CN108809927A - Identity identifying method and device - Google Patents
Identity identifying method and device Download PDFInfo
- Publication number
- CN108809927A CN108809927A CN201810251246.4A CN201810251246A CN108809927A CN 108809927 A CN108809927 A CN 108809927A CN 201810251246 A CN201810251246 A CN 201810251246A CN 108809927 A CN108809927 A CN 108809927A
- Authority
- CN
- China
- Prior art keywords
- authentication
- identity
- request
- platform
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Abstract
The present invention relates to a kind of identity identifying method and device, the identity identifying method includes:Agency service end receives the ID authentication request that client is initiated according to identity information to be certified;Identity information to be certified in the ID authentication request is sent to authentication platform and carries out authentication, and receives the identity authentication result that the authentication platform returns;If identity authentication result instruction authentication is not yet completed, the authentication platform is asked to again return to identity authentication result.Solve the problems, such as that flow for authenticating ID is excessively complicated in the prior art, is effectively improved authentication efficiency using identity identifying method provided by the present invention and device.
Description
Technical field
The present invention relates to identity identifying technology field more particularly to a kind of identity identifying methods and device.
Background technology
With the development of Internet technology, more and more online retailing platforms provide service to the user, for example, user can
To buy product by online retailing platform, the sending with charge free of the product, after sale etc. is responsible for by online retailing platform, greatly for
Providing convenience property of family.
In order to ensure the safety of product sale, online retailing platform, which usually requires the identity progress identity to user, to be recognized
Card.Flow for authenticating ID includes:User submits identity information to be certified, online retailing platform to be waited for according to this to online retailing platform
Authenticating identity information initiates ID authentication request to authentication platform, and receives the identity authentication result of authentication platform return, for
User inquires.
If user inquires authentication and not yet completes, request online retailing platform is initiated into body to authentication platform again
Part certification request, until user inquires authentication success or failure.
It repeatedly interacts, and needs it follows that existing in above-mentioned flow for authenticating ID, between online retailing platform and user
Multiple ID authentication request is initiated to authentication platform, the flow for authenticating ID that this is bound to cause online retailing platform is excessively multiple
It is miscellaneous, and lead to authentication inefficiency.
Invention content
In order to solve the above-mentioned technical problem, it is an object of the present invention to provide a kind of identity identifying method and devices.
Wherein, the technical solution adopted in the present invention is:
On the one hand, a kind of identity identifying method, including:Agency service end receive client according to identity information to be certified and
The ID authentication request of initiation;Identity information to be certified in the ID authentication request is sent to authentication platform and carries out identity
Certification, and receive the identity authentication result that the authentication platform returns;If identity authentication result indicates that authentication is not yet complete
At then asking the authentication platform to again return to identity authentication result.
In one exemplary embodiment, the agency service end receives client and is initiated according to identity information to be certified
ID authentication request, including:Transmission port of the extraction for establishing transmission connection with the client from translation profile;
The transmission port is monitored, transmission connection is established by monitoring and the client of the transmission port;Pass through the institute of foundation
It states transmission connection and receives the ID authentication request from the client.
In one exemplary embodiment, the identity information to be certified by the ID authentication request is sent to certification
Platform carries out authentication, and receives the identity authentication result that the authentication platform returns, including:From the ID authentication request
In obtain identity ciphering information;Identity ciphering information is sent to the authentication platform;Decryption is waited for by the authentication platform
Authenticating identity information carries out authentication, obtains the identity authentication result that the authentication platform returns, the decryption it is to be certified
Identity information is that the authentication platform is decrypted to obtain to the identity ciphering information.
In one exemplary embodiment, if identity authentication result instruction authentication is not yet completed, institute is asked
It states authentication platform and again returns to identity authentication result, including:If the identity authentication result instruction authentication is not yet completed,
Requested service mark is then obtained from the ID authentication request;It is identified to the authentication platform and is initiated according to the requested service
Again return to the request of identity authentication result.
In one exemplary embodiment, described identified to authentication platform initiation according to the requested service again returns to
The request of identity authentication result, including:Certification request parameter, the certification request parameter are obtained from the ID authentication request
Including request time interval;Identity authentication result is returned according to authentication platform described in the timing request of the request time interval.
In one exemplary embodiment, the certification request parameter further includes when allowing request number of times or allowing to wait for
Prolong, it is described that the request for initiating to again return to identity authentication result to the authentication platform is identified according to the requested service, also wrap
It includes:During the timing request, if the permission request number of times or allow wait for time delay have reached, will indicate
The identity authentication result of authentication failure is sent to the client.
In one exemplary embodiment, the method further includes:If the identity authentication result instruction authentication is
It completes, then the identity authentication result for indicating authentication success or failure is sent to the client.
On the other hand, a kind of identification authentication system is applied to agency service end, including:Certification request receiving module, is used for
Receive the ID authentication request that client is initiated according to identity information to be certified;Authentication result receiving module, being used for will be described
Identity information to be certified in ID authentication request is sent to authentication platform and carries out authentication, and receives the authentication platform and return
The identity authentication result returned;If identity authentication result instruction authentication is not yet completed, authentication result is notified to return to module.
The authentication result returns to module, for asking the authentication platform to again return to identity authentication result.
In one exemplary embodiment, the certification request receiving module includes:Port acquiring unit, for matching from transmission
Transmission port of the extraction for establishing transmission connection with the client in file is set, is prestored in the translation profile
According to the transmission port that specified rule is client configuration;Connection establishment unit is led to for monitoring the transmission port
It crosses the monitoring of the transmission port and the client establishes transmission connection;Request reception unit, for described by what is established
Transmission connection receives the ID authentication request from the client.
In one exemplary embodiment, the authentication result receiving module includes:Information acquisition unit is used for from the body
Identity ciphering information is obtained in part certification request;Information transmitting unit, for sending identity ciphering information to the authentication platform;
As a result acquiring unit, for by the authentication platform to the progress authentication of the identity information to be certified of decryption, described in acquisition
The identity authentication result that authentication platform returns, the identity information to be certified of the decryption is that the authentication platform adds the identity
What confidential information was decrypted.
In one exemplary embodiment, the authentication result return module includes:Mark acquiring unit is used for from the body
Requested service mark is obtained in part certification request, the requested service mark is for identifying the ID authentication request;Request hair
Unit is played, for identifying the request for again returning to identity authentication result to authentication platform initiation according to the requested service,
So that the identity authentication result again returned to corresponds to the ID authentication request of requested service mark unique mark.
In one exemplary embodiment, the request initiating cell includes:Parameter acquiring subelement is used for from the identity
Certification request parameter is obtained in certification request, the certification request parameter includes request time interval;Timing request subelement is used
According to authentication platform return identity authentication result described in the timing request of the request time interval.
In one exemplary embodiment, the certification request parameter further includes when allowing request number of times or allowing to wait for
Prolong, the request initiating cell further includes:Failure result feeds back subelement, is used for during the timing request, if institute
Stating allows request number of times or allows that time delay is waited for have reached, then sends the identity authentication result for indicating authentication failure
To the client.
In one exemplary embodiment, the identification authentication system further includes:As a result feedback module, if being used for the body
Part authentication result instruction authentication is completed, then the identity authentication result that will indicate authentication success or failure is sent
To the client.
On the other hand, a kind of identification authentication system, including processor and memory are stored with computer on the memory
Readable instruction, the computer-readable instruction realize identity identifying method as described above when being executed by the processor.
On the other hand, a kind of computer readable storage medium is stored thereon with computer program, the computer program quilt
Processor realizes identity identifying method as described above when executing.
In the above-mentioned technical solutions, the body that client is initiated according to identity information to be certified is received by agency service end
Part feature request, to carry out authentication according to the identity information request authentication platform to be certified in ID authentication request, in turn
The identity authentication result that authentication platform returns is received, and when identity authentication result instruction authentication is not yet completed, request is recognized
Card platform again returns to identity authentication result, that is to say, that is added between authentication platform in online retailing platform (client)
Agency service end carries out the more of identity authentication result return by agency service end agency network sales platform to authentication platform
Request is played, the multiple interaction between online retailing platform and user is avoided with this so that online retailing platform only needs initiation one
Secondary ID authentication request avoids the flow for authenticating ID of online retailing platform excessively complicated, is effectively improved authentication effect
Rate.
It should be understood that above general description and following detailed description is only exemplary and explanatory, not
It can the limitation present invention.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention
Example, and in specification together principle for explaining the present invention.
Fig. 1 is the schematic diagram according to implementation environment according to the present invention.
Fig. 2 is a kind of hardware block diagram of server-side shown according to an exemplary embodiment.
Fig. 3 is a kind of flow chart of identity identifying method shown according to an exemplary embodiment.
Fig. 4 be in Fig. 3 corresponding embodiments step 310 in the flow chart of one embodiment.
Fig. 5 be in Fig. 3 corresponding embodiments step 330 in the flow chart of one embodiment.
Fig. 6 be in Fig. 3 corresponding embodiments step 350 in the flow chart of one embodiment.
Fig. 7 be in Fig. 6 corresponding embodiments step 353 in the flow chart of one embodiment.
Fig. 8 is a kind of block diagram of identification authentication system shown according to an exemplary embodiment.
Through the above attached drawings, it has been shown that the specific embodiment of the present invention will be hereinafter described in more detail, these attached drawings
It is not intended to limit the scope of the inventive concept in any manner with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate idea of the invention.
Specific implementation mode
Here will explanation be executed to exemplary embodiment in detail, the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent and the consistent all embodiments of the present invention.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects being described in detail in claims, of the invention.
As previously mentioned, if user inquires authentication and not yet completes, by request online retailing platform again to certification
Platform initiates ID authentication request, to judge whether authentication is completed according to the identity authentication result received again.
From the foregoing, it will be observed that for online retailing platform, existing flow for authenticating ID is excessive because existing between user
Interaction, there is also excessively complicated problems, and then lead to authentication inefficiency.
For this purpose, spy of the present invention proposes a kind of identity identifying method, it can effectively simplify the identity of online retailing platform
Identifying procedure only needs to initiate one-time identity authentication request, to be conducive to improve authentication efficiency.
This kind of identity identifying method is realized by computer program, corresponding, and constructed identification authentication system can
It is stored in the electronic equipment that framework has von Neumann system, to be executed in the electronic equipment, and then realizes authentication.
Fig. 1 is a kind of schematic diagram of the implementation environment involved by identity identifying method.The implementation environment includes authentication
System, the identity authorization system include client 100, agency service end 200 and authentication platform 300.
Wherein, client 100 is online retailing platform, can run on desktop computer, laptop, tablet computer, intelligence
Energy mobile phone or other electronic equipments that can be interacted with agency service end 200, herein without limiting.
Agency service end 200 pre-establishes the communication connection between authentication platform 300, and by communicate to connect realize with
300 data transmission between authentication platform.For example, data transmission includes sending identity information to be certified to authentication platform 300, connecing
Receive the identity authentication result that authentication platform 300 returns.
As shown in Figure 1, by being separately operable in multiple visitors of desktop computer 110, laptop 130, smart mobile phone 150
Interaction between family end 100 and agency service end 200, multiple client 100 will initiate authentication to agency service end 200
Request, 200 proxy requests authentication platform 300 of request agency server-side carry out authentication.
For agency service end 200, corresponding to client 100 be mostly magnanimity, will be incessantly
The identity information to be certified in 100 initiated ID authentication request of each client is received, 300 generation of authentication platform is sent to this
It manages each client 100 and carries out authentication, and receive the identity authentication result of the return of authentication platform 300, in identity authentication result
When instruction authentication is completed, identity authentication result is fed back into client 100, for inquiry.
Wherein, for the magnanimity ID authentication request received, agency service end 200 will store in translation profile
The transmission port configured by each client 100, in order to be able to pass through identical or different biography between each client 100
Transmission connection is established in defeated port.
And for again returning to the magnanimity of identity authentication result and asking, agency service end 200 then can be according to the time
Sequentially, the modes such as priority, queue carry out successively.
It should be noted that according to actual operation demand, agency service end 200 can be a server, can also
It is the server cluster being made of multiple servers, to handle the magnanimity ID authentication request that magnanimity client 100 is initiated,
This is not limited.
Authentication platform 300 carries out authentication for treating authenticating identity information, in an embodiment in the specific implementation, waiting for
Authenticating identity information includes identification card number, and correspondingly, authentication platform 300 is by main account Verification System and external authentication system (example
Such as public security department's Verification System) it constitutes.Wherein, main account Verification System is under the jurisdiction of together with agency service end 200, client 100
One online retailing trade company.More preferably, the multiple product that main account Verification System is sold for the online retailing trade company provides identity
Authentication service.And agency service end 200 corresponds only to a kind of product that the online retailing trade company is sold.
Specifically, for same product, identity information to be certified will be forwarded to main account by corresponding agency service end 200
Family Verification System.
For different product, the identity information to be certified received by it is sent to external authentication by main account Verification System
System, and carry out eventually by external authentication system the authentication of identity information to be certified.
As a result, by the multiple forwarding of identity information to be certified, be advantageously implemented identity authorization system high availability and
Load balancing, and then be conducive to improve authentication efficiency.
Fig. 2 is a kind of hardware block diagram at agency service end shown according to an exemplary embodiment.It needs to illustrate
It is that the agency service end is an example for adapting to the present invention, must not believe that there is provided the use scopes to the present invention
Any restrictions.The agency service end can not be construed to need to rely on or must have shown in Figure 2 illustrative
One or more component in agency service end 200.
The hardware configuration at the agency service end 200 can generate larger difference due to the difference of configuration or performance, such as Fig. 2
Shown, agency service end 200 includes:Power supply 210, interface 230, at least a memory 250 and an at least central processing unit
(CPU, Central Processing Units) 270.
Wherein, power supply 210 is used to provide operating voltage for each hardware device on agency service end 200.
Interface 230 includes an at least wired or wireless network interface 231, at least a string and translation interface 233, at least one defeated
Enter output interface 235 and at least USB interface 237 etc., is used for and external device communication.
The carrier that memory 250 is stored as resource can be read-only memory, random access memory, disk or CD
Deng the resource stored thereon includes operating system 251, application program 253 and data 255 etc., and storage mode can be of short duration
It stores or permanently stores.Wherein, operating system 251 be used for manage and control agent server-side 200 on each hardware device with
And application program 253 can be Windows to realize calculating and processing of the central processing unit 270 to mass data 255
ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..Application program 253 be based on operating system 251 it
The upper computer program for completing at least one particular job, may include an at least module (being not shown in Fig. 2), each module
The series of computation machine readable instruction to agency service end 200 can be separately included.Data 255 can be stored in disk
In photo, picture etc..
Central processing unit 270 may include the processor of one or more or more, and be set as through bus and memory
250 communications, for operation and the mass data 255 in processing memory 250.
As described in detail above, being applicable in the agency service end 200 of the present invention will be deposited by the reading of central processing unit 270
The form of the series of computation machine readable instruction stored in reservoir 250 completes identity identifying method.
In addition, also can equally realize the present invention by hardware circuit or hardware circuit combination software, therefore, this hair is realized
The bright combination for being not limited to any specific hardware circuit, software and the two.
Referring to Fig. 3, in one exemplary embodiment, a kind of identity identifying method is suitable for implementation environment shown in Fig. 1
The structure at agency service end, the agency service end can be as shown in Figure 2.
This kind of identity identifying method can be executed by agency service end, may comprise steps of:
Step 310, agency service end receives the ID authentication request that client is initiated according to identity information to be certified.
Identity information to be certified, the identity for uniquely identifying user is in the form of digital information to user's
Identity is accurately described.For example, identity information to be certified includes but not limited to:ID card No., passnumber, login
Account etc..
It is appreciated that user is different, identity information to be certified also different from.For this purpose, in the present embodiment, by be certified
Identity information carries out authentication to the identity of user, i.e., is initiated from client to agency service end according to identity information to be certified
ID authentication request.
For client, an entrance for submitting identity information to be certified will be provided to the user, when needing to user
Identity when carrying out authentication, user can be by triggering corresponding operation in the entrance so that client, which obtains, to wait recognizing
Demonstrate,prove identity information.
For example, entrance provides an input dialogue frame in the page by client, when user is in the input dialogue frame
When inputting identity information to be certified, client will be correspondingly made available identity information to be certified according to the input of user.Wherein, it inputs
Operation is the operation that user triggers to submit identity information to be certified in the entrance.
Further, client can also have the identity information to be certified after obtaining identity information to be certified
Effect property is verified, and is avoided flow for authenticating ID from being initiated by mistake, is ensured the success rate of follow-up authentication with this, be also beneficial to
Improve the efficiency of authentication.
For example, identity information to be certified is ID card No., then validity check includes but not limited to verify identification card number
The digit of code.If the digit of ID card No. is 18, ID card No. is legal, passes through validity check.
That is, only when identity information to be certified is effective, just ID authentication request is sent to agency service end.Wherein,
ID authentication request treats authenticating identity information and carries out message encapsulation and generate.
For agency service end, after client initiates ID authentication request, it just can receive the identity and recognize
Card request.
Step 330, the identity information to be certified in ID authentication request is sent to authentication platform and carries out authentication, and
Receive the identity authentication result that authentication platform returns.
As previously mentioned, ID authentication request, treats authenticating identity information progress message and encapsulates to be formed, it is understood that
To carry identity information to be certified in ID authentication request.
Therefore, ID authentication request is received when acting on behalf of server-side, it just can be according to be certified in ID authentication request
Identity information request authentication platform carries out authentication.
Authentication, refer in authentication platform, according to identity information to be certified carry out matched and searched, if there is with wait for
The identity information that authenticating identity information is mutually matched, then authentication success, whereas if being not present and identity information to be certified
The identity information being mutually matched, then authentication fail.
It should be appreciated that agency service end send out request after will not infinitely wait for, in order to ensure ask responsiveness, no matter certification
Whether platform finds the identity information being mutually matched with identity information to be certified, all will return identity authentication result to act on behalf of clothes
Business end.
May include such as Types Below for the identity authentication result received by agency service end based on this:For referring to
Show identity authentication result that authentication not yet completes, be used to indicate the successful identity authentication result of authentication and be used for
Indicate the identity authentication result of authentication failure.
If identity authentication result instruction authentication is completed, agency service end will indicate authentication and be completed
Identity authentication result be sent to client, for example, the successful identity authentication result of instruction authentication or instruction identity are recognized
Demonstrate,prove the identity authentication result of failure.
If identity authentication result instruction authentication is not yet completed, 350 are gone to step.
Step 350, if identity authentication result instruction authentication is not yet completed, authentication platform is asked to again return to body
Part authentication result.
That is, when authentication is not yet completed, active request authentication platform is again returned to identity by agency service end
Authentication result, extends the authenticated time of authentication platform with this, and then is conducive to authentication platform and has returned to instruction authentication
The identity authentication result of completion, to avoid client from initiating ID authentication request again because authentication is not yet completed.
By process as described above, for agency service end, the body that a client is initiated can be only received
Part certification request, and when identity authentication result instruction identity is not yet completed, will actively body be returned to authentication platform initiation is multiple
The request of part authentication result, avoids the multiple interaction between client and user with this, simplifies the authentication stream of client
Journey, and then it is effectively improved authentication efficiency.
Referring to Fig. 4, in one exemplary embodiment, step 310 may comprise steps of:
Step 311, transmission port of the extraction for establishing transmission connection with client from translation profile.
Illustrate first, translation profile is stored in agency service end, is used for control agent server-side and client
Establishment of connection is transmitted between end.The translation profile includes the identity that agency service end is initiated for reception client
Certification request and the transmission port configured.It is also understood that having been prestored in translation profile and being according to specified rule
The transmission port of client configuration.Wherein, specified rule can be random, can also be and be incremented by according to the port numbers of transmission port
Or successively decrease etc., it is not limited herein.
The ID authentication request that agency service end is received is magnanimity, for this purpose, the configuration of transmission port can be directed to
Each client carries out respectively, can also be that multiple client is shared, herein without limiting.
What is remarked additionally herein is, it is assumed that multiple client shares the same transmission port, if multiple client is sent out
It plays ID authentication request and receives what multiple client was initiated successively sequentially in time then for agency service end
ID authentication request, and then ensure that conflict is not present in receive process.
Secondly, transmission port is written in translation profile in deploying client.That is, deployment client
When end, in order to which client can carry out data transmission with agency service end, will be client configure a transmission port in order to
Agency service end transmission data, correspondingly, agency service end by according to the transmission port configured by client its own into
Row transmission port configures.
In an embodiment in the specific implementation, transmission port refers to meeting the port of ICP/IP protocol, corresponding port
Number range is 0~65535.Further, since the port corresponding to port numbers 0~1023 can not usually dynamically distribute,
Using the port of port numbers 1024~65535 as the transmission port for establishing transmission connection with client.
It, can be in the transmission port that translation profile is stored after acting on behalf of server-side starting up based on this
The middle transmission port obtained as client configuration, and then subsequently through the transmission port is monitored company is being transmitted with client
The foundation connect.
Step 313, transmission port is monitored, transmission connection is established by monitoring and the client of transmission port.
Wherein, agency service end can complete after the extraction for completing transmission port according to the monitoring of this transmission port
Establishment of connection is transmitted between client.
Step 315, it is connected from client by the transmission of foundation and receives ID authentication request.
Under the action of above-described embodiment, building for connection is transmitted between agency service end and client by transmission port
It is vertical to provide enforceable precondition, and then realize the data transmission between agency service end and client, i.e. authentication
The reception of request.
Referring to Fig. 5, in one exemplary embodiment, step 330 may comprise steps of:
Step 331, identity ciphering information is obtained from ID authentication request.
In order to avoid identity information to be certified is attacked by from internet, the biography for ensureing identity information to be certified is needed
Therefore defeated safety for client, before generating ID authentication request, will be treated authenticating identity information and be added
It is close, so as to carry encrypted identity information to be certified in ID authentication request.
The modes such as cipher mode, including but not limited to algorithm for encryption, digital certificate encryption, digital signature encryption, Ke Yigen
The difference of security requirement is flexibly set according to practical application scene, is not limited herein.
For example, client calculates the initial data abstract of identity information to be certified using data summarization algorithm, goes forward side by side
Row Base64 code conversions, form the data summarization of identity information to be certified.
Using the data summarization for the private key encryption identity information to be certified that authentication platform is provided, identity letter to be certified is generated
The digital signature of breath completes the encryption of identity information to be certified with this.
The encryption of identity information to be certified to be done, client just will contain identity information to be certified and its digital signature
Identity ciphering Information encapsulation to message, thus generate ID authentication request.
Based on above-mentioned, agency service end just can be by obtaining identity ciphering information, and by the identity in ID authentication request
Encryption information is forwarded to authentication platform, and request authentication platform carries out authentication.Wherein, identity ciphering information includes body to be certified
Part information and its digital signature.
Step 333, identity ciphering information is sent to authentication platform.
Step 335, authentication is carried out to the identity information to be certified of decryption by authentication platform, obtains authentication platform and returns
The identity authentication result returned.
Wherein, the identity information to be certified of decryption is that authentication platform is decrypted to obtain to identity ciphering information.
Specifically, the ciphering process carried out relative to client, authentication platform treat authenticating identity according to public key first
The digital signature of information is decrypted, and thus obtains the data summarization of identity information to be certified.Wherein, public key is carried out with client
The private key used when encryption is a pair of, is that authentication platform encrypts institute to Third Party Authentication mechanism in order to carry out identity information to be certified
What application obtained.
Then, authentication platform calculates the initial data abstract of identity information to be certified using data summarization algorithm, and carries out
Base64 code conversions obtain the data summarization of identity information to be certified.
Finally, the data summarization that decryption obtains is compared with the data summarization being calculated, if the two is consistent,
Think identity information to be certified and be not affected by rogue attacks, and then complete the decryption of identity information to be certified, is subsequent identity
Certification provides foundation, that is, the identity information to be certified decrypted.
Under the cooperation of above-described embodiment, by treating the encryption of authenticating identity information, authenticating identity letter is either treated
Breath is modified, or is modified to digital signature, can not all complete to decrypt, and then has fully ensured identity letter to be certified
The safety for ceasing transmission, is effectively prevented from identity information to be certified and is attacked by from internet.
Referring to Fig. 6, in one exemplary embodiment, step 350 may comprise steps of:
Step 351, it if identity authentication result instruction authentication is not yet completed, obtains and asks from ID authentication request
Seek service identification.
Step 353, the request for initiating to again return to identity authentication result to authentication platform is identified according to requested service.
It should be appreciated that no matter agency service end request authentication platform return identity authentication result number how much, all will be
For the same ID authentication request, in other words, different identity certification request, the authentication knot that authentication platform is returned
Fruit is different, the performance level of authentication also different from.For example, the identity authentication result corresponding to some ID authentication requests
Instruction authentication is completed, and identity authentication result instruction authentication corresponding to some ID authentication requests is not yet completed.
The request that the identity authentication result that agency service end is initiated to authentication platform as a result, returns will be according to requested service
Mark carries out so that the identity authentication result that authentication platform again returns to is the identity for requested service mark institute unique mark
Certification request.
Wherein, requested service identifies, for uniquely identifying ID authentication request.For example, requested service identifies A, uniquely
Ground identifies ID authentication request A.Further, requested service identifies, and is that client accordingly generates when generating ID authentication request
, and be packaged into generated ID authentication request.
By the above process, the identity authentication result corresponding to ID authentication request is correctly returned for authentication platform to provide
Foundation, and then ensure that the correctness of authentication.
Referring to Fig. 7, in one exemplary embodiment, step 353 may comprise steps of:
Step 3531, certification request parameter is obtained from ID authentication request.
Wherein, certification request parameter includes request time interval.
Step 3533, identity authentication result is returned to according to request time interval timing request authentication platform.
Timing request sends the request for returning to identity authentication result, twice according to request time interval to authentication platform
Sending time difference between request is request time interval.
It under the action of above-described embodiment, avoids the transmission request of agency service end excessively frequent, advantageously reduces agency's clothes
The task processing pressure at business end, and then improve the task treatment effeciency at agency service end.
In addition, for authentication platform, due to identity authentication result and non-instant acquirement, pass through request time interval
Setting is beneficial to authentication platform and carries out authentication with the sufficient time, and then is conducive to authentication platform and returns to instruction identity
The completed identity authentication result of certification.
Further, in one exemplary embodiment, certification request parameter further includes allowing request number of times or allowing
Wait for time delay.
Correspondingly, step 353 can also include the following steps:
During timing request, if allowing request number of times or allowing that time delay is waited for have reached, body will be indicated
The identity authentication result of part authentification failure is sent to client.
That is, in timing request process, if identity authentication result instruction authentication is completed, just directly by body
Part authentication result is back to client.
If allowing request number of times (such as 2 times) or allowing that time delay (such as 5 seconds) is waited for have reached, and authentication knot
Fruit still indicates that authentication is not yet completed, then agency service end judges that this authentication fails, and then will indicate identity
The identity authentication result of authentification failure feeds back to client.
Allow request number of times by setting or allow to wait for time delay, avoids client nothing after initiating ID authentication request
Limit waits for identity authentication result, is conducive to improve request responsiveness, and then improves the authentication experience of user.
Certainly, allow request number of times or allow to wait for time delay, it can be according to practical application scene to request responsiveness
Tolerance is neatly adjusted, and is not limited herein.
Supplementary explanation, certification request parameter can also be what tester set according to authentication test result,
It can also be configured according to the actual demand of itself by user, herein also without limiting.
For example, when client is run, the entrance of certification request parameter configuration will be provided to the user, recognized when user needs to configure
Required parameter is demonstrate,proved, it can be by triggering the configuration that corresponding operation is authenticated required parameter in the entrance.
Following is apparatus of the present invention embodiment, can be used for executing identity identifying method according to the present invention.For this
Undisclosed details in invention device embodiment, please refers to the embodiment of the method for identity identifying method according to the present invention.
Referring to Fig. 8, in one exemplary embodiment, a kind of identification authentication system 500 includes but not limited to:Certification request
Receiving module 510, authentication result receiving module 530 and authentication result return to module 550.
Wherein, certification request receiving module 510 is for receiving the identity that client is initiated according to identity information to be certified
Certification request.
Authentication result receiving module 530 is used to the identity information to be certified in ID authentication request being sent to authentication platform
Authentication is carried out, and receives the identity authentication result of authentication platform return.If identity authentication result indicates authentication still
It does not complete, then authentication result is notified to return to module.
Authentication result returns to module 550 for asking authentication platform to again return to identity authentication result.
It should be noted that the identification authentication system that above-described embodiment is provided is when carrying out authentication processing, only with
The division progress of above-mentioned each function module, can be as needed and by above-mentioned function distribution by not for example, in practical application
Same function module is completed, i.e., the internal structure of identification authentication system will be divided into different function modules, to complete above retouch
The all or part of function of stating.
In addition, the embodiment of identification authentication system and identity identifying method that above-described embodiment is provided belongs to same structure
Think, wherein modules execute the concrete mode operated and are described in detail in embodiment of the method, no longer superfluous herein
It states.
The above, only preferable examples embodiment of the invention, are not intended to limit embodiment of the present invention, this
Field those of ordinary skill central scope according to the present invention and spirit can be carried out very easily corresponding flexible or repaiied
Change, therefore protection scope of the present invention should be subject to the protection domain required by claims.
Claims (10)
1. a kind of identity identifying method, which is characterized in that including:
Agency service end receives the ID authentication request that client is initiated according to identity information to be certified;
Identity information to be certified in the ID authentication request is sent to authentication platform and carries out authentication, and described in reception
The identity authentication result that authentication platform returns;
If identity authentication result instruction authentication is not yet completed, the authentication platform is asked to again return to authentication knot
Fruit.
2. the method as described in claim 1, which is characterized in that the agency service end receives client according to identity to be certified
Information and the ID authentication request initiated, including:
Transmission port of the extraction for establishing transmission connection with the client from translation profile, the transmission configuration text
It has been prestored in part according to the transmission port that specified rule is client configuration;
The transmission port is monitored, transmission connection is established by monitoring and the client of the transmission port;
By the transmission connection of foundation the ID authentication request is received from the client.
3. the method as described in claim 1, which is characterized in that the identity to be certified by the ID authentication request is believed
Breath is sent to authentication platform and carries out authentication, and receives the identity authentication result that the authentication platform returns, including:
Identity ciphering information is obtained from the ID authentication request;
Identity ciphering information is sent to the authentication platform;
Authentication is carried out to the identity information to be certified of decryption by the authentication platform, obtains what the authentication platform returned
The identity information to be certified of identity authentication result, the decryption is that the identity ciphering information is decrypted in the authentication platform
It obtains.
4. the method as described in claim 1, which is characterized in that if identity authentication result instruction authentication is not yet complete
At, then ask the authentication platform to again return to identity authentication result, including:
If the identity authentication result instruction authentication is not yet completed, request industry is obtained from the ID authentication request
Business mark, the requested service mark is for identifying the ID authentication request;
The request for initiating to again return to identity authentication result to the authentication platform is identified according to the requested service so that again
The identity authentication result of return corresponds to the ID authentication request of requested service mark unique mark.
5. method as claimed in claim 4, which is characterized in that described to be identified to the authentication platform according to the requested service
Initiation again returns to the request of identity authentication result, including:
Certification request parameter is obtained from the ID authentication request, the certification request parameter includes request time interval;
Identity authentication result is returned according to authentication platform described in the timing request of the request time interval.
6. method as claimed in claim 5, which is characterized in that the certification request parameter further include allow request number of times or
Allow that time delay, described identified to authentication platform initiation according to the requested service is waited for again return to identity authentication result
It asks, further includes:
During the timing request, if the permission request number of times or allow wait for time delay have reached, will instruction
The identity authentication result of authentication failure is sent to the client.
7. such as claim 1 to 6 any one of them method, which is characterized in that the method further includes:
If the identity authentication result instruction authentication is completed, the body of authentication success or failure will be indicated
Part authentication result is sent to the client.
8. a kind of identification authentication system is applied to agency service end, which is characterized in that including:
Certification request receiving module, the ID authentication request initiated according to identity information to be certified for receiving client;
Authentication result receiving module, for by the identity information to be certified in the ID authentication request be sent to authentication platform into
Row authentication, and receive the identity authentication result that the authentication platform returns;If identity authentication result indicates authentication
It not yet completes, then authentication result is notified to return to module;
The authentication result returns to module, for asking the authentication platform to again return to identity authentication result.
9. a kind of identification authentication system, which is characterized in that including:
Processor;And
Memory is stored with computer-readable instruction on the memory, and the computer-readable instruction is held by the processor
The identity identifying method as described in any one of claim 1 to 7 is realized when row.
10. a kind of computer readable storage medium, which is characterized in that be stored thereon with computer program, the computer program
The identity identifying method as described in any one of claim 1 to 7 is realized when being executed by processor.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810251246.4A CN108809927B (en) | 2018-03-26 | 2018-03-26 | Identity authentication method and device |
PCT/CN2018/101566 WO2019184206A1 (en) | 2018-03-26 | 2018-08-21 | Identity authentication method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810251246.4A CN108809927B (en) | 2018-03-26 | 2018-03-26 | Identity authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108809927A true CN108809927A (en) | 2018-11-13 |
CN108809927B CN108809927B (en) | 2021-02-26 |
Family
ID=64095446
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810251246.4A Active CN108809927B (en) | 2018-03-26 | 2018-03-26 | Identity authentication method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108809927B (en) |
WO (1) | WO2019184206A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112260981A (en) * | 2019-07-22 | 2021-01-22 | 北京明华联盟科技有限公司 | Identity authentication method, device, system and storage medium |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113591047A (en) * | 2021-08-04 | 2021-11-02 | 吉林亿联银行股份有限公司 | User identity identification method and device, electronic equipment and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1881876A (en) * | 2005-06-17 | 2006-12-20 | 华为技术有限公司 | Method for carrying out authentication on nomadism user |
CN101127625A (en) * | 2006-08-18 | 2008-02-20 | 华为技术有限公司 | A system and method for authorizing access request |
CN101697529A (en) * | 2009-10-28 | 2010-04-21 | 北京星网锐捷网络技术有限公司 | Method, device and system for treating authentication message |
CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
US20150120581A1 (en) * | 2013-10-25 | 2015-04-30 | Housl Pty Ltd | Computer implemented frameworks and methodologies configured to enable processing and management of data relating to lease applications |
US20150288719A1 (en) * | 2014-04-03 | 2015-10-08 | Palo Alto Research Center Incorporated | Portable Proxy For Security Management And Privacy Protection And Method Of Use |
CN105049274A (en) * | 2014-04-29 | 2015-11-11 | Ls产电株式会社 | Power system |
CN105741115A (en) * | 2014-12-11 | 2016-07-06 | 中国电信股份有限公司 | Payment authentication method, device and system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101662458A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Authentication method |
CN102685093B (en) * | 2011-12-08 | 2015-12-09 | 陈易 | A kind of identity authorization system based on mobile terminal and method |
CN102638472B (en) * | 2012-05-07 | 2015-04-15 | 杭州华三通信技术有限公司 | Portal authentication method and equipment |
CN106817347A (en) * | 2015-11-27 | 2017-06-09 | 中兴通讯股份有限公司 | Third-party application authentication method, certificate server, terminal and management server |
-
2018
- 2018-03-26 CN CN201810251246.4A patent/CN108809927B/en active Active
- 2018-08-21 WO PCT/CN2018/101566 patent/WO2019184206A1/en active Application Filing
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1881876A (en) * | 2005-06-17 | 2006-12-20 | 华为技术有限公司 | Method for carrying out authentication on nomadism user |
CN101127625A (en) * | 2006-08-18 | 2008-02-20 | 华为技术有限公司 | A system and method for authorizing access request |
CN101697529A (en) * | 2009-10-28 | 2010-04-21 | 北京星网锐捷网络技术有限公司 | Method, device and system for treating authentication message |
CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
US20150120581A1 (en) * | 2013-10-25 | 2015-04-30 | Housl Pty Ltd | Computer implemented frameworks and methodologies configured to enable processing and management of data relating to lease applications |
US20150288719A1 (en) * | 2014-04-03 | 2015-10-08 | Palo Alto Research Center Incorporated | Portable Proxy For Security Management And Privacy Protection And Method Of Use |
CN105049274A (en) * | 2014-04-29 | 2015-11-11 | Ls产电株式会社 | Power system |
CN105741115A (en) * | 2014-12-11 | 2016-07-06 | 中国电信股份有限公司 | Payment authentication method, device and system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112260981A (en) * | 2019-07-22 | 2021-01-22 | 北京明华联盟科技有限公司 | Identity authentication method, device, system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2019184206A1 (en) | 2019-10-03 |
CN108809927B (en) | 2021-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109088889B (en) | SSL encryption and decryption method, system and computer readable storage medium | |
CN106357649B (en) | User identity authentication system and method | |
US8112787B2 (en) | System and method for securing a credential via user and server verification | |
WO2017186005A1 (en) | Method, server, and terminal for cloud desktop authentication | |
CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
US9166975B2 (en) | System and method for secure remote access to a service on a server computer | |
CN108092776A (en) | A kind of authentication server and authentication token | |
US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
TW201706900A (en) | Method and device for authentication using dynamic passwords | |
US9154304B1 (en) | Using a token code to control access to data and applications in a mobile platform | |
CN112543166B (en) | Real name login method and device | |
CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
CN111783068A (en) | Device authentication method, system, electronic device and storage medium | |
US20080181401A1 (en) | Method of Establishing a Secure Communication Link | |
CA2914426A1 (en) | Method for authenticating a user, corresponding server, communications terminal and programs | |
CN112953970A (en) | Identity authentication method and identity authentication system | |
CN112311543B (en) | GBA key generation method, terminal and NAF network element | |
CN106790285A (en) | A kind of Session state reuse method and device | |
KR20230145009A (en) | Single sign on authentication method and system based on terminal using dynamic token generation agent | |
JP2016536678A (en) | Network management security authentication method, apparatus, system, and computer storage medium | |
CN108632271A (en) | Identity identifying method and device | |
CN113411187A (en) | Identity authentication method and system, storage medium and processor | |
CN108809927A (en) | Identity identifying method and device | |
CN117336092A (en) | Client login method and device, electronic equipment and storage medium | |
CN108292997B (en) | Authentication control system and method, server device, client device, authentication method, and recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |