CN108449348B - Online authentication system and method supporting user identity privacy protection - Google Patents

Online authentication system and method supporting user identity privacy protection Download PDF

Info

Publication number
CN108449348B
CN108449348B CN201810241993.XA CN201810241993A CN108449348B CN 108449348 B CN108449348 B CN 108449348B CN 201810241993 A CN201810241993 A CN 201810241993A CN 108449348 B CN108449348 B CN 108449348B
Authority
CN
China
Prior art keywords
user
identity
module
identity information
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810241993.XA
Other languages
Chinese (zh)
Other versions
CN108449348A (en
Inventor
朱辉
于攀
李晖
马志平
张业平
张亦文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810241993.XA priority Critical patent/CN108449348B/en
Publication of CN108449348A publication Critical patent/CN108449348A/en
Application granted granted Critical
Publication of CN108449348B publication Critical patent/CN108449348B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention belongs to the technical field of transmission control procedures, and discloses an online authentication system and method supporting user identity privacy protection, wherein a user submits characteristic information for registration; receiving registration information submitted by a user, and generating a user identity according to the characteristic information, wherein the user identity can be stored as a user identity information table; generating a local identity information table of the user; the user side searches the first available ID in the local identity information table in sequence, initiates a user identity verification request after receiving a user side request, and verifies whether the user with the identity is legal or not; and selecting a processing mode according to the returned result of the identity server, if the user identity is required to process the user side request, otherwise, rejecting the user side request. The user identity generation process provided by the invention can ensure that the user identity is anonymous, and the real identity information of the user is only obtained by the user and the identity server; the user identity verification realizes the management of the user identity authority under the condition that the user identity is anonymous, and ensures the user privacy.

Description

Online authentication system and method supporting user identity privacy protection
Technical Field
The invention belongs to the technical field of transmission control procedures, and particularly relates to an online authentication system and method supporting user identity privacy protection.
Background
Currently, the current state of the art commonly used in the industry is such that:under interactive scenes such as online shopping, online finance and online social, since individual users often use the same fixed ID to perform business operation or submit business requests to a server, the characteristics of the users are easy to be statistically analyzed by attackers or the habits of the users are learned by website owners. The privacy of the user is at risk for being acquired and utilized by lawbreakers. The prior art, namely 'a cross-domain anonymous resource sharing platform and an implementation method thereof', discloses a cross-domain anonymous resource platform and an implementation method thereof. The core idea of the scheme is as follows: the anonymous authentication module is used for realizing the anonymous identity authentication of the user, and the authorization management of the user is realized through an access control method. Finally realizing the userThe anonymous cross-domain authorization management and the resource sharing mode are realized. The second prior art discloses an anonymous authentication method facing a client/server network, which is characterized in that a trusted center, a server, a safety hardware and a plurality of clients exist. The security hardware aggregates the client signature with the stored n-1 previous valid signatures, and sends the aggregated signature to the designated server, only the designated server can verify the validity of the aggregated signature, and further the validity of the client signature is proved, so that the anonymity of the client is realized.
In summary, the problems of the prior art are as follows:the prior art needs a large amount of mathematical operations, is easy to cause traffic congestion in a high-concurrency scene, needs independent hardware equipment, and needs to invest capital and energy in equipment updating and maintenance.
The difficulty and significance for solving the technical problems are as follows:the scheme provides an online authentication system and method supporting anonymous protection of user identity privacy, the anonymity of the user identity is guaranteed through a small amount of mathematical operation, and the system and method can be efficiently executed in a high-concurrency scene.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an online authentication system and method supporting user identity privacy protection.
The invention is realized in this way, a support user identity privacy protection online authentication method, the support user identity privacy protection online authentication method includes:
step one, a user submits a characteristic information application for registration;
step two, receiving registration information submitted by a user, and generating a user identity according to the characteristic information, wherein the user identity can be stored as a user identity information table; generating a local identity information table of the user;
step three, the user side searches the first available ID in the local identity information table in sequence, initiates a user identity verification request after receiving a user side request, and verifies whether the user with the identity is legal or not; searching whether the identity is contained in a user identity information table or not, and returning a verification result; if the user identity information exists in the user identity information table, the user identity is legal, otherwise, the user identity is illegal;
and step four, selecting a processing mode according to the returned result of the identity server, if the user identity is judged to be legal, requesting to process the user side request, and if not, rejecting the user side request.
Further, the method for generating the user identity by the online authentication method supporting the user identity privacy protection comprises the following steps:
IDn=F(IDn-1,IV);
where F (-) is a one-way function.
Further, the user identity information generation mode is that a fixed amount of identity information is generated in sequence and arranged according to a specific sequence, and each user identity information contains an index of the user real identity information; all user generated identity information is organized into an ordered data structure according to a specific order.
Further, the method for verifying whether the user is a valid user specifically includes:
(1) searching whether the inquired identity information is contained in the user identity information table according to a dichotomy, if the user identity information table does not contain the user information, returning an illegal user identity result, and if not, returning a legal user identity result, and performing the next step;
(2) and deleting the identity information from the user identity information table, and checking whether the identity information used by the user with the identity is out of step. If no step-out occurs, generating new identity information by using the last identity information according to the user identity information generation mode, and adding the new identity information to the user identity information table according to a specific sequence; otherwise, carrying out the next step;
(3) and deleting all the desynchronized identity information of the user after all the desynchronized identity information is found, and generating new identity information with the same quantity according to the user identity information generation mode.
Another object of the present invention is to provide an online authentication system supporting user identity privacy protection of the online authentication method supporting user identity privacy protection, including:
the user module is deployed at a user side and used for providing registration, identity information generation and storage functions for a user;
the multi-service processing module is deployed in the service processing server and used for sending a user identity verification request to the registered identity authentication module according to the user identity information and processing the service request according to an identity authentication verification result;
and the identity authentication module is deployed in the identity server and used for providing registration, identity information generation and storage functions for the user and returning a received identity verification result to the multi-service processing module.
Further, the user module includes:
the user request registration module is used for generating registration information according to the characteristic information submitted by the user and submitting a registration application to the identity authentication module;
the service request module is used for submitting a registration application;
the user identity information generating module receives a returned result of user registration, and if the registration fails, the user identity information generating module calls the user request registration module to regenerate registration information and submits a registration request to the selected identity authentication module; and if the registration is successful, generating and storing the identity information of the user according to the login ID, the initial vector IV and the one-way function returned by the identity authentication module.
Further, the multi-service processing module includes:
the service acceptance module receives the user service request, transmits the service request to the service processing module according to the type of the user service request, and transmits the user identity information to the user identity request verification module;
and the service processing module is used for processing the service according to the identity verification result of the identity authentication module received by the user identity request verification module, processing the service request of the user if the identity verification of the service request user is legal, and rejecting the service request if the identity verification of the service request user is not legal. The processing result is returned to the user module;
and the user identity request verification module sends a user identity verification request to the registered identity authentication module according to the user identity information and the registered identity authentication module information, receives an identity verification result and forwards the identity verification result to the user processing module.
Further, the identity authentication module comprises:
the user registration module accepts a user registration request of the user module, generates a login ID and an initial vector IV for a user according to user registration information, and selects a one-way function as an identity information generation function;
the user registration acceptance module submits the generated login ID, the initial vector IV and the selected one-way function to the user information generation module and returns the user information to the user module;
and the identity information generating module generates user identity information for the user according to the login ID submitted by the user registration module, the initial vector IV and the selected one-way function, and stores the user identity information in sequence into a data structure which can be efficiently constructed and searched.
Another object of the present invention is to provide an information data processing terminal applying the online authentication method supporting user identity privacy protection.
Another object of the present invention is to provide a computer program for implementing the online authentication method supporting user identity privacy protection.
In summary, the advantages and positive effects of the invention are:the user identity generation process provided by the invention can ensure that the user identity is anonymous, and the real identity information of the user is only obtained by the user and the identity server. The user identity auditing method and the system realize the management of the user identity authority under the condition of anonymous user identity, and ensure the privacy of the user.
Figure BDA0001605509600000041
Figure BDA0001605509600000051
Drawings
FIG. 1 is a schematic structural diagram of an online authentication system supporting user identity privacy protection according to an embodiment of the present invention;
in the figure: 1. a user module; 2. a multi-service processing module; 3. and an identity authentication module.
Fig. 2 is a flowchart of an online authentication method supporting user identity privacy protection according to an embodiment of the present invention.
Fig. 3 is a flowchart of generating user identity information according to an embodiment of the present invention.
Fig. 4 is a flowchart of user registration according to an embodiment of the present invention.
Fig. 5 is a flow chart of service processing provided in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention aims to realize the verification of the user identity and the authority under the condition of protecting the privacy of the user identity. The system comprises a user module, a multi-service processing module and an identity authentication module, and the technical scheme mainly comprises two processes of user identity information generation and user identity authentication.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
As shown in fig. 1, an online authentication system supporting user identity privacy protection provided in an embodiment of the present invention includes: the system comprises a user module 1, a multi-service processing module 2 and an identity authentication module 3.
The user module 1 comprises a user request registration module, a service request module and a user identity information generation module, is deployed at a user side, and provides functions of registration, identity information generation and storage for a user.
The user request registration module generates registration information and submits a registration application to the identity authentication module according to the characteristic information submitted by the user, including but not limited to one or a plurality of combinations of identity card numbers, telephone numbers, mailboxes and the like.
And the user identity information receives a returned result of user registration, and if the registration fails, the user identity information is called to request the registration module to regenerate the registration information and submit the registration request to the selected identity authentication module. If the registration is successful, the identity information of the user is generated and stored according to the login ID returned by the identity authentication module, the initial vector IV and the one-way function, and the generation mode can be, but is not limited to:
IDn=F(IDn-1,IV);
where F (-) is a one-way function that can be, but is not limited to, a hash function, an encryption function, and any combination.
The multi-service processing module 2 comprises a service acceptance module, a service processing module and a user identity request verification module, is deployed in the service processing server, sends a user identity verification request to the registered identity authentication module according to the user identity information, and processes the service request according to the identity verification result.
The service acceptance module receives the user service request, transmits the service request to the service processing module according to the type of the user service request, and transmits the user identity information to the user identity request verification module.
The service processing module processes the service according to the identity verification result of the identity authentication module received by the user identity request verification module, processes the service request of the user if the identity verification of the service request user is legal, and rejects the service request if the identity verification of the service request user is legal. And returning the processing result to the user module.
The user identity request verification module sends a user identity verification request to the registered identity authentication module according to the user identity information and the registered identity authentication module information, receives an identity verification result and forwards the identity verification result to the user processing module.
The identity authentication module 3 comprises a user registration module, a user identity information generation module and a user identity information query module, is deployed in an identity server, provides registration, identity information generation and storage functions for a user, and returns a received identity verification result to the multi-service processing module.
The user registration module accepts a user registration request of the user module, generates a login ID and an initial vector IV for a user according to user registration information, and selects a one-way function as an identity information generation function. And the user registration acceptance module submits the generated login ID, the initial vector IV and the selected one-way function to the user information generation module and returns the user information to the user module.
The identity information generating module generates user identity information for the user according to the login ID submitted by the user registration module, the initial vector IV and the selected one-way function, and stores the user identity information in sequence as a data structure which can be efficiently constructed and searched, and the generating mode can be but is not limited to:
IDn=F(IDn-1,IV);
where F (-) is a one-way function that can be, but is not limited to, a hash function, an encryption function, and any combination. The data structure that can be efficiently constructed and searched can be, but is not limited to, a balanced binary tree, a red-black tree, etc.
And the user identity information inquiry module receives the user identity authentication request sent by the multi-service processing module and returns an inquiry result to the multi-service processing module. And the identity information query module searches the user identity information contained in the user identity authentication request in the user identity information table according to the dichotomy, and returns an illegal user identity result to the multi-service processing module if the identity information is not contained. Otherwise, the user identity information in the user identity information table is deleted, and a user information generating module is called to generate new identity information and store the new identity information in the user identity information table. In addition, the identity information inquiry module searches whether the identity information of the user is out of step, if the identity information of the user is out of step, all the out-of-step information in the identity information table of the user is deleted, and the user information generation module is called to generate the user identity information with the same quantity as the out-of-step information.
As shown in fig. 2, the online authentication method supporting user identity privacy protection according to an embodiment of the present invention includes the following steps:
s201: the user submits information for confirming identity, including but not limited to identification number, mobile phone number, mailbox, etc. through the request registration module of the user module, and selects the identity server to be registered. The user module submits registration information to the identity server identity module through secure connection;
s202: the identity server identity authentication module receives user registration information through secure connection, the user registration module searches whether a user with the registration information is registered, if the user is registered, registration failure information is returned to the user side, and if not, the next step is carried out;
s203: the user registration module generates a login ID and an IV vector for a registered user and selects a hash function to return to the user side. The identity information generating module generates user login information according to the user registration module;
s204: the user acquires a registration result from the secure connection, and if the registration fails, new identity information is submitted again, otherwise, an identity information table is generated and stored in the same way of the identity server according to a hash function, a user ID and an IV vector provided by the identity server;
s205: the user searches the first available identity in the local identity information table, and requests service processing from the service processing server by taking the first available identity as the user identity information; the service acceptance module receives a service request sent by a user, and the user identity request verification module sends an identity verification request to an identity server through secure connection according to the identity server registered by the user;
s206: after receiving a user identity authentication request sent by a service processing server, an identity server user information query module searches whether the user identity information storage table contains the identity information of the user, if not, returns illegal user identity information to the service server, otherwise, returns legal user identity information, and performs the next step;
s207: the user identity request verification module receives the returned query result, processes the user request service if the returned result is the user identity contract rule, and refuses the user request if the returned result is the user identity rule, and records a user request log;
s208: the user module obtains the result processed by the service server. If the identity information is invalid, searching the first available identity in the identity information table in sequence to re-request service processing, deleting the invalid identity information, generating new identity information and storing the new identity information in a local identity information table; and if the service server is successfully processed, deleting the used identity information, generating new identity information and storing the new identity information into the local identity information table.
In step S203, the identity information generation module generates the user login information according to the user login information generated by the user registration module in the following manner:
Figure BDA0001605509600000091
wherein
Figure BDA0001605509600000092
The one-way function may be, but is not limited to, a hash function, an encryption function, and any combination. All the user identity information generated by the user is stored as a data structure which can be efficiently constructed and inquired, and is called as a user identity information table.
Step S206 further includes:
(1) the identity server deletes the identity information from the user identity information table and checks whether the identity information used by the user with the identity is out of step. And if no desynchronization occurs, the identity server generates new identity information by using the last identity information according to the user identity information generation mode, and adds the new identity information to the user identity information table according to a specific sequence. Otherwise, carrying out the next step;
(2) the identity server deletes all the desynchronized identity information of the user after finding out all the desynchronized identity information, and generates new identity information with the same quantity according to the user identity information generating mode of claim 3.
The application of the principles of the present invention will now be described in further detail with reference to specific embodiments.
Example 1:
anonymous shopping:
1.1 registration process:
a user establishes a secure channel, a browser and an intelligent card user through a terminal and a website and submits registration information to a shopping website;
the shopping website checks the identity of the user in the identity server, if the user is registered, registration failure information is prompted to the user, and if not, the next step is carried out;
the identity server distributes user login ID and IV vectors, a hash function is selected to generate EIDs with fixed quantity according to the user login ID and the IV vectors, the EIDs are stored in sequence to generate a user EID table, and the generation mode is as follows:
〖EID〗_n=F(〖EID〗_(n-1)·IV);
the shopping website returns a login ID to the user.
1.2 anonymous shopping process:
the user logs in a shopping website, if the user logs in successfully, the identity server sends an IV vector and a hash function to the user terminal through a secure channel, and an EID (enhanced Internet identification) and the like are started, otherwise, the user is prompted to fail to log in;
the user terminal receives the IV vector and the hash function through the secure channel, starts EID and generates a local EID table, and the generation rule is as follows:
〖EID〗_n=F(〖EID〗_(n-1)·IV);
the user terminal searches an available EID in the EID table in sequence to place an order in the shopping station online shop;
the online shop acquires the user EID and verifies the user identity to the shopping website identity server through a secure channel;
and the identity server inquires whether the EID is valid in the user list, if yes, the success is returned, the inquired EID is deleted, a new EID is generated and stored in the EID table, and otherwise, the failure is returned.
The shopping online store acquires a user identity query result, processes the EID data request if the query result is a legal user, and rejects the EID data request if the query result is not a legal user;
and the user terminal acquires the online shop processing result, deletes the EID if the online shop processing result is successfully processed, generates a new EID and stores the new EID in an EID table.
1.3 end of the procedure
A user sends the tail position of the EID table to a server; the server marks the starting position of the next EID table, and the EID is used as the starting EID when the communication is carried out next time.
Example 2:
anonymous voting
2.1 user registration:
the user terminal and the identity server establish a secure connection.
The user registers to the identity server, the identity server distributes user login ID and IV vector, and selects a hash function to generate an EID table according to the user login ID and the IV vector.
And the user receives the ID and IV vectors returned by the identity server and generates a local ID table by using the same hash function and the same algorithm.
2.2 voting:
the user side, the identity server and the voting server establish a secure connection.
The user selects an available EID as the ID to vote on in the local EID table.
The voting server receives a user voting request with the EID as the ID and requests the identity server to verify the legality of the identity of the user with the EID.
The identity server searches whether the local EID table contains the EID, if yes, the identity of the user is proved to be legal, and if not, the identity of the user is illegal. And returns the query result to the voting server.
And the voting server receives the returned result, records the voting record if the identity is legal, and rejects the voting request if the identity is not legal.
Example 3:
anonymous invoice
3.1 user registration:
the user submits registration information including a mobile phone number, a mailbox, an identity card number and the like to the user side;
the user side receives the registration information and submits a registration request to the identity server through the secure connection;
the identity server receives the registration request, searches for the registration request that the registration information is registered, returns registration failure information to the user side if the registration request is registered, and continues the next step if the registration request is not registered;
the identity server receives the registration information, generates a user login ID and an initial vector IV, selects a one-way function and returns the three types of information to the user side;
the identity server generates user identity information according to the login ID, the initial vector IV and the one-way function, the identity information of each user is a character string of 128 bits, and the generation mode is as follows: the identity server stores all the user identity information as a binary tree according to a dictionary sequence;
and the user side receives the registration result returned by the identity server, and submits the registration information to the identity server again if the registration fails. And if the registration is successful, generating the identity information of the user according to the same rule with the identity server.
3.2 invoice issuing tool
The user selects the first available identity information in the local identity information table as the identity for applying for invoicing.
The invoice issuing party takes the request identity as a bill to raise the head to issue an invoice.
3.3 Bill validation
The reimbursement unit requests the identity server to check whether the user identity information of the bill heading is legal or not;
the identity server searches whether the identity information is contained in a local identity information table by using a dichotomy, and returns illegal user identity information to a reimbursement unit if the identity information is not contained in the local identity information table; otherwise, returning the legal user identity information, deleting the identity information, and generating new identity information to be stored in the user identity information table.
And the reimbursement unit receives the returned result of the identity server, processes the reimbursement service if the returned result is the user identity, and refuses to process the reimbursement service if the returned result is not the user identity.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (8)

1. An online authentication method supporting user identity privacy protection is characterized in that the online authentication method supporting user identity privacy protection comprises the following steps:
step one, a user submits a characteristic information application for registration;
step two, receiving registration information submitted by a user, and generating a user identity according to the characteristic information, wherein the user identity can be stored as a user identity information table; generating a local identity information table of the user;
step three, the user side searches the first available ID in the local identity information table in sequence, initiates a user identity verification request after receiving a user side request, and verifies whether the user with the identity is legal or not; searching whether the identity is contained in a user identity information table or not, and returning a verification result; if the user identity information exists in the user identity information table, the user identity is legal, otherwise, the user identity is illegal;
step four, selecting a processing mode according to the returned result of the identity server, if the user identity is judged to be legal, requesting to process the user side request, and if not, rejecting the user side request;
the online authentication method supporting user identity privacy protection generates the user identity in the following mode:
IDn=F(IDn-1,IV);
wherein F (-) is a one-way function;
the method for verifying whether the user is a legal user specifically comprises the following steps:
(1) searching whether the inquired identity information is contained in the user identity information table according to a dichotomy, if the user identity information table does not contain the user information, returning an illegal user identity result, and if not, returning a legal user identity result, and performing the next step;
(2) deleting the identity information from the user identity information table, and checking whether the identity information used by the user with the identity is out of step; if no step-out occurs, generating new identity information by using the last identity information according to the user identity information generation mode, and adding the new identity information to the user identity information table according to a specific sequence; otherwise, carrying out the next step;
(3) and deleting all the desynchronized identity information of the user after all the desynchronized identity information is found, and generating new identity information with the same quantity according to the user identity information generation mode.
2. The online authentication method supporting user identity privacy protection as claimed in claim 1, wherein the user identity information generation manner is to generate a fixed amount of identity information in sequence and arrange according to a specific sequence, each user identity information contains an index of the user's real identity information; all user generated identity information is organized into an ordered data structure according to a specific order.
3. An online authentication system supporting user identity privacy protection of the online authentication method supporting user identity privacy protection according to claim 1, wherein the online authentication system supporting user identity privacy protection comprises:
the user module is deployed at a user side and used for providing registration, identity information generation and storage functions for a user;
the multi-service processing module is deployed in the service processing server and used for sending a user identity verification request to the registered identity authentication module according to the user identity information and processing the service request according to an identity authentication verification result;
and the identity authentication module is deployed in the identity server and used for providing registration, identity information generation and storage functions for the user and returning a received identity verification result to the multi-service processing module.
4. The online authentication system that supports user identity privacy protection as recited in claim 3, wherein the user module comprises:
the user request registration module is used for generating registration information according to the characteristic information submitted by the user and submitting a registration application to the identity authentication module;
the service request module is used for submitting a registration application;
the user identity information generating module receives a returned result of user registration, and if the registration fails, the user identity information generating module calls the user request registration module to regenerate registration information and submits a registration request to the selected identity authentication module; and if the registration is successful, generating and storing the identity information of the user according to the login ID, the initial vector IV and the one-way function returned by the identity authentication module.
5. The online authentication system supporting user identity privacy protection as claimed in claim 3 wherein the multi-service processing module comprises:
the service acceptance module receives the user service request, transmits the service request to the service processing module according to the type of the user service request, and transmits the user identity information to the user identity request verification module;
the service processing module is used for processing the service according to the identity verification result of the identity authentication module received by the user identity request verification module, processing the service request of the user if the identity verification of the service request user is legal, and rejecting the service request if the identity verification of the service request user is legal; the processing result is returned to the user module;
and the user identity request verification module sends a user identity verification request to the registered identity authentication module according to the user identity information and the registered identity authentication module information, receives an identity verification result and forwards the identity verification result to the user processing module.
6. The online authentication system supporting user identity privacy protection as claimed in claim 3, wherein the identity authentication module comprises:
the user registration module accepts a user registration request of the user module, generates a login ID and an initial vector IV for a user according to user registration information, and selects a one-way function as an identity information generation function;
the user registration acceptance module submits the generated login ID, the initial vector IV and the selected one-way function to the user information generation module and returns the user information to the user module;
and the identity information generating module generates user identity information for the user according to the login ID submitted by the user registration module, the initial vector IV and the selected one-way function, and stores the user identity information in sequence into a data structure which can be efficiently constructed and searched.
7. An information data processing terminal applying the online authentication method supporting user identity privacy protection of any one of claims 1-2.
8. A computer program storage medium for implementing the online authentication method supporting user identity privacy protection according to any one of claims 1-2.
CN201810241993.XA 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection Active CN108449348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810241993.XA CN108449348B (en) 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810241993.XA CN108449348B (en) 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection

Publications (2)

Publication Number Publication Date
CN108449348A CN108449348A (en) 2018-08-24
CN108449348B true CN108449348B (en) 2021-03-26

Family

ID=63196226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810241993.XA Active CN108449348B (en) 2018-03-22 2018-03-22 Online authentication system and method supporting user identity privacy protection

Country Status (1)

Country Link
CN (1) CN108449348B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109359938A (en) * 2018-09-21 2019-02-19 深圳市买买提信息科技有限公司 A kind of optimization method of flow chart of data processing, device and terminal device
CN109544412A (en) * 2018-10-09 2019-03-29 重庆易保全网络科技有限公司 Strong notarization method, apparatus, storage medium and equipment are assigned online
CN109981585B (en) * 2019-02-26 2022-02-22 中国联合网络通信集团有限公司 Business handling method and equipment
CN113141347B (en) * 2021-03-16 2022-06-10 中国科学院信息工程研究所 Social work information protection method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697540A (en) * 2009-10-15 2010-04-21 浙江大学 Method for authenticating user identity through P2P service request
CN103607371A (en) * 2013-07-02 2014-02-26 燕山大学 Method for protecting Internet user privacy through third-party platform
CN107017993A (en) * 2017-04-01 2017-08-04 北京江南天安科技有限公司 A kind of multi-party joint key is produced and digital signature method and system
CN107633161A (en) * 2017-08-24 2018-01-26 深圳双创科技发展有限公司 The terminal and Related product of the access control of protected data
CN107786340A (en) * 2016-08-31 2018-03-09 阿里巴巴集团控股有限公司 A kind of method and device of authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160034712A1 (en) * 2012-10-02 2016-02-04 Banjo, Inc. System and method for event-related content discovery, curation, and presentation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697540A (en) * 2009-10-15 2010-04-21 浙江大学 Method for authenticating user identity through P2P service request
CN103607371A (en) * 2013-07-02 2014-02-26 燕山大学 Method for protecting Internet user privacy through third-party platform
CN107786340A (en) * 2016-08-31 2018-03-09 阿里巴巴集团控股有限公司 A kind of method and device of authentication
CN107017993A (en) * 2017-04-01 2017-08-04 北京江南天安科技有限公司 A kind of multi-party joint key is produced and digital signature method and system
CN107633161A (en) * 2017-08-24 2018-01-26 深圳双创科技发展有限公司 The terminal and Related product of the access control of protected data

Also Published As

Publication number Publication date
CN108449348A (en) 2018-08-24

Similar Documents

Publication Publication Date Title
US9930040B2 (en) System and method for provisioning a security token
CN108449348B (en) Online authentication system and method supporting user identity privacy protection
US8578476B2 (en) System and method for risk assessment of login transactions through password analysis
CN113347206B (en) Network access method and device
EP2264634A1 (en) Method, system and apparatus for content identification
US20060259776A1 (en) Extensible account authentication system
CN112804258B (en) Authentication and authorization method, authorization server, API gateway, system and storage medium
CN109495486B (en) Single-page Web application integration CAS method based on JWT
CN112887284B (en) Access authentication method and device, electronic equipment and readable medium
US10951510B2 (en) Communication device and communication method
CN112118269A (en) Identity authentication method, system, computing equipment and readable storage medium
US10650153B2 (en) Electronic document access validation
CN115333840B (en) Resource access method, system, equipment and storage medium
CN110311880A (en) Method for uploading, the apparatus and system of file
CN114615071A (en) Method for carrying out unified authentication on RESTful API under micro-service architecture
CN114239072B (en) Block chain node management method and block chain network
US20150101059A1 (en) Application License Verification
CN102420808A (en) Method for realizing single signon on telecom on-line business hall
JP2018055582A (en) Communication management program, communication management method and communication management apparatus
US10387663B2 (en) System, a method and a computer readable medium for transmitting an electronic file
US11218466B2 (en) Endpoint security
KR102517001B1 (en) System and method for processing digital signature on a blockchain network
KR20210039190A (en) Method for maintaining private information on blockchain network and device thereof
CN116055051A (en) Data processing method based on block chain network and related equipment
CN110365646B (en) Method and device for associating entity to first server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant