing module.
Further, the authentication module includes:
User registration module accepts the user's registration request of line module, is generated for user according to the information of user's registration
Login ID, initial vector IV, and select a kind of one-way function as identity information generating function;
User's registration accepts login ID of the module by generation, and the one-way function of initial vector IV and selection is committed to user's letter
It ceases generation module and is back to line module;
Identity information generation module, according to the unidirectional of the login ID of user registration module submission, initial vector IV and selection
Subscriber identity information is generated for user in function, and is sequentially stored as a kind of data structure that can efficiently build and search.
Another object of the present invention is to provide a kind of using the on-line authentication side for supporting user identity secret protection
The information data processing terminal of method.
The on-line authentication side for supporting user identity secret protection is realized another object of the present invention is to provide a kind of
The computer program of method.
In conclusion advantages of the present invention and good effect are:User identity generating process proposed by the present invention can guarantee
User identity is anonymous, and user real identification information only has user itself and identity server to have permission acquisition.It is proposed by the present invention
Under conditions of user identity audit realizes user identity anonymity, user identity permission is managed, ensure that privacy of user.
Description of the drawings
Fig. 1 is the on-line authentication system structure diagram provided in an embodiment of the present invention for supporting user identity secret protection;
In figure:1, line module;2, multi-service processing module;3, authentication module.
Fig. 2 is the on-line authentication method flow diagram provided in an embodiment of the present invention for supporting user identity secret protection.
Fig. 3 is subscriber identity information product process figure provided in an embodiment of the present invention.
Fig. 4 is user's registration flow chart provided in an embodiment of the present invention.
Fig. 5 is business processing flow figure provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
The purpose of the present invention is realizing in the case where protecting the privacy of user identity, user identity and permission can be tested
Card.System includes that line module, multi-service processing module and authentication module, technical solution are mainly given birth to by subscriber identity information
It is formed at two processes of subscriber authentication.
The application principle of the present invention is explained in detail below in conjunction with the accompanying drawings.
As shown in Figure 1, provided in an embodiment of the present invention support that the on-line authentication system of user identity secret protection includes:With
Family module 1, multi-service processing module 2, authentication module 3.
Line module 1 includes that user asks registration module, service request module and subscriber identity information generation module, deployment
In user side, registration, identity information generation and store function are provided to the user.
User asks the characteristic information that registration module is submitted according to user, including but not limited to identification card number, phone number, postal
One, case etc. and several combinations generate log-on message and submit application for registration to authentication module.
Subscriber identity information receives returning the result for user's registration, and user is called to ask registration module weight if registration failure
Newly-generated log-on message submits registration request to selected authentication module.According to authentication module if succeeding in registration
The login ID of return, initial vector IV and one-way function generate the identity information of user and storage, and generating mode can be but unlimited
In:
IDn=F (IDn-1,IV);
Wherein F () is one-way function, can be but be not limited to hash function, encryption function and arbitrary combination.
Multi-service processing module 2 includes service handling module, Service Processing Module and user identity requests verification module, portion
It is deployed on Service Process Server, sending user identity audit to the authentication module registered according to subscriber identity information asks
It asks, and is asked according to authentication auditing result processing business.
Service handling module receives customer service request, asks type to deliver industry to Service Processing Module according to customer service
Business request, and deliver subscriber identity information to user identity requests verification module.
Service Processing Module receives the authentication result of authentication module according to user identity requests verification module
Business processing is carried out, the service request of the user is handled if the authentication of service request user is legal, otherwise refuses business
Request.Handling result is back to line module.
User identity requests verification module is according to subscriber identity information and institute's enrollment status authentication module information, to registration
Authentication module sends user identity audit request, and receives identity auditing result and transfer to user's processing module.
Authentication module 3 includes user registration module, subscriber identity information generation module and subscriber identity information inquiry
Module is deployed in identity server, provides registration, identity information generation and store function to the user, and handle mould to multi-service
Block returns to the identity auditing result accepted.
User registration module accepts the user's registration request of line module, is generated for user and is stepped on according to the information of user's registration
ID, initial vector IV are recorded, and selects a kind of one-way function as identity information generating function.User's registration accepts module and will generate
Login ID, the one-way function of initial vector IV and selection is committed to user information generation module and is back to line module.
The unidirectional letter for login ID, initial vector IV and the selection that identity information generation module is submitted according to user registration module
Subscriber identity information is generated for user in number, and is sequentially stored as a kind of data structure that can efficiently build and search, generating mode
It can be but be not limited to:
IDn=F (IDn-1,IV);
Wherein F () is one-way function, can be but be not limited to hash function, encryption function and arbitrary combination.It can be efficient
Structure and the data structure searched can be but be not limited to balanced binary tree, red black tree etc..
Subscriber identity information enquiry module receives the subscriber authentication request of multi-service processing module transmission, and to more industry
Processing module of being engaged in returns to query result.Identity information enquiry module is according to dichotomy in subscriber identity information table search user identity
The subscriber identity information that checking request includes, it is non-to multi-service processing module return user identity if not comprising this identity information
Method result.Otherwise the subscriber identity information in subscriber identity information table is deleted, and user information generation module is called to generate newly
Identity information is simultaneously stored in subscriber identity information table.In addition, the identity information that identity information enquiry module searches the user is
No step-out deletes step-out information all in subscriber identity information table, and call user information if subscriber identity information step-out
Generation module generates the subscriber identity information with step-out information equivalent amount.
As shown in Fig. 2, it is provided in an embodiment of the present invention support user identity secret protection on-line authentication method include with
Lower step:
S201:User submits the information for confirming identity, including but not limited to body by the request registration module of line module
Part card number, cell-phone number, mailbox etc., and select the identity server to be registered.Line module is taken by secure connection to identity
Business device identity module submits log-on message;
S202:Identity server authentication module receives user's registration information, user's registration mould by secure connection
Block lookup possesses whether log-on message user is registered, and returns to registration failure information if being registered in user terminal, otherwise
It goes in next step;
S203:User registration module is that registration user generates login ID, and IV vectors simultaneously select a kind of hash function to be back to
User terminal.The user login information that identity information generation module is generated according to user registration module;
S204:User obtains registering result from secure connection, new identity information is resubmited if registration failure, otherwise
Hash function, User ID and the IV vectors provided according to identity server, identity letter is generated by the identical mode of identity server
Breath table simultaneously stores;
S205:User searches first available identity in local identity information table, and as subscriber identity information to industry
Business processing server requested service processing;Service handling module receives the service request of user's transmission, and user identity request is tested
Identity server of the module according to user's registration is demonstrate,proved, authentication request is sent to identity server by secure connection;
S206:Identity server user information inquiry module receives the subscriber authentication of Service Process Server transmission
After request, the identity information for including the user is searched whether in subscriber identity information storage table, is taken to business if not including
Business device returns to user identity invalid information, otherwise returns to user identity legal information, and carries out in next step;
S207:User identity requests verification module receives the query result of return, if return the result for user identity it is legal
User's requested service is then handled, is refused user's request for the non-rule of user identity if returning the result, and record user's Request Log;
S208:Line module obtains the result of service server processing.If the identity information has failed, in identity information
First available identity re-request business processing is sequentially searched in table, and deletes failure identity information, and generates new identity letter
In breath storage to local identity information table;It successfully deletes the identity information used if service server is handled and generates newly
Identity information is stored to local identity information table.
The user login information that identity information generation module is generated according to user registration module in step S203, generation side
Formula is:
WhereinFor one-way function, it can be but be not limited to hash function, encryption function and arbitrary combination.All users
The subscriber identity information of generation is stored as a kind of data structure that can efficiently build and inquire, and referred to as subscriber identity information
Table.
Step S206 further comprises:
(1) identity server deletes the identity information from subscriber identity information table, and checks the user for possessing the identity
Whether the identity information used occurs step-out.If step-out does not occur, identity server according to subscriber identity information generating mode,
New identity information is generated using the last one identity information at this time, and is added in subscriber identity information table by particular order.It is no
It then carries out in next step;
(2) identity server finds the identity that step-out all under the user is deleted after the identity informations of all step-outs
Information, and generate according to claim 3 subscriber identity information generating mode the identity information of new equivalent amount.
The application principle of the present invention is further described with reference to specific embodiment.
Embodiment 1:
Anonymity shopping:
1.1 register flow path:
User establishes escape way, browser by terminal and website, and intelligent card subscriber submits registration letter to shopping website
Breath;
Shopping website verifies user identity in identity server, and registration failure letter is prompted the user with if user is registered
Otherwise breath is gone in next step;
Identity server distributing user login ID, IV vectors, and select a kind of hash function according to user's login ID and IV
Vector generates the EID of fixed quantity, and EID is sequentially stored and generates user's EID tables, and generating mode is:
" EID " _ n=F (" EID " _ (n-1) IV);
Shopping website returns to login ID to user.
1.2 anonymous shopping process:
User log in shopping website, if logining successfully identity server by safe lane to user terminal send IV to
Amount and hash function, starting EID etc., otherwise prompt login failed for user;
User terminal receives IV vector sum hash functions by safe lane, originates EID, and generate local EID tables, generates
Rule is:
" EID " _ n=F (" EID " _ (n-1) IV);
User terminal sequentially searches an available EID in EID tables and places an order in on-line shop is stood in shopping;
On-line shop gets user EID, and verifies user identity to shopping website identity server by safe lane;
Whether identity server inquires the EID in user list effective, if including if return to success, and delete the inquiry
EID simultaneously generates new EID storages to EID tables, otherwise returns to failure.
Shopping on-line shop gets user identity query result, and handling the EID data if query result is validated user asks
It asks, otherwise refuses;
User terminal gets on-line shop's handling result, and the EID is deleted if being successfully processed, and generate new EID store to
EID tables.
1.3 terminate flow
EID table end positions are sent with user orientation server;Server-tag EID next time tables initial position, when next time communicates
The use of the EID is starting EID.
Embodiment 2:
It votes anonymously
2.1 user's registration:
User terminal and identity server establish secure connection.
User registers to identity server, identity server distributing user login ID, IV vectors, and selects a kind of hash letter
It is several to generate EID tables according to user's login ID and IV vectors.
User receives the ID of identity server return, IV vectors, and is generated using identical hash function and identical algorithms
Local ident table.
2.2 ballot:
User terminal, identity server and polling server establish secure connection.
User selects an available EID to vote as ID in local EID tables.
Polling server receives user's ballot request for ID with EID, and possesses this to identity server requests verification
The legitimacy of EID user identity.
Identity server searched whether in local EID tables include the EID, if including if prove that user identity is legal, it is no
It is then illegal.And return to query result to polling server.
Polling server, which receives, to be returned the result, and voting records are recorded if identity is legal, otherwise refusal ballot request.
Embodiment 3:
Anonymous invoice
3.1 user's registration:
User submits log-on message, including cell-phone number, mailbox, identification card number etc. to user terminal;
User terminal receives log-on message, and registration request is submitted to identity server by secure connection;
Identity server receives registration request, and search request log-on message is to be registered, if being registered to
User terminal returns to registration failure information, and otherwise continue to the next step;
Identity server receives log-on message, generates user's login ID, initial vector IV, and select a kind of one-way function,
And three category information is back to user terminal;
Identity server generates subscriber identity information, each user according to login ID, initial vector IV and one-way function
Identity information be 128bit character string, generating mode is:Identity server is deposited all subscriber identity informations by lexcographical order
Storage is binary tree;
User terminal receives the registering result of identity server return, submits and notes to identity server again if registration failure
Volume information.If succeeding in registration, the identity information of the user is generated according to rule identical with identity server.
3.2 invoice issuing
User selects identity of the first available identity information as this application invoice issuing in local identity information table.
Invoice issuing side will ask identity to provide invoice as bill new line.
3.3 note validating
Whether legal submit an expense account the subscriber identity information that unit asks audit bill to come back to identity server;
Identity server searches whether to include the identity information in local identity information table using dichotomy, if not including
Then user identity invalid information is returned to reimbursement unit;Otherwise user identity legal information is returned, and deletes the identity information, with
And it generates new identity information and stores to subscriber identity information table.
Reimbursement unit receives identity server and returns the result, if return the result user identity it is legal if handle reimbursement business,
Otherwise refusal processing reimbursement business.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its arbitrary combination real
It is existing.When using entirely or partly realizing in the form of a computer program product, the computer program product include one or
Multiple computer instructions.When loading on computers or executing the computer program instructions, entirely or partly generate according to
Flow described in the embodiment of the present invention or function.The computer can be all-purpose computer, special purpose computer, computer network
Network or other programmable devices.The computer instruction can store in a computer-readable storage medium, or from one
Computer readable storage medium is transmitted to another computer readable storage medium, for example, the computer instruction can be from one
A web-site, computer, server or data center pass through wired (such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)
Or wireless (such as infrared, wireless, microwave etc.) mode is carried out to another web-site, computer, server or data center
Transmission).The computer read/write memory medium can be that any usable medium that computer can access either includes one
The data storage devices such as a or multiple usable mediums integrated server, data center.The usable medium can be magnetic Jie
Matter, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state disk Solid
State Disk (SSD)) etc..
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (10)
1. a kind of on-line authentication method for supporting user identity secret protection, which is characterized in that the support user identity privacy
The on-line authentication method of protection includes:
Step 1, user submit characteristic information to apply for the registration of;
Step 2 receives the log-on message of user's submission, generates user identity according to characteristic information, user identity can be stored as using
Family identity information table;Generate user local identity information table;
Step 3, user terminal sequentially search first available ID in local identity information table, after receiving user terminal request, initiate user
Whether identity audit request, the user that verification possesses the identity are legal;It searches whether to include the body in subscriber identity information table
Part, and return to verification result;Subscriber identity information table is there are the identity information, then user identity is legal, otherwise illegal;
Step 4 returns the result selection processing mode according to identity server, and processing user terminal is asked if user identity is legal
Request, otherwise refuses.
2. supporting the on-line authentication method of user identity secret protection as described in claim 1, which is characterized in that the support
The mode that the on-line authentication method of user identity secret protection generates user identity is:
IDn=F (IDn-1,IV);
Wherein F () is one-way function.
3. supporting the on-line authentication method of user identity secret protection as described in claim 1, which is characterized in that the user
Identity information generating mode is sequentially to generate the identity information of fixed quantity, and arranged according to particular order, each user identity
Information includes the index of user real identification information;All users generate identity information and are organized into one kind orderly according to particular order
Data structure.
4. supporting the on-line authentication method of user identity secret protection as described in claim 1, which is characterized in that the verification
Whether user is that validated user method specifically includes:
(1) whether include inquired identity information by binary search in subscriber identity information table, if subscriber identity information
Do not include the user information in table and return to user identity invalid result, otherwise returns to user identity valid result, and carry out next
Step;
(2) identity information is deleted from subscriber identity information table, and checks the identity information that the user for possessing the identity uses
Whether step-out is occurred;Step-out does not occur, according to subscriber identity information generating mode, is given birth to using the last one identity information at this time
It is added in subscriber identity information table at new identity information, and by particular order;Otherwise it carries out in next step;
(3) find the identity information that step-out all under the user is deleted after the identity information of all step-outs, and according to
Family identity information generating mode generates the identity information of new equivalent amount.
5. a kind of support user identity privacy of the on-line authentication method of support user identity secret protection as described in claim 1
The on-line authentication system of protection, which is characterized in that described to support that the on-line authentication system of user identity secret protection includes:
Line module is deployed in user side, and for providing to the user, registration, identity information generates and store function;
Multi-service processing module, is deployed in Service Process Server, for being recognized to the identity registered according to subscriber identity information
It demonstrate,proves module and sends user identity audit request, and asked according to authentication auditing result processing business;
Authentication module is deployed in identity server, for providing registration, identity information generation and store function to the user,
And the identity auditing result accepted is returned to multi-service processing module.
6. the on-line authentication system of support user identity secret protection as claimed in claim 5, which is characterized in that the use
Family module includes:
User asks registration module, for the characteristic information submitted according to user, generation log-on message and to authentication module
Submit application for registration;
Service request module, for submitting application for registration;
Subscriber identity information generation module, receives returning the result for user's registration, and registration failure then calls user to ask registration mould
Block regenerates log-on message and submits registration request to selected authentication module;It succeeds in registration then according to authentication mould
The login ID that block returns, initial vector IV and one-way function generate the identity information of user and storage.
7. the on-line authentication system of support user identity secret protection as claimed in claim 5, which is characterized in that described more
Service Processing Module includes:
Service handling module, receives customer service request, asks type to Service Processing Module handing over service according to customer service
Request, and deliver subscriber identity information to user identity requests verification module;
Service Processing Module, the authentication result that authentication module is received according to user identity requests verification module carry out
Business processing handles the service request of the user if the authentication of service request user is legal, otherwise refuses service request;
Handling result is back to line module;
User identity requests verification module, according to subscriber identity information and institute's enrollment status authentication module information, to the body of registration
Part authentication module sends user identity audit request, and receives identity auditing result and transfer to user's processing module.
8. the on-line authentication system of support user identity secret protection as claimed in claim 5, which is characterized in that the body
Part authentication module includes:
User registration module accepts the user's registration request of line module, login is generated for user according to the information of user's registration
ID, initial vector IV, and select a kind of one-way function as identity information generating function;
User's registration accepts login ID of the module by generation, and the one-way function of initial vector IV and selection is committed to user information life
At module and it is back to line module;
Identity information generation module, login ID, initial vector IV and the one-way function of selection submitted according to user registration module
Subscriber identity information is generated for user, and is sequentially stored as a kind of data structure that can efficiently build and search.
9. a kind of letter using the on-line authentication method for supporting user identity secret protection described in Claims 1 to 4 any one
Cease data processing terminal.
10. a kind of meter for realizing the on-line authentication method for supporting user identity secret protection described in Claims 1 to 4 any one
Calculation machine program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810241993.XA CN108449348B (en) | 2018-03-22 | 2018-03-22 | Online authentication system and method supporting user identity privacy protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810241993.XA CN108449348B (en) | 2018-03-22 | 2018-03-22 | Online authentication system and method supporting user identity privacy protection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108449348A true CN108449348A (en) | 2018-08-24 |
CN108449348B CN108449348B (en) | 2021-03-26 |
Family
ID=63196226
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810241993.XA Active CN108449348B (en) | 2018-03-22 | 2018-03-22 | Online authentication system and method supporting user identity privacy protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108449348B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109359938A (en) * | 2018-09-21 | 2019-02-19 | 深圳市买买提信息科技有限公司 | A kind of optimization method of flow chart of data processing, device and terminal device |
CN109544412A (en) * | 2018-10-09 | 2019-03-29 | 重庆易保全网络科技有限公司 | Strong notarization method, apparatus, storage medium and equipment are assigned online |
CN109981585A (en) * | 2019-02-26 | 2019-07-05 | 中国联合网络通信集团有限公司 | Business handling method and apparatus |
CN113141347A (en) * | 2021-03-16 | 2021-07-20 | 中国科学院信息工程研究所 | Social work information protection method and device, electronic equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101697540A (en) * | 2009-10-15 | 2010-04-21 | 浙江大学 | Method for authenticating user identity through P2P service request |
CN103607371A (en) * | 2013-07-02 | 2014-02-26 | 燕山大学 | Method for protecting Internet user privacy through third-party platform |
US20160034712A1 (en) * | 2012-10-02 | 2016-02-04 | Banjo, Inc. | System and method for event-related content discovery, curation, and presentation |
CN107017993A (en) * | 2017-04-01 | 2017-08-04 | 北京江南天安科技有限公司 | A kind of multi-party joint key is produced and digital signature method and system |
CN107633161A (en) * | 2017-08-24 | 2018-01-26 | 深圳双创科技发展有限公司 | The terminal and Related product of the access control of protected data |
CN107786340A (en) * | 2016-08-31 | 2018-03-09 | 阿里巴巴集团控股有限公司 | A kind of method and device of authentication |
-
2018
- 2018-03-22 CN CN201810241993.XA patent/CN108449348B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101697540A (en) * | 2009-10-15 | 2010-04-21 | 浙江大学 | Method for authenticating user identity through P2P service request |
US20160034712A1 (en) * | 2012-10-02 | 2016-02-04 | Banjo, Inc. | System and method for event-related content discovery, curation, and presentation |
CN103607371A (en) * | 2013-07-02 | 2014-02-26 | 燕山大学 | Method for protecting Internet user privacy through third-party platform |
CN107786340A (en) * | 2016-08-31 | 2018-03-09 | 阿里巴巴集团控股有限公司 | A kind of method and device of authentication |
CN107017993A (en) * | 2017-04-01 | 2017-08-04 | 北京江南天安科技有限公司 | A kind of multi-party joint key is produced and digital signature method and system |
CN107633161A (en) * | 2017-08-24 | 2018-01-26 | 深圳双创科技发展有限公司 | The terminal and Related product of the access control of protected data |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109359938A (en) * | 2018-09-21 | 2019-02-19 | 深圳市买买提信息科技有限公司 | A kind of optimization method of flow chart of data processing, device and terminal device |
CN109544412A (en) * | 2018-10-09 | 2019-03-29 | 重庆易保全网络科技有限公司 | Strong notarization method, apparatus, storage medium and equipment are assigned online |
CN109981585A (en) * | 2019-02-26 | 2019-07-05 | 中国联合网络通信集团有限公司 | Business handling method and apparatus |
CN109981585B (en) * | 2019-02-26 | 2022-02-22 | 中国联合网络通信集团有限公司 | Business handling method and equipment |
CN113141347A (en) * | 2021-03-16 | 2021-07-20 | 中国科学院信息工程研究所 | Social work information protection method and device, electronic equipment and storage medium |
CN113141347B (en) * | 2021-03-16 | 2022-06-10 | 中国科学院信息工程研究所 | Social work information protection method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108449348B (en) | 2021-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11651109B2 (en) | Permission management method, permission verification method, and related apparatus | |
US10771459B2 (en) | Terminal apparatus, server apparatus, blockchain and method for FIDO universal authentication using the same | |
US11876807B2 (en) | Secure online access control to prevent identification information misuse | |
US7607008B2 (en) | Authentication broker service | |
US8955082B2 (en) | Authenticating using cloud authentication | |
US20210006410A1 (en) | Method for providing virtual asset service based on decentralized identifier and virtual asset service providing server using them | |
US7571473B1 (en) | Identity management system and method | |
CA2451491C (en) | A distributed network system using biometric authentication access | |
CN112580102A (en) | Multi-dimensional digital identity authentication system based on block chain | |
CN108449348A (en) | A kind of on-line authentication system and method for supporting user identity secret protection | |
JP2001197055A (en) | Device, method, and service system for proxy authentication and computer-readable recording medium | |
JP2016173646A (en) | Authentication system, service provision device, authentication device, authentication method and program | |
US10158643B2 (en) | Token-based routing for in-network authorization | |
US20130091355A1 (en) | Techniques to Prevent Mapping of Internal Services in a Federated Environment | |
US20230306103A1 (en) | Pre-registration of authentication devices | |
US11218466B2 (en) | Endpoint security | |
CN111614687A (en) | Identity verification method, system and related device | |
Anna et al. | Methods of security authentication and authorization into informationals systems | |
US20220343025A1 (en) | Process for managing the rights and assets of a user on a blockchain | |
CN116055051A (en) | Data processing method based on block chain network and related equipment | |
US20200111076A1 (en) | Methods, apparatuses, and computer program products for using an authenticated telephone number to transfer goods and services to designated recipients | |
CN113746630A (en) | Block chain certificate management method and device, alliance chain and storage medium | |
US20130061302A1 (en) | Method and Apparatus for the Protection of Computer System Account Credentials | |
US11954672B1 (en) | Systems and methods for cryptocurrency pool management | |
CN117396866A (en) | Authorized transaction escrow service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |