CN108809927A - Identity identifying method and device - Google Patents

Identity identifying method and device Download PDF

Info

Publication number
CN108809927A
CN108809927A CN201810251246.4A CN201810251246A CN108809927A CN 108809927 A CN108809927 A CN 108809927A CN 201810251246 A CN201810251246 A CN 201810251246A CN 108809927 A CN108809927 A CN 108809927A
Authority
CN
China
Prior art keywords
authentication
identity
request
platform
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810251246.4A
Other languages
Chinese (zh)
Other versions
CN108809927B (en
Inventor
罗先贤
龙觉刚
孙成
赖云辉
叶俊锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810251246.4A priority Critical patent/CN108809927B/en
Priority to PCT/CN2018/101566 priority patent/WO2019184206A1/en
Publication of CN108809927A publication Critical patent/CN108809927A/en
Application granted granted Critical
Publication of CN108809927B publication Critical patent/CN108809927B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Abstract

The present invention relates to a kind of identity identifying method and device, the identity identifying method includes:Agency service end receives the ID authentication request that client is initiated according to identity information to be certified;Identity information to be certified in the ID authentication request is sent to authentication platform and carries out authentication, and receives the identity authentication result that the authentication platform returns;If identity authentication result instruction authentication is not yet completed, the authentication platform is asked to again return to identity authentication result.Solve the problems, such as that flow for authenticating ID is excessively complicated in the prior art, is effectively improved authentication efficiency using identity identifying method provided by the present invention and device.

Description

Identity identifying method and device
Technical field
The present invention relates to identity identifying technology field more particularly to a kind of identity identifying methods and device.
Background technology
With the development of Internet technology, more and more online retailing platforms provide service to the user, for example, user can To buy product by online retailing platform, the sending with charge free of the product, after sale etc. is responsible for by online retailing platform, greatly for Providing convenience property of family.
In order to ensure the safety of product sale, online retailing platform, which usually requires the identity progress identity to user, to be recognized Card.Flow for authenticating ID includes:User submits identity information to be certified, online retailing platform to be waited for according to this to online retailing platform Authenticating identity information initiates ID authentication request to authentication platform, and receives the identity authentication result of authentication platform return, for User inquires.
If user inquires authentication and not yet completes, request online retailing platform is initiated into body to authentication platform again Part certification request, until user inquires authentication success or failure.
It repeatedly interacts, and needs it follows that existing in above-mentioned flow for authenticating ID, between online retailing platform and user Multiple ID authentication request is initiated to authentication platform, the flow for authenticating ID that this is bound to cause online retailing platform is excessively multiple It is miscellaneous, and lead to authentication inefficiency.
Invention content
In order to solve the above-mentioned technical problem, it is an object of the present invention to provide a kind of identity identifying method and devices.
Wherein, the technical solution adopted in the present invention is:
On the one hand, a kind of identity identifying method, including:Agency service end receive client according to identity information to be certified and The ID authentication request of initiation;Identity information to be certified in the ID authentication request is sent to authentication platform and carries out identity Certification, and receive the identity authentication result that the authentication platform returns;If identity authentication result indicates that authentication is not yet complete At then asking the authentication platform to again return to identity authentication result.
In one exemplary embodiment, the agency service end receives client and is initiated according to identity information to be certified ID authentication request, including:Transmission port of the extraction for establishing transmission connection with the client from translation profile; The transmission port is monitored, transmission connection is established by monitoring and the client of the transmission port;Pass through the institute of foundation It states transmission connection and receives the ID authentication request from the client.
In one exemplary embodiment, the identity information to be certified by the ID authentication request is sent to certification Platform carries out authentication, and receives the identity authentication result that the authentication platform returns, including:From the ID authentication request In obtain identity ciphering information;Identity ciphering information is sent to the authentication platform;Decryption is waited for by the authentication platform Authenticating identity information carries out authentication, obtains the identity authentication result that the authentication platform returns, the decryption it is to be certified Identity information is that the authentication platform is decrypted to obtain to the identity ciphering information.
In one exemplary embodiment, if identity authentication result instruction authentication is not yet completed, institute is asked It states authentication platform and again returns to identity authentication result, including:If the identity authentication result instruction authentication is not yet completed, Requested service mark is then obtained from the ID authentication request;It is identified to the authentication platform and is initiated according to the requested service Again return to the request of identity authentication result.
In one exemplary embodiment, described identified to authentication platform initiation according to the requested service again returns to The request of identity authentication result, including:Certification request parameter, the certification request parameter are obtained from the ID authentication request Including request time interval;Identity authentication result is returned according to authentication platform described in the timing request of the request time interval.
In one exemplary embodiment, the certification request parameter further includes when allowing request number of times or allowing to wait for Prolong, it is described that the request for initiating to again return to identity authentication result to the authentication platform is identified according to the requested service, also wrap It includes:During the timing request, if the permission request number of times or allow wait for time delay have reached, will indicate The identity authentication result of authentication failure is sent to the client.
In one exemplary embodiment, the method further includes:If the identity authentication result instruction authentication is It completes, then the identity authentication result for indicating authentication success or failure is sent to the client.
On the other hand, a kind of identification authentication system is applied to agency service end, including:Certification request receiving module, is used for Receive the ID authentication request that client is initiated according to identity information to be certified;Authentication result receiving module, being used for will be described Identity information to be certified in ID authentication request is sent to authentication platform and carries out authentication, and receives the authentication platform and return The identity authentication result returned;If identity authentication result instruction authentication is not yet completed, authentication result is notified to return to module. The authentication result returns to module, for asking the authentication platform to again return to identity authentication result.
In one exemplary embodiment, the certification request receiving module includes:Port acquiring unit, for matching from transmission Transmission port of the extraction for establishing transmission connection with the client in file is set, is prestored in the translation profile According to the transmission port that specified rule is client configuration;Connection establishment unit is led to for monitoring the transmission port It crosses the monitoring of the transmission port and the client establishes transmission connection;Request reception unit, for described by what is established Transmission connection receives the ID authentication request from the client.
In one exemplary embodiment, the authentication result receiving module includes:Information acquisition unit is used for from the body Identity ciphering information is obtained in part certification request;Information transmitting unit, for sending identity ciphering information to the authentication platform; As a result acquiring unit, for by the authentication platform to the progress authentication of the identity information to be certified of decryption, described in acquisition The identity authentication result that authentication platform returns, the identity information to be certified of the decryption is that the authentication platform adds the identity What confidential information was decrypted.
In one exemplary embodiment, the authentication result return module includes:Mark acquiring unit is used for from the body Requested service mark is obtained in part certification request, the requested service mark is for identifying the ID authentication request;Request hair Unit is played, for identifying the request for again returning to identity authentication result to authentication platform initiation according to the requested service, So that the identity authentication result again returned to corresponds to the ID authentication request of requested service mark unique mark.
In one exemplary embodiment, the request initiating cell includes:Parameter acquiring subelement is used for from the identity Certification request parameter is obtained in certification request, the certification request parameter includes request time interval;Timing request subelement is used According to authentication platform return identity authentication result described in the timing request of the request time interval.
In one exemplary embodiment, the certification request parameter further includes when allowing request number of times or allowing to wait for Prolong, the request initiating cell further includes:Failure result feeds back subelement, is used for during the timing request, if institute Stating allows request number of times or allows that time delay is waited for have reached, then sends the identity authentication result for indicating authentication failure To the client.
In one exemplary embodiment, the identification authentication system further includes:As a result feedback module, if being used for the body Part authentication result instruction authentication is completed, then the identity authentication result that will indicate authentication success or failure is sent To the client.
On the other hand, a kind of identification authentication system, including processor and memory are stored with computer on the memory Readable instruction, the computer-readable instruction realize identity identifying method as described above when being executed by the processor.
On the other hand, a kind of computer readable storage medium is stored thereon with computer program, the computer program quilt Processor realizes identity identifying method as described above when executing.
In the above-mentioned technical solutions, the body that client is initiated according to identity information to be certified is received by agency service end Part feature request, to carry out authentication according to the identity information request authentication platform to be certified in ID authentication request, in turn The identity authentication result that authentication platform returns is received, and when identity authentication result instruction authentication is not yet completed, request is recognized Card platform again returns to identity authentication result, that is to say, that is added between authentication platform in online retailing platform (client) Agency service end carries out the more of identity authentication result return by agency service end agency network sales platform to authentication platform Request is played, the multiple interaction between online retailing platform and user is avoided with this so that online retailing platform only needs initiation one Secondary ID authentication request avoids the flow for authenticating ID of online retailing platform excessively complicated, is effectively improved authentication effect Rate.
It should be understood that above general description and following detailed description is only exemplary and explanatory, not It can the limitation present invention.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention Example, and in specification together principle for explaining the present invention.
Fig. 1 is the schematic diagram according to implementation environment according to the present invention.
Fig. 2 is a kind of hardware block diagram of server-side shown according to an exemplary embodiment.
Fig. 3 is a kind of flow chart of identity identifying method shown according to an exemplary embodiment.
Fig. 4 be in Fig. 3 corresponding embodiments step 310 in the flow chart of one embodiment.
Fig. 5 be in Fig. 3 corresponding embodiments step 330 in the flow chart of one embodiment.
Fig. 6 be in Fig. 3 corresponding embodiments step 350 in the flow chart of one embodiment.
Fig. 7 be in Fig. 6 corresponding embodiments step 353 in the flow chart of one embodiment.
Fig. 8 is a kind of block diagram of identification authentication system shown according to an exemplary embodiment.
Through the above attached drawings, it has been shown that the specific embodiment of the present invention will be hereinafter described in more detail, these attached drawings It is not intended to limit the scope of the inventive concept in any manner with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate idea of the invention.
Specific implementation mode
Here will explanation be executed to exemplary embodiment in detail, the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects being described in detail in claims, of the invention.
As previously mentioned, if user inquires authentication and not yet completes, by request online retailing platform again to certification Platform initiates ID authentication request, to judge whether authentication is completed according to the identity authentication result received again.
From the foregoing, it will be observed that for online retailing platform, existing flow for authenticating ID is excessive because existing between user Interaction, there is also excessively complicated problems, and then lead to authentication inefficiency.
For this purpose, spy of the present invention proposes a kind of identity identifying method, it can effectively simplify the identity of online retailing platform Identifying procedure only needs to initiate one-time identity authentication request, to be conducive to improve authentication efficiency.
This kind of identity identifying method is realized by computer program, corresponding, and constructed identification authentication system can It is stored in the electronic equipment that framework has von Neumann system, to be executed in the electronic equipment, and then realizes authentication.
Fig. 1 is a kind of schematic diagram of the implementation environment involved by identity identifying method.The implementation environment includes authentication System, the identity authorization system include client 100, agency service end 200 and authentication platform 300.
Wherein, client 100 is online retailing platform, can run on desktop computer, laptop, tablet computer, intelligence Energy mobile phone or other electronic equipments that can be interacted with agency service end 200, herein without limiting.
Agency service end 200 pre-establishes the communication connection between authentication platform 300, and by communicate to connect realize with 300 data transmission between authentication platform.For example, data transmission includes sending identity information to be certified to authentication platform 300, connecing Receive the identity authentication result that authentication platform 300 returns.
As shown in Figure 1, by being separately operable in multiple visitors of desktop computer 110, laptop 130, smart mobile phone 150 Interaction between family end 100 and agency service end 200, multiple client 100 will initiate authentication to agency service end 200 Request, 200 proxy requests authentication platform 300 of request agency server-side carry out authentication.
For agency service end 200, corresponding to client 100 be mostly magnanimity, will be incessantly The identity information to be certified in 100 initiated ID authentication request of each client is received, 300 generation of authentication platform is sent to this It manages each client 100 and carries out authentication, and receive the identity authentication result of the return of authentication platform 300, in identity authentication result When instruction authentication is completed, identity authentication result is fed back into client 100, for inquiry.
Wherein, for the magnanimity ID authentication request received, agency service end 200 will store in translation profile The transmission port configured by each client 100, in order to be able to pass through identical or different biography between each client 100 Transmission connection is established in defeated port.
And for again returning to the magnanimity of identity authentication result and asking, agency service end 200 then can be according to the time Sequentially, the modes such as priority, queue carry out successively.
It should be noted that according to actual operation demand, agency service end 200 can be a server, can also It is the server cluster being made of multiple servers, to handle the magnanimity ID authentication request that magnanimity client 100 is initiated, This is not limited.
Authentication platform 300 carries out authentication for treating authenticating identity information, in an embodiment in the specific implementation, waiting for Authenticating identity information includes identification card number, and correspondingly, authentication platform 300 is by main account Verification System and external authentication system (example Such as public security department's Verification System) it constitutes.Wherein, main account Verification System is under the jurisdiction of together with agency service end 200, client 100 One online retailing trade company.More preferably, the multiple product that main account Verification System is sold for the online retailing trade company provides identity Authentication service.And agency service end 200 corresponds only to a kind of product that the online retailing trade company is sold.
Specifically, for same product, identity information to be certified will be forwarded to main account by corresponding agency service end 200 Family Verification System.
For different product, the identity information to be certified received by it is sent to external authentication by main account Verification System System, and carry out eventually by external authentication system the authentication of identity information to be certified.
As a result, by the multiple forwarding of identity information to be certified, be advantageously implemented identity authorization system high availability and Load balancing, and then be conducive to improve authentication efficiency.
Fig. 2 is a kind of hardware block diagram at agency service end shown according to an exemplary embodiment.It needs to illustrate It is that the agency service end is an example for adapting to the present invention, must not believe that there is provided the use scopes to the present invention Any restrictions.The agency service end can not be construed to need to rely on or must have shown in Figure 2 illustrative One or more component in agency service end 200.
The hardware configuration at the agency service end 200 can generate larger difference due to the difference of configuration or performance, such as Fig. 2 Shown, agency service end 200 includes:Power supply 210, interface 230, at least a memory 250 and an at least central processing unit (CPU, Central Processing Units) 270.
Wherein, power supply 210 is used to provide operating voltage for each hardware device on agency service end 200.
Interface 230 includes an at least wired or wireless network interface 231, at least a string and translation interface 233, at least one defeated Enter output interface 235 and at least USB interface 237 etc., is used for and external device communication.
The carrier that memory 250 is stored as resource can be read-only memory, random access memory, disk or CD Deng the resource stored thereon includes operating system 251, application program 253 and data 255 etc., and storage mode can be of short duration It stores or permanently stores.Wherein, operating system 251 be used for manage and control agent server-side 200 on each hardware device with And application program 253 can be Windows to realize calculating and processing of the central processing unit 270 to mass data 255 ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..Application program 253 be based on operating system 251 it The upper computer program for completing at least one particular job, may include an at least module (being not shown in Fig. 2), each module The series of computation machine readable instruction to agency service end 200 can be separately included.Data 255 can be stored in disk In photo, picture etc..
Central processing unit 270 may include the processor of one or more or more, and be set as through bus and memory 250 communications, for operation and the mass data 255 in processing memory 250.
As described in detail above, being applicable in the agency service end 200 of the present invention will be deposited by the reading of central processing unit 270 The form of the series of computation machine readable instruction stored in reservoir 250 completes identity identifying method.
In addition, also can equally realize the present invention by hardware circuit or hardware circuit combination software, therefore, this hair is realized The bright combination for being not limited to any specific hardware circuit, software and the two.
Referring to Fig. 3, in one exemplary embodiment, a kind of identity identifying method is suitable for implementation environment shown in Fig. 1 The structure at agency service end, the agency service end can be as shown in Figure 2.
This kind of identity identifying method can be executed by agency service end, may comprise steps of:
Step 310, agency service end receives the ID authentication request that client is initiated according to identity information to be certified.
Identity information to be certified, the identity for uniquely identifying user is in the form of digital information to user's Identity is accurately described.For example, identity information to be certified includes but not limited to:ID card No., passnumber, login Account etc..
It is appreciated that user is different, identity information to be certified also different from.For this purpose, in the present embodiment, by be certified Identity information carries out authentication to the identity of user, i.e., is initiated from client to agency service end according to identity information to be certified ID authentication request.
For client, an entrance for submitting identity information to be certified will be provided to the user, when needing to user Identity when carrying out authentication, user can be by triggering corresponding operation in the entrance so that client, which obtains, to wait recognizing Demonstrate,prove identity information.
For example, entrance provides an input dialogue frame in the page by client, when user is in the input dialogue frame When inputting identity information to be certified, client will be correspondingly made available identity information to be certified according to the input of user.Wherein, it inputs Operation is the operation that user triggers to submit identity information to be certified in the entrance.
Further, client can also have the identity information to be certified after obtaining identity information to be certified Effect property is verified, and is avoided flow for authenticating ID from being initiated by mistake, is ensured the success rate of follow-up authentication with this, be also beneficial to Improve the efficiency of authentication.
For example, identity information to be certified is ID card No., then validity check includes but not limited to verify identification card number The digit of code.If the digit of ID card No. is 18, ID card No. is legal, passes through validity check.
That is, only when identity information to be certified is effective, just ID authentication request is sent to agency service end.Wherein, ID authentication request treats authenticating identity information and carries out message encapsulation and generate.
For agency service end, after client initiates ID authentication request, it just can receive the identity and recognize Card request.
Step 330, the identity information to be certified in ID authentication request is sent to authentication platform and carries out authentication, and Receive the identity authentication result that authentication platform returns.
As previously mentioned, ID authentication request, treats authenticating identity information progress message and encapsulates to be formed, it is understood that To carry identity information to be certified in ID authentication request.
Therefore, ID authentication request is received when acting on behalf of server-side, it just can be according to be certified in ID authentication request Identity information request authentication platform carries out authentication.
Authentication, refer in authentication platform, according to identity information to be certified carry out matched and searched, if there is with wait for The identity information that authenticating identity information is mutually matched, then authentication success, whereas if being not present and identity information to be certified The identity information being mutually matched, then authentication fail.
It should be appreciated that agency service end send out request after will not infinitely wait for, in order to ensure ask responsiveness, no matter certification Whether platform finds the identity information being mutually matched with identity information to be certified, all will return identity authentication result to act on behalf of clothes Business end.
May include such as Types Below for the identity authentication result received by agency service end based on this:For referring to Show identity authentication result that authentication not yet completes, be used to indicate the successful identity authentication result of authentication and be used for Indicate the identity authentication result of authentication failure.
If identity authentication result instruction authentication is completed, agency service end will indicate authentication and be completed Identity authentication result be sent to client, for example, the successful identity authentication result of instruction authentication or instruction identity are recognized Demonstrate,prove the identity authentication result of failure.
If identity authentication result instruction authentication is not yet completed, 350 are gone to step.
Step 350, if identity authentication result instruction authentication is not yet completed, authentication platform is asked to again return to body Part authentication result.
That is, when authentication is not yet completed, active request authentication platform is again returned to identity by agency service end Authentication result, extends the authenticated time of authentication platform with this, and then is conducive to authentication platform and has returned to instruction authentication The identity authentication result of completion, to avoid client from initiating ID authentication request again because authentication is not yet completed.
By process as described above, for agency service end, the body that a client is initiated can be only received Part certification request, and when identity authentication result instruction identity is not yet completed, will actively body be returned to authentication platform initiation is multiple The request of part authentication result, avoids the multiple interaction between client and user with this, simplifies the authentication stream of client Journey, and then it is effectively improved authentication efficiency.
Referring to Fig. 4, in one exemplary embodiment, step 310 may comprise steps of:
Step 311, transmission port of the extraction for establishing transmission connection with client from translation profile.
Illustrate first, translation profile is stored in agency service end, is used for control agent server-side and client Establishment of connection is transmitted between end.The translation profile includes the identity that agency service end is initiated for reception client Certification request and the transmission port configured.It is also understood that having been prestored in translation profile and being according to specified rule The transmission port of client configuration.Wherein, specified rule can be random, can also be and be incremented by according to the port numbers of transmission port Or successively decrease etc., it is not limited herein.
The ID authentication request that agency service end is received is magnanimity, for this purpose, the configuration of transmission port can be directed to Each client carries out respectively, can also be that multiple client is shared, herein without limiting.
What is remarked additionally herein is, it is assumed that multiple client shares the same transmission port, if multiple client is sent out It plays ID authentication request and receives what multiple client was initiated successively sequentially in time then for agency service end ID authentication request, and then ensure that conflict is not present in receive process.
Secondly, transmission port is written in translation profile in deploying client.That is, deployment client When end, in order to which client can carry out data transmission with agency service end, will be client configure a transmission port in order to Agency service end transmission data, correspondingly, agency service end by according to the transmission port configured by client its own into Row transmission port configures.
In an embodiment in the specific implementation, transmission port refers to meeting the port of ICP/IP protocol, corresponding port Number range is 0~65535.Further, since the port corresponding to port numbers 0~1023 can not usually dynamically distribute, Using the port of port numbers 1024~65535 as the transmission port for establishing transmission connection with client.
It, can be in the transmission port that translation profile is stored after acting on behalf of server-side starting up based on this The middle transmission port obtained as client configuration, and then subsequently through the transmission port is monitored company is being transmitted with client The foundation connect.
Step 313, transmission port is monitored, transmission connection is established by monitoring and the client of transmission port.
Wherein, agency service end can complete after the extraction for completing transmission port according to the monitoring of this transmission port Establishment of connection is transmitted between client.
Step 315, it is connected from client by the transmission of foundation and receives ID authentication request.
Under the action of above-described embodiment, building for connection is transmitted between agency service end and client by transmission port It is vertical to provide enforceable precondition, and then realize the data transmission between agency service end and client, i.e. authentication The reception of request.
Referring to Fig. 5, in one exemplary embodiment, step 330 may comprise steps of:
Step 331, identity ciphering information is obtained from ID authentication request.
In order to avoid identity information to be certified is attacked by from internet, the biography for ensureing identity information to be certified is needed Therefore defeated safety for client, before generating ID authentication request, will be treated authenticating identity information and be added It is close, so as to carry encrypted identity information to be certified in ID authentication request.
The modes such as cipher mode, including but not limited to algorithm for encryption, digital certificate encryption, digital signature encryption, Ke Yigen The difference of security requirement is flexibly set according to practical application scene, is not limited herein.
For example, client calculates the initial data abstract of identity information to be certified using data summarization algorithm, goes forward side by side Row Base64 code conversions, form the data summarization of identity information to be certified.
Using the data summarization for the private key encryption identity information to be certified that authentication platform is provided, identity letter to be certified is generated The digital signature of breath completes the encryption of identity information to be certified with this.
The encryption of identity information to be certified to be done, client just will contain identity information to be certified and its digital signature Identity ciphering Information encapsulation to message, thus generate ID authentication request.
Based on above-mentioned, agency service end just can be by obtaining identity ciphering information, and by the identity in ID authentication request Encryption information is forwarded to authentication platform, and request authentication platform carries out authentication.Wherein, identity ciphering information includes body to be certified Part information and its digital signature.
Step 333, identity ciphering information is sent to authentication platform.
Step 335, authentication is carried out to the identity information to be certified of decryption by authentication platform, obtains authentication platform and returns The identity authentication result returned.
Wherein, the identity information to be certified of decryption is that authentication platform is decrypted to obtain to identity ciphering information.
Specifically, the ciphering process carried out relative to client, authentication platform treat authenticating identity according to public key first The digital signature of information is decrypted, and thus obtains the data summarization of identity information to be certified.Wherein, public key is carried out with client The private key used when encryption is a pair of, is that authentication platform encrypts institute to Third Party Authentication mechanism in order to carry out identity information to be certified What application obtained.
Then, authentication platform calculates the initial data abstract of identity information to be certified using data summarization algorithm, and carries out Base64 code conversions obtain the data summarization of identity information to be certified.
Finally, the data summarization that decryption obtains is compared with the data summarization being calculated, if the two is consistent, Think identity information to be certified and be not affected by rogue attacks, and then complete the decryption of identity information to be certified, is subsequent identity Certification provides foundation, that is, the identity information to be certified decrypted.
Under the cooperation of above-described embodiment, by treating the encryption of authenticating identity information, authenticating identity letter is either treated Breath is modified, or is modified to digital signature, can not all complete to decrypt, and then has fully ensured identity letter to be certified The safety for ceasing transmission, is effectively prevented from identity information to be certified and is attacked by from internet.
Referring to Fig. 6, in one exemplary embodiment, step 350 may comprise steps of:
Step 351, it if identity authentication result instruction authentication is not yet completed, obtains and asks from ID authentication request Seek service identification.
Step 353, the request for initiating to again return to identity authentication result to authentication platform is identified according to requested service.
It should be appreciated that no matter agency service end request authentication platform return identity authentication result number how much, all will be For the same ID authentication request, in other words, different identity certification request, the authentication knot that authentication platform is returned Fruit is different, the performance level of authentication also different from.For example, the identity authentication result corresponding to some ID authentication requests Instruction authentication is completed, and identity authentication result instruction authentication corresponding to some ID authentication requests is not yet completed.
The request that the identity authentication result that agency service end is initiated to authentication platform as a result, returns will be according to requested service Mark carries out so that the identity authentication result that authentication platform again returns to is the identity for requested service mark institute unique mark Certification request.
Wherein, requested service identifies, for uniquely identifying ID authentication request.For example, requested service identifies A, uniquely Ground identifies ID authentication request A.Further, requested service identifies, and is that client accordingly generates when generating ID authentication request , and be packaged into generated ID authentication request.
By the above process, the identity authentication result corresponding to ID authentication request is correctly returned for authentication platform to provide Foundation, and then ensure that the correctness of authentication.
Referring to Fig. 7, in one exemplary embodiment, step 353 may comprise steps of:
Step 3531, certification request parameter is obtained from ID authentication request.
Wherein, certification request parameter includes request time interval.
Step 3533, identity authentication result is returned to according to request time interval timing request authentication platform.
Timing request sends the request for returning to identity authentication result, twice according to request time interval to authentication platform Sending time difference between request is request time interval.
It under the action of above-described embodiment, avoids the transmission request of agency service end excessively frequent, advantageously reduces agency's clothes The task processing pressure at business end, and then improve the task treatment effeciency at agency service end.
In addition, for authentication platform, due to identity authentication result and non-instant acquirement, pass through request time interval Setting is beneficial to authentication platform and carries out authentication with the sufficient time, and then is conducive to authentication platform and returns to instruction identity The completed identity authentication result of certification.
Further, in one exemplary embodiment, certification request parameter further includes allowing request number of times or allowing Wait for time delay.
Correspondingly, step 353 can also include the following steps:
During timing request, if allowing request number of times or allowing that time delay is waited for have reached, body will be indicated The identity authentication result of part authentification failure is sent to client.
That is, in timing request process, if identity authentication result instruction authentication is completed, just directly by body Part authentication result is back to client.
If allowing request number of times (such as 2 times) or allowing that time delay (such as 5 seconds) is waited for have reached, and authentication knot Fruit still indicates that authentication is not yet completed, then agency service end judges that this authentication fails, and then will indicate identity The identity authentication result of authentification failure feeds back to client.
Allow request number of times by setting or allow to wait for time delay, avoids client nothing after initiating ID authentication request Limit waits for identity authentication result, is conducive to improve request responsiveness, and then improves the authentication experience of user.
Certainly, allow request number of times or allow to wait for time delay, it can be according to practical application scene to request responsiveness Tolerance is neatly adjusted, and is not limited herein.
Supplementary explanation, certification request parameter can also be what tester set according to authentication test result, It can also be configured according to the actual demand of itself by user, herein also without limiting.
For example, when client is run, the entrance of certification request parameter configuration will be provided to the user, recognized when user needs to configure Required parameter is demonstrate,proved, it can be by triggering the configuration that corresponding operation is authenticated required parameter in the entrance.
Following is apparatus of the present invention embodiment, can be used for executing identity identifying method according to the present invention.For this Undisclosed details in invention device embodiment, please refers to the embodiment of the method for identity identifying method according to the present invention.
Referring to Fig. 8, in one exemplary embodiment, a kind of identification authentication system 500 includes but not limited to:Certification request Receiving module 510, authentication result receiving module 530 and authentication result return to module 550.
Wherein, certification request receiving module 510 is for receiving the identity that client is initiated according to identity information to be certified Certification request.
Authentication result receiving module 530 is used to the identity information to be certified in ID authentication request being sent to authentication platform Authentication is carried out, and receives the identity authentication result of authentication platform return.If identity authentication result indicates authentication still It does not complete, then authentication result is notified to return to module.
Authentication result returns to module 550 for asking authentication platform to again return to identity authentication result.
It should be noted that the identification authentication system that above-described embodiment is provided is when carrying out authentication processing, only with The division progress of above-mentioned each function module, can be as needed and by above-mentioned function distribution by not for example, in practical application Same function module is completed, i.e., the internal structure of identification authentication system will be divided into different function modules, to complete above retouch The all or part of function of stating.
In addition, the embodiment of identification authentication system and identity identifying method that above-described embodiment is provided belongs to same structure Think, wherein modules execute the concrete mode operated and are described in detail in embodiment of the method, no longer superfluous herein It states.
The above, only preferable examples embodiment of the invention, are not intended to limit embodiment of the present invention, this Field those of ordinary skill central scope according to the present invention and spirit can be carried out very easily corresponding flexible or repaiied Change, therefore protection scope of the present invention should be subject to the protection domain required by claims.

Claims (10)

1. a kind of identity identifying method, which is characterized in that including:
Agency service end receives the ID authentication request that client is initiated according to identity information to be certified;
Identity information to be certified in the ID authentication request is sent to authentication platform and carries out authentication, and described in reception The identity authentication result that authentication platform returns;
If identity authentication result instruction authentication is not yet completed, the authentication platform is asked to again return to authentication knot Fruit.
2. the method as described in claim 1, which is characterized in that the agency service end receives client according to identity to be certified Information and the ID authentication request initiated, including:
Transmission port of the extraction for establishing transmission connection with the client from translation profile, the transmission configuration text It has been prestored in part according to the transmission port that specified rule is client configuration;
The transmission port is monitored, transmission connection is established by monitoring and the client of the transmission port;
By the transmission connection of foundation the ID authentication request is received from the client.
3. the method as described in claim 1, which is characterized in that the identity to be certified by the ID authentication request is believed Breath is sent to authentication platform and carries out authentication, and receives the identity authentication result that the authentication platform returns, including:
Identity ciphering information is obtained from the ID authentication request;
Identity ciphering information is sent to the authentication platform;
Authentication is carried out to the identity information to be certified of decryption by the authentication platform, obtains what the authentication platform returned The identity information to be certified of identity authentication result, the decryption is that the identity ciphering information is decrypted in the authentication platform It obtains.
4. the method as described in claim 1, which is characterized in that if identity authentication result instruction authentication is not yet complete At, then ask the authentication platform to again return to identity authentication result, including:
If the identity authentication result instruction authentication is not yet completed, request industry is obtained from the ID authentication request Business mark, the requested service mark is for identifying the ID authentication request;
The request for initiating to again return to identity authentication result to the authentication platform is identified according to the requested service so that again The identity authentication result of return corresponds to the ID authentication request of requested service mark unique mark.
5. method as claimed in claim 4, which is characterized in that described to be identified to the authentication platform according to the requested service Initiation again returns to the request of identity authentication result, including:
Certification request parameter is obtained from the ID authentication request, the certification request parameter includes request time interval;
Identity authentication result is returned according to authentication platform described in the timing request of the request time interval.
6. method as claimed in claim 5, which is characterized in that the certification request parameter further include allow request number of times or Allow that time delay, described identified to authentication platform initiation according to the requested service is waited for again return to identity authentication result It asks, further includes:
During the timing request, if the permission request number of times or allow wait for time delay have reached, will instruction The identity authentication result of authentication failure is sent to the client.
7. such as claim 1 to 6 any one of them method, which is characterized in that the method further includes:
If the identity authentication result instruction authentication is completed, the body of authentication success or failure will be indicated Part authentication result is sent to the client.
8. a kind of identification authentication system is applied to agency service end, which is characterized in that including:
Certification request receiving module, the ID authentication request initiated according to identity information to be certified for receiving client;
Authentication result receiving module, for by the identity information to be certified in the ID authentication request be sent to authentication platform into Row authentication, and receive the identity authentication result that the authentication platform returns;If identity authentication result indicates authentication It not yet completes, then authentication result is notified to return to module;
The authentication result returns to module, for asking the authentication platform to again return to identity authentication result.
9. a kind of identification authentication system, which is characterized in that including:
Processor;And
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by the processor The identity identifying method as described in any one of claim 1 to 7 is realized when row.
10. a kind of computer readable storage medium, which is characterized in that be stored thereon with computer program, the computer program The identity identifying method as described in any one of claim 1 to 7 is realized when being executed by processor.
CN201810251246.4A 2018-03-26 2018-03-26 Identity authentication method and device Active CN108809927B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810251246.4A CN108809927B (en) 2018-03-26 2018-03-26 Identity authentication method and device
PCT/CN2018/101566 WO2019184206A1 (en) 2018-03-26 2018-08-21 Identity authentication method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810251246.4A CN108809927B (en) 2018-03-26 2018-03-26 Identity authentication method and device

Publications (2)

Publication Number Publication Date
CN108809927A true CN108809927A (en) 2018-11-13
CN108809927B CN108809927B (en) 2021-02-26

Family

ID=64095446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810251246.4A Active CN108809927B (en) 2018-03-26 2018-03-26 Identity authentication method and device

Country Status (2)

Country Link
CN (1) CN108809927B (en)
WO (1) WO2019184206A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112260981A (en) * 2019-07-22 2021-01-22 北京明华联盟科技有限公司 Identity authentication method, device, system and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591047A (en) * 2021-08-04 2021-11-02 吉林亿联银行股份有限公司 User identity identification method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1881876A (en) * 2005-06-17 2006-12-20 华为技术有限公司 Method for carrying out authentication on nomadism user
CN101127625A (en) * 2006-08-18 2008-02-20 华为技术有限公司 A system and method for authorizing access request
CN101697529A (en) * 2009-10-28 2010-04-21 北京星网锐捷网络技术有限公司 Method, device and system for treating authentication message
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
US20150120581A1 (en) * 2013-10-25 2015-04-30 Housl Pty Ltd Computer implemented frameworks and methodologies configured to enable processing and management of data relating to lease applications
US20150288719A1 (en) * 2014-04-03 2015-10-08 Palo Alto Research Center Incorporated Portable Proxy For Security Management And Privacy Protection And Method Of Use
CN105049274A (en) * 2014-04-29 2015-11-11 Ls产电株式会社 Power system
CN105741115A (en) * 2014-12-11 2016-07-06 中国电信股份有限公司 Payment authentication method, device and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662458A (en) * 2008-08-28 2010-03-03 西门子(中国)有限公司 Authentication method
CN102685093B (en) * 2011-12-08 2015-12-09 陈易 A kind of identity authorization system based on mobile terminal and method
CN102638472B (en) * 2012-05-07 2015-04-15 杭州华三通信技术有限公司 Portal authentication method and equipment
CN106817347A (en) * 2015-11-27 2017-06-09 中兴通讯股份有限公司 Third-party application authentication method, certificate server, terminal and management server

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1881876A (en) * 2005-06-17 2006-12-20 华为技术有限公司 Method for carrying out authentication on nomadism user
CN101127625A (en) * 2006-08-18 2008-02-20 华为技术有限公司 A system and method for authorizing access request
CN101697529A (en) * 2009-10-28 2010-04-21 北京星网锐捷网络技术有限公司 Method, device and system for treating authentication message
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
US20150120581A1 (en) * 2013-10-25 2015-04-30 Housl Pty Ltd Computer implemented frameworks and methodologies configured to enable processing and management of data relating to lease applications
US20150288719A1 (en) * 2014-04-03 2015-10-08 Palo Alto Research Center Incorporated Portable Proxy For Security Management And Privacy Protection And Method Of Use
CN105049274A (en) * 2014-04-29 2015-11-11 Ls产电株式会社 Power system
CN105741115A (en) * 2014-12-11 2016-07-06 中国电信股份有限公司 Payment authentication method, device and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112260981A (en) * 2019-07-22 2021-01-22 北京明华联盟科技有限公司 Identity authentication method, device, system and storage medium

Also Published As

Publication number Publication date
WO2019184206A1 (en) 2019-10-03
CN108809927B (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN109088889B (en) SSL encryption and decryption method, system and computer readable storage medium
CN106357649B (en) User identity authentication system and method
US8112787B2 (en) System and method for securing a credential via user and server verification
WO2017186005A1 (en) Method, server, and terminal for cloud desktop authentication
CN107040513B (en) Trusted access authentication processing method, user terminal and server
US9166975B2 (en) System and method for secure remote access to a service on a server computer
CN108092776A (en) A kind of authentication server and authentication token
US8527762B2 (en) Method for realizing an authentication center and an authentication system thereof
TW201706900A (en) Method and device for authentication using dynamic passwords
US9154304B1 (en) Using a token code to control access to data and applications in a mobile platform
CN112543166B (en) Real name login method and device
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN111783068A (en) Device authentication method, system, electronic device and storage medium
US20080181401A1 (en) Method of Establishing a Secure Communication Link
CA2914426A1 (en) Method for authenticating a user, corresponding server, communications terminal and programs
CN112953970A (en) Identity authentication method and identity authentication system
CN112311543B (en) GBA key generation method, terminal and NAF network element
CN106790285A (en) A kind of Session state reuse method and device
KR20230145009A (en) Single sign on authentication method and system based on terminal using dynamic token generation agent
JP2016536678A (en) Network management security authentication method, apparatus, system, and computer storage medium
CN108632271A (en) Identity identifying method and device
CN113411187A (en) Identity authentication method and system, storage medium and processor
CN108809927A (en) Identity identifying method and device
CN117336092A (en) Client login method and device, electronic equipment and storage medium
CN108292997B (en) Authentication control system and method, server device, client device, authentication method, and recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant