CN109005144A - A kind of identity identifying method, equipment, medium and system - Google Patents
A kind of identity identifying method, equipment, medium and system Download PDFInfo
- Publication number
- CN109005144A CN109005144A CN201810553631.4A CN201810553631A CN109005144A CN 109005144 A CN109005144 A CN 109005144A CN 201810553631 A CN201810553631 A CN 201810553631A CN 109005144 A CN109005144 A CN 109005144A
- Authority
- CN
- China
- Prior art keywords
- authentication data
- certificate server
- authentication
- characteristic
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The present invention relates to Internet technical field, in particular to a kind of identity identifying method, equipment, medium and system.The scheme provided according to embodiments of the present invention, when carrying out authentication, without mobile device by way of networking, authentication data is obtained from certificate server, but it can be by way of the preparatory cache feature data of assistant authentification equipment, by assistant authentification equipment according to the rule arranged with certificate server, generate authentication data, without networking, authentication data can be obtained from assistant authentification equipment, so that even if under the bad sublimity of mobile environment or movable signal, it can successfully obtain authentication data, guarantee subsequent when authentication data is sent to certificate server, success identity may be implemented in certificate server, improve the success rate of authentication.
Description
Technical field
The present invention relates to Internet technical field, in particular to a kind of identity identifying method, equipment, medium and system.
Background technique
Currently, such as mobile phone, palm PC (PDA) mobile device is widely used in people's lives.Its
In, it paying, riding, accessing in the various scenes such as express delivery, enabling, realizing that authentication is very general by mobile device
Time, common method includes: two dimensional code, near field communication (NFC) (NFC), bluetooth, visible light interaction etc..
Specifically, authentication data can be generated offline using mobile device, handed over by two dimensional code, NFC, bluetooth or visible light
The modes such as mutual pass to authenticating device, are authenticated by authenticating device.But the authentication data safety generated offline is lower, so that
The reliability of authentication is lower.
For example, the two dimensional code generated offline can be propagated or be exchanged by instant messaging (IM) tool, cause user two-dimentional
Code steals brush by pirates shoot;It for another example, can be by hack, so that generating can quilt for generating the application (App) of offline authentication data
The forgery authentication data that authenticating device receives.
Therefore in practical application, mobile device is substantially authenticated using online Pattern completion, it may be assumed that mobile device passes through net
Network is connected to the certificate server of distal end, obtains one section of authentication data that certificate server is generated according to subscriber identity information, so
Authenticating device is sent to by means such as two dimensional code, NFC, bluetooth, visible light interactions afterwards, then by authenticating device by the authentication data
It is checked by the certificate server that network sends back to distal end, if coincide with the authentication data that certificate server generates, is recognized
Authentication for verification process safety, and determining user passes through.
But under on-line authentication mode, such as by bus etc. the bad ring of the movable signals such as mobile environment or subway, suburb
Under border, the mobile devices such as mobile phone, PDA can not steadily connect network, will lead to on-line authentication failure, so that on-line authentication
Success rate is lower.
Summary of the invention
The embodiment of the present invention provides a kind of identity identifying method, equipment, medium and system, for solving online identity certification
The lower problem of success rate.
A kind of identity identifying method, which comprises
When receiving ID authentication request, according to characteristic caching in advance, corresponding with subscriber identity information, press
According to the rule arranged with the certificate server, authentication data is generated, the characteristic is that certificate server generates;
The authentication data is sent to authenticating device so that the authenticating device authentication data is sent to it is described
After certificate server, the certificate server extracts the characteristic in the authentication data according to the rule of the agreement
According to being authenticated.
A kind of identity identifying method, which comprises
Receive authentication data, the authentication data is assistant authentification equipment according to caching in advance and subscriber identity information
Corresponding characteristic, according to the authentication data that the rule arranged with the certificate server generates, and send, the feature
Data are that certificate server generates;
The authentication data received is sent to the certificate server.
A kind of identity identifying method, which comprises
Mobile device and the associated association request of assistant authentification equipment requirement are received, carries the shifting in the association request
The dynamic corresponding subscriber identity information of equipment and the corresponding device identification of the assistant authentification equipment;
According to the corresponding relationship of the characteristic of preservation and device identification, the write-in device identification for establishing preservation is corresponding
Assistant authentification equipment characteristic, and the corresponding relationship between the subscriber identity information, so that the assistant authentification is set
It is standby to be generated according to the rule arranged with certificate server for authenticating the subscriber identity information according to this feature data
Authentication data.
A kind of assistant authentification equipment, the equipment include:
Receiving module, for receiving ID authentication request;
Information storage module, for caching characteristic corresponding with subscriber identity information in advance, this feature data are to recognize
Demonstrate,prove what server generated;
Authentication data generation module, for when the receiving module receives ID authentication request, according to the information
Characteristic that memory module caches in advance, corresponding with subscriber identity information, according to the rule arranged with the certificate server
Then, authentication data is generated;
Sending module, the authentication data for generating the authentication data generation module are sent to authenticating device,
So that after the authentication data is sent to the certificate server by the authenticating device, the certificate server according to it is described about
Fixed rule, the characteristic extracted in the authentication data are authenticated.
A kind of authenticating device, the authenticating device include:
Receiving module, for receiving authentication data, the authentication data be assistant authentification equipment according to cache in advance, with
The corresponding characteristic of subscriber identity information, according to the authentication data that the rule arranged with the certificate server generates, concurrently
It send, the characteristic is that certificate server generates;
Sending module, the authentication data for receiving the receiving module are sent to the certificate server.
A kind of certificate server, the certificate server include:
Receiving module, for receiving mobile device and the associated association request of assistant authentification equipment requirement, the association is asked
It asks middle and carries the corresponding subscriber identity information of mobile device and the corresponding device identification of the assistant authentification equipment;
Generation module, for establishing the write-in institute of preservation according to the characteristic of preservation and the corresponding relationship of device identification
The characteristic for stating the corresponding assistant authentification equipment of device identification, and the corresponding relationship between the subscriber identity information, so that
The assistant authentification equipment can be generated according to the rule arranged with certificate server for authenticating according to this feature data
State the authentication data of subscriber identity information.
A kind of identity authorization system, the identity authorization system include at least one above-mentioned assistant authentification equipment, and at least one
A corresponding authenticating device and at least one corresponding certificate server.
A kind of nonvolatile computer storage media, the computer storage medium are stored with executable program, this can hold
The step of line program is executed by processor, and realizes any above-mentioned identity identifying method.
A kind of on-line authentication equipment, including memory, the computer program of processor and storage on a memory, the place
Manage device execute described program when, realize any above-mentioned identity identifying method the step of.
The scheme provided according to embodiments of the present invention passes through the side of networking without mobile device when carrying out authentication
Formula, from certificate server obtain authentication data, but can by way of the preparatory cache feature data of assistant authentification equipment,
By assistant authentification equipment according to the rule arranged with certificate server, authentication data is generated, without networking, it can from auxiliary
Acquisition authentication data at authenticating device is helped, so that even if can successfully obtain under the bad sublimity of mobile environment or movable signal
It takes authentication data, guarantees subsequent when authentication data is sent to certificate server, success identity may be implemented in certificate server, mentions
The success rate of high authentication.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the flow diagram for the identity identifying method that the embodiment of the present invention one provides;
Fig. 2 is the flow diagram of identity identifying method provided by Embodiment 2 of the present invention;
Fig. 3 is the flow diagram for the identity identifying method that the embodiment of the present invention three provides;
Fig. 4 is the structural schematic diagram for the assistant authentification equipment that the embodiment of the present invention four provides;
Fig. 5 is the structural schematic diagram for the authenticating device that the embodiment of the present invention five provides;
Fig. 6 is the structural schematic diagram for the certificate server that the embodiment of the present invention six provides;
Fig. 7 is the structural schematic diagram for the identity authorization system that the embodiment of the present invention seven provides;
Fig. 8 is the structural schematic diagram for the on-line authentication equipment that the embodiment of the present invention eight provides.
Specific embodiment
For in the prior art, under on-line authentication identity mode, when mobile device is in mobile environment or movable signal
Under bad environment, since network can not be stably connected with, authentication data can not be successfully obtained, leading to certification, success rate is lower asks
Topic, the embodiment of the present invention propose, can introduce the feature that can cache certificate server generation in online identity Verification System
The assistant authentification equipment of data.When needing to carry out authentication, by assistant authentification equipment according to the characteristic of caching, with
The rule of certificate server agreement generates authentication data and is sent to authenticating device, realizes authentication by authenticating device.
The authentication data received can be sent to certificate server in authentication procedures by authenticating device, certification
The rule of server corresponding agreement when can be generated according to authentication data extracts the characteristic in the authentication data
It is authenticated.Directly authentication data is authenticated in compared with the existing technology, further increases the safety of authentication.
Particularly, according to the rule arranged with certificate server, assistant authentification equipment is the same user identity letter every time
The authentication data that breath generates can be identical, can not also be identical.If the authentication data generated every time is not identical, dynamic change
Authentication data can also further improve the safety of authentication.
Preferably, when generating authentication data, assistant authentification equipment can recognize according to what certificate server was specified with auxiliary
Demonstrate,prove equipment the corresponding encryption code key of device identification, characteristic is encrypted, and can by encrypted characteristic with
And itself corresponding device identification is sent to authenticating device so that authenticating device by the encrypted characteristic received and
After device identification is sent to certificate server, certificate server can according to the device identification, to encrypted characteristic into
Row decryption, realizes the certification to this feature data.By way of the corresponding encryption code key of an assistant authentification equipment, into one
Step improves the safety of authentication.
More preferably, when assistant authentification equipment encrypts characteristic, when can also will receive ID authentication request,
The corresponding time data of real-time clock (RTC) (RTC) are encrypted together, allow certificate server according to the time data, only to setting
The characteristic received in duration is authenticated.To further increase the safety of authentication.
Preferably, authenticating device can also add authentication data according to the cipher mode arranged with certificate server
It is close, and the authentication data after self-encryption is sent to certificate server, certificate server can be according to the encryption side of the agreement
Encrypted authentication data is decrypted in formula, the certification to the authentication data is realized, to improve the safety of authentication
Property.
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, it is clear that described embodiment is only a part of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
Every other embodiment, shall fall within the protection scope of the present invention.
It should be noted that term " includes " and " tool in description and claims of this specification and above-mentioned attached drawing
Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing a series of steps or units
Process, method, system, product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include without clear
Other step or units listing to Chu or intrinsic for these process, methods, product or equipment.
Embodiment one
The embodiment of the present invention one provides a kind of identity identifying method, from assistant authentification equipment side, to body provided by the invention
Part certificate scheme is illustrated.The step process of this method can be as shown in Figure 1, comprising:
Step 101 receives ID authentication request.
In this step, assistant authentification equipment can receive ID authentication request.The ID authentication request can be various
Form, the present embodiment does not limit.For example, the ID authentication request can be and be sent by radio frequency by authenticating device, may be used also
To be to click the key in assistant authentification equipment by user to generate, the touching clicked in assistant authentification equipment by user can also be
Touch what screen generated.
Step 102 generates authentication data.
When receiving ID authentication request, assistant authentification equipment can be according to cache in advance and subscriber identity information
Corresponding characteristic generates authentication data according to the rule arranged with the certificate server, and the characteristic is certification
What server generated.
Certainly, the characteristic can also be by other servers or equipment, the same rule arranged by certificate server
It generates.
Specifically, in this step, assistant authentification equipment can be according to the encryption code key pre-saved, to the characteristic
According to being encrypted, generate authentication data, the encryption code key be specify corresponding with device identification of the certificate server plus
Close code key.
Step 103 sends authentication data to authenticating device.
After assistant authentification equipment generates authentication data, the authentication data of generation can be sent to authenticating device.So that institute
It states after the authentication data is sent to the certificate server by authenticating device, the certificate server can be according to the agreement
Rule, the characteristic extracted in the authentication data authenticated.
Specifically, assistant authentification equipment can by way of authenticating device can receive, e.g., two dimensional code, NFC, bluetooth,
The authentication data of generation is sent to authenticating device by the forms such as sound wave, visible light signal.
In subsequent progress authentication, the authentication data received can be sent to certificate server by authenticating device,
Certificate server can extract the characteristic in the authentication data, and the characteristic extracted be saved with itself corresponding
Characteristic be compared, realize authentication, when comparison result is consistent, determine certification to the subscriber identity information
Pass through, otherwise, it determines to the authentification failure of the subscriber identity information.
If assistant authentification equipment carries out the characteristic according to the encryption code key pre-saved in a step 102
Encryption is to generate authentication data, then in this step, assistant authentification equipment can by itself corresponding device identification and
The authentication data is sent to authenticating device, so that the authenticating device sends the device identification and the authentication data
After the certificate server, the certificate server can be decrypted the authentication data according to the device identification,
And the characteristic obtained after decryption is authenticated.
Specifically, certificate server according to the device identification prestored and can add according to the device identification received in plain text
The corresponding relationship of close code key obtains corresponding encryption code key, so that the authentication data be decrypted.
It in the present embodiment, can be significantly due to being all made of different encryption code keys for each assistant authentification equipment
Improve the anti-crack ability for the authentication data that assistant authentification equipment generates.
Preferably, in ciphering process, can make an appointment according to certificate server, by various forms, such as plus
Enter random number, increase number certainly, from modes such as subtrahends, so that the encryption data generated every time is all different, further increases certification number
According to safety, reduce the risk that is cracked of authentication data.
More preferably, in a step 102, it can also comprise determining that real-time clock (RTC) (RTC) produces when receiving ID authentication request
Raw time data.
Authentication data is then generated in step 102 at this time includes: according to the encryption code key pre-saved, to the characteristic
It is encrypted with the time data, to generate authentication data;
Step 103 includes: by the device identification and the encrypted characteristic and the time data at this time
It is sent to authenticating device, can be understood as the authentication data of the device identification and generation being sent to authenticating device at this time.
So that the authenticating device is by the device identification and the encrypted characteristic and the time data
After being sent to the certificate server, the certificate server can be according to the device identification, to described encrypted described
After characteristic and the time data are decrypted, in the setting duration that the time data corresponding time is initial time
It is interior, the characteristic is authenticated.
In the present embodiment, assistant authentification equipment can be by integrating RTC, to generate corresponding time data.It is generating
During authentication data, time data can be encrypted together.Certificate server after decryption, obtain characteristic while
Can be with acquisition time data, and can be by the time data, the corresponding time is compared at this time with certificate server, if
Time interval is greater than preset threshold value, then directly thinks authentification failure, can be with if time interval is not more than preset threshold value
The characteristic extracted from authentication data is compared, realizes authentication.So that authentication data it is effective when
Between window significantly narrow, increase substantially the safety of authentication data.
Embodiment two
Second embodiment of the present invention provides a kind of identity identifying methods, and from authenticating device side, authenticating device be can be, but not limited to
It is interpreted as barcode scanning gun, NFC communication equipment or visible light signal receiving device etc., identity authentication scheme provided by the invention is carried out
Explanation.The step process of this method can be as shown in Figure 2, comprising:
Step 201 receives authentication data.
In this step, authenticating device can receive the authentication data of assistant authentification equipment transmission.
The authentication data can be assistant authentification equipment according to feature caching in advance, corresponding with subscriber identity information
Data, this feature data are that certificate server generates, the certification number generated according to the rule arranged with the certificate server
According to, and send.
The authentication data received is sent to certificate server by step 202.
In this step, the authentication data received can be sent to certificate server by authenticating device, by authentication service
Device is authenticated.
Specifically, in this step, authenticating device can by itself corresponding characteristic information, such as device identification, and
The authentication data received is sent to the certificate server, and the certificate server is believed according to the feature
Breath returns to the authentication result to the authentication data.
It certainly, can also include step before step 101 if ID authentication request is that authenticating device is sent
101 ': sending ID authentication request to the assistant authentification equipment.
Preferably, after step 201, before step 202, the method can further include step 202 ':
Step 202 ', the authentication data received is encrypted.
In this step, authenticating device can be according to the cipher mode arranged with the certificate server, to the certification
Data are encrypted.
Then step 202 specifically includes:
In this step, the encrypted authentication data can be sent to the certificate server by authenticating device, be made
The encrypted authentication data can be solved according to the cipher mode of the agreement by obtaining the certificate server
It is close.
Embodiment three
The embodiment of the present invention three provides a kind of identity identifying method, from certificate server side, to identity provided by the invention
Certificate scheme is illustrated.The step process of this method can be as shown in Figure 3, comprising:
Step 301 receives association request.
In this step, certificate server can receive mobile device and ask with the associated association of assistant authentification equipment requirement
It asks, the corresponding subscriber identity information of the mobile device and the assistant authentification equipment can be carried in the association request
Corresponding device identification.
Step 302 establishes corresponding relationship.
In this step, certificate server can be established according to the characteristic of preservation and the corresponding relationship of device identification
The characteristic of the corresponding assistant authentification equipment of the write-in device identification of preservation, with pair between the subscriber identity information
It should be related to, the assistant authentification equipment is generated according to this feature data according to the rule arranged with certificate server
For authenticating the authentication data of the subscriber identity information.
That is, certificate server can further establish authentication data and subscriber identity information when receiving association request
Between corresponding relationship so that this feature data of assistant authentification equipment utilization own cache, the authentication data of generation can be used
In the certification of the subscriber identity information.
In general, it is to be understood that certificate server can pre-generate batch of characteristic, and set in assistant authentification
It prepares when making, is written assistant authentification equipment one by one, when write-in, certificate server can be by characteristic information pass corresponding with device identification
System is recorded, and when being connected to association request, as long as device identification and subscriber identity information are associated.
It certainly, can be according to the agreement if certificate server receives the authentication data of authenticating device transmission
Rule, the characteristic extracted in the authentication data authenticated.
After step 302, step 303 and 304 be can further include:
Step 303 receives association turn-off request.
In this step, certificate server receives mobile device and assistant authentification equipment requirement disconnects associated association and closes
It requests, carries the corresponding subscriber identity information of the mobile device in the association turn-off request.
Step 304 releases corresponding relationship.
In this step, certificate server can release the mobile device pair according to the association turn-off request received
The corresponding relationship of the subscriber identity information and the characteristic answered, so that carrying out institute to the corresponding authentication data of this feature data
When stating subscriber identity information certification, authentication result is authentification failure.
The association request can be various forms with the turn-off request that is associated with.For example, the association request and described
Association turn-off request can be, but not limited to be user log-in authentication server page, be sent by the webpage;Alternatively, the pass
Connection request and described to be associated with turn-off request and can be, but not limited to be preassembled application in user's login mobile device
APP is sent by the application.
Specifically, when sending the association request by APP, the assistant authentification equipment pair that is carried in the association request
The device identification answered can be obtained by any way.For example, user is manually entered, or pass through scanning assistant authentification equipment
Two dimensional code obtain its device identification.
It is corresponding with the method that embodiment one~tri- provides, assistant authentification equipment below, authenticating device, certification clothes are provided
Business device, Verification System, medium and on-line authentication equipment.
Example IV
The embodiment of the present invention four provides a kind of assistant authentification equipment, which can be with encryption function or read protection function
The micro-control unit (MCU) or central processing unit (CPU) of energy realize its function as core, and the structure of the equipment can be such as Fig. 4
It is shown, in which:
Receiving module 11 is for receiving ID authentication request;
For information storage module 12 for caching characteristic corresponding with subscriber identity information in advance, this feature data are to recognize
Demonstrate,prove what server generated;
Authentication data generation module 13 is used for when the receiving module receives ID authentication request, according to the information
Characteristic that memory module caches in advance, corresponding with subscriber identity information, according to the rule arranged with the certificate server
Then, authentication data is generated;
Sending module 14 is used to the authentication data that the authentication data generation module generates being sent to authenticating device,
So that the certificate server can be according to institute after the authentication data is sent to the certificate server by the authenticating device
The rule for stating agreement, the characteristic extracted in the authentication data are authenticated.
The information storage module 12 is also used to store encryption code key and the corresponding equipment mark of the assistant authentification equipment
Know, the encryption code key is what the certificate server was specified, and device identification corresponding with the assistant authentification equipment is corresponding
Encrypt code key;
The authentication data generation module 13 is used to generate certification number according to the rule arranged with the certificate server
According to, comprising: the encryption code key pre-saved according to the information storage module encrypts the characteristic, generation is recognized
Demonstrate,prove data;
The sending module 14 is specifically used for the institute for generating the device identification and the authentication data generation module
It states authentication data and is sent to authenticating device, so that the device identification and the authentication data are sent to by the authenticating device
After the certificate server, the certificate server can be decrypted the authentication data according to the device identification, and
The characteristic obtained after decryption is authenticated.
The equipment further includes time data extraction module 15:
When time data extraction module 15 receives ID authentication request for determining, the time number of real-time clock (RTC) RTC generation
According to;
The authentication data generation module 13 is used to add the characteristic according to the encryption code key pre-saved
It is close, comprising: according to the encryption code key pre-saved, the characteristic and the time data are encrypted;
The sending module 14 is used to itself corresponding device identification and the authentication data being sent to certification
Equipment, comprising: the device identification and the encrypted characteristic and the time data are sent to certification and set
It is standby, so that the authenticating device sends the device identification and the encrypted characteristic and the time data
After the certificate server, the certificate server can be according to the device identification, to the encrypted feature
After data and the time data are decrypted, in the setting duration that the time data corresponding time is initial time,
The characteristic is authenticated.
The receiving module 11 is specifically used for receiving the ID authentication request that authenticating device is sent by radio frequency, either,
User's click keys (at this point it is possible to being interpreted as includes the physical button in the assistant authentification equipment) or touch screen are (at this point, can
Be interpreted as in the assistant authentification equipment include the touch screen) generate ID authentication request.
Embodiment five
The embodiment of the present invention five provides a kind of authenticating device, and the structure of the equipment can be as shown in Figure 5, in which:
Receiving module 21 for receiving authentication data, the authentication data be assistant authentification equipment according to cache in advance,
Characteristic corresponding with subscriber identity information, according to the authentication data that the rule arranged with the certificate server generates, and
It sends, the characteristic is that certificate server generates;
The authentication data that sending module 22 is used to receive the receiving module is sent to the certificate server.
The sending module 22 is also used to before the receiving module reception authentication data, is set to the assistant authentification
Preparation send ID authentication request.
The equipment further includes encrypting module 23:
Encrypting module 23 is used to encrypt the authentication data according to the second encryption code key pre-saved, described
Second encryption code key is what the certificate server was specified, the corresponding encryption of corresponding with the authenticating device the second device identification
Code key;
The sending module 22 is specifically used for sending second device identification and the encrypted authentication data
To the certificate server, allow the certificate server according to second device identification, to the encrypted institute
Authentication data is stated to be decrypted.
Embodiment six
The embodiment of the present invention six provides a kind of certificate server, the structure of the certificate server can with as shown in fig. 6, its
In:
Receiving module 31 for receiving mobile device and the associated association request of assistant authentification equipment requirement, ask by the association
It asks middle and carries the corresponding subscriber identity information of mobile device and the corresponding first equipment mark of the assistant authentification equipment
Know;
Generation module 32 is used to establish the write-in institute of preservation according to the characteristic of preservation and the corresponding relationship of device identification
The characteristic for stating the corresponding assistant authentification equipment of device identification, and the corresponding relationship between the subscriber identity information, so that
The assistant authentification equipment can be generated according to the rule arranged with certificate server for authenticating according to this feature data
State the authentication data of subscriber identity information.
The receiving module 31 is also used to receive the authentication data of authenticating device transmission;
The certificate server further includes authentication module 33:
Authentication module 33 is used for the rule according to the agreement, and the characteristic extracted in the authentication data carries out
Certification.Specifically, the corresponding characteristic that authentication module 33 can will generate in the characteristic extracted and generation module 32
According to being compared, when comparison result is consistent, determination passes through the certification of the subscriber identity information, otherwise, it determines to described
The authentification failure of subscriber identity information.
Authentication data is auxiliary authenticating device according to the encryption code key pre-saved, when characteristic is encrypted acquisition, institute
Stating receiving module 31 can be specifically used for receiving the device identification and authentication data of the assistant authentification equipment that authenticating device is sent;
Authentication module 33 can be specifically used for the corresponding relationship according to the device identification that prestores and encryption code key, using described
The device identification that receiving module receives determines corresponding encryption code key, thus the certification number received to the receiving module
According to being decrypted, and the characteristic obtained after decryption is authenticated.
If encrypting further includes time data in the authentication data obtained, authentication module 33 can be specifically used for according to pre-
The corresponding relationship of the device identification and encryption code key deposited, the device identification received using the receiving module are determined corresponding
Code key is encrypted, thus after the authentication data received to the receiving module is decrypted, when the time data are corresponding
Between for initial time setting duration in, the characteristic is authenticated.
Certainly, if authenticating device is when sending authentication data, further according to the encryption side arranged with certificate server
Formula encrypts authentication data, then authentication module 33 can also be specifically used for the cipher mode according to the agreement, to described
The encrypted authentication data is decrypted, the authentication data after being decrypted.
The receiving module 31 is also used to receive mobile device and assistant authentification equipment requirement disconnects associated association and closes
It requests, carries the corresponding subscriber identity information of the mobile device in the association turn-off request;
The generation module 32 is also used to release the corresponding use of the mobile device according to the association turn-off request received
The corresponding relationship of family identity information and the characteristic, so that carrying out the user to the corresponding authentication data of this feature data
When identity information authenticates, authentication result is authentification failure.
Embodiment seven
The embodiment of the present invention seven provides a kind of Verification System, the structure of the Verification System can with as shown in fig. 7, including
At least one assistant authentification equipment as described in example IV, at least one authenticating device as described in embodiment five and at least
One certificate server as described in embodiment six, to include an assistant authentification equipment, an authenticating device and one in Fig. 7
Illustrated for a certificate server.
Embodiment eight
The embodiment of the present invention eight provides a kind of on-line authentication equipment, and the structure of the equipment can be as shown in figure 8, include storage
Device 41, the computer program of processor 42 and storage on a memory, the processor 42 realize this hair when executing described program
The step of bright one providing method of embodiment, perhaps realizes the step of second embodiment of the present invention provides methods or realizes the present invention
The step of three providing method of embodiment.
Optionally, the processor 42 can specifically include central processing unit (CPU), application-specific integrated circuit (ASIC,
Application specific integrated circuit), it can be one or more for controlling the collection of program execution
At circuit, the hard of use site programmable gate array (FPGA, field programmable gate array) exploitation can be
Part circuit, can be baseband processor.
Optionally, the processor 42 may include at least one processing core.
Optionally, the memory 41 may include read-only memory (ROM, read only memory), arbitrary access
Memory (RAM, random access memory) and magnetic disk storage.Memory 41 is for storing at least one processor 42
Required data when operation.The quantity of memory 41 can be one or more.
The embodiment of the present invention nine provides a kind of nonvolatile computer storage media, and the computer storage medium is stored with
Executable program, when executable code processor execute when, realize one providing method of the embodiment of the present invention the step of, Huo Zheshi
The step of now second embodiment of the present invention provides methods, or the step of realizing three providing method of the embodiment of the present invention.
In the specific implementation process, computer storage medium may include: general serial bus USB (USB,
Universal Serial Bus flash drive), mobile hard disk, read-only memory (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), magnetic or disk etc. be various to can store program code
Storage medium.
In embodiments of the present invention, it should be understood that disclosed device and method, it can be real by another way
It is existing.For example, apparatus embodiments described above are merely indicative, for example, the division of the unit or unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of equipment or unit
It connects, can be electrical or other forms.
Each functional unit in embodiments of the present invention can integrate in one processing unit or each unit can also
To be independent physical module.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the embodiment of the present invention
All or part can be embodied in the form of software products, which is stored in a storage medium
In, including some instructions use so that a computer equipment, such as can be personal computer, server or network are set
Standby etc. or processor (processor) performs all or part of the steps of the method described in the various embodiments of the present invention.And it is above-mentioned
Storage medium include: general serial bus USB (universal serial bus flash drive), mobile hard disk,
The various media that can store program code such as ROM, RAM, magnetic or disk.
The above, above embodiments are only described in detail to the technical solution to the application, but the above implementation
The method that the explanation of example is merely used to help understand the embodiment of the present invention, should not be construed as the limitation to the embodiment of the present invention.This
Any changes or substitutions that can be easily thought of by those skilled in the art, should all cover the embodiment of the present invention protection scope it
It is interior.
Claims (24)
1. a kind of identity identifying method, which is characterized in that the described method includes:
When receiving ID authentication request, according to characteristic caching in advance, corresponding with subscriber identity information, according to
The rule of the certificate server agreement, generates authentication data, and the characteristic is that certificate server generates;
The authentication data is sent to authenticating device, so that the authentication data is sent to the certification by the authenticating device
After server, the certificate server according to the rule of the agreement, extract the characteristic in the authentication data into
Row certification.
2. the method as described in claim 1, which is characterized in that according to the rule arranged with the certificate server, generation is recognized
Demonstrate,prove data, comprising:
According to the encryption code key pre-saved, the characteristic is encrypted, generates authentication data, the encryption code key is
The specified encryption code key corresponding with device identification of the certificate server;
The authentication data is sent to authenticating device, comprising:
Itself corresponding device identification and the authentication data are sent to authenticating device, so that the authenticating device will
After the device identification and the authentication data are sent to the certificate server, the certificate server can be according to described
The authentication data is decrypted in device identification, and authenticates to the characteristic obtained after decryption.
3. method according to claim 2, which is characterized in that the method also includes:
It determines when receiving ID authentication request, the time data that real-time clock (RTC) RTC is generated;
According to the encryption code key pre-saved, the characteristic is encrypted, comprising:
According to the encryption code key pre-saved, the characteristic and the time data are encrypted;
Itself corresponding device identification and the authentication data are sent to authenticating device, comprising:
The device identification and the encrypted characteristic and the time data are sent to authenticating device, so that
The device identification and the encrypted characteristic and the time data are sent to by the authenticating device described to be recognized
After demonstrate,proving server, the certificate server can be according to the device identification, to the encrypted characteristic and institute
It states after time data are decrypted, in the setting duration that the time data corresponding time is initial time, to the spy
Sign data are authenticated.
4. the method as described in claims 1 to 3 is any, which is characterized in that the ID authentication request passes through for authenticating device
The ID authentication request that radio frequency is sent, either, the ID authentication request of user's click keys or touch screen generation.
5. a kind of identity identifying method, which is characterized in that the described method includes:
Receive authentication data, the authentication data be assistant authentification equipment according to cache in advance, it is corresponding with subscriber identity information
Characteristic, according to the certificate server arrange rule generate authentication data, and send, the characteristic
It is that certificate server generates;
The authentication data received is sent to the certificate server.
6. method as claimed in claim 5, which is characterized in that before receiving authentication data, the method also includes:
ID authentication request is sent to the assistant authentification equipment.
7. such as method described in claim 5 or 6, which is characterized in that after receiving authentication data, will receive described in recognize
Card data are sent to before the certificate server, the method also includes:
According to the cipher mode arranged with the certificate server, the authentication data is encrypted;
The authentication data received is sent to the certificate server, comprising:
The encrypted authentication data is sent to the certificate server, allows the certificate server according to described
The encrypted authentication data is decrypted in the cipher mode of agreement.
8. a kind of identity identifying method, which is characterized in that the described method includes:
Mobile device and the associated association request of assistant authentification equipment requirement are received, the movement is carried in the association request and sets
Standby corresponding subscriber identity information and the corresponding device identification of the assistant authentification equipment;
According to the corresponding relationship of the characteristic of preservation and device identification, the write-in device identification for establishing preservation is corresponding auxiliary
Corresponding relationship between the characteristic for helping authenticating device, with the subscriber identity information, so that the assistant authentification equipment can
To be generated according to the rule arranged with certificate server for authenticating recognizing for the subscriber identity information according to this feature data
Demonstrate,prove data.
9. method according to claim 8, which is characterized in that the method also includes:
Receive the authentication data that authenticating device is sent;
According to the rule of the agreement, the characteristic extracted in the authentication data is authenticated.
10. method as claimed in claim 8 or 9, which is characterized in that the method also includes:
It receives mobile device and assistant authentification equipment requirement disconnects associated association turn-off request, taken in the association turn-off request
With the corresponding subscriber identity information of the mobile device;
According to the association turn-off request received, the corresponding subscriber identity information of the mobile device and the characteristic are released
Corresponding relationship so as to the corresponding authentication data of this feature data carry out the subscriber identity information certification when, authentication result
It is authentification failure.
11. method as claimed in claim 10, which is characterized in that the association request is user with the turn-off request that is associated with
Login authentication server page is sent by the webpage;Alternatively, the association request is user with the turn-off request that is associated with
It logs in preassembled using APP in the mobile device, passes through what the application was sent.
12. a kind of assistant authentification equipment, which is characterized in that the equipment includes:
Receiving module, for receiving ID authentication request;
Information storage module, for caching characteristic corresponding with subscriber identity information in advance, this feature data are certification clothes
It is engaged in what device generated;
Authentication data generation module, for being stored according to the information when the receiving module receives ID authentication request
Characteristic that module caches in advance, corresponding with subscriber identity information, it is raw according to the rule arranged with the certificate server
At authentication data;
Sending module, the authentication data for generating the authentication data generation module are sent to authenticating device, so that
After the authentication data is sent to the certificate server by the authenticating device, the certificate server is according to the agreement
Rule, the characteristic extracted in the authentication data are authenticated.
13. equipment as claimed in claim 12, which is characterized in that
The information storage module is also used to store encryption code key and the corresponding device identification of the assistant authentification equipment, institute
Stating encryption code key is what the certificate server was specified, and the corresponding encryption of corresponding with assistant authentification equipment device identification is secret
Key;
The authentication data generation module, for generating authentication data, packet according to the rule arranged with the certificate server
Include: the encryption code key pre-saved according to the information storage module encrypts the characteristic, generates certification number
According to;
The sending module, specifically for the certification for generating the device identification and the authentication data generation module
Data are sent to authenticating device, described recognize so that the device identification and the authentication data are sent to by the authenticating device
After demonstrate,proving server, the certificate server can be decrypted the authentication data, and according to the device identification to decryption
The characteristic obtained afterwards is authenticated.
14. equipment as claimed in claim 13, which is characterized in that the equipment further include:
Time data extraction module, when receiving ID authentication request for determining, the time data of real-time clock (RTC) RTC generation;
The authentication data generation module is wrapped for being encrypted to the characteristic according to the encryption code key pre-saved
It includes: according to the encryption code key pre-saved, the characteristic and the time data being encrypted;
The sending module, for itself corresponding device identification and the authentication data to be sent to authenticating device,
Include: the device identification and the encrypted characteristic and the time data are sent to authenticating device so that
The device identification and the encrypted characteristic and the time data are sent to by the authenticating device described to be recognized
After demonstrate,proving server, the certificate server can be according to the device identification, to the encrypted characteristic and institute
It states after time data are decrypted, in the setting duration that the time data corresponding time is initial time, to the spy
Sign data are authenticated.
15. the equipment as described in claim 12~14 is any, which is characterized in that
The receiving module, the ID authentication request sent specifically for receiving authenticating device by radio frequency, either, Yong Hudian
Hit the ID authentication request that key or touch screen generate.
16. a kind of authenticating device, which is characterized in that the authenticating device includes:
Receiving module, for receiving authentication data, the authentication data is assistant authentification equipment according to caching in advance and user
The corresponding characteristic of identity information, according to the authentication data that the rule arranged with the certificate server generates, and send,
The characteristic is that certificate server generates;
Sending module, the authentication data for receiving the receiving module are sent to the certificate server.
17. equipment as claimed in claim 16, which is characterized in that the sending module is also used to the receiving module and receives
Before the authentication data, ID authentication request is sent to the assistant authentification equipment.
18. the equipment as described in claim 16 or 17, which is characterized in that the equipment further include:
Encrypting module, for being encrypted to the authentication data according to the cipher mode with certificate server agreement;
The sending module, specifically for the encrypted authentication data is sent to the certificate server, so that described
Certificate server can be decrypted the encrypted authentication data according to the cipher mode of the agreement.
19. a kind of certificate server, which is characterized in that the certificate server includes:
Receiving module, for receiving mobile device and the associated association request of assistant authentification equipment requirement, in the association request
Carry the corresponding subscriber identity information of the mobile device and the corresponding device identification of the assistant authentification equipment;
Generation module, for establishing and being set described in the write-in of preservation according to the characteristic of preservation and the corresponding relationship of device identification
The standby characteristic for identifying corresponding assistant authentification equipment, and the corresponding relationship between the subscriber identity information, so that described
Assistant authentification equipment can be generated according to the rule arranged with certificate server for authenticating the use according to this feature data
The authentication data of family identity information.
20. certificate server as claimed in claim 19, which is characterized in that the receiving module is also used to receive certification and sets
The authentication data that preparation is sent;
The certificate server further include:
Authentication module, for the rule according to the agreement, the characteristic extracted in the authentication data is authenticated.
21. the certificate server as described in claim 19 or 20, which is characterized in that the receiving module is also used to receive shifting
Dynamic equipment and assistant authentification equipment requirement disconnect associated association turn-off request, carry the movement in the association turn-off request
The corresponding subscriber identity information of equipment;
The generation module is also used to release the corresponding user's body of the mobile device according to the association turn-off request received
The corresponding relationship of part information and the characteristic, so that carrying out the user identity to the corresponding authentication data of this feature data
When authentification of message, authentication result is authentification failure.
22. a kind of identity authorization system, which is characterized in that the identity authorization system includes at least one such as claim 12 institute
The assistant authentification equipment stated, at least one authenticating device as claimed in claim 16 and at least one such as claim 19 institute
The certificate server stated.
23. a kind of nonvolatile computer storage media, which is characterized in that the computer storage medium is stored with executable journey
Sequence, the executable code processor execute the step of realizing Claims 1 to 4 any the method, or realize that right is wanted
The step of seeking 5~7 any the method, or the step of realizing claim 8~11 any the method.
24. a kind of on-line authentication equipment, which is characterized in that including memory, the computer of processor and storage on a memory
The step of program, the processor realizes Claims 1 to 4 any the method when executing described program, or realize right
It is required that the step of 5~7 any the method, or the step of realizing claim 8~11 any the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810553631.4A CN109005144B (en) | 2018-05-31 | 2018-05-31 | Identity authentication method, equipment, medium and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810553631.4A CN109005144B (en) | 2018-05-31 | 2018-05-31 | Identity authentication method, equipment, medium and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109005144A true CN109005144A (en) | 2018-12-14 |
CN109005144B CN109005144B (en) | 2021-04-20 |
Family
ID=64573668
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810553631.4A Active CN109005144B (en) | 2018-05-31 | 2018-05-31 | Identity authentication method, equipment, medium and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109005144B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110769415A (en) * | 2019-10-30 | 2020-02-07 | 维沃移动通信有限公司 | Authentication method and electronic equipment |
CN110808966A (en) * | 2019-10-23 | 2020-02-18 | 天津华来科技有限公司 | Identity information generation method and device and storage medium |
CN113556365A (en) * | 2021-09-23 | 2021-10-26 | 中国信息通信研究院 | Authentication result data transmission system, method and device |
CN114338213A (en) * | 2021-12-31 | 2022-04-12 | 电子科技大学 | Temperature-assisted authentication system and authentication method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080052395A1 (en) * | 2003-02-28 | 2008-02-28 | Michael Wright | Administration of protection of data accessible by a mobile device |
CN102186169A (en) * | 2010-04-30 | 2011-09-14 | 北京华大智宝电子系统有限公司 | Identity authentication method, device and system |
CN105325021A (en) * | 2013-03-15 | 2016-02-10 | 因特鲁斯特公司 | Method and apparatus for remote portable wireless device authentication |
-
2018
- 2018-05-31 CN CN201810553631.4A patent/CN109005144B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080052395A1 (en) * | 2003-02-28 | 2008-02-28 | Michael Wright | Administration of protection of data accessible by a mobile device |
CN102186169A (en) * | 2010-04-30 | 2011-09-14 | 北京华大智宝电子系统有限公司 | Identity authentication method, device and system |
CN105325021A (en) * | 2013-03-15 | 2016-02-10 | 因特鲁斯特公司 | Method and apparatus for remote portable wireless device authentication |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110808966A (en) * | 2019-10-23 | 2020-02-18 | 天津华来科技有限公司 | Identity information generation method and device and storage medium |
CN110769415A (en) * | 2019-10-30 | 2020-02-07 | 维沃移动通信有限公司 | Authentication method and electronic equipment |
CN113556365A (en) * | 2021-09-23 | 2021-10-26 | 中国信息通信研究院 | Authentication result data transmission system, method and device |
CN113556365B (en) * | 2021-09-23 | 2022-01-11 | 中国信息通信研究院 | Authentication result data transmission system, method and device |
CN114338213A (en) * | 2021-12-31 | 2022-04-12 | 电子科技大学 | Temperature-assisted authentication system and authentication method thereof |
CN114338213B (en) * | 2021-12-31 | 2022-09-13 | 电子科技大学 | Temperature-assisted authentication method |
Also Published As
Publication number | Publication date |
---|---|
CN109005144B (en) | 2021-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11764966B2 (en) | Systems and methods for single-step out-of-band authentication | |
CN107079034B (en) | Identity authentication method, terminal equipment, authentication server and electronic equipment | |
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
CN108809659B (en) | Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system | |
US20190050554A1 (en) | Logo image and advertising authentication | |
CN108989278A (en) | Identification service system and method | |
CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
CN111615105B (en) | Information providing and acquiring method, device and terminal | |
CN109005144A (en) | A kind of identity identifying method, equipment, medium and system | |
CN112953970B (en) | Identity authentication method and identity authentication system | |
CN105989386B (en) | A kind of method and apparatus for reading and writing radio frequency identification card | |
CN106850201B (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
CN107689944A (en) | Identity identifying method, device and system | |
CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
US11356442B2 (en) | Wearable device-based identity authentication method and system | |
CN102916869A (en) | Instant messaging method and system | |
CN105719131A (en) | Server, client and paying-for-another method of e-payment | |
CN108900561A (en) | The method, apparatus and system of single-sign-on | |
CN101286848A (en) | Login authentication method and login signature procedure | |
WO2014141263A1 (en) | Asymmetric otp authentication system | |
CN101741843A (en) | Method, device and system for realizing user authentication by utilizing public key infrastructure | |
CN105656627A (en) | Identity verification method, device and system | |
CN104202299A (en) | System and method of identity authentication based on Bluetooth | |
CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
CN107609878B (en) | Security authentication method and system for shared automobile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |