CN108848079B

CN108848079B - Method, system, device and computer system for realizing information verification

Info

Publication number: CN108848079B
Application number: CN201810553455.4A
Authority: CN
Inventors: 郭锐; 李茂材; 王宗友; 屠海涛; 孔利; 周开班; 杨常青; 王楠; 丁勇; 时一防
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2018-05-31
Filing date: 2018-05-31
Publication date: 2021-05-11
Anticipated expiration: 2038-05-31
Also published as: CN110460588B; CN110460588A; CN108848079A

Abstract

The invention discloses a method, a system, a device and a computer system for realizing information verification. The method comprises the following steps: obtaining an encrypted abstract of the verified information content, wherein the information is part of key information required to be verified by the terminal; the third party traces to the root node from the leaf node in the corresponding tree structure to obtain an authentication path corresponding to the verification information, and the numerical value corresponding to the leaf node in the tree structure is matched with all the key information; and verifying that the information of the terminal is correctly present in all the key information matched with the tree structure through the authentication path. The process is information verification realized by aiming at the encrypted digest of part of the key information, namely, part of the key information does not exist in a plaintext form, and intervention of all the key information does not exist, so that insecurity that all the key information is leaked does not exist, while a ciphertext form, namely, part of the key information existing in the encrypted digest form does not exist, and the process is carried out by a third party, so that the safety is greatly improved.

Description

Method, system, device and computer system for realizing information verification

Technical Field

The present invention relates to the field of data security technologies, and in particular, to a method, a system, an apparatus, and a computer system for implementing information verification.

Background

With the rapid development of the internet, before performing a network access behavior for a terminal in various service scenarios, certain information verification is often required, and the network access behavior can be performed for the terminal only on the premise of ensuring that the verified information is correct.

The information verification is a process of identifying whether the terminal triggering the network access behavior has the authority, and for the receiving end corresponding to the network access behavior, the receiving end is limited to execute the triggered network access behavior for the terminal with the authority, and the terminal without the authority is rejected by the receiving end.

In the existing information verification implementation, nothing but true information collected by a user is targeted, and when the information provided by a terminal is verified to be true information corresponding to the user, the terminal is determined to have authority.

For example, the real information is a series of information such as a bank card number, a telephone number, and the like owned by an already real-name user.

However, this is actually a setting for tracing the source and facing the real information. For the receiving end, it is only necessary to confirm whether the terminal initiating the network access behavior has the right, and the receiving end is not concerned with the information content.

The realization of the existing information verification inevitably brings the input and the transmission of real information, which also inevitably causes the situation that the information provided by the terminal for information verification is stolen.

Therefore, in the existing information verification, the insecurity that the verified information is leaked, namely all real information is leaked exists, and the realization of information verification is urgently needed to be improved, so that the information safety is improved.

Disclosure of Invention

In order to solve the technical problems that the safety is not high and the information is easy to leak in the information verification implementation of the related technology, the invention provides a method, a system, a device and a computer system for realizing the information verification.

A method of implementing information verification, the method comprising:

initiating information verification on the network access behavior of the terminal to obtain an encrypted abstract of verified information content, wherein the information is part of key information required to be verified by the terminal;

requesting a third party to perform information verification on the terminal for the network access behavior through the encrypted abstract;

the third party performs information verification according to the terminal request, traces a leaf node to a root node in a corresponding tree structure to obtain an authentication path corresponding to the information, and the value corresponding to the leaf node in the corresponding tree structure is matched with all key information required to be verified by the terminal;

and verifying that the information of the terminal is correctly present in all the key information matched with the tree structure through the encrypted abstract by the authentication path.

A method of implementing information verification, the method comprising:

receiving an encrypted abstract sent by a terminal for requesting information verification, wherein the terminal initiates the information verification for the execution of network access behavior, and the encrypted abstract corresponds to part of key information required to be verified by the terminal;

tracing to a root node from a leaf node in a corresponding tree structure to obtain an authentication path corresponding to the information to be verified, wherein the value corresponding to the leaf node in the corresponding tree structure is matched with all key information to be verified of the terminal;

and verifying the information of the terminal for the encrypted abstract through the authentication path, wherein the network access behavior is executed by a corresponding receiving end when the information verification of the terminal passes.

A system for realizing information verification, the system is deployed in a terminal and a third party for performing information verification on the terminal, and the system comprises:

the verification initiating module is used for initiating information verification on the network access behavior of the terminal to obtain an encrypted abstract of verified information content, wherein the information is part of key information required to be verified by the terminal;

the request verification module is used for requesting a third party to verify the information of the terminal for the network access behavior through the encrypted abstract;

the path searching module is used for verifying the information according to the terminal request by a third party, tracing a leaf node to a root node in a corresponding tree structure to obtain an authentication path corresponding to the information, wherein the value corresponding to the leaf node in the corresponding tree structure is matched with all key information required to be verified by the terminal;

and the encrypted abstract verifying module is used for verifying that the information of the terminal is correctly present in all the key information matched with the tree structure for the encrypted abstract through the authentication path by the third party.

In one exemplary embodiment, the authentication initiation module includes:

the instruction receiving unit is used for receiving an information verification instruction of a network access behavior triggered by the terminal;

and the encrypted abstract generating unit is used for generating an encrypted abstract of the corresponding information content according to the information which is indicated to be verified by the information verification instruction.

In one exemplary embodiment, the request verification module includes:

the signature unit is configured at the terminal and is used for executing a signature algorithm on the encrypted digest to obtain a corresponding digital signature;

a request initiating unit configured to the terminal, the request initiating unit being configured to request a receiving end of the network access behavior to verify the digital signature through the digital signature and the encrypted digest;

and the third party request unit is configured at a receiving end of the network access behavior and is used for requesting the third party to carry out information verification on the terminal through the encrypted digest if the digital signature passes the verification.

In one exemplary embodiment, the third party requesting unit is configured to perform:

acquiring an encrypted abstract corresponding to the information to be verified of the terminal and a public key corresponding to a private key held by the terminal;

and initiating an information verification request to a third party for information verification performed by the terminal according to the encrypted abstract and the public key, wherein the information verification request carries the encrypted abstract and the public key.

In an exemplary embodiment, the information verification request carries a timestamp attached by the terminal to the encrypted digest, and the system further includes:

the overtime verification module is configured to the third party and is used for judging whether the information verification performed by the terminal request is overtime or not according to the timestamp carried in the information verification request;

and if the information verification requested by the terminal is overtime, the overtime verification module refuses the information verification requested by the terminal.

In one exemplary embodiment, the request initiation unit is configured to perform:

acquiring a public key corresponding to the held private key;

and sending the public key, the digital signature and the encrypted abstract to a receiving end of the network access behavior so as to request the receiving end to verify the digital signature according to the encrypted abstract by using the public key.

In an exemplary embodiment, the third party configured path search module includes:

a public key obtaining unit, configured to obtain a public key corresponding to a private key held by a terminal through information verification requested by the terminal;

the tree searching unit is used for positioning a corresponding tree structure according to the obtained public key, and the third party stores the public key and the tree structure in an associated manner;

and the path searching unit is used for searching leaf nodes corresponding to the information on the tree structure according to the information required to be verified, and obtaining an authentication path formed by a plurality of nodes from the searched leaf nodes to the root node.

In one exemplary embodiment, the cryptographic digest verification module includes:

a sequence obtaining unit, configured to obtain, from the authentication path, a node value sequence that is traced up to a root node along a leaf node of the tree structure;

the reconstruction unit is used for constructing a corresponding tree structure of the encrypted abstract according to the node value sequence to obtain a numerical value of the encrypted abstract corresponding to a root node on the constructed tree structure;

a comparison verification unit, configured to verify whether a value corresponding to a root node on the constructed tree structure of the encrypted digest is consistent with a node value corresponding to the root node in the node value sequence;

and if the numerical value corresponding to the encrypted abstract is consistent with the node value corresponding to the root node, the comparison verification unit verifies that the information of the terminal is correct.

An apparatus for enabling information verification, the apparatus comprising:

the terminal initiates the information verification for the execution of network access behavior, and the encrypted digest corresponds to part of key information required to be verified by the terminal;

the authentication path obtaining module is used for tracing the corresponding tree structure from the leaf node to the root node to obtain an authentication path corresponding to the information to be verified, and the numerical value corresponding to the leaf node on the corresponding tree structure is matched with all key information to be verified of the terminal;

and the correctness verification module is used for verifying that the information of the terminal is correctly present in all the key information matched with the tree structure for the encrypted abstract through the authentication path, and the network access behavior is executed by a corresponding receiving end when the information verification of the terminal passes.

In an exemplary embodiment, the encrypted digest receiving module is further configured to receive an information verification request sent by a receiving end corresponding to a network access behavior according to information verification requested by a terminal to trigger the network access behavior, where the information verification request carries an encrypted digest of verified information content and a public key corresponding to a private key held by the terminal.

In one exemplary embodiment, the apparatus further comprises:

a public key positioning module for positioning a tree structure according to the public key carried in the information verification request to obtain the tree structure corresponding to the requested verification information,

the tree structures are used for storing the encrypted abstracts corresponding to the information, and each tree structure is stored in association with a unique corresponding public key.

In an exemplary embodiment, the information verification request carries a timestamp attached by the terminal to the encrypted digest, and the apparatus further includes:

the time stamp judging module is used for judging whether the information verification requested by the terminal is overtime according to the time stamp carried in the information verification request;

and if the information verification requested by the terminal is overtime, the timestamp judgment module refuses the information verification requested by the terminal, and the information verification of the terminal fails.

In one exemplary embodiment, the correctness verification module includes:

a node tracing unit, configured to acquire a node value sequence that is traced up to a root node along a leaf node of the tree structure from the authentication path;

the tree reconstruction unit is used for constructing a corresponding tree structure of the encrypted abstract according to the node value sequence to obtain a numerical value of the encrypted abstract corresponding to a root node on the constructed tree structure;

a root node comparison unit, configured to verify whether a value corresponding to a root node on the constructed tree structure of the encrypted digest is consistent with a node value corresponding to the root node in the node value sequence;

and if the numerical value corresponding to the encrypted abstract is consistent with the node value corresponding to the root node, the root node comparison unit verifies that the information of the terminal is correctly present in all the key information matched with the tree structure, and the information verification of the terminal is passed.

A computer system, the computer system comprising:

a processor; and

a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method as previously described.

The technical scheme provided by the embodiment of the invention can have the following beneficial effects:

for the verification of the given information, when the information verification is initiated on the network access behavior of the terminal, the verified information content is obtained, namely the encrypted abstract of the content corresponding to the given information, the given information is part of key information required to be verified by the terminal, then the information verification is requested for a third party for the network access behavior of the terminal through the encrypted abstract, the third party carries out the information verification according to the terminal request, an authentication path corresponding to the verified given information is obtained by tracing the leaf node to the root node on the corresponding tree structure, the value corresponding to the leaf node on the corresponding tree structure is matched with all the key information required to be verified by the terminal, finally the information of the terminal is verified by the encrypted abstract through the authentication path and correctly exists in all the key information matched with the tree structure, and the process is the information verification realized by the encrypted abstract facing to part of the key information, given information, namely part of key information does not exist in a plaintext form, and intervention of all key information does not exist, so that insecurity that all key information is leaked does not exist, while insecurity that part of key information exists in a ciphertext form, namely in an encrypted digest form does not risk being leaked, and the safety of information verification is greatly improved by means of a third party.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

FIG. 1 is a schematic, diagrammatic illustration of an environment in which the present invention is practiced, according to an exemplary embodiment;

FIG. 2 is a block diagram illustrating an apparatus in accordance with an exemplary embodiment;

FIG. 3 is a flow diagram illustrating a method of implementing information verification in accordance with an exemplary embodiment;

FIG. 4 is a flowchart illustrating step 310 according to a corresponding embodiment of FIG. 3;

FIG. 5 is a flowchart illustrating a description of step 330 according to a corresponding embodiment of FIG. 3;

FIG. 6 is a flowchart illustrating a description of step 335 according to a corresponding embodiment of FIG. 5;

FIG. 7 is a flow diagram illustrating a method of implementing information verification in accordance with the corresponding embodiment of FIG. 6;

FIG. 8 is a flowchart illustrating a description of step 333 according to a corresponding embodiment of FIG. 6;

FIG. 9 is a flowchart illustrating a description of step 330 according to a corresponding embodiment of FIG. 3;

FIG. 10 is a flowchart illustrating a description of step 370, according to a corresponding embodiment of FIG. 3;

FIG. 11 is a flow diagram illustrating a method of implementing information verification in accordance with an exemplary embodiment;

FIG. 12 is a flow chart illustrating a method of implementing information verification in accordance with another exemplary embodiment;

FIG. 13 is a flowchart illustrating a description of step 850 shown in accordance with a corresponding embodiment in FIG. 11;

FIG. 14 is a simplified schematic diagram of an information validation implementation architecture, shown in accordance with an exemplary embodiment;

FIG. 15 is a schematic diagram illustrating an information validation implementation architecture in accordance with another illustrative embodiment;

fig. 16 is a schematic diagram illustrating data structures respectively corresponding to a third party, a receiving end, and a terminal for implementing information interaction therebetween according to an exemplary embodiment;

FIG. 17 is a block diagram of a system implementing information verification in accordance with an illustrative embodiment;

FIG. 18 is a block diagram illustrating a description of a verification initiation module in accordance with the corresponding embodiment of FIG. 17;

FIG. 19 is a block diagram illustrating a description of a request validation module according to the corresponding embodiment of FIG. 18;

fig. 20 is a block diagram illustrating a third-party configured path search module according to the corresponding embodiment of fig. 17;

FIG. 21 is a block diagram illustrating a cryptographic digest verification module according to the corresponding embodiment of FIG. 17;

FIG. 22 is a block diagram illustrating an apparatus for implementing information verification in accordance with an exemplary embodiment;

FIG. 23 is a block diagram illustrating a correctness verification module according to another exemplary embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.

FIG. 1 is a schematic, simplified diagram illustrating an implementation environment to which the present invention relates, according to an exemplary embodiment. In an exemplary embodiment, the information verification performed in the network of the present invention provides security guarantee for all the key information held by each terminal, so that any key information is not leaked in the performed information verification, and further, the privacy of the user corresponding to the terminal is protected.

Therefore, as shown in fig. 1, when information verification is required, the receiving end 130 corresponding to the network access behavior requests the deployed third party 150 to verify the encrypted digest provided by the terminal 110, and when it is determined that part of the key information corresponding to the encrypted digest, which needs to be verified, correctly exists in all the key information matched with the corresponding tree structure, the terminal 110 triggering the network access behavior obtains a result that the verification passes.

That is, for any terminal, for example, a terminal 110, network access initiated to any receiver 130, for example, 1 to n receivers 130, will be handed to the third party 150 to perform information verification, so as to ensure information security through this architecture.

The third party 150 stores all the key information, and the third party 150 may be a single organization or may be composed of multiple parties in terms of form.

That is, third party 150 and all critical information storage in third party 150 may be implemented through a zone chain under a distributed architecture to ensure that critical information is not tampered with.

The third party 150, which implements the storage of critical information through the regional chain, will be made up of several node servers. Several node servers are storing critical information and are all intended to be used to effect information verification. Several node servers form a service network based on block chains, i.e. a service network for information verification. Therefore, no matter the collection of the key information, or the provision of the information verification service to the receiving end 130 corresponding to the network access behavior or the terminal 110, is performed based on the area chain.

FIG. 2 is a block diagram illustrating an apparatus according to an example embodiment. The third party shown in fig. 1 may be the apparatus 200, and the apparatus 200 may be a server, for example.

Referring to fig. 2, the apparatus 200 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 222 (e.g., one or more processors) and a memory 232, one or more storage media 230 (e.g., one or more mass storage devices) storing an application 242 or data 244. Memory 232 and storage medium 230 may be, among other things, transient or persistent storage. The program stored in the storage medium 230 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 222 may be configured to communicate with the storage medium 230 to execute a series of instruction operations in the storage medium 230 on the device 200. The device 200 may also include one or more power supplies 226, one or more wired or wireless network interfaces 250, one or more input-output interfaces 258, and/or one or more operating systems 241, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth. The steps performed by a third party as described below in the embodiments shown in fig. 3, 4, 5, 6, 7 and 8 may be based on the device structure shown in fig. 2.

FIG. 3 is a flow chart illustrating a method of implementing information verification in accordance with an exemplary embodiment. The method for implementing information verification, as shown in fig. 3, in an exemplary embodiment, includes at least the following steps.

In step 310, the network access behavior of the terminal is initiated to verify information, and an encrypted digest of the verified information content is obtained, wherein the information is part of key information required to be verified by the terminal.

It should be noted that, first, the terminal refers to any terminal that performs network access, for example, the terminal may be a portable mobile terminal such as a smart phone and a tablet computer that accesses a certain website, or may be an electronic device such as a computer.

With network access of the terminal, the corresponding access object, that is, the receiving end of the network access behavior triggered by the terminal, often needs to perform information verification on the terminal according to the configuration of the receiving end, and the triggered network access behavior is executed for the terminal after the terminal passes the information verification.

For example, when the terminal initiates to browse information published by a certain website, the website jumps to an information verification page, and at this time, the terminal needs to perform information verification for this purpose, and then the terminal can browse the information.

Therefore, the network access behavior of the terminal, that is, the behavior initiated by the terminal accessing any object via the network, is different according to the difference of the access correspondences.

At the terminal, information verification will be initiated for the triggered network access behavior, e.g. the terminal will jump into an information verification page.

At this time, the terminal will obtain the encrypted digest of the verified information content, i.e. the verified information content exists in the form of a ciphertext, and then perform verification, and the verification of the ciphertext of the encrypted digest corresponds to the verification of the requested verification information.

It should be understood that the authentication of information initiated to the network access behavior of the terminal is actually also initiated to the user corresponding to the terminal, and therefore, the requested authentication information is often related to the user. The information requested for authentication is often unique to a user or class of users.

Therefore, the requested authentication information is necessarily the key information that the terminal needs to authenticate. However, as mentioned above, the purpose of the access object to authenticate the terminal is to determine whether the terminal has the authority to perform the network access behavior, and the information to be authenticated is the key information held by the terminal, and in a specific implementation of an exemplary embodiment, will also be the real information of the user corresponding to the terminal.

When information verification is initiated on the network access behavior of the terminal, the encrypted digest is obtained only on part of the key information to be verified, not on all the key information.

It should be further noted that the information verification is performed to verify whether the information exists and whether the information is correct for all the key information of the terminal, so as to authenticate the terminal, even if the user corresponding to the terminal is already filed, for example, registered and authorized.

In the execution of step 310, all the verification of the key information is characterized by a part of the key information, so that in order to ensure the accuracy and reliability of the verification, a third party and a tree structure in the third party need to be matched in the subsequent execution of steps.

All the key information referred to is for a terminal, even for a user corresponding to the terminal, and is all information for describing the terminal and the user corresponding to the terminal. For example, all the real information corresponding to the user. And part of the key information is information corresponding to a certain field in all the key information. The partial key information is one or more pieces of key information in all the key information, for example, the key information corresponding to one field.

In some scenarios, the information verification performed for the user corresponding to the terminal is directed to the real information of the user, for example, a series of real information such as the name, gender, mobile phone number, address, etc. of the user, and the real information constitutes all the key information that the user corresponding to the terminal needs to perform verification after triggering the network access behavior, and the information corresponding to the field of the name is a part of all the key information, and therefore exists as part of the key information.

Further, the encrypted digest of the verified information content may be a hash value obtained by hashing part of the key information. Of course, the encrypted digest of the verified information content may also be obtained through some other encryption function, which is not limited herein.

Of course, the hash value of the verified information content, i.e. the encrypted digest, is obtained by hashing, and the adoption of the encryption process can convert all the verified information content into a ciphertext with a fixed length, which is beneficial to the execution of the subsequent process.

In an exemplary embodiment, the terminal device performs information verification for the network access jump, and in the information verification performed by the jump, obtains the submitted information, that is, an encrypted digest corresponding to a part of the key information. The encrypted digest uniquely describes the content of the key information of the submitted portion.

For step 310, this will be performed by the terminal. The terminal initiates information verification for the network access behavior triggered by the terminal, and acquires an encrypted abstract of the verified information content for the information verification, wherein the encrypted abstract is used for realizing the information verification of the network access behavior triggered by the terminal by a third party.

It can be clear that, for the terminal, the verified information content is always held by the terminal, and cannot be spread out, so that the security is stably guaranteed.

Fig. 4 is a flow chart describing step 310 according to a corresponding embodiment of fig. 3. This step 310, as shown in FIG. 4, in one exemplary embodiment includes the following steps.

In step 311, an information verification instruction of the network access behavior triggered by the terminal is received.

In step 313, an encrypted digest corresponding to the information content is generated based on the information indicated to be verified by the information verification instruction.

The terminal receives the information verification instruction along with the network behavior triggered by the terminal. The reception of the information verification instruction by the terminal is performed in the terminal, and it is essential that a process of the terminal receives the corresponding information verification instruction in response to the triggered network access behavior.

The information verification instruction is an instruction for skipping to execute information verification under the control of a receiving end corresponding to the network access behavior of the terminal. The information verification process may be a registration and login process of a user, or may be a process in which a certain type of user verifies held information, and is not limited herein.

But the information authentication instruction is received along with the jump of the terminal into the information authentication and the submitted information, which can not correspond to what information authentication process. For example, in the information verification of the terminal jumping-in, after account information and the like are input and submitted, an information verification instruction is received.

Therefore, the information verification instruction carries information for requesting verification, and the information is part of key information required to be verified by the terminal. Generating a cryptographic digest of this information content may request a third party to verify this.

In step 330, a third party is requested to perform information verification on the terminal for the network access behavior through the encrypted summary.

As mentioned above, the information verification is performed under the control of the receiving end of the network access behavior, that is, the information verification is performed for the network access of the terminal at the receiving end. However, the subject of the information authentication is the third party, so the terminal will request the third party to perform authentication for the network access behavior triggered by itself through the obtained encrypted digest.

The third party is a party different from the terminal and the receiving end, and the third party is independent between the terminal and the receiving end. The third party is used to implement information verification, and therefore, the third party stores all information. That is, all the key information of each terminal or the user corresponding to each terminal is stored in the third party, and the receiving end of the network access behavior does not store any key information and cannot obtain any key information through the information verification, so that the information security is ensured. Even if the receiving end is an illegal website, the receiving end cannot be stolen.

The deployed third party is used for performing information verification for each terminal and each receiving end of the network access behaviors. That is, the information verification requested by the terminal to the third party for the network access behavior by encrypting the digest may be requested by the terminal directly from the third party, or may be requested by the receiving end to which the terminal requests access.

For example, the terminal may request the third party for information verification for the execution of the own network access behavior, so as to provide the information verification result of the third party for the subsequent triggered network access behavior.

In addition, after the terminal is triggered to perform the network access behavior, once the information verification is required, an encrypted digest of the verified information content is obtained for the information verification, the terminal responds to the information verification initiated by the receiving end corresponding to the network access behavior through the encrypted digest, and at the moment, the receiving end requests a third party to perform the information verification on the terminal based on the obtained encrypted digest.

Therefore, as can be understood, the third party is independently deployed for information verification, and exists independently, any terminal and the receiving terminal cannot obtain data stored by the third party, and the information verification performed by the third party cannot be influenced or interfered, so that the independence and the reliability of the information verification performed by the third party are ensured, and any terminal and the receiving terminal cannot be tampered.

In step 350, the third party performs information verification according to the terminal request, and obtains an authentication path corresponding to verification information by tracing from the leaf node to the root node in the corresponding tree structure, wherein the value corresponding to the leaf node in the corresponding tree structure is matched with all key information required to be verified by the terminal.

And the third party executes the information verification requested by the terminal for the information verification as the network access behavior triggered by the terminal through the encrypted abstract requests the third party for the information verification. The verification of the information is performed by a tree structure deployed in a third party.

It should be understood that the third party, as an independent authentication mechanism, stores all the key information for the terminal and the user corresponding to the terminal through the constructed tree structure. Each constructed tree structure uniquely corresponds to a user or a class of users, which can be flexibly deployed according to the implementation of information verification. For example, if the information verification performed is for each user-oriented verification, such as verifying whether the user currently requesting network access is a real user, not a machine, each tree structure uniquely corresponds to a user in this scenario.

For another example, if the information verification is performed for each type of user, i.e., whether the user currently requesting network access is a certain type or a certain group of users, each tree structure in this scenario uniquely corresponds to a type of user, and the tree structure will be used for storing data common to such users.

And the third party searches leaf nodes corresponding to the encrypted abstract in the corresponding tree structure according to the obtained encrypted abstract, traces the leaf nodes to the root node, and forms an authentication path by the leaf nodes, the child nodes between the leaf nodes and the root node. In terms of encryption, if a tree result consistent with a local part of the tree structure can be reconstructed by the encrypted digest and the nodes on the authentication path, it can be verified that the encrypted digest exists in the corresponding tree structure.

For a user, the content of each field corresponding to all the key information is stored in the form of encrypted digest at the leaf node of the corresponding tree structure. That is, the corresponding value of the leaf node on the tree structure is matched to a field of all key information of the user.

In an exemplary embodiment, the tree structure may be constructed by performing a hierarchical operation on all key information. For example, all the key information corresponds to the information content of each field, the corresponding encrypted digests are generated, then the corresponding encrypted digests are obtained after two key information are combined in pairs in the obtained encrypted digests, and by analogy, the operation is advanced by levels until a unique numerical value is finally obtained, wherein the numerical value is the numerical value corresponding to the root node in the tree structure.

The numerical value obtained by the intermediate operation is respectively corresponding to each layer of node, and the leaf node is an encrypted summary generated for the information content of all the key information on each field.

For example, the constructed tree structure may be a Merkle tree, and the hash value of the information content corresponding to each field is a numerical value corresponding to a leaf node in the Merkle tree, and the node existing from the top is obtained by merging the hash values corresponding to two nodes at the next level into a character string and then hashing the character string.

The third party constructs a corresponding tree structure for each set of key information, such as all the key information referred to above corresponding to the user, or key information held by a terminal, and associates the tree structure with a public key. The constructed tree structure corresponds to the terminal and the user through the associated public key.

In an exemplary embodiment, the association storage of the tree structure and the public key in the third party is the tree structure storage using the public key as an index. Correspondingly, in the requested information verification, the third party searches the public key stored in the index by using the received public key as an index item, and the searched index maps the tree structure.

In another exemplary embodiment, the public key used as the index may be the public key itself, or of course, the public key may also be subjected to hash value operation by a hash function, and the obtained hash value is used as the index to perform associated storage of the public key and the tree structure, thereby further improving security.

The hash value obtained by operating the public key with a hash function may be a hash value in an exemplary embodiment, or some other form.

Under the action of the tree structure, a group of key information can be quickly and efficiently retrieved for subsequent information verification, only the encrypted abstract corresponding to each field needs to be stored on the leaf node of the tree structure, and the key information can not be directly stored, so that the safety of a deployed third party is further guaranteed.

In an exemplary embodiment, the third party exists in the form of a separate organization, for example, the third party is a deployed server or a server cluster, and is implemented under a central architecture, the constructed tree structure is stored in association with the public key, and the storage performed correspondingly elsewhere is used for implementing backup.

In another exemplary embodiment, a distributed architecture is adopted, and the third party is composed of multiple parties, i.e. multiple nodes participate, so as to form an information verification service network. The same data is stored between the nodes of the third party, i.e. all tree structures are stored in each node of the third party.

Further, at each node, a tree structure is stored on a block, and the blocks are linked to each other to form a chain of blocks stored at the node. The constructed tree structure will be stored as block data on the nodes.

Therefore, for a terminal or a receiving end of network access behavior, if a third party is required to perform information verification, only one node needs to be connected, and a block positioned on the node can find a tree structure for performing information verification for the terminal or the receiving end of network access behavior.

The block chain in the node is formed by building a tree structure for each group of key information obtained by collection, then creating a block and connecting the block to the previous block. The earlier the resulting tree structure is built, the earlier the position on the blockchain is, and the last tree structure built is placed at the end of the blockchain.

The third party consists of a plurality of parties, and links are stored in each party, namely each node, in a block chain mode for a plurality of constructed tree structures, so that the third party for information verification can effectively prevent information tampering and can also effectively avoid information loss.

However, no matter the third-party deployment of the central architecture or the third-party deployment of the distributed architecture, a third party different from a terminal and a network access behavior receiving end is provided for information verification, and an independent, stable and reliable authentication mechanism is realized.

In step 370, the information of the terminal is verified to be correctly present in all the key information matched in the tree structure for the cryptographic digest through the authentication path.

As described above, after the authentication path corresponding to the encrypted digest is obtained from the tree structure, the tree structure may be reconstructed from the node values of each level indicated by the encrypted digest and the authentication path, and if the constructed tree structure is a part of the tree structure corresponding to the user, it may be determined that the requested verification information correctly exists in all the key information matched with the tree structure corresponding to the user.

It should be understood that whether a part of the tree structure exists or the whole tree structure exists, the same root node corresponds to the whole tree structure without exception, so that when a third party verifies whether the information of the terminal of the encrypted digest exists in all the key information matched with the tree structure correctly through the authentication path, the third party only needs to compare values which are not obtained by the reconstructed root node.

If the numerical values are consistent, the third party passes the verification, and the encrypted abstract is the numerical value corresponding to a leaf node on the tree structure corresponding to the user; otherwise, if the numerical values are not consistent, the verification fails, and the encrypted abstract is not the numerical value corresponding to the leaf node on the tree structure corresponding to the user.

The authentication path is used for indicating the corresponding node for information verification performed by a third party, so that the existence and the correctness of the encrypted digest are confirmed, and all nodes on the tree structure are not required to be traversed, so that the method is very quick and efficient.

Fig. 5 is a flow chart illustrating a description of step 330 according to a corresponding embodiment of fig. 3. In an exemplary embodiment, as shown in FIG. 5, step 330 includes at least the following steps.

In step 331, the terminal performs a signature algorithm on the cryptographic digest to obtain a corresponding digital signature.

As described above, the terminal needs to obtain the right for the performed network access as the network access proceeds, and can continue the current network access, where the right is obtained by the performed information verification.

In the information verification, on one hand, an encrypted digest is generated for the content of the requested verification information, that is, part of the key information, on the other hand, in the exemplary embodiment, the encrypted digest is also signed to obtain a digital signature which ensures the security of the encrypted digest and avoids the encrypted digest from being tampered, and in addition, the receiving end is enabled to perform identity verification by means of the digital signature to ensure the validity of the terminal which initiates verification to the receiving end.

After the terminal generates the encrypted digest, the terminal executes a signature algorithm on the encrypted digest by using the held private key to obtain a corresponding digital signature.

It should be understood that each terminal, and also each user to which the terminal corresponds, has a unique private key present and a public key corresponding to the private key. The terminal stores the private key for encrypting the data of the terminal, and the corresponding public key can be interactively transmitted to the receiving end along with the information carried out by the terminal, or stored in the receiving end, or stored in the management server of the digital signature, so that the receiving end obtains the public key from the management server of the digital signature, and the setting of the public key is determined according to the actual operation requirement without limitation.

In step 333, the receiver requesting network access behavior through the digital signature and the cryptographic digest verifies the digital signature.

After the terminal generates a digital signature for the generated encrypted digest, the terminal performs information verification on the terminal through the digital signature and the receiving end which requests the network access behavior through the encrypted digest, however, as mentioned above, the receiving end of the network access behavior does not perform information verification on the receiving end itself, but performs information verification by means of a third party.

However, after receiving an information verification request initiated by the terminal through the digital signature and the encrypted digest, the receiving end verifies the validity of the terminal corresponding to the information verification request, and the process is implemented through the obtained digital signature and the encrypted digest.

In a specific implementation of an exemplary embodiment, a receiving end obtains a public key corresponding to a private key held by a terminal, decrypts a digital signature using the public key to obtain a character string, and compares whether the character string is consistent with an encrypted digest, if the obtained character string is consistent with the encrypted digest, it indicates that the encrypted digest has not been tampered, the requested information verification is legal, and the digital signature verification passes.

If the character string and the encrypted digest are not consistent, the encrypted digest is tampered, the requested information verification is illegal, and the digital signature verification fails.

In step 335, if the digital signature is verified, the receiving end of the network access behavior requests a third party to verify the information of the terminal by encrypting the digest.

And the receiving end of the network access behavior requests the third party to execute the information verification requested by the terminal only when the digital signature verification passes.

At this time, the receiving end of the network access behavior requests a third party to perform information verification on the terminal through the encrypted abstract and the public key. The encrypted digest corresponds to the information content requested to be verified, and the public key is used for indexing the data stored in the terminal by a third party, namely, the tree structure corresponding to the pointed terminal.

Through the exemplary embodiment, a third party implementation in cooperation with a network access behavior receiving end is provided for information verification required by the terminal, and most scenes are information verification processes initiated by the network access behavior receiving end needing to perform information verification on the terminal, so that the implementation of the exemplary embodiment can be adapted to most scenes, and the information verification implementation with excellent safety is provided, and meanwhile, the universality under various scenes is guaranteed.

Fig. 6 is a flowchart illustrating a description of step 335 according to a corresponding embodiment of fig. 5. In one exemplary embodiment, step 335, as shown in FIG. 6, includes at least the following steps.

In step 401, the receiving end of the network access behavior obtains an encrypted digest corresponding to the information to be verified of the terminal and a public key corresponding to a private key held by the terminal.

It should be noted that, first, the information to be verified of the terminal is part of the key information that needs to be verified by the terminal. The encrypted digest uniquely describes the content of the information to be authenticated of the terminal. For example, if the information verification is performed for the real information of the user, the information to be verified of the terminal is the real information of the user logged in the terminal corresponding to a certain attribute, for example, the real information of the attribute corresponding to the name, and only part of the whole real information corresponding to the user exists. Correspondingly, in the existence form of the data, the information to be verified of the terminal is the information corresponding to a certain field in all the corresponding real information.

The private key held by the terminal is, in an exemplary embodiment, the private key that is uniquely held by the user to whom the terminal is logged in. In other words, the private key held by the terminal may also be understood as the private key stored by the terminal. To ensure security, only a unique private key is deployed at the terminating end for serving the information interaction performed by the terminal, i.e. encrypting the information interacted. This private key has a corresponding public key.

The receiving end of the network access behavior obtains the encrypted abstract corresponding to the information to be verified of the terminal through the information verification requested by the terminal, and at the moment, on one hand, the receiving end obtains the public key transmitted along with the encrypted abstract from the terminal along with the obtaining of the encrypted abstract; on the other hand, the receiving side obtains the public key corresponding to the private key held by the terminal by storing it by itself or from the outside, for example, the management server of the aforementioned digital signature.

At this time, for the public key storage performed by the receiving end of the network access behavior or the externally stored public key, the receiving end can search for the required public key according to the account information of the user logged in by the terminal, such as the user identifier or the terminal identifier.

Therefore, the encrypted digest and the public key which correspond to the terminal and are obtained by the receiving end of the network access behavior correspond to each other.

In step 403, an information verification request is initiated to a third party for information verification performed by the terminal according to the encrypted digest and the public key, and the information verification request carries the encrypted digest and the public key.

When a receiving end of the network access behavior requests a third party to carry out information verification for the terminal according to the encrypted abstract and the public key, the receiving end generates the information verification request through the encrypted abstract and the public key and initiates the information verification request to the third party.

The receiving end of the network access behavior requests a third party to carry out information verification corresponding to the terminal through the initiated information verification request on one hand, and provides a verified encrypted abstract for the information verification to be executed by the third party and a public key for avoiding identity misuse and finding data corresponding to the terminal on the other hand.

Through the exemplary embodiment, information interaction between the receiving end of the network access behavior and a third party is realized, and the receiving end of any network access behavior can realize the information verification required by accessing the third party when the information verification of the terminal is required, so that the receiving end of the network access behavior does not need to pay attention to the realization of the information verification any more, but pay more attention to the network access content which can be provided for the terminal, on one hand, the difficulty of erecting the receiving end of the network access behavior is reduced, and on the other hand, the safety and the reliability of the receiving end are also improved.

Fig. 7 is a flow chart illustrating a method of implementing information verification according to the corresponding embodiment of fig. 6. In an exemplary embodiment, the information verification request carries a timestamp attached by the terminal for the encrypted digest, and before performing step 350, the method for implementing information verification is as shown in fig. 6, and further includes the following steps.

In step 510, the third party determines whether the information verification requested by the terminal is overtime according to the timestamp carried in the information verification request.

As described above, the information verification request carries the encrypted digest and the public key corresponding to the private key held by the terminal, and in addition, in the present exemplary embodiment, the information verification request also carries the timestamp attached to the encrypted digest by the terminal.

The time stamp carried by the information verification request is used for indicating the generation time of the encrypted abstract, and then the time stamp is used for judging whether the information verification currently requested by the terminal is overtime or not, and under the condition of ensuring that the information verification requested by the terminal is not overtime, the encrypted abstract carried by the information verification request can be used for verifying whether the corresponding key information exists in a third party or not according to the public key.

In step 530, if the information authentication requested by the terminal is over time, the information authentication requested by the terminal is rejected.

If the information verification requested by the terminal is determined to be overtime according to the timestamp carried in the information verification request, namely the information verification request is initiated too late relative to the time point indicated by the timestamp and exceeds the set time range currently, the third party refuses to perform the corresponding information verification.

Therefore, the information is prevented from being replayed under the action of the time stamp, and the safety and the reliability of information verification are further ensured.

Fig. 8 is a flow chart illustrating the description of step 333 according to the corresponding embodiment of fig. 6. In an exemplary embodiment, as shown in FIG. 8, this step 333 includes at least the following steps.

In step 601, the terminal obtains a public key corresponding to the held private key.

In step 603, the public key, the digital signature, and the encrypted digest are sent to the receiving end of the network access behavior to request the receiving end to verify the digital signature from the encrypted digest using the public key.

As mentioned above, the terminal deploys the private key for the information interaction performed by the terminal, and the private key has a corresponding public key. If the information interaction between the terminal and the receiving end of the network access needs to ensure the security, the terminal encrypts the information by using a private key deployed by the terminal, for example, in the signature process, to obtain a digital signature, and then sends the encrypted digest, the digital signature and the public key to the receiving end of the network access behavior together to respond to the information verification indicated by the receiving end.

The terminal sends the public key during the process of sending the digital signature and the encrypted abstract to the receiving end of the network access behavior, so that on one hand, the information verification is realized only in a ciphertext mode without obtaining any data related to the information needing to be verified except the encrypted abstract, the safety and the reliability of the information verification are ensured, and only ciphertext interaction exists in the whole information verification process.

On the other hand, the intervention of other information related to verification is avoided, so that the information verification required by the terminal does not need to use other key information, and the aim of information verification can be achieved only by part of the key information.

Fig. 9 is a flowchart illustrating the description of step 330 according to the corresponding embodiment of fig. 3. In an exemplary embodiment, as shown in FIG. 3, this step 330 includes at least the following steps.

In step 331, the third party obtains the public key corresponding to the private key held by the terminal through the information verification requested by the terminal.

As mentioned above, after obtaining the encrypted digest corresponding to the information content requested to be verified by the terminal, the third party also obtains the public key of the private key held by the corresponding terminal, for example, the third party obtains the public key from the receiving end of the network access behavior.

With the information verification requested by the terminal, the third party will be the execution subject of the information verification requested by the terminal, and the information verification is performed for the terminal according to the obtained information, such as the encrypted abstract and the public key.

Therefore, no matter how the terminal requests the third party for information verification, for example, the terminal requests the third party for information verification through the receiving end of the network access behavior, or the terminal directly requests the third party for information verification, etc., the third party obtains the public key corresponding to the private key held by the terminal through the information verification requested by the terminal.

The public key is used as a tool for decrypting encrypted information in information interaction, such as a digital signature, but in information verification performed by a third-party application for a terminal, the obtained public key is used as an index of data, and the public key is used for uniquely identifying stored information for the terminal or a user corresponding to the terminal.

In step 333, the corresponding tree structure is located according to the obtained public key, and the third party stores the public key and the tree structure in association.

It should be understood that, in order to implement information verification by a third party, for example, to implement information verification for many users, all the key information corresponding to each user is stored by using the public key of the user as an index.

For the information verification requested by the terminal, the essence is the information verification requested by the user corresponding to the terminal, so the public key of the user corresponds to the private key held by the terminal, and all the key information corresponding to the user is all the key information corresponding to the terminal. For the third party, the main body requesting the information verification is in the terminal, so the third party performs the information verification for the terminal. However, the third party also performs information verification for the user corresponding to the terminal.

All the key information is stored in association with the terminal or the user on the terminal by using the public key of the private key held by the terminal as an index.

In order to realize quick and efficient search, all key information is stored in a tree structure mode, and the public key and the tree structure are mutually associated.

Therefore, after the third party obtains the public key through the information verification requested by the terminal, the corresponding tree structure can be found by the public key, namely the tree structure associated with the public key is the tree structure where the encrypted abstract is located.

In step 335, according to the information requested to be verified, a leaf node corresponding to the information is retrieved from the tree structure, and an authentication path formed by a plurality of nodes is obtained from the retrieved leaf node to the root node.

The information requesting verification is verified in a third party in a corresponding encryption digest mode, and the encryption digest is a consistency description of the information requesting verification on the content. And on the tree structure, acquiring a leaf node corresponding to the encrypted abstract according to the encrypted abstract, positioning a corresponding child node at the upper level according to the leaf node, and so on until the root node is reached.

It should be noted that the leaf nodes corresponding to the encrypted abstract are leaf nodes that are pairwise operated with the encrypted abstract to obtain a child node of the previous level; the leaf node locates the corresponding child node at the previous level, and the previous child node corresponding to the node value obtained after the encrypted summary is merged with the node value of the corresponding leaf node is operated with the node value in pairs.

For the sub-nodes obtained by searching the encrypted abstract layer by layer on the tree structure, the path which reaches the root node corresponding to the tree structure in the same way is constructed by matching with the encrypted abstract, namely the path which reaches the root node on the tree structure from the encrypted abstract, therefore, the authentication path of the encrypted abstract is obtained by tracing the leaf node obtained by searching to the root node.

The authentication path is used to determine whether the information content corresponding to the encrypted digest really exists, in other words, whether the encrypted digest really exists on the leaf node of the tree structure is determined through the authentication path.

By retrieving in the tree structure and obtaining the authentication path, the efficiency of information verification by a third party is effectively improved, and a large amount of information verification processes can be completed.

Fig. 10 is a flowchart illustrating a description of step 370, according to a corresponding embodiment of fig. 3. In an exemplary embodiment, as shown in FIG. 10, this step 370, includes at least the following steps.

In step 371, a sequence of node values up to the root node along the leaf nodes of the tree structure is obtained from the authentication path.

It should be understood that the tree structure has several sub-nodes distributed in different levels through several levels, and each sub-node has a unique corresponding parent node in the upper level and at least one sub-node in the lower level.

That is, nodes on the tree structure, including leaf nodes and root nodes, are all connected layer by layer. A plurality of nodes connected layer by layer, namely all nodes distributed on a path from a leaf node to a root node, can be obtained from the obtained authentication path, and node values respectively corresponding to the nodes form a node value sequence.

The node value sequence comprises a plurality of node values which exist in sequence, and the node value sequence is used for judging whether the encrypted digest exists in the positioned tree structure or not for the encrypted digest.

In step 373, a tree structure corresponding to the encrypted digest is constructed according to the node value sequence, and a numerical value corresponding to a root node of the encrypted digest on the constructed tree structure is obtained.

And constructing a tree structure corresponding to the encrypted digest and the node value sequence on the hierarchy according to the hierarchical operation of the tree structure and the corresponding node values in the encrypted digest and the node value sequence.

In step 375, it is verified whether the value corresponding to the root node of the encrypted digest on the constructed tree structure is consistent with the node value corresponding to the root node in the node value sequence.

In the tree structure, no matter which leaf node is used as the starting point, the hierarchical operation is finally integrated to a unique root node. If the encrypted digest is a numerical value corresponding to a leaf node on the positioned tree structure, the numerical value corresponding to the root node on the tree structure constructed by the encrypted digest and the node value sequence is necessarily a numerical value corresponding to the root node on the tree structure positioned by the public key, and is also a node value corresponding to the root node in the node value sequence.

In step 377, if the value corresponding to the encrypted digest is consistent with the node value of the corresponding root node, the information of the obtained terminal is verified to be correct.

In each tree structure constructed by the third party, the numerical values corresponding to the leaf nodes are matched with part of the key information, and so on, the numerical values corresponding to all the leaf nodes on the tree structure are matched with all the key information.

For a tree structure constructed by performing hierarchical operation on the encrypted abstract and the node value sequence, if the value corresponding to the root node on the tree structure is consistent with the node value corresponding to the root node in the node value sequence, the encrypted abstract can be proved to be the value corresponding to a leaf node on the tree structure constructed by a third party, and further the information content corresponding to the encrypted abstract can be determined, namely the information content required to be verified is part of key information matched with a leaf node on the tree structure constructed by the third party.

The tree structure constructed by the third party for comparison is obtained by positioning the public key through the steps, the numerical values on the leaf nodes of the tree structure are matched with all key information required to be verified by the terminal, and the information required to be verified currently is one part of the key information. Therefore, whether the tree structure constructed by the encrypted abstract and the node value sequence is a part of the tree structure positioned by the public key or not is verified, and if the numerical values corresponding to the root nodes of the encrypted abstract and the node value sequence are the same, the verification is passed, and the information of the terminal is verified to be correct.

According to the exemplary embodiment, the terminal and the information interaction system participated by the third party are established for information verification existing in the internet, and further, the information verification is realized for various network access behaviors initiated by the terminal at the third party, so that the receiving end of the network access behaviors is ensured not to perform key information any more, such as storage of various privacy and sensitive information related to the user, the receiving end of the network access behaviors is not required to be worried about in the network access performed by the user, such as the condition that information is leaked from various unsafe websites, and the security of the network access is ensured.

For the network access of the terminal, the information verification required by the network access is completed by a third party, smooth network access is obtained, and various kinds of registration are not required to be repeatedly performed, so that the information of the terminal does not need to be disclosed to various accessed sites, and the network access of the terminal and the safety of the information are ensured.

For various sites which can be accessed by the terminal, namely the network access behavior receiving end, the realization of information verification is not required to be supported, and the required information verification can be completed only by a third party, so that the aim of verifying information is fulfilled, the terminal which is requested to be accessed at present is confirmed to correspond to a normal user, the lightweight site realization is also obtained, and the site erection in the network is simpler.

The following is an implementation of a third party of the present invention, and the implementation of the following method embodiments provides a third party capable of implementing information verification for a terminal, thereby implementing information verification for various terminals and receiving terminals of various network access behaviors.

FIG. 11 is a flow chart illustrating a method of implementing information verification in accordance with an exemplary embodiment. In an exemplary embodiment, as shown in fig. 11, the method for implementing information verification, as shown in fig. 11, includes at least the following steps.

In step 810, an encrypted digest sent by the terminal for requesting information authentication is received, and the terminal initiates information authentication for performing network access behavior, where the encrypted digest corresponds to a part of key information that the terminal needs to authenticate.

In step 830, the authentication path corresponding to the verification information is obtained by tracing from the leaf node to the root node in the corresponding tree structure, and the value corresponding to the leaf node in the corresponding tree structure is matched with all the key information that the terminal needs to verify.

In step 850, the terminal information is verified for the encrypted digest through the authentication path, and the network access behavior is executed by the corresponding receiving end when the terminal information verification passes.

The terminal requests to perform the encrypted abstract sent by the information verification, the third party searches the encrypted abstract on the corresponding tree structure after receiving the encrypted abstract, and if the encrypted abstract received by the third party also exists in the tree structure, the information verification requested by the terminal is passed.

The quick realization of the retrieval in the tree structure is that the path between the leaf node and the root node is searched depending on the existence mode of the child node in the tree structure, and the obtained authentication path is used for carrying out the information verification of the terminal on the encrypted abstract.

The third party is independent of the terminal and the receiving end of the network access behavior, and a group of key information held by the user or the terminal is stored in the third party in a tree structure mode, namely, each group of key information corresponds to one tree structure, so that the third party can realize the required information verification for the terminal.

In an exemplary embodiment, the third party, as an independent authentication mechanism, collects each set of key information in a reliable offline manner, constructs a tree structure for each set of collected key information, and stores the tree structure in association with the corresponding public key in a central architecture or a distributed architecture.

For example, in an off-line manner, identity information is collected for all users, and all identity information collected by each user constitutes a set of key information. And constructing and storing a tree structure for all users on the basis of the tree structure.

Therefore, the third party can realize the information verification required by each user, and a safer and faster information verification method is provided for the network access of the users.

In one exemplary embodiment, step 810 includes: and receiving an information verification request sent by a receiving end corresponding to the network access behavior according to the information verification requested by the terminal triggering the network access behavior, wherein the information verification request carries an encrypted abstract of verified information content and a public key corresponding to a private key held by the terminal.

The receiving end of the network access behavior, such as various sites, has an information verification requirement for the terminal, for example, to verify whether the user initiating the access is a real user or is only a machine, so as to shield false access initiated by the machine.

At this time, the information verification of the terminal is realized by a third party. And the third party receives an information verification request sent by the network access behavior receiving end, wherein the information verification request is used for initiating information verification of a corresponding terminal, and the verified information content corresponds to the encrypted abstract carried by the information verification request.

And transmitting the encrypted abstract corresponding to the verification request information content to the third party, and transmitting a public key corresponding to a private key held by the terminal to the third party so as to facilitate data retrieval.

In another exemplary embodiment, the method for implementing information verification further comprises at least the following steps before step 830.

And positioning the tree structure according to the public key carried in the information verification request to obtain the tree structure corresponding to the verified information.

It should be understood that a tree structure is unique to a set of key information, and that information requested to be verified, as part of this set of key information, will also correspond to a tree structure.

The tree structure is at least used for storing the encrypted abstract corresponding to each piece of key information in a group of key information. That is to say, the numerical value corresponding to the leaf node on the tree structure is the encrypted digest corresponding to the key information, which enables the implemented third party to perform information verification without storing real information and without the risk of information leakage.

Of course, each key information may be stored on the leaf node, and at this time, the corresponding encrypted digest is stored in the child node of the previous level.

FIG. 12 is a flow chart illustrating a method of implementing information verification in accordance with another exemplary embodiment. In another exemplary embodiment, the information verification request carries a timestamp attached by the terminal for the encrypted digest, as shown in fig. 12, before step 830 is executed, the method for implementing information verification further includes the following steps.

In step 910, it is determined whether the information verification requested by the terminal is overtime according to the timestamp carried in the information verification request.

In step 930, if the information authentication requested by the terminal is over time, the information authentication requested by the terminal is rejected and the information authentication of the terminal fails.

The information verification request carries a timestamp, and the third party is used for verifying the validity of the received information verification request so as to prevent the encrypted digest carried by the information verification request from being reused, namely, shielding the replay attack.

And the third party checks whether the information verification request is overtime according to the time stamp, and if the information verification request is overtime, the third party is not verified, so that the stolen encrypted digest cannot be reused.

It should be noted that the timestamp carried by the information verification request is appended to the digital signature when the terminal signs the requested information verification.

Specifically, the terminal generates an encrypted digest corresponding to a part of the key information, for example, a key information, for the requested information verification, and obtains a digital signature by signing the encrypted digest and the current time stamp.

Correspondingly, the time stamp is received by the third party along with the encrypted digest, so that the third party can firstly use the received time stamp to verify whether the information verification requested by the terminal is overtime.

Fig. 13 is a flowchart illustrating a description of step 850 according to a corresponding embodiment of fig. 11. This step 850, as shown in FIG. 13, in one exemplary embodiment, includes at least the following steps.

In step 851, a sequence of node values tracing up the leaf nodes of the tree structure to the root node is obtained from the authentication path.

In step 853, the encrypted digest is constructed according to the node value sequence, and a value corresponding to the root node of the encrypted digest on the constructed tree structure is obtained.

In step 855, it is verified whether the value corresponding to the root node of the encrypted digest on the constructed tree structure is identical to the node value corresponding to the root node in the node value sequence.

In step 857, if the value corresponding to the encrypted digest is consistent with the node value corresponding to the root node, it is verified that the information of the terminal is correctly present in all the key information matched with the tree structure, and the information of the terminal is verified to be passed.

According to the exemplary embodiment, the third party is constructed in the network, and the third party can support information verification required by respective terminals and various network access behaviors, so that a new way is added for the information verification performed by the terminals, and the flexibility and the safety of the information verification are enhanced.

Taking information verification required by a website as an example, the method for realizing the information verification is described in combination with a specific scene. The information verification required by the website is to verify whether the user currently accessing the website is a real user, and only allow the real user to access the website.

At this time, for the terminal, the user referred to is the user currently logged in, and in short, the user referred to is the user corresponding to the terminal. The access initiated by the user to the website is executed by the terminal, so the information verification performed on the user is performed on the user corresponding to the terminal.

FIG. 14 is a simplified schematic diagram illustrating an information validation implementation architecture in accordance with an illustrative embodiment. The information verification implementation architecture comprises a third party 1010, a network access behavior receiving end 1030 for information verification by means of the third party 1010, and a terminal 1050 for triggering network access behavior.

The website that needs to perform information verification in this scenario is one of the network access behavior receiving terminals 1030, i.e., the Web server 1031 indicated in fig. 14.

After the user corresponding to the terminal 1050 triggers a network access behavior to the Web server 1031 through the terminal 1050, the Web server 1031 requests the third party 1010 to perform information verification on the user.

The third party 1010 stores the real information corresponding to each user, that is, at the third party 1010, the real information corresponding to each user uniquely corresponds to a tree structure, so as to search whether the information requested to be verified exists correctly or not in the tree structure.

For the user, the accessed Web server 1031 is small and popular, and therefore, it is not familiar in daily life, and currently, the information verification is completed by the third party 1010, so that the triggered network access behavior can be smoothly executed without leaving the real information of the user on the Web server 1031.

FIG. 15 is a simplified schematic diagram illustrating an information validation implementation architecture in accordance with another illustrative embodiment. In the information verification implementation architecture, as shown in fig. 15, a third party will be composed of multiple parties to form an information verification service network 1110, a receiving end 1030 of a network access behavior will be connected to one node 1111 of the information verification service network through access to the information verification service network, and then information verification required by a terminal is completed through a tree structure stored on a block chain where the node 1111 is located.

Each node 1111 stores the real information of all users through the block chain, and the real information of each user is still stored corresponding to the tree structure, a tree structure exists on a block. The tree structure stored by the block chain at each node 1111 is the same.

It should be understood that any node 1111 can collect the real information of the user through offline method, and for the real information collected by a user, an encryption summary will be generated for the real information corresponding to each field, and so on, to obtain the encryption summary corresponding to all the real information collected by the user.

Each encrypted digest is used as a value corresponding to a leaf child node, so as to perform a hierarchical operation to construct a tree structure, such as a Merkle tree. A tree structure uniquely corresponding to each user for which real information is collected is obtained at this node 1111.

At this time, this node 1111 will perform point-to-point transmission to other nodes in the information verification service network to achieve synchronization of the constructed tree structure.

At this time, the Web server 1031 connects any node 1111 to enable authentication of the information currently requested.

By now it can be seen that the verification of the information is performed with only the encrypted digest provided, and no clear text provided, and also only corresponding to a portion of the key information, and therefore, privacy can be effectively protected.

As further elaborated, whether the third party is the architecture shown in fig. 14 or the distributed architecture shown in fig. 15, the storage of the actual information within it is substantially the same.

Fig. 16 is a schematic diagram of data structures respectively corresponding to the third party, the receiving end, and the terminal for implementing information interaction therebetween according to an exemplary embodiment. The description is made herein in connection with a process in which a terminal requests information verification.

The information verification performed at the terminal generates a private key and a corresponding public key, where the private key is to be held by the terminal, and the public key is provided to a receiving end of the network access behavior, such as an organization 1330 shown in fig. 16 and a third party, i.e., a third party organization 1350 shown in fig. 16.

Before the terminal accesses the content distributed by the organization 1330, the user authentication, i.e., the information authentication process mentioned above, needs to be performed to allow access after the user is authenticated as a real user; on the contrary, if the authentication fails, the user who initiates the access is considered as a false user, i.e. a machine, and the access of the user is rejected.

Based on this, in the user authentication performed on the terminal, as shown in the data structure in the terminal shown in fig. 16, the information for performing the user authentication is a name, that is, the content corresponding to the name field in the real information corresponding to the user.

The terminal generates an encryption summary for the information content corresponding to the name field in the real information of the terminal, and executes a signature algorithm to the encryption summary HASH (name) and a timestamp by using a Private Key, namely a Private Key to generate a digital signature, wherein the timestamp is correspondingly obtained when the encryption summary HASH (name) is generated.

The terminal sends the generated encrypted digest hash (name), digital signature Sign, and Public Key to the organization 1330 to request authentication of the user. Due to cryptographic digests, i.e. HASH

(name) corresponds to the user's name, so the verification currently requested is to verify whether the user's real name is present and correct.

After receiving the encrypted digest hash (name), the digital signature Sign, and the Public Key sent by the terminal, the organization 1330 first decrypts the digital signature Sign using the Public Key to obtain a string of characters and a timestamp, then compares the string of characters with the encrypted digest hash (name), if they are consistent, the string of characters passes the verification, and if they are not consistent, it indicates that the encrypted digest hash (name) is tampered.

After the verification passes, the organization 1330 sends the encrypted digest hash (name), the timestamp, and the Public Key to the third-party authority 1350, requesting the third-party authority 1350 to authenticate the user.

The third party organization 1350 first verifies the timestamp if it is time out, and if so, rejects the authentication for the user, which results in the authentication failure of the user, and returns the result of the authentication failure to the organization 1330.

If it does not time out, third party authority 1350 would look up the tree structures according to the Public Key sent by organization 1330, e.g., the data structures in third party machine 1350 shown in FIG. 16, looking up the Public Key associated with each tree structure to obtain the tree structure associated with the Public Key sent by organization 1330, e.g., Merkle tree 1351 shown in third party authority 1350.

Merkle tree 1351 is stored in association with Public Key. Specifically, Public Key is stored in association with a node value, i.e., a Root hash, on Root node 1400 in Merkle tree 1351.

As shown in the Merkle tree 1351, the information content corresponding to each field in all the real information of the user is stored in each leaf node. For example, the leaf node 1401 stores the information content corresponding to the name field; the leaf node 1402 stores the information content corresponding to the sex field; the leaf node 1403 stores the information content corresponding to the mobile field; the leaf node 1405 stores the information content corresponding to the address field.

Therefore, the information content stored on each leaf node is hashed, and the obtained hash value stores the upper-level child node corresponding to the leaf node. For example, the child node 1501 stores hash (name), that is, a hash value of information content corresponding to the name field; the child node 1502 stores hash (sex), that is, the hash value of the information content corresponding to the sex field; the child node 1503 stores hash (mobile), that is, a hash value of information content corresponding to a mobile field; the child node 1505 stores hash (address), which is the hash value of the information content corresponding to the address field.

By analogy, every two of the child nodes are hashed upwards until the root node.

Third party organization 1350 constructs Merkle tree 1351 for each user's real information store and stores it in association with that user's public key.

Of course, it should be noted that the Merkle tree 1351 constructed for the real information of each user may also directly store the hash value of the information content corresponding to each field in the leaf node without storing the corresponding information content, so that the verification of the real information content can be realized without storing the real information content, the security is high, and there is no risk that the information is leaked and tampered.

The third party organization 1350 verifies the encrypted digest by searching the obtained Merkle tree 1351, and if the encrypted digest exists and is correct on the Merkle tree 1351, returns a result of passing the verification to the organization 1330, and at this time, the user can realize the triggered network access on the terminal.

In this information interaction, it can be seen that the organization 1330 cannot know the true information of the user, but the information provided by the user on the terminal for authentication is only part of the true information, and the generated encrypted digest is executed on the terminal, so that there is no risk and possibility of information leakage for the terminal, and identity misuse is avoided.

Therefore, during the information verification, only part of real information is provided, so that all real information is verified, the verification accuracy is improved, the privacy is protected, and the information exposure is avoided.

The following is an embodiment of the apparatus of the present invention, which can be used to execute the above-mentioned embodiment of the method for implementing information verification of the present invention. For details that are not disclosed in the embodiments of the apparatus of the present invention, please refer to the embodiments of the method for implementing information verification of the present invention.

FIG. 17 is a block diagram of a system implementing information verification in accordance with an illustrative embodiment. In an exemplary embodiment, the system for implementing information verification is deployed in a terminal and a third party performing information verification on the terminal, as shown in fig. 17, the system includes but is not limited to: a verification initiation module 1710, a request verification module 1730, a path search module 1750, and a cryptographic digest verification module 1770.

A verification initiating module 1710, configured to initiate information verification on a network access behavior of a terminal, to obtain an encrypted digest of verified information content, where the information is part of key information that the terminal needs to verify;

a request verification module 1730, configured to request, for the network access behavior, a third party to perform information verification on the terminal through the encrypted digest;

a path search module 1750, configured to perform information verification according to the terminal request by a third party, trace a leaf node to a root node in a corresponding tree structure to obtain an authentication path corresponding to the information verification, where values corresponding to the leaf nodes in the corresponding tree structure are matched with all key information to be verified by the terminal;

and a cryptographic digest verification module 1770, configured to verify, at the third party, that the information of the terminal is correctly present in all the key information matched with the tree structure for the cryptographic digest through the authentication path.

Fig. 18 is a block diagram illustrating a description of a verification initiation module according to the corresponding embodiment of fig. 17. In an exemplary embodiment, the verification initiation module 1710, as shown in fig. 18, includes, but is not limited to: an instruction receiving unit 1711, and an encryption digest generating unit 1713.

The instruction receiving unit 1711 is configured to receive an information verification instruction of a network access behavior triggered by the terminal;

and an encrypted digest generating unit 1713, configured to generate an encrypted digest of the corresponding information content according to the information indicated by the information verification instruction.

FIG. 19 is a block diagram illustrating a description of a request validation module according to the corresponding embodiment of FIG. 18. In an exemplary embodiment, the request verification module 1730, as shown in fig. 19, includes but is not limited to: a signature unit 1731, a request initiation unit 1733, and a third party request unit 1735.

A signature unit 1731 configured to be configured at the terminal, the signature unit being configured to perform a signature algorithm on the encrypted digest to obtain a corresponding digital signature;

a request initiating unit 1733 configured to the terminal, the request initiating unit being configured to request a receiving end of the network access behavior to verify the digital signature through the digital signature and an encrypted digest;

a third party requesting unit 1735, configured to be at a receiving end of the network access behavior, where the third party requesting unit is configured to request, if the digital signature verification passes, the third party to perform information verification on the terminal through the encrypted digest.

In an exemplary embodiment, the information verification request carries a timestamp attached by the terminal for the encrypted digest, and the system for implementing information verification further comprises a timeout verification module.

The overtime verification module is configured to a third party and is used for judging whether the information verification performed by the terminal request is overtime or not according to the timestamp carried in the information verification request;

In an exemplary embodiment, the request initiation unit 1733 is configured to perform:

acquiring a public key corresponding to the held private key;

Fig. 20 is a block diagram illustrating a path search module configured by a third party according to the corresponding embodiment of fig. 17. In an exemplary embodiment, as shown in FIG. 20, the path search module 1750 includes, but is not limited to: a public key acquisition unit 1751, a tree lookup unit 1753, and a path search unit 1755.

A public key obtaining unit 1751, configured to obtain, through information verification requested by a terminal, a public key corresponding to a private key held by the terminal;

a tree searching unit 1753, configured to locate a corresponding tree structure according to the obtained public key, where the third party stores the public key and the tree structure in an associated manner;

a path search unit 1755, configured to retrieve, on the tree structure, a leaf node corresponding to the information according to the information requested to be verified, and trace back to a root node from the retrieved leaf node to obtain an authentication path formed by a plurality of nodes.

Fig. 21 is a block diagram illustrating a cryptographic digest verification module according to a corresponding embodiment of fig. 17. In an exemplary embodiment, as shown in fig. 21, the cryptographic digest verification module 1770 includes, but is not limited to: a sequence acquisition unit 1771, a reconstruction unit 1773 and an alignment verification unit 1775.

A sequence obtaining unit 1771, configured to obtain, from the authentication path, a sequence of node values tracing up to a root node along a leaf node of the tree structure;

a reconstructing unit 1773, configured to perform construction of a corresponding tree structure on the encrypted digest according to the node value sequence, to obtain a value corresponding to a root node of the encrypted digest on the constructed tree structure;

a comparison verification unit 1775, configured to verify whether a numerical value corresponding to a root node on the constructed tree structure of the encrypted digest is consistent with a node value corresponding to the root node in the node value sequence;

if the value corresponding to the encrypted digest is consistent with the node value corresponding to the root node, the comparison verification unit 1775 verifies that the information of the terminal is correct.

FIG. 22 is a block diagram illustrating an apparatus to implement information verification in accordance with an example embodiment. In an exemplary embodiment, the apparatus for implementing information verification, as shown in fig. 22, includes but is not limited to: a cryptographic digest reception module 1810, an authentication path acquisition module 1830, and a correctness verification module 1850.

An encrypted digest receiving module 1810, configured to receive an encrypted digest sent by a terminal requesting information verification, where the terminal initiates the information verification for executing a network access behavior, and the encrypted digest corresponds to part of key information that the terminal needs to verify;

an authentication path obtaining module 1830, configured to trace from a leaf node to a root node in a corresponding tree structure, and obtain an authentication path corresponding to the information to be verified, where a value corresponding to the leaf node in the corresponding tree structure is matched with all key information that needs to be verified by the terminal;

a correctness verification module 1850, configured to verify, for the encrypted digest, that the information of the terminal is correctly present in all the key information matched in the tree structure through the authentication path, where the network access behavior is to be performed by a corresponding receiving end when the information verification of the terminal passes.

In an exemplary embodiment, the encrypted digest receiving module 1810 is further configured to receive an information verification request sent by a receiving end corresponding to a network access behavior according to information verification requested by a terminal to trigger the network access behavior, where the information verification request carries an encrypted digest of verified information content and a public key corresponding to a private key held by the terminal.

In another exemplary embodiment, the apparatus for implementing information verification further comprises a public key location module. The public key positioning module is used for positioning a tree structure according to the public key carried in the information verification request to obtain the tree structure corresponding to the requested verification information,

In another exemplary embodiment, the apparatus for implementing information verification further comprises a timestamp determination module. The time stamp judging module is used for judging whether the information verification requested by the terminal is overtime according to the time stamp carried in the information verification request;

FIG. 23 is a block diagram illustrating a correctness verification module according to another exemplary embodiment. In an exemplary embodiment, the correctness verification module 1850, as shown in FIG. 23, includes, but is not limited to: a node tracing unit 1851, a tree reconstructing unit 1853, and a root node comparing unit 1855.

A node tracing unit 1851, configured to acquire a node value sequence that is traced up to a root node along a leaf node of the tree structure from the authentication path;

a tree reconstructing unit 1853, configured to construct a tree structure corresponding to the encrypted digest according to the node value sequence, and obtain a numerical value corresponding to a root node of the encrypted digest on the constructed tree structure;

a root node comparing unit 1855, configured to verify whether a numerical value corresponding to a root node on the constructed tree structure of the encrypted digest is consistent with a node value corresponding to the root node in the node value sequence;

if the value corresponding to the encrypted digest is consistent with the node value corresponding to the root node, the root node comparing unit 1855 verifies that the information of the terminal is correctly present in all the key information matched with the tree structure, and the information verification of the terminal is passed.

Optionally, the present invention further provides a computer system, which can be used in the foregoing implementation environment to execute all or part of the steps of any one of the methods described above. The computer system includes:

a processor;

a memory for storing processor-executable instructions;

the computer readable instructions, when executed by the processor, implement the foregoing method.

The specific manner in which the processor of the apparatus in this embodiment performs the operations has been described in detail in the foregoing method embodiments, and will not be elaborated upon here.

In an exemplary embodiment, a storage medium is also provided that is a computer-readable storage medium, such as may be transitory and non-transitory computer-readable storage media, including instructions. The storage medium, for example, includes a memory of instructions executable by a processor of the apparatus to perform the method described above.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims

1. A method for implementing information verification, the method comprising:

a receiving end of a network access behavior triggered by a terminal initiates information verification on the network access behavior of the terminal to obtain an encrypted abstract of verified information content, wherein the information is part of key information required to be verified by the terminal;

verifying that the information of the terminal is correctly present in all the key information matched with the tree structure through the encrypted abstract by the authentication path;

and the key information held by the terminal is stored in the third party in a tree structure mode, and the tree structure is used for storing the encrypted abstract corresponding to the key information.

2. The method according to claim 1, wherein the initiating information authentication for the network access behavior of the terminal and obtaining the encrypted digest of the authenticated information content comprises:

receiving an information verification instruction of a network access behavior triggered by a terminal;

and generating an encrypted abstract of the corresponding information content according to the information which is indicated to be verified by the information verification instruction.

3. The method of claim 1, wherein the requesting a third party for information verification of the terminal for the network access behavior through the cryptographic summary comprises:

the terminal executes a signature algorithm on the encrypted abstract to obtain a corresponding digital signature;

requesting a receiving end of the network access behavior to verify the digital signature through the digital signature and the encrypted digest;

and if the digital signature passes the verification, the receiving end of the network access behavior requests the third party to carry out information verification on the terminal through the encrypted abstract.

4. The method of claim 3, wherein the receiving end of the network access behavior requests the third party to perform information verification on the terminal through the encrypted digest, and the method comprises the following steps:

the receiving end of the network access behavior acquires an encrypted abstract corresponding to the information to be verified of the terminal and a public key corresponding to a private key held by the terminal;

5. The method according to claim 4, wherein the information verification request carries a timestamp attached to the encrypted digest by a terminal, and the third party performs information verification according to the terminal request, before obtaining an authentication path corresponding to the information from a leaf node to a root node in a corresponding tree structure, the method further comprising:

the third party judges whether the information verification requested by the terminal is overtime according to the timestamp carried in the information verification request;

and if the information verification requested by the terminal is overtime, rejecting the information verification requested by the terminal.

6. The method according to claim 1, wherein the third party obtains an authentication path corresponding to the information verification by tracing from a leaf node to a root node in a corresponding tree structure according to the information verification requested by the terminal, and the authentication path comprises:

the third party obtains a public key corresponding to a private key held by the terminal through information verification requested by the terminal;

positioning a corresponding tree structure according to the obtained public key, wherein the public key and the tree structure are stored in an associated manner by the third party;

and retrieving leaf nodes corresponding to the information on the tree structure according to the information required to be verified, and tracing the retrieved leaf nodes to a root node to obtain an authentication path formed by a plurality of nodes.

7. The method according to claim 1, wherein the verifying the terminal information correctly exists in all the key information matched with the tree structure through the authentication path to the encrypted digest comprises:

obtaining a node value sequence tracing up to a root node along a leaf node of the tree structure from the authentication path;

constructing a corresponding tree structure of the encrypted abstract according to the node value sequence to obtain a numerical value corresponding to a root node of the encrypted abstract on the constructed tree structure;

verifying whether the numerical value corresponding to the root node of the encrypted abstract on the constructed tree structure is consistent with the node value corresponding to the root node in the node value sequence;

and if the numerical value corresponding to the encrypted abstract is consistent with the node value corresponding to the root node, verifying that the information of the terminal is correct.

8. A method for implementing information verification, the method comprising:

a third party receives an encrypted abstract which is requested by a terminal to carry out information verification and is sent by a receiving end of a network access behavior triggered by the terminal, the terminal initiates the information verification for the execution of the network access behavior, and the encrypted abstract corresponds to part of key information which needs to be verified by the terminal;

verifying the information of the terminal for the encrypted abstract through the authentication path, wherein the network access behavior is executed by a corresponding receiving end when the information verification of the terminal passes;

9. The method of claim 8, wherein the receiving terminal requesting the sent cryptographic digest for information verification comprises:

the method comprises the steps of carrying out information verification according to a request of a terminal for triggering a network access behavior, and receiving an information verification request sent by a receiving end corresponding to the network access behavior, wherein the information verification request carries an encrypted abstract of verified information content and a public key corresponding to a private key held by the terminal.

10. The method of claim 9, wherein before the corresponding tree structure is traced from a leaf node to a root node, and an authentication path is obtained to verify the information corresponds to, the method further comprises:

positioning a tree structure according to the public key carried in the information verification request to obtain a tree structure corresponding to the requested verification information,

11. The method according to claim 9, wherein the information verification request carries a timestamp attached by a terminal to the encrypted digest, and before the corresponding tree structure goes up from a leaf node to a root node and obtains an authentication path for verifying the information, the method further comprises:

judging whether the information verification requested by the terminal is overtime or not according to the timestamp carried in the information verification request;

and if the information verification requested by the terminal is overtime, rejecting the information verification requested by the terminal, and failing to verify the information of the terminal.

12. The method according to claim 8, wherein said verifying the information of the terminal on the cryptographic digest through the authentication path comprises:

and if the numerical value corresponding to the encrypted abstract is consistent with the node value corresponding to the root node, verifying that the information of the terminal is correctly present in all the key information matched with the tree structure, and passing the information verification of the terminal.

13. A system for realizing information verification is characterized in that the system is deployed at a terminal and a third party for performing information verification on the terminal, and comprises the terminal, a receiving end of a network behavior triggered by the terminal and the third party;

the verification initiating module is used for initiating information verification on the network access behavior of the terminal by a receiving end of the network access behavior triggered by the terminal to obtain an encrypted abstract of the verified information content, wherein the information is part of key information required to be verified by the terminal;

the encrypted abstract verifying module is used for verifying that the information of the terminal is correctly present in all the key information matched with the tree structure for the encrypted abstract through the authentication path by the third party;

14. An apparatus for enabling information verification, the apparatus comprising:

the terminal initiates the information verification for the execution of the network access behavior, and the encrypted digest corresponds to part of key information which needs to be verified by the terminal;

15. A computer system, the computer system comprising:

a processor; and

a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method of any of claims 1 to 12.