CN108449348A - A kind of on-line authentication system and method for supporting user identity secret protection - Google Patents

A kind of on-line authentication system and method for supporting user identity secret protection Download PDF

Info

Publication number
CN108449348A
CN108449348A CN201810241993.XA CN201810241993A CN108449348A CN 108449348 A CN108449348 A CN 108449348A CN 201810241993 A CN201810241993 A CN 201810241993A CN 108449348 A CN108449348 A CN 108449348A
Authority
CN
China
Prior art keywords
user
identity
module
identity information
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810241993.XA
Other languages
Chinese (zh)
Other versions
CN108449348B (en
Inventor
朱辉
于攀
李晖
马志平
张业平
张亦文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810241993.XA priority Critical patent/CN108449348B/en
Publication of CN108449348A publication Critical patent/CN108449348A/en
Application granted granted Critical
Publication of CN108449348B publication Critical patent/CN108449348B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration

Abstract

The invention belongs to transmission control procedure technical fields, disclose a kind of on-line authentication system and method for supporting user identity secret protection, and user submits characteristic information to apply for the registration of;The log-on message for receiving user's submission generates user identity according to characteristic information, and user identity can be stored as subscriber identity information table;Generate user local identity information table;User terminal sequentially searches first available ID in local identity information table, after receiving user terminal request, initiates user identity audit request, whether the user that verification possesses the identity is legal;Selection processing mode is returned the result according to identity server, processing user terminal request is asked if user identity is legal, is otherwise refused.User identity generating process proposed by the present invention can guarantee that user identity is anonymous, and user real identification information only has user itself and identity server to have permission acquisition;Under conditions of user identity audit realizes user identity anonymity, user identity permission is managed, ensure that privacy of user.

Description

A kind of on-line authentication system and method for supporting user identity secret protection
Technical field
The invention belongs to transmission control procedure technical field more particularly to a kind of supporting the online of user identity secret protection Verification System and method.
Background technology
Currently, the prior art commonly used in the trade is such:Field is interacted in shopping at network, network finance and network social intercourse etc. Under scape, since personal user carries out business operation commonly using same fixed ID or submits service request to server, it is easy quilt Attacker's statistical analysis user's feature, or know that user is accustomed to by website owner.The privacy of user has to be obtained by criminal And the risk utilized.The prior art one " a kind of cross-domain anonymous resource sharing platform and its implementation " discloses a kind of cross-domain hide Name resource platform and its implementation.The core concept of the program is:It is realized to user anonymity identity using anonymous authentication module Certification realizes the empowerment management to user by access control method.The final anonymous cross-domain authorization management realized to user, with And realize Modes of Sharing Resources.The prior art two " a kind of anonymous authentication method of curstomer-oriented/server network " discloses one The anonymous authentication method of kind curstomer-oriented/server network, it is characterized in that there are a trusted party, a server, one Secure hardware and several clients.Secure hardware carries out client signature and stored previous n-1 effectively signatures Polymerization, and aggregate signature is issued into given server, only given server is just able to verify that the validity of aggregate signature, and then demonstrate,proves The validity of bright client signature realizes the anonymity of client with this.
In conclusion problem of the existing technology is:The prior art needs a large amount of mathematical operation, in the field of high concurrent Scape be easy to cause traffic congestion, and needs independent hardware device, equipment update and safeguard need to inject capital into again and Energy.
Solve the difficulty and meaning of above-mentioned technical problem:Present solution provides a kind of support user identity privacy anonymity protections On-line authentication system and method, lead to too small amount of mathematical operation and ensure that user identity is anonymous, in the high concurrent scene system and Method can also be executed efficiently.
Invention content
In view of the problems of the existing technology, the present invention provides a kind of on-line authentications for supporting user identity secret protection System and method.
The invention is realized in this way a kind of on-line authentication method for supporting user identity secret protection, the support is used The on-line authentication method of family privacy of identities protection includes:
Step 1, user submit characteristic information to apply for the registration of;
Step 2 receives the log-on message of user's submission, generates user identity according to characteristic information, user identity can store For subscriber identity information table;Generate user local identity information table;
Step 3, user terminal sequentially search first available ID in local identity information table, after receiving user terminal request, initiate Whether user identity audit request, the user that verification possesses the identity are legal;Searched whether in subscriber identity information table include The identity, and return to verification result;Subscriber identity information table is there are the identity information, then user identity is legal, otherwise illegal;
Step 4 returns the result selection processing mode according to identity server, and processing is asked to be used if user identity is legal Family end is asked, and is otherwise refused.
Further, the mode for supporting that the on-line authentication method of user identity secret protection generates user identity is:
IDn=F (IDn-1,IV);
Wherein F () is one-way function.
Further, the subscriber identity information generating mode is the identity information of sequentially generation fixed quantity, and according to spy Surely it is ranked sequentially, each subscriber identity information includes the index of user real identification information;All users generate identity information root It is organized into a kind of orderly data structure according to particular order.
Further, whether the verification user is that validated user method specifically includes:
(1) whether include inquired identity information by binary search in subscriber identity information table, if user identity Do not include the user information in information table and return to user identity invalid result, otherwise returns to user identity valid result, and carry out In next step;
(2) identity information is deleted from subscriber identity information table, and checks the identity that the user for possessing the identity uses Whether information occurs step-out.If step-out does not occur, according to subscriber identity information generating mode, the last one identity at this time is used Information generates new identity information, and is added in subscriber identity information table by particular order;Otherwise it carries out in next step;
(3) identity information that step-out all under the user is deleted after the identity information of all step-outs, and root are found The identity information of new equivalent amount is generated according to subscriber identity information generating mode.
Another object of the present invention is to provide a kind of on-line authentication methods of the support user identity secret protection Support the on-line authentication system of user identity secret protection, the on-line authentication system packet for supporting user identity secret protection It includes:
Line module is deployed in user side, and for providing to the user, registration, identity information generates and store function;
Multi-service processing module, is deployed in Service Process Server, for according to subscriber identity information to the body registered Part authentication module sends user identity audit request, and is asked according to authentication auditing result processing business;
Authentication module is deployed in identity server, and for providing registration to the user, identity information generates and storage work( Can, and the identity auditing result accepted is returned to multi-service processing module.
Further, the line module includes:
User asks registration module, for the characteristic information submitted according to user, generation log-on message and to authentication Module submits application for registration;
Service request module, for submitting application for registration;
Subscriber identity information generation module, receives returning the result for user's registration, and registration failure then calls user to ask note Volume module regenerates log-on message and submits registration request to selected authentication module;It succeeds in registration, is recognized according to identity The login ID that module returns is demonstrate,proved, initial vector IV and one-way function generate identity information and the storage of user.
Further, the multi-service processing module includes:
Service handling module, receives customer service request, asks type to be delivered to Service Processing Module according to customer service Service request, and deliver subscriber identity information to user identity requests verification module;
Service Processing Module receives the authentication result of authentication module according to user identity requests verification module Business processing is carried out, the service request of the user is handled if the authentication of service request user is legal, otherwise refuses business Request.Handling result is back to line module;
User identity requests verification module, according to subscriber identity information and institute's enrollment status authentication module information, to registration Authentication module send user identity audit request, and receive identity auditing result and transfer to user's processing module.
Further, the authentication module includes:
User registration module accepts the user's registration request of line module, is generated for user according to the information of user's registration Login ID, initial vector IV, and select a kind of one-way function as identity information generating function;
User's registration accepts login ID of the module by generation, and the one-way function of initial vector IV and selection is committed to user's letter It ceases generation module and is back to line module;
Identity information generation module, according to the unidirectional of the login ID of user registration module submission, initial vector IV and selection Subscriber identity information is generated for user in function, and is sequentially stored as a kind of data structure that can efficiently build and search.
Another object of the present invention is to provide a kind of using the on-line authentication side for supporting user identity secret protection The information data processing terminal of method.
The on-line authentication side for supporting user identity secret protection is realized another object of the present invention is to provide a kind of The computer program of method.
In conclusion advantages of the present invention and good effect are:User identity generating process proposed by the present invention can guarantee User identity is anonymous, and user real identification information only has user itself and identity server to have permission acquisition.It is proposed by the present invention Under conditions of user identity audit realizes user identity anonymity, user identity permission is managed, ensure that privacy of user.
Description of the drawings
Fig. 1 is the on-line authentication system structure diagram provided in an embodiment of the present invention for supporting user identity secret protection;
In figure:1, line module;2, multi-service processing module;3, authentication module.
Fig. 2 is the on-line authentication method flow diagram provided in an embodiment of the present invention for supporting user identity secret protection.
Fig. 3 is subscriber identity information product process figure provided in an embodiment of the present invention.
Fig. 4 is user's registration flow chart provided in an embodiment of the present invention.
Fig. 5 is business processing flow figure provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
The purpose of the present invention is realizing in the case where protecting the privacy of user identity, user identity and permission can be tested Card.System includes that line module, multi-service processing module and authentication module, technical solution are mainly given birth to by subscriber identity information It is formed at two processes of subscriber authentication.
The application principle of the present invention is explained in detail below in conjunction with the accompanying drawings.
As shown in Figure 1, provided in an embodiment of the present invention support that the on-line authentication system of user identity secret protection includes:With Family module 1, multi-service processing module 2, authentication module 3.
Line module 1 includes that user asks registration module, service request module and subscriber identity information generation module, deployment In user side, registration, identity information generation and store function are provided to the user.
User asks the characteristic information that registration module is submitted according to user, including but not limited to identification card number, phone number, postal One, case etc. and several combinations generate log-on message and submit application for registration to authentication module.
Subscriber identity information receives returning the result for user's registration, and user is called to ask registration module weight if registration failure Newly-generated log-on message submits registration request to selected authentication module.According to authentication module if succeeding in registration The login ID of return, initial vector IV and one-way function generate the identity information of user and storage, and generating mode can be but unlimited In:
IDn=F (IDn-1,IV);
Wherein F () is one-way function, can be but be not limited to hash function, encryption function and arbitrary combination.
Multi-service processing module 2 includes service handling module, Service Processing Module and user identity requests verification module, portion It is deployed on Service Process Server, sending user identity audit to the authentication module registered according to subscriber identity information asks It asks, and is asked according to authentication auditing result processing business.
Service handling module receives customer service request, asks type to deliver industry to Service Processing Module according to customer service Business request, and deliver subscriber identity information to user identity requests verification module.
Service Processing Module receives the authentication result of authentication module according to user identity requests verification module Business processing is carried out, the service request of the user is handled if the authentication of service request user is legal, otherwise refuses business Request.Handling result is back to line module.
User identity requests verification module is according to subscriber identity information and institute's enrollment status authentication module information, to registration Authentication module sends user identity audit request, and receives identity auditing result and transfer to user's processing module.
Authentication module 3 includes user registration module, subscriber identity information generation module and subscriber identity information inquiry Module is deployed in identity server, provides registration, identity information generation and store function to the user, and handle mould to multi-service Block returns to the identity auditing result accepted.
User registration module accepts the user's registration request of line module, is generated for user and is stepped on according to the information of user's registration ID, initial vector IV are recorded, and selects a kind of one-way function as identity information generating function.User's registration accepts module and will generate Login ID, the one-way function of initial vector IV and selection is committed to user information generation module and is back to line module.
The unidirectional letter for login ID, initial vector IV and the selection that identity information generation module is submitted according to user registration module Subscriber identity information is generated for user in number, and is sequentially stored as a kind of data structure that can efficiently build and search, generating mode It can be but be not limited to:
IDn=F (IDn-1,IV);
Wherein F () is one-way function, can be but be not limited to hash function, encryption function and arbitrary combination.It can be efficient Structure and the data structure searched can be but be not limited to balanced binary tree, red black tree etc..
Subscriber identity information enquiry module receives the subscriber authentication request of multi-service processing module transmission, and to more industry Processing module of being engaged in returns to query result.Identity information enquiry module is according to dichotomy in subscriber identity information table search user identity The subscriber identity information that checking request includes, it is non-to multi-service processing module return user identity if not comprising this identity information Method result.Otherwise the subscriber identity information in subscriber identity information table is deleted, and user information generation module is called to generate newly Identity information is simultaneously stored in subscriber identity information table.In addition, the identity information that identity information enquiry module searches the user is No step-out deletes step-out information all in subscriber identity information table, and call user information if subscriber identity information step-out Generation module generates the subscriber identity information with step-out information equivalent amount.
As shown in Fig. 2, it is provided in an embodiment of the present invention support user identity secret protection on-line authentication method include with Lower step:
S201:User submits the information for confirming identity, including but not limited to body by the request registration module of line module Part card number, cell-phone number, mailbox etc., and select the identity server to be registered.Line module is taken by secure connection to identity Business device identity module submits log-on message;
S202:Identity server authentication module receives user's registration information, user's registration mould by secure connection Block lookup possesses whether log-on message user is registered, and returns to registration failure information if being registered in user terminal, otherwise It goes in next step;
S203:User registration module is that registration user generates login ID, and IV vectors simultaneously select a kind of hash function to be back to User terminal.The user login information that identity information generation module is generated according to user registration module;
S204:User obtains registering result from secure connection, new identity information is resubmited if registration failure, otherwise Hash function, User ID and the IV vectors provided according to identity server, identity letter is generated by the identical mode of identity server Breath table simultaneously stores;
S205:User searches first available identity in local identity information table, and as subscriber identity information to industry Business processing server requested service processing;Service handling module receives the service request of user's transmission, and user identity request is tested Identity server of the module according to user's registration is demonstrate,proved, authentication request is sent to identity server by secure connection;
S206:Identity server user information inquiry module receives the subscriber authentication of Service Process Server transmission After request, the identity information for including the user is searched whether in subscriber identity information storage table, is taken to business if not including Business device returns to user identity invalid information, otherwise returns to user identity legal information, and carries out in next step;
S207:User identity requests verification module receives the query result of return, if return the result for user identity it is legal User's requested service is then handled, is refused user's request for the non-rule of user identity if returning the result, and record user's Request Log;
S208:Line module obtains the result of service server processing.If the identity information has failed, in identity information First available identity re-request business processing is sequentially searched in table, and deletes failure identity information, and generates new identity letter In breath storage to local identity information table;It successfully deletes the identity information used if service server is handled and generates newly Identity information is stored to local identity information table.
The user login information that identity information generation module is generated according to user registration module in step S203, generation side Formula is:
WhereinFor one-way function, it can be but be not limited to hash function, encryption function and arbitrary combination.All users The subscriber identity information of generation is stored as a kind of data structure that can efficiently build and inquire, and referred to as subscriber identity information Table.
Step S206 further comprises:
(1) identity server deletes the identity information from subscriber identity information table, and checks the user for possessing the identity Whether the identity information used occurs step-out.If step-out does not occur, identity server according to subscriber identity information generating mode, New identity information is generated using the last one identity information at this time, and is added in subscriber identity information table by particular order.It is no It then carries out in next step;
(2) identity server finds the identity that step-out all under the user is deleted after the identity informations of all step-outs Information, and generate according to claim 3 subscriber identity information generating mode the identity information of new equivalent amount.
The application principle of the present invention is further described with reference to specific embodiment.
Embodiment 1:
Anonymity shopping:
1.1 register flow path:
User establishes escape way, browser by terminal and website, and intelligent card subscriber submits registration letter to shopping website Breath;
Shopping website verifies user identity in identity server, and registration failure letter is prompted the user with if user is registered Otherwise breath is gone in next step;
Identity server distributing user login ID, IV vectors, and select a kind of hash function according to user's login ID and IV Vector generates the EID of fixed quantity, and EID is sequentially stored and generates user's EID tables, and generating mode is:
" EID " _ n=F (" EID " _ (n-1) IV);
Shopping website returns to login ID to user.
1.2 anonymous shopping process:
User log in shopping website, if logining successfully identity server by safe lane to user terminal send IV to Amount and hash function, starting EID etc., otherwise prompt login failed for user;
User terminal receives IV vector sum hash functions by safe lane, originates EID, and generate local EID tables, generates Rule is:
" EID " _ n=F (" EID " _ (n-1) IV);
User terminal sequentially searches an available EID in EID tables and places an order in on-line shop is stood in shopping;
On-line shop gets user EID, and verifies user identity to shopping website identity server by safe lane;
Whether identity server inquires the EID in user list effective, if including if return to success, and delete the inquiry EID simultaneously generates new EID storages to EID tables, otherwise returns to failure.
Shopping on-line shop gets user identity query result, and handling the EID data if query result is validated user asks It asks, otherwise refuses;
User terminal gets on-line shop's handling result, and the EID is deleted if being successfully processed, and generate new EID store to EID tables.
1.3 terminate flow
EID table end positions are sent with user orientation server;Server-tag EID next time tables initial position, when next time communicates The use of the EID is starting EID.
Embodiment 2:
It votes anonymously
2.1 user's registration:
User terminal and identity server establish secure connection.
User registers to identity server, identity server distributing user login ID, IV vectors, and selects a kind of hash letter It is several to generate EID tables according to user's login ID and IV vectors.
User receives the ID of identity server return, IV vectors, and is generated using identical hash function and identical algorithms Local ident table.
2.2 ballot:
User terminal, identity server and polling server establish secure connection.
User selects an available EID to vote as ID in local EID tables.
Polling server receives user's ballot request for ID with EID, and possesses this to identity server requests verification The legitimacy of EID user identity.
Identity server searched whether in local EID tables include the EID, if including if prove that user identity is legal, it is no It is then illegal.And return to query result to polling server.
Polling server, which receives, to be returned the result, and voting records are recorded if identity is legal, otherwise refusal ballot request.
Embodiment 3:
Anonymous invoice
3.1 user's registration:
User submits log-on message, including cell-phone number, mailbox, identification card number etc. to user terminal;
User terminal receives log-on message, and registration request is submitted to identity server by secure connection;
Identity server receives registration request, and search request log-on message is to be registered, if being registered to User terminal returns to registration failure information, and otherwise continue to the next step;
Identity server receives log-on message, generates user's login ID, initial vector IV, and select a kind of one-way function, And three category information is back to user terminal;
Identity server generates subscriber identity information, each user according to login ID, initial vector IV and one-way function Identity information be 128bit character string, generating mode is:Identity server is deposited all subscriber identity informations by lexcographical order Storage is binary tree;
User terminal receives the registering result of identity server return, submits and notes to identity server again if registration failure Volume information.If succeeding in registration, the identity information of the user is generated according to rule identical with identity server.
3.2 invoice issuing
User selects identity of the first available identity information as this application invoice issuing in local identity information table.
Invoice issuing side will ask identity to provide invoice as bill new line.
3.3 note validating
Whether legal submit an expense account the subscriber identity information that unit asks audit bill to come back to identity server;
Identity server searches whether to include the identity information in local identity information table using dichotomy, if not including Then user identity invalid information is returned to reimbursement unit;Otherwise user identity legal information is returned, and deletes the identity information, with And it generates new identity information and stores to subscriber identity information table.
Reimbursement unit receives identity server and returns the result, if return the result user identity it is legal if handle reimbursement business, Otherwise refusal processing reimbursement business.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its arbitrary combination real It is existing.When using entirely or partly realizing in the form of a computer program product, the computer program product include one or Multiple computer instructions.When loading on computers or executing the computer program instructions, entirely or partly generate according to Flow described in the embodiment of the present invention or function.The computer can be all-purpose computer, special purpose computer, computer network Network or other programmable devices.The computer instruction can store in a computer-readable storage medium, or from one Computer readable storage medium is transmitted to another computer readable storage medium, for example, the computer instruction can be from one A web-site, computer, server or data center pass through wired (such as coaxial cable, optical fiber, Digital Subscriber Line (DSL) Or wireless (such as infrared, wireless, microwave etc.) mode is carried out to another web-site, computer, server or data center Transmission).The computer read/write memory medium can be that any usable medium that computer can access either includes one The data storage devices such as a or multiple usable mediums integrated server, data center.The usable medium can be magnetic Jie Matter, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state disk Solid State Disk (SSD)) etc..
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.

Claims (10)

1. a kind of on-line authentication method for supporting user identity secret protection, which is characterized in that the support user identity privacy The on-line authentication method of protection includes:
Step 1, user submit characteristic information to apply for the registration of;
Step 2 receives the log-on message of user's submission, generates user identity according to characteristic information, user identity can be stored as using Family identity information table;Generate user local identity information table;
Step 3, user terminal sequentially search first available ID in local identity information table, after receiving user terminal request, initiate user Whether identity audit request, the user that verification possesses the identity are legal;It searches whether to include the body in subscriber identity information table Part, and return to verification result;Subscriber identity information table is there are the identity information, then user identity is legal, otherwise illegal;
Step 4 returns the result selection processing mode according to identity server, and processing user terminal is asked if user identity is legal Request, otherwise refuses.
2. supporting the on-line authentication method of user identity secret protection as described in claim 1, which is characterized in that the support The mode that the on-line authentication method of user identity secret protection generates user identity is:
IDn=F (IDn-1,IV);
Wherein F () is one-way function.
3. supporting the on-line authentication method of user identity secret protection as described in claim 1, which is characterized in that the user Identity information generating mode is sequentially to generate the identity information of fixed quantity, and arranged according to particular order, each user identity Information includes the index of user real identification information;All users generate identity information and are organized into one kind orderly according to particular order Data structure.
4. supporting the on-line authentication method of user identity secret protection as described in claim 1, which is characterized in that the verification Whether user is that validated user method specifically includes:
(1) whether include inquired identity information by binary search in subscriber identity information table, if subscriber identity information Do not include the user information in table and return to user identity invalid result, otherwise returns to user identity valid result, and carry out next Step;
(2) identity information is deleted from subscriber identity information table, and checks the identity information that the user for possessing the identity uses Whether step-out is occurred;Step-out does not occur, according to subscriber identity information generating mode, is given birth to using the last one identity information at this time It is added in subscriber identity information table at new identity information, and by particular order;Otherwise it carries out in next step;
(3) find the identity information that step-out all under the user is deleted after the identity information of all step-outs, and according to Family identity information generating mode generates the identity information of new equivalent amount.
5. a kind of support user identity privacy of the on-line authentication method of support user identity secret protection as described in claim 1 The on-line authentication system of protection, which is characterized in that described to support that the on-line authentication system of user identity secret protection includes:
Line module is deployed in user side, and for providing to the user, registration, identity information generates and store function;
Multi-service processing module, is deployed in Service Process Server, for being recognized to the identity registered according to subscriber identity information It demonstrate,proves module and sends user identity audit request, and asked according to authentication auditing result processing business;
Authentication module is deployed in identity server, for providing registration, identity information generation and store function to the user, And the identity auditing result accepted is returned to multi-service processing module.
6. the on-line authentication system of support user identity secret protection as claimed in claim 5, which is characterized in that the use Family module includes:
User asks registration module, for the characteristic information submitted according to user, generation log-on message and to authentication module Submit application for registration;
Service request module, for submitting application for registration;
Subscriber identity information generation module, receives returning the result for user's registration, and registration failure then calls user to ask registration mould Block regenerates log-on message and submits registration request to selected authentication module;It succeeds in registration then according to authentication mould The login ID that block returns, initial vector IV and one-way function generate the identity information of user and storage.
7. the on-line authentication system of support user identity secret protection as claimed in claim 5, which is characterized in that described more Service Processing Module includes:
Service handling module, receives customer service request, asks type to Service Processing Module handing over service according to customer service Request, and deliver subscriber identity information to user identity requests verification module;
Service Processing Module, the authentication result that authentication module is received according to user identity requests verification module carry out Business processing handles the service request of the user if the authentication of service request user is legal, otherwise refuses service request; Handling result is back to line module;
User identity requests verification module, according to subscriber identity information and institute's enrollment status authentication module information, to the body of registration Part authentication module sends user identity audit request, and receives identity auditing result and transfer to user's processing module.
8. the on-line authentication system of support user identity secret protection as claimed in claim 5, which is characterized in that the body Part authentication module includes:
User registration module accepts the user's registration request of line module, login is generated for user according to the information of user's registration ID, initial vector IV, and select a kind of one-way function as identity information generating function;
User's registration accepts login ID of the module by generation, and the one-way function of initial vector IV and selection is committed to user information life At module and it is back to line module;
Identity information generation module, login ID, initial vector IV and the one-way function of selection submitted according to user registration module Subscriber identity information is generated for user, and is sequentially stored as a kind of data structure that can efficiently build and search.
9. a kind of letter using the on-line authentication method for supporting user identity secret protection described in Claims 1 to 4 any one Cease data processing terminal.
10. a kind of meter for realizing the on-line authentication method for supporting user identity secret protection described in Claims 1 to 4 any one Calculation machine program.
CN201810241993.XA 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection Active CN108449348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810241993.XA CN108449348B (en) 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810241993.XA CN108449348B (en) 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection

Publications (2)

Publication Number Publication Date
CN108449348A true CN108449348A (en) 2018-08-24
CN108449348B CN108449348B (en) 2021-03-26

Family

ID=63196226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810241993.XA Active CN108449348B (en) 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection

Country Status (1)

Country Link
CN (1) CN108449348B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109359938A (en) * 2018-09-21 2019-02-19 深圳市买买提信息科技有限公司 A kind of optimization method of flow chart of data processing, device and terminal device
CN109544412A (en) * 2018-10-09 2019-03-29 重庆易保全网络科技有限公司 Strong notarization method, apparatus, storage medium and equipment are assigned online
CN109981585A (en) * 2019-02-26 2019-07-05 中国联合网络通信集团有限公司 Business handling method and apparatus
CN113141347A (en) * 2021-03-16 2021-07-20 中国科学院信息工程研究所 Social work information protection method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697540A (en) * 2009-10-15 2010-04-21 浙江大学 Method for authenticating user identity through P2P service request
CN103607371A (en) * 2013-07-02 2014-02-26 燕山大学 Method for protecting Internet user privacy through third-party platform
US20160034712A1 (en) * 2012-10-02 2016-02-04 Banjo, Inc. System and method for event-related content discovery, curation, and presentation
CN107017993A (en) * 2017-04-01 2017-08-04 北京江南天安科技有限公司 A kind of multi-party joint key is produced and digital signature method and system
CN107633161A (en) * 2017-08-24 2018-01-26 深圳双创科技发展有限公司 The terminal and Related product of the access control of protected data
CN107786340A (en) * 2016-08-31 2018-03-09 阿里巴巴集团控股有限公司 A kind of method and device of authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697540A (en) * 2009-10-15 2010-04-21 浙江大学 Method for authenticating user identity through P2P service request
US20160034712A1 (en) * 2012-10-02 2016-02-04 Banjo, Inc. System and method for event-related content discovery, curation, and presentation
CN103607371A (en) * 2013-07-02 2014-02-26 燕山大学 Method for protecting Internet user privacy through third-party platform
CN107786340A (en) * 2016-08-31 2018-03-09 阿里巴巴集团控股有限公司 A kind of method and device of authentication
CN107017993A (en) * 2017-04-01 2017-08-04 北京江南天安科技有限公司 A kind of multi-party joint key is produced and digital signature method and system
CN107633161A (en) * 2017-08-24 2018-01-26 深圳双创科技发展有限公司 The terminal and Related product of the access control of protected data

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109359938A (en) * 2018-09-21 2019-02-19 深圳市买买提信息科技有限公司 A kind of optimization method of flow chart of data processing, device and terminal device
CN109544412A (en) * 2018-10-09 2019-03-29 重庆易保全网络科技有限公司 Strong notarization method, apparatus, storage medium and equipment are assigned online
CN109981585A (en) * 2019-02-26 2019-07-05 中国联合网络通信集团有限公司 Business handling method and apparatus
CN109981585B (en) * 2019-02-26 2022-02-22 中国联合网络通信集团有限公司 Business handling method and equipment
CN113141347A (en) * 2021-03-16 2021-07-20 中国科学院信息工程研究所 Social work information protection method and device, electronic equipment and storage medium
CN113141347B (en) * 2021-03-16 2022-06-10 中国科学院信息工程研究所 Social work information protection method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN108449348B (en) 2021-03-26

Similar Documents

Publication Publication Date Title
US11651109B2 (en) Permission management method, permission verification method, and related apparatus
US10771459B2 (en) Terminal apparatus, server apparatus, blockchain and method for FIDO universal authentication using the same
US11876807B2 (en) Secure online access control to prevent identification information misuse
US7607008B2 (en) Authentication broker service
US8955082B2 (en) Authenticating using cloud authentication
US20210006410A1 (en) Method for providing virtual asset service based on decentralized identifier and virtual asset service providing server using them
US7571473B1 (en) Identity management system and method
CA2451491C (en) A distributed network system using biometric authentication access
CN112580102A (en) Multi-dimensional digital identity authentication system based on block chain
CN108449348A (en) A kind of on-line authentication system and method for supporting user identity secret protection
JP2001197055A (en) Device, method, and service system for proxy authentication and computer-readable recording medium
JP2016173646A (en) Authentication system, service provision device, authentication device, authentication method and program
US10158643B2 (en) Token-based routing for in-network authorization
US20130091355A1 (en) Techniques to Prevent Mapping of Internal Services in a Federated Environment
US20230306103A1 (en) Pre-registration of authentication devices
US11218466B2 (en) Endpoint security
CN111614687A (en) Identity verification method, system and related device
Anna et al. Methods of security authentication and authorization into informationals systems
US20220343025A1 (en) Process for managing the rights and assets of a user on a blockchain
CN116055051A (en) Data processing method based on block chain network and related equipment
US20200111076A1 (en) Methods, apparatuses, and computer program products for using an authenticated telephone number to transfer goods and services to designated recipients
CN113746630A (en) Block chain certificate management method and device, alliance chain and storage medium
US20130061302A1 (en) Method and Apparatus for the Protection of Computer System Account Credentials
US11954672B1 (en) Systems and methods for cryptocurrency pool management
CN117396866A (en) Authorized transaction escrow service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant