CN109495268B - Two-dimensional code authentication method and device and computer readable storage medium - Google Patents
Two-dimensional code authentication method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN109495268B CN109495268B CN201710818378.6A CN201710818378A CN109495268B CN 109495268 B CN109495268 B CN 109495268B CN 201710818378 A CN201710818378 A CN 201710818378A CN 109495268 B CN109495268 B CN 109495268B
- Authority
- CN
- China
- Prior art keywords
- platform
- information
- dimensional code
- authentication
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a two-dimension code authentication method, which comprises the following steps: acquiring a platform digital signature and a second key corresponding to identity characteristic information of an issuing terminal, and encrypting a first sending content characteristic value through the second key to generate a personal digital signature, wherein the platform digital signature is obtained by encrypting first platform identification information through a first key; and determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information. The invention also discloses a two-dimensional code authentication device and a computer readable storage medium.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a two-dimension code authentication method and device and a computer readable storage medium.
Background
With the development and popularization of the mobile internet, the two-dimensional code is applied to the clothes and food of common people in China, but the two-dimensional code brings convenience to the public life and simultaneously brings inherent potential safety hazards to people. Safety events caused by the two-dimension codes occur occasionally, and public nerves are triggered. For example, when a mobile phone user scans a two-dimensional code with an unknown source, the two-dimensional code may be linked to a malicious website, so that the mobile phone is infected with a virus or implanted with a trojan horse, and unpredictable potential safety hazards and economic losses are caused. On the other hand, the two-dimensional code is widely applied, and if the two-dimensional code containing the real-name information of the user is discarded, the information of the user is easily leaked, which is also a problem of information security that cannot be ignored.
At present, aiming at the problems, in the aspect of research on a two-dimensional code security defense technology, the following technical scheme is provided:
firstly, use safe scanning instrument or antivirus software, when the scanning two-dimensional code, utilize cell-phone virus defense technique and high in the clouds virus detection and analysis technique, carry out analysis and detection to two-dimensional code information, judge whether there is phishing website to link or virus in the two-dimensional code, filter harmful information, carry out the risk suggestion to the user.
And secondly, the safety performance of the two-dimension code is improved, the two-dimension code information is encrypted, and information leakage and tampering are prevented.
However, solution one relies on the completeness of the two-dimensional code virus library and the validity of the security model, however, both are often difficult to satisfy. More importantly, the source of the two-dimensional code cannot be verified, so that the safety cannot be guaranteed. And the second scheme only solves the problems of information leakage and tampering of the two-dimension code, and can not prove whether the source of the two-dimension code is reliable or not.
Therefore, a technical scheme for two-dimension code authentication is needed to effectively verify the reliability and security of a two-dimension code source.
Disclosure of Invention
In view of this, embodiments of the present invention are intended to provide a method, an apparatus, and a computer-readable storage medium for two-dimensional code authentication, which can effectively verify the reliability and security of a two-dimensional code source.
The technical scheme of the embodiment of the invention is realized as follows:
in one aspect, an embodiment of the present invention provides a two-dimensional code authentication method, where the method includes:
acquiring a platform digital signature and a second key corresponding to identity characteristic information of an issuing terminal, and encrypting a first sending content characteristic value through the second key to generate a personal digital signature, wherein the platform digital signature is obtained by encrypting first platform identification information through a first key;
and determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information.
In the above scheme, the obtaining the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal includes:
sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform;
receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature;
and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier.
In the above scheme, the method further comprises:
calculating a hash value of the sending content to obtain a first sending content characteristic value;
setting the first transmission content characteristic value in the authentication information.
In the above scheme, the method further comprises:
acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating a two-dimensional code based on the two-dimensional code information including the authentication information includes:
encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information;
and generating a two-dimensional code based on the encrypted two-dimensional code information.
In the foregoing solution, the acquiring a third key according to the second communication identifier includes:
sending the second communication identification to the authentication platform,
and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
On the other hand, an embodiment of the present invention further provides a two-dimensional code authentication method, where the method includes:
scanning the two-dimensional code to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal;
acquiring a first key, and decrypting the platform digital signature through the first key to obtain second platform identification information;
when the platform digital signature is determined to be correct according to the second platform mark information, the personal digital signature is decrypted through the fourth secret key to obtain a second sending content characteristic value; and determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful.
In the above scheme, the method further comprises:
acquiring first platform identification information in the authentication information;
and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
In the above scheme, the method further comprises:
acquiring a first sending content characteristic value in the authentication information;
and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
In the above scheme, the method further comprises:
acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
In the foregoing solution, the obtaining the fifth key according to the second communication identifier representing the identity characteristic of the scanning terminal includes:
sending the second communication identifier to an authentication platform;
and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
In one aspect, an embodiment of the present invention further provides a two-dimensional code authentication device, where the device includes: the device comprises an encryption module and a generation module; wherein the content of the first and second substances,
the encryption module is used for acquiring a platform digital signature and a second key corresponding to the identity characteristic information of the issuing terminal, encrypting the first sending content characteristic value through the second key to generate a personal digital signature, and the platform digital signature is obtained by encrypting the first platform identification information through the first key;
the generation module is configured to determine authentication information including the platform digital signature, a fourth key corresponding to the second key, and the personal digital signature, and generate a two-dimensional code based on two-dimensional code information including the authentication information.
In the above scheme, the acquiring, by the encryption module, the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal includes:
sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform;
receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature;
and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier.
In the foregoing solution, the apparatus further includes a calculating module, configured to:
calculating a hash value of the sending content to obtain a first sending content characteristic value;
setting the first transmission content characteristic value in the authentication information.
In the foregoing solution, the apparatus further includes a first obtaining module, configured to:
acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating module generates the two-dimensional code based on the two-dimensional code information including the authentication information includes:
encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information;
and generating a two-dimensional code based on the encrypted two-dimensional code information.
In the foregoing solution, the acquiring, by the first acquiring module, the third key according to the second communication identifier includes:
sending the second communication identification to the authentication platform,
and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
On the other hand, an embodiment of the present invention further provides a two-dimensional code authentication apparatus, where the apparatus includes: the system comprises a scanning module, a first verification module and a second verification module; wherein the content of the first and second substances,
the scanning module is used for scanning the two-dimensional code to obtain two-dimensional code information including authentication information, the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal;
the first verification module is used for acquiring a first key and decrypting the platform digital signature through the first key to obtain second platform identification information;
the second verification module is configured to decrypt the personal digital signature through the fourth key to obtain a second sent content feature value when the platform digital signature is determined to be correct according to the second platform flag information; and determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful.
In the above scheme, the apparatus further includes a first comparing module, configured to:
acquiring first platform identification information in the authentication information;
and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
In the foregoing solution, the apparatus further includes a second comparing module, configured to:
acquiring a first sending content characteristic value in the authentication information;
and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
In the foregoing solution, the apparatus further includes a second obtaining module, configured to:
acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning module scans the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
In the foregoing solution, the acquiring, by the second acquiring module, the fifth key according to the second communication identifier representing the identity characteristic of the scanning terminal includes:
sending the second communication identifier to an authentication platform;
and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
On the other hand, an embodiment of the present invention further provides a two-dimensional code authentication apparatus, where the apparatus includes: the two-dimensional code authentication method comprises a processor and a memory for storing a computer program capable of running on the processor, wherein the processor is used for executing the steps of the two-dimensional code authentication method when the computer program is run.
In another aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the two-dimensional code authentication method are implemented.
According to the two-dimension code authentication method, the two-dimension code authentication device and the computer readable storage medium, when the two-dimension code is generated, the platform digital signature and the second secret key corresponding to the identity characteristic information of the issuing terminal are obtained, the first sending content characteristic value is encrypted through the second secret key to generate the personal digital signature, and the platform digital signature is obtained by encrypting the platform identification information through the first secret key; and determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information. When the scanning terminal scans, scanning the two-dimensional code to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a personal digital signature, a platform digital signature and a fourth secret key, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal; acquiring a first key, and decrypting the personal digital signature through the fourth key to obtain a second sending content characteristic value when the platform digital signature is determined to be correct based on the first key; and when the second sending content characteristic value is determined to be correct, determining that the two-dimensional code authentication is successful. Therefore, the platform digital signature and the digital signature information of the two-dimension code publisher are added into the two-dimension code, the verification of the two-dimension code scanning terminal on the two-dimension code source and the two-dimension code distributor is converted into the verification of the validity of the platform digital signature and the personal digital signature, the reliability and the safety of the two-dimension code source can be effectively verified, and the problem that the two-dimension code source cannot be traced is effectively solved.
Drawings
Fig. 1 is a schematic flowchart of a two-dimensional code authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a two-dimensional code authentication method according to a second embodiment of the present invention;
fig. 3 is a schematic flowchart of a two-dimensional code authentication method according to a third embodiment of the present invention;
FIG. 4 is a schematic diagram of a system according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an authentication platform according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a client according to a fourth embodiment of the present invention;
FIG. 7 is a diagram illustrating a system software architecture according to a fourth embodiment of the present invention;
fig. 8 is a diagram illustrating a format of a digital certificate according to a fourth embodiment of the present invention;
fig. 9 is a schematic diagram illustrating a two-dimensional code information composition provided by the fourth embodiment of the present invention;
fig. 10 is a schematic flowchart of a digital certificate application according to a fourth embodiment of the present invention;
fig. 11 is a schematic flowchart of a method for generating a two-dimensional code according to a fourth embodiment of the present invention;
fig. 12 is a schematic flowchart of a method for identifying a two-dimensional code according to a fourth embodiment of the present invention;
fig. 13 is a schematic structural diagram of a two-dimensional code authentication device according to a fifth embodiment of the present invention;
fig. 14 is a schematic structural diagram of another two-dimensional code authentication device according to a fifth embodiment of the present invention;
fig. 15 is a schematic structural diagram of a two-dimensional code authentication device according to a sixth embodiment of the present invention;
fig. 16 is a schematic structural diagram of another two-dimensional code authentication device according to a sixth embodiment of the present invention;
fig. 17 is a schematic structural diagram of a two-dimensional code authentication device according to an eighth embodiment of the present invention.
Detailed Description
In the embodiment of the invention, when the two-dimensional code is generated, a platform digital signature and a second secret key corresponding to identity characteristic information of an issuing terminal are obtained, a first sending content characteristic value is encrypted through the second secret key to generate a personal digital signature, and the platform digital signature is obtained by encrypting platform identification information through a first secret key; and determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information. When the two-dimensional code is scanned, the two-dimensional code is scanned to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to identity characteristic information of the issuing terminal; acquiring a first key, and decrypting the personal digital signature through the fourth key to obtain a second sending content characteristic value when the platform digital signature is determined to be correct based on the first key; and when the second sending content characteristic value is determined to be correct, determining that the two-dimensional code authentication is successful.
The following describes the embodiments in further detail with reference to the accompanying drawings.
Example one
An embodiment of the present invention provides a two-dimensional code authentication method, as shown in fig. 1, the method includes:
s101, acquiring a platform digital signature and a second key corresponding to identity characteristic information of a release terminal, and encrypting a first sending content characteristic value through the second key to generate a personal digital signature;
the platform digital signature is obtained by encrypting the platform identification information through a first secret key;
the step of acquiring the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal comprises the following steps: sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform; receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature; and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier. The identity characteristic information of the issuing terminal is a first communication identifier representing the identity characteristic of the issuing terminal.
The authentication platform can check the first communication identifier through the identity authentication platform of the operator, specifically, the first communication identifier is sent to the identity authentication platform of the operator, the identity authentication platform of the operator sends the real-name information of the first communication identifier to the authentication platform, the authentication platform compares the information registered by the issuing terminal with the received real-name information, and when the two information are consistent, the check is passed.
And when the certification platform receives the communication identification of the issuing terminal, the digital certificate and the second secret key corresponding to the issuing terminal are acquired. The communication identifier of the issuing terminal is referred to as a first communication identifier, wherein the communication identifier may be information such as a SIM card number, a telephone number, and the like. In the authentication platform, different digital certificates and second keys correspond to different communication identifications. The digital certificate may include information such as a platform digital signature, a fourth key corresponding to the second key, and platform identification information. When the issuing terminal sends the communication identifier of the issuing terminal to the authentication platform, the authentication platform can simultaneously issue the first secret key to the issuing terminal. The platform digital signatures in the digital certificates corresponding to different communication identifications are the same, but the fourth keys are different.
In the embodiment of the present invention, after the authentication platform receives the first communication identifier of the terminal, the authentication platform may send the received first communication identifier to the identity authentication platform of the operator to request for real-name authentication, and specifically, the identity authentication platform of the operator returns real-name information to the authentication platform according to a relationship between the communication identifier and the real-name information. And the authentication platform compares the received real-name information with the registration information, verifies the user, and returns information such as the digital certificate, the second key and the first key to the terminal after the verification is passed.
Here, the first key is a key for authenticating the platform to generate a platform digital signature, and may be a platform root certificate, i.e., a platform public key. The platform digital signature is encrypted data obtained by encrypting the platform identification information through a platform private key. The platform private key and the platform public key are respectively an encryption key and a decryption key for encryption and decryption.
The second key is an encryption key for generating a user digital signature (namely, a personal digital signature) by the terminal, and corresponds to different encryption keys for different users. The second key and the fourth key are a key pair for encryption and decryption, wherein the second key is used for encryption and the fourth key is used for decryption. The second key and the fourth key may be the same or different. For example, when an asymmetric encryption/decryption algorithm is used, the second key and the fourth key are different, the second key may be a user private key, and the fourth key may be a user public key. For another example: when a symmetric algorithm is employed, the second key and the fourth key are the same. The second key and the fourth key may be obtained from the authentication platform at the same time, and the fourth key may also be calculated based on the second key.
It should be noted that, in the embodiment of the present invention, the public key and the private key are a pair of keys for encryption and decryption in an asymmetric encryption and decryption algorithm. The public key is used as an encryption or decryption key in the main body of the key, and the private key is used as an encryption or decryption key in other terminals except the main body. Such as: in the authentication platform, platform identification information is encrypted through a platform public key to obtain a platform digital signature, and when the platform digital signature is decrypted on a terminal, the platform digital signature is decrypted through a platform private key corresponding to the platform public key to obtain the platform identification information.
And when the issuing terminal generates the two-dimensional code, the platform digital signature and the second secret key are obtained. Here, when the platform digital signature and the second key are stored in the issuing terminal, the platform digital signature and the second key are directly obtained from the inside of the issuing terminal; and when the platform digital signature and the second secret key are not stored in the issuing terminal, the platform digital signature and the second secret key can be acquired from the authentication platform. When the issuing terminal acquires the platform digital signature, a digital certificate can be acquired, wherein the digital certificate comprises the platform digital signature.
And after the issuing terminal acquires the second key, determining the transmission content to be transmitted, calculating a transmission content characteristic value according to the transmission content, and encrypting the transmission content characteristic value through the second key to obtain the personal digital signature. Here, the calculated transmission content characteristic value is set as a first transmission content characteristic value. The algorithm for calculating the transmission content feature value according to the transmission content may be a hash algorithm, and at this time, the transmission content feature value is a hash value of the transmission content. The sending content may include links, text, pictures, etc. In the calculation of the transmission content characteristic value, the transmission content characteristic value of all the transmission contents may be calculated, or the transmission content characteristic value of a part of the transmission contents may be calculated.
S102, determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information.
When the platform digital signature, the fourth key and the personal digital signature are determined, these pieces of information are used as authentication information, and the authentication information and the transmission content are used together as two-dimensional code information to generate a two-dimensional code. Wherein, the authentication information may further include a first transmission content characteristic value.
Here, the fourth key corresponding to the second key may be calculated by the issuing terminal according to the second key, or may be obtained from the authentication platform when the second key is obtained from the authentication platform.
In the authentication information, the platform digital signature and the fourth key may be simultaneously set in the digital certificate, and in this case, the two-dimensional code information includes the transmission content, the digital certificate, and the personal digital signature. The platform digital signature can represent the two-dimensional code issued by the two-dimensional code issuer to be the two-dimensional code based on the authentication of the authentication platform, and the personal digital signature can represent the personal identity of the two-dimensional code issuer.
In the embodiment of the invention, after the issuing terminal determines the two-dimensional code information, the issuing terminal can encrypt the two-dimensional code information to verify the identity of the scanning terminal, wherein the encrypted key can be a key for one scanning terminal or keys for a plurality of scanning terminals, and when the issuing terminal is directed at one scanning terminal, the encrypted key can be determined according to the identity of the scanning terminal or can be independently sent to the scanning terminal. When multiple scanning terminals are targeted, the encryption key may be sent to the authorized scanning terminal. Here, the key for encrypting the two-dimensional code information is the third key. The mode of sending the third key to the scanning terminal can be various sending modes such as short message, WeChat and the like.
When the encryption key is determined according to the identity characteristic information of the scanning terminal, the user public key of the scanning terminal can be acquired from the authentication platform, and the acquired user public key is used as a third key to encrypt the two-dimensional code information.
Specifically, the method comprises the following steps: the two-dimensional code authentication method may further include: acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier; correspondingly, generating a two-dimensional code based on two-dimensional code information including the authentication information includes: encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information; and generating a two-dimensional code based on the encrypted two-dimensional code information. Here, the second communication identifier of the scanning terminal may be SIM card information, a telephone number, or the like of the scanning terminal, which is capable of characterizing identity information of the scanning terminal.
Wherein the obtaining of the third key according to the second communication identifier comprises: and sending the second communication identifier to the authentication platform, and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
And the issuing terminal downloads the digital certificate of the scanning terminal from the authentication platform through the second communication identifier of the scanning terminal, wherein the digital certificate of the scanning terminal carries the third secret key of the scanning terminal.
In the embodiment of the invention, in the process of generating the two-dimensional code, authentication information based on the identity characteristic of the issuing terminal is added into the two-dimensional code information, wherein the authentication information comprises: a platform digital signature, a personal digital signature, and a fourth key for encrypting the digital personal signature. Therefore, when the scanning terminal scans the two-dimensional code, the digital signature can be verified through the first secret key verification platform, the personal digital signature is verified through the fourth secret key, the verification of the two-dimensional code scanning terminal on the two-dimensional code source is converted into the verification of the digital signature of the authentication platform and the validity of the personal digital signature, and the problem that the two-dimensional code source cannot be traced is effectively solved. Furthermore, after the two-dimension code information is determined, the two-dimension code information is encrypted based on the identity characteristic information of the scanning terminal, and the problems of security and confidentiality of the two-dimension code information and identity verification of the scanning terminal are effectively solved. In addition, the two-dimension code authentication method of the embodiment of the invention can issue the platform digital signature to a third-party platform while realizing the off-line generation and authentication functions, can be expanded based on a PKI trust model, and has high application value.
Example two
An embodiment of the present invention provides a two-dimensional code authentication method, as shown in fig. 2, including:
s201, scanning the two-dimensional code to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature;
here, the fourth key corresponds to the identity information of the issuing terminal.
When the scanning terminal scans the two-dimensional code issued by the issuing terminal, information of the two-dimensional code is obtained, wherein the information can be unencrypted two-dimensional code information or encrypted two-dimensional code information.
When the information is encrypted two-dimensional code information, a key for encrypting the two-dimensional code information is a third key corresponding to the identity characteristic information of the scanning terminal, and a key for decoding the encrypted two-dimensional code information is a fifth key corresponding to the third key. The third key and the fifth key are key pairs for encryption and decryption, and may be the same key, or may be a public key and a private key.
Here, the third key and the fifth key may be generated by the authentication platform, and may also be generated by the scanning terminal or the issuing terminal. When the two-dimensional code is generated by the issuing terminal, the issuing terminal encrypts the two-dimensional code information through the third secret key, and meanwhile, the generated fifth secret key is sent to the scanning terminal so that the scanning terminal can decrypt the encrypted two-dimensional code information. When the two-dimensional code is generated by the scanning terminal, the scanning terminal can send the generated third secret key to the issuing terminal for encrypting the two-dimensional code information, and the scanning terminal decrypts the encrypted two-dimensional code information through the fifth secret key. When the authentication platform generates the third key and the fifth key, the authentication platform generates different key pairs for different scanning terminals, sends the third key to the issuing terminal in the form of a digital certificate of the scanning terminal, and sends the fifth key to the scanning terminal, at this time, the third key may be a user private key of the scanning terminal, and the fifth key may be a user public key of the scanning terminal.
When the third key and the fifth key are acquired from the authentication platform, acquiring the two-dimensional code information of the encrypted two-dimensional code information by scanning includes:
acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
The acquiring the fifth key according to the second communication identifier representing the identity characteristic of the scanning terminal includes:
sending the second communication identifier to an authentication platform; and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
The identity of the scanning terminal is confirmed and verified through decryption of the encrypted two-dimensional code information, specifically, when the current scanning terminal is the scanning terminal corresponding to the third secret key of the encrypted two-dimensional code information, the current terminal can obtain the fifth secret key corresponding to the third secret key, so that the encrypted two-dimensional code information is decrypted through the fifth secret key, the decrypted two-dimensional code information is obtained, otherwise, the encrypted two-dimensional code information cannot be correctly decrypted, the decrypted two-dimensional code information is obtained, and the unencrypted two-dimensional code information is obtained.
Here, the two-dimensional code information obtained by scanning the two-dimensional code includes authentication information and transmission content, wherein the authentication information includes a digital certificate, a personal digital signature, and the transmission content. The digital certificate comprises platform digital signature, a fourth key, platform identification information, a sending content characteristic value and other information. The platform identification information included in the digital certificate obtained by scanning the two-dimensional code is used as first platform identification information, and the transmission content characteristic value carried by the digital certificate obtained by scanning the two-dimensional code is called a first transmission content characteristic value.
The platform digital signature is obtained by encrypting the platform identification information through the first secret key. The platform identification information may be information representing the identity of the platform, such as a platform name and a platform number. The first transmission content feature value may be a hash value obtained by calculating a hash value of the transmission content in the process of generating the two-dimensional code by the issuing terminal issuing the two-dimensional code. Here, the transmission content for calculating the transmission content feature value may be all transmission content or part of transmission content, and the transmission content may include: links, text, pictures, etc. And a fourth key in the authentication information is a key corresponding to the identity characteristic information of the scanning terminal, and a second key which is a key pair with the fourth key is a key for encrypting the sending content characteristic value to obtain the personal digital signature. The encryption and decryption key pairs related to the personal digital signature are different for different issuing terminals.
S202, acquiring a first secret key, and decrypting the platform digital signature through the first secret key to obtain second platform identification information;
and when the scanning terminal obtains the two-dimensional code information, acquiring a first secret key. The first secret key is a platform public key, namely a platform root certificate, acquired by the scanning terminal from the authentication platform.
In the embodiment of the invention, the method further comprises the following steps: acquiring first platform identification information in the authentication information; and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
Specifically, after the first key is obtained, the platform digital signature is decrypted through the first key to obtain platform identification information, the platform identification information obtained through decryption is called second platform identification information, the second platform identification information obtained through decryption is compared with the first platform identification information obtained through scanning, the two platform digital signature is determined to be correct when the two platform identification information and the first platform identification information are the same, and the two-dimensional code is determined to be a two-dimensional code authenticated by an authentication platform. Otherwise, the two-dimension code information is not authenticated by the authentication platform and is an untrusted two-dimension code.
S203, when the platform digital signature is determined to be correct according to the second platform mark information, the personal digital signature is decrypted through the fourth secret key to obtain a second sending content characteristic value; and determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful.
When the platform digital signature is determined to be correct according to the second platform information, verification of the personal digital signature in the authentication information is started.
In the embodiment of the present invention, the method further includes: acquiring a first sending content characteristic value in the authentication information;
and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
And when the platform digital signature is determined to be correct, encrypting the personal digital signature in the authentication information through a fourth secret key in the authentication information to obtain a sending content characteristic value, wherein the sending content characteristic value obtained by decryption is called a second sending content characteristic value, comparing the second sending content characteristic value obtained by decryption with the first sending content characteristic value obtained by scanning, determining that the personal digital signature is correct when the two sending content characteristic values are the same, and determining that the two-dimensional code is a two-dimensional code issued by a terminal authenticated by the authentication platform.
When the scanned two-dimensional code is determined to be the platform-authenticated two-dimensional code and the issuing terminal of the two-dimensional code is determined to be the terminal authenticated by the authentication platform, the two-dimensional code is a reliable and safe two-dimensional code, and the two-dimensional code is authenticated successfully.
It should be noted that, in the embodiment of the present invention, one terminal may be a publishing terminal or a scanning terminal, which is for application processes of different two-dimensional codes. For a two-dimensional code, the terminal generating the two-dimensional code is a publishing terminal, and the terminal scanning the two-dimensional code is a scanning terminal.
By adopting the two-dimensional code authentication method provided by the embodiment of the invention, after the two-dimensional code is scanned, the platform digital signature in the scanned two-dimensional code information is verified to verify whether the two-dimensional code is a two-dimensional code subjected to platform authentication, after the platform digital signature is verified to be passed, the personal digital signature in the authentication information is decrypted through the fourth password corresponding to the identity characteristic information of the issuing terminal to verify whether the personal digital signature is the personal digital signature of the terminal subjected to platform authentication, after the verification is passed, the source of the two-dimensional code is determined to be reliable and safe, the verification of the two-dimensional code source by the two-dimensional code scanning terminal is converted into the verification of the platform digital signature and the validity of the personal digital signature, and the problem that the source of the two-dimensional code cannot be traced is effectively solved. Furthermore, after the two-dimension code information is determined, the encrypted two-dimension code information is decrypted based on the identity characteristic information of the scanning terminal, and the problems of security and confidentiality of the two-dimension code information and identity verification of the scanning terminal are effectively solved. In addition, the two-dimension code authentication method of the embodiment of the invention can issue the platform digital signature to a third-party platform while realizing the off-line generation and authentication functions, can be expanded based on a PKI trust model, and has high application value.
EXAMPLE III
The embodiment of the invention provides a two-dimensional code authentication method, wherein the two-dimensional code authentication method is explained in the embodiment of the invention by taking a complete process of generation and identification of a two-dimensional code as a specific application scene. Here, a client interacting with the authentication platform is preinstalled in the issuing terminal for generating the two-dimensional code and the code scanning terminal for identifying the two-dimensional code, so as to generate or identify the two-dimensional code by acquiring a key based on a communication identifier of the issuing terminal or the scanning terminal through interaction with the authentication platform, and a root certificate of the authentication platform, that is, a first key for decrypting a platform digital signature is installed to authenticate the platform digital signature.
S301, the issuing terminal acquires a platform digital signature and a second key, and encrypts the transmitted content through the second key to obtain a personal digital signature;
and the issuing terminal sends the communication identifier of the issuing terminal to the authentication platform, and acquires the platform digital signature and the second secret key from the authentication platform. And a fourth key which is an encryption and decryption pair with the second key while the second key is obtained. The second key may be a private key of a user of the issuing terminal, and the fourth key may be a public key of the user of the issuing terminal.
And after the issuing terminal determines the sending content, the sending content is calculated to obtain a sending content characteristic value, and the sending content characteristic value is encrypted by a second secret key to obtain a personal digital signature.
S302, the issuing terminal generates a two-dimensional code based on the platform digital signature, the personal digital signature and a fourth key corresponding to the second key;
and the issuing terminal takes the platform digital signature, the personal digital signature and the fourth key corresponding to the second key as authentication information, and generates and issues the two-dimensional code together with the sending content as two-dimensional code information. The two-dimensional code information may further include the calculated transmission content characteristic value and the platform identification information.
After the two-dimensional code information is determined, the two-dimensional code information can be encrypted through a third secret key of the scanning terminal, and the encrypted two-dimensional code information is used as information for generating a two-dimensional code to generate the two-dimensional code. The third key and the fifth key may be keys that are mutually an encryption and decryption pair, the third key may be a user public key of the scanning terminal, and the fifth key may be a user private key of the scanning terminal.
S303, the scanning terminal scans the two-dimensional code to scan the two-dimensional code to obtain two-dimensional code information, and verifies a platform digital signature in the two-dimensional code information;
the scanning terminal obtains two-dimensional code information carried by the two-dimensional code after scanning the two-dimensional code issued by the issuing terminal, wherein the two-dimensional code information comprises authentication information and sending content, and the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature.
Here, when the obtained scanned information is encrypted two-dimensional code information, the encrypted two-dimensional code information is decrypted by the fifth key to obtain the two-dimensional code information.
After the terminal obtains the two-dimension code information, the platform digital signature is verified through the first secret key, specifically, the platform digital signature is decrypted through the first secret key to obtain platform identification information, the obtained platform identification information is compared with the platform identification information obtained by scanning the two-dimension code, and when the two platform identification information are the same, the platform digital signature is verified to be passed. The platform identification information compared with the decrypted platform identification information may also be acquired from the authentication platform.
S304, after the scanning terminal determines that the platform digital signature passes verification, verifying the personal digital signature;
and after the scanning terminal verifies the digital signature of the platform successfully, decrypting the personal digital signature through a fourth key to obtain a sending content characteristic value, comparing the sending content characteristic value obtained by decryption with the sending content characteristic value obtained by scanning the two-dimensional code, and when the sending content characteristic value obtained by decryption is the same as the sending content characteristic value obtained by scanning the two-dimensional code, verifying the personal digital signature. The transmission content feature value to be compared with the decrypted transmission content feature value may be acquired from the distribution terminal.
S305, after the scanning terminal determines that the personal digital signature passes verification, the two-dimensional code passes verification.
Example four
Based on the above embodiments, the two-dimensional code authentication method provided by the above embodiments is further described in the embodiments of the present invention.
As shown in fig. 4, the user registers with a mobile phone number through the client of the authentication platform. After the authentication platform receives the mobile phone number of the client, the authentication platform sends the mobile phone number to the operator identity authentication platform to request real-name information, the operator identity authentication platform confirms with the user, and the real-name information of the user is returned to the authentication platform. And the authentication platform compares the user registration information with the real-name system information, and if the user registration information is consistent with the real-name system information, the verification is confirmed to be passed. And after the verification is passed, generating a digital certificate (containing a user public key), and sending the digital certificate together with the platform root certificate and the user private key to the client. The digital certificate comprises a platform digital signature and a user public key, the platform root certificate is the platform public key, and the platform digital signature is encrypted information obtained by encrypting platform identification information through a platform private key.
And the two-dimensional code issuing terminal adds a digital certificate and digital signature information of the terminal in the two-dimensional code. (the client is realized by a two-dimensional code generation algorithm-the digital certificate information and the digital signature information are written into the two-dimensional code information). The two-dimensional code scanning terminal is provided with a platform root certificate in advance, the platform root certificate is used for verifying the digital certificate in the two-dimensional code when the two-dimensional code is scanned, specifically, the root certificate (platform public key) is used for decrypting the digital signature of the platform in the digital certificate, and if the digital signature can be decrypted correctly, the digital certificate is true. And after the verification is passed, the digital certificate is used for verifying the digital signature, specifically, the digital signature is signed by using a user public key of an issuing terminal in the digital certificate, the two-dimension code information is read after the signature verification is passed, and otherwise, a risk prompt of 'unauthenticated two-dimension code' is sent to the user.
The PKI system is based on public key cryptography, provides cryptographic services and related management systems for all network applications, including encryption and decryption, digital certificates, digital signatures and the like, and can ensure the confidentiality, security, integrity and non-repudiation of information. The digital certificate can be used as identity authentication information of a certificate holder, and the digital signature is used for confirming the identity of an information issuer.
The system for realizing the two-dimension code authentication method consists of an authentication platform and a client.
The authentication platform is composed as shown in fig. 5, and includes a Certificate Authority (CA), a Registration Authority (RA), a Key Management Center (KMC), a Public Key Infrastructure (PKI) repository, and the like, where the CA is used to issue and manage certificates, the RA is used for personal identity verification, Certificate Revocation List (CRL) management, the KMC provides generation and management services of user encryption keys, and the PKI repository includes a Lightweight Directory Access Protocol (LDAP) directory server and a general database, and is used to store and manage information such as user applications, certificates, keys, CRLs, and logs, and provide a certain query function.
The client is mainly responsible for certificate application, two-dimensional code generation and reading, and comprises a certificate management component, a two-dimensional code generation component, a two-dimensional code reading component, a key management component, an encryption and decryption component and the like, as shown in fig. 6. The certificate management component is responsible for applying for, revoking, inquiring, downloading, storing and reading the digital certificate to the authentication platform, and the two-dimensional code generation component is responsible for carrying out data analysis, information coding and error correction coding on the two-dimensional code bearing information and generating a two-dimensional code image. The two-dimensional code reading assembly is responsible for scanning, reading, positioning graphs, error correction and decoding, decoding information and displaying information. The key management component is responsible for storing the read user key pair. The encryption and decryption component is responsible for encrypting and decrypting the two-dimensional code bearing information, the authentication certificate and the digital signature information.
In the embodiment of the invention, the authentication platform adopts a software architecture based on an SSM framework (Spring + Spring MVC + MyBatis). As shown in fig. 7, the software structure of the framework includes a presentation layer, an application service layer, and a data access layer. In particular, the method comprises the following steps of,
the presentation layer is realized based on a SpringMVC framework, and a RESTful API access interface is provided by a control for a client and a web browser (background management page) to call.
The application service layer is managed by a Spring IoC container and is integrated with Spring MVC and MyBatis through Spring.
The data access layer adopts a Mybatis framework, supports common SQL, stores processes and advanced mapping, is portable and handy, and is easy to integrate with Spring.
In the embodiment of the invention, the digital certificate can be created according to the X.509 certificate format, and the certificate comprises a certificate version number, a certificate holder public key, a certificate serial number, certificate holder information, a frame number validity period, a certificate issuer name, a certificate issuer signature and a signature algorithm identifier. The platform identification information can be the name of a certificate issuer, the signature of the certificate issuer is a platform digital signature, and the public key of a certificate holder is a user public key of the scanning terminal. The certificate conforms to the ITU-T X.509 international standard, can be used by other applications conforming to the X.509 standard, and enhances the expansibility of the system. The latest version v3 of the x.509 version shown in fig. 8 can be used, the signature algorithm uses SHA1, and the encryption algorithm uses RSA 1024.
The two-dimensional code is a bar code which represents information in a two-dimensional direction and codes the information into a black and white geometric pattern through a certain coding rule. The QR two-dimensional code can be used as an information carrier, and authentication information is added into the two-dimensional code. The final two-dimension code information comprises service information (characters, websites, pictures, videos and the like), a digital certificate of a publisher and a digital signature of the publisher on the service information (hash value), and the QR two-dimension code is adopted, so that the method has the characteristics of large data capacity, high reading speed and the like.
As shown in fig. 9, the information carried by the two-dimensional code includes a digital certificate, a personal digital signature, and service information, where the digital certificate and the personal digital signature are authentication information, and the service information is transmission content. By verification, the digital certificate and the personal digital signature scheme of the embodiment of the invention occupy no more than about 15% of the two-dimensional code data capacity.
In the embodiment of the invention, the process of generating and identifying the two-dimensional code comprises three processes of certificate application, two-dimensional code generation and two-dimensional code scanning.
The certificate application process is shown in fig. 10, specifically:
s1001, the user terminal registers in the authentication platform through the telephone number of the client.
The user terminal (including a two-dimensional code issuing user and a scanning user) comprises a client and an SIM card, the user at the client fills in registration information, and the client sends the registration information to the authentication platform.
S1002, the authentication platform carries out manual examination on the registration information through the identity authentication platform of the operator;
the authentication platform sends the mobile phone number to the identity authentication platform of the operator to inquire the user information, and the authentication platform of the operator inquires the user registration information.
The identity authentication platform of the operator sends a short message to the user to confirm whether the user terminal agrees with the inquiry or not, after receiving an agreement inquiry response of the user terminal, customer information is returned to the authentication platform, and the authentication platform compares the customer information with the registration information for manual verification. And when the client information received by the authentication platform from the identity authentication platform of the mobile operator is consistent with the registration information of the user side, confirming that the verification is passed.
And S1003, the authentication platform issues an authentication platform root certificate, a digital certificate and a user private key after passing the verification.
Fig. 11 shows a two-dimensional code generation process, specifically:
s1101, whether the identity of the scanning terminal is authenticated or not;
when yes, S1102 is performed, otherwise S1104 is performed.
S1102, whether a digital certificate of the scanning terminal is stored or not is judged;
when no, S1103 is executed, otherwise S1104 is executed.
S1103, downloading the digital certificate of the scanning terminal;
and sending the communication identification of the scanning terminal to the authentication platform, and downloading the digital certificate of the scanning terminal.
S1104, preparing two-dimensional code information;
the two-dimension code information comprises authentication information and sending content, wherein the authentication information comprises a digital certificate and a personal digital signature, and the hash value of the sending content is also included. The digital certificate comprises a platform digital signature, a user key and platform identification information.
S1105, encrypting the two-dimensional code information;
this step is performed when the result of S1101 is yes, and encrypting the two-dimensional code information results in encrypted two-dimensional code information.
Here, if the identity of the scanner needs to be verified, the information can be encrypted before the two-dimensional code bar code is encoded, and according to different scenes, the following two encryption modes can be adopted during encryption: (1) public key based asymmetric encryption: the encryption mode is suitable for the situation that the scanner is a single user, and the publisher needs to firstly inquire the digital certificate of the scanner on the authentication platform and then encrypt the digital certificate by using the public key line of the scanner. (2) Password-based symmetric encryption: the encryption mode is suitable for the scene that the scanner is single or multi-user, and the publisher does not need to download the digital certificate of the scanner, but needs to send the password to the scanner in advance through an authentication platform or in a short message mode.
And S1106, generating a two-dimensional code pattern.
The two-dimensional code information of S1104 or the encrypted two-dimensional code information of S1105 may be encoded by Base64 encoding algorithm to generate a two-dimensional code pattern.
Fig. 12 shows a two-dimensional code scanning process, specifically:
s1201, scanning the two-dimensional code to obtain two-dimensional code information;
s1202, judging whether the scanned two-dimensional code information needs to be decrypted or not;
s1203 is executed when decryption is required, otherwise S1204 is executed.
S1203, decrypting the encrypted two-dimensional code information;
and decrypting the encrypted two-dimensional code information by scanning a user private key of the terminal.
S1204, verifying the digital certificate;
and verifying the platform digital signature in the digital certificate, specifically, decrypting the platform digital signature through the platform root certificate, if the decryption is correct, the certificate is true, and the verification is passed. And when the certificate is true, executing S1205, otherwise executing S1207, and performing risk prompting.
S1205, verifying the personal digital signature;
and verifying the personal digital signature, specifically, decrypting the personal digital signature through a user public key of the scanning terminal in the digital certificate, if the decryption is correct, the personal digital signature is verified to be passed, and if the decryption is correct, executing S1206 to read the two-dimensional code information. Otherwise, executing S1207 and carrying out risk prompting.
S1207, risk prompt is carried out;
after the risk prompt is performed, if a selection operation of continuing to read the two-dimensional code is received, S1206 is executed to read the two-dimensional code information, and at this time, the two-dimensional code information is read without determining whether the source of the two-dimensional code is safe.
It should be noted that, when a two-dimensional code scanning user scans a two-dimensional code, if the identity needs to be verified, the two-dimensional code is decoded by adopting a Base64 encoding algorithm, and then the two-dimensional code containing the digital certificate of the issuer and the digital signature is decrypted by using a private key or a password.
If the identity does not need to be verified, after the scanner obtains the two-dimension code information, the pre-installed authentication platform root certificate is used for verifying the authenticity of the two-dimension code issuer certificate, if the authenticity is true, the public key in the issuer certificate is used for verifying the digital signature of the issuer, and if the authenticity is true, the two-dimension code service information is analyzed. And if the certificate or the digital signature is not authentic, sending a risk prompt of 'unauthenticated two-dimensional code' to enable a user to select whether to continue analyzing. And an authentication platform is not needed to participate in the whole two-dimensional code scanning process, so that offline and bidirectional authentication is realized.
EXAMPLE five
In order to implement the two-dimensional code authentication method provided in the first embodiment, an embodiment of the present invention provides a two-dimensional code authentication apparatus, as shown in fig. 13, where the apparatus includes: an encryption module 1301 and a generation module 1302; wherein the content of the first and second substances,
the encryption module 1301 is configured to obtain a platform digital signature and a second key corresponding to identity feature information of the issuing terminal, encrypt the first sending content feature value through the second key to generate a personal digital signature, where the platform digital signature is obtained by encrypting the first platform identification information through the first key;
a generating module 1302, configured to determine authentication information including the platform digital signature, a fourth key corresponding to the second key, and the personal digital signature, and generate a two-dimensional code based on two-dimensional code information including the authentication information.
The encryption module 1301 acquiring the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal includes: sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform; receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature; and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier.
As shown in fig. 14, the apparatus further includes a calculating module 1303 configured to: calculating a hash value of the sending content to obtain a first sending content characteristic value; setting the first transmission content characteristic value in the authentication information.
The apparatus further includes a first obtaining module 1304 for: acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating module 1302 generating the two-dimensional code based on the two-dimensional code information including the authentication information includes: encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information; and generating a two-dimensional code based on the encrypted two-dimensional code information.
The obtaining, by the first obtaining module 1304, the third key according to the second communication identifier includes: and sending the second communication identifier to the authentication platform, and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
EXAMPLE six
In order to implement the two-dimensional code authentication method provided in the second embodiment, an embodiment of the present invention provides a two-dimensional code authentication apparatus, as shown in fig. 15, where the apparatus includes: a scan module 1501, a first authentication module 1502, and a second authentication module 1503; wherein the content of the first and second substances,
the scanning module 1501 is configured to scan the two-dimensional code to obtain two-dimensional code information including authentication information, where the authentication information includes a platform digital signature, a fourth key and a personal digital signature, and the fourth key corresponds to identity feature information of the issuing terminal;
a first verification module 1502, configured to obtain a first key, and decrypt the platform digital signature through the first key to obtain second platform identification information;
a second verification module 1503, configured to decrypt the personal digital signature through the fourth key to obtain a second sent content feature value when determining that the platform digital signature is correct according to the second platform flag information; and determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful.
As shown in fig. 16, the apparatus further includes a first comparing module 1504 for: acquiring first platform identification information in the authentication information; and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
The apparatus also includes a second comparison module 1505 for: acquiring a first sending content characteristic value in the authentication information; and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
The apparatus further comprises a second obtaining module 1506 configured to: acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
accordingly, the scanning module 1501 scans the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
The obtaining, by the second obtaining module 1506, the fifth key according to the second communication identifier characterizing the identity of the scanning terminal includes: sending the second communication identifier to an authentication platform; and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
"Yili" for treating hepatitis
The embodiment of the invention also provides a two-dimensional code authentication device, which comprises: a processor and a memory for storing a computer program operable on the processor, wherein the processor is operable when executing the computer program to perform: acquiring a platform digital signature and a second key corresponding to identity characteristic information of an issuing terminal, and encrypting a first sending content characteristic value through the second key to generate a personal digital signature, wherein the platform digital signature is obtained by encrypting first platform identification information through a first key; and determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information.
The processor is configured to, when running the computer program, execute the steps of acquiring the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal, including:
sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform;
receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature; and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier.
The processor is further configured to, when executing the computer program, perform: calculating a hash value of the sending content to obtain a first sending content characteristic value; setting the first transmission content characteristic value in the authentication information.
The processor is further configured to, when executing the computer program, perform: acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating a two-dimensional code based on the two-dimensional code information including the authentication information includes:
encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information;
and generating a two-dimensional code based on the encrypted two-dimensional code information.
The processor, when executing the computer program, is configured to execute the acquiring of the third key according to the second communication identifier, including:
sending the second communication identification to the authentication platform,
and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
Example eight
The embodiment of the invention also provides a two-dimensional code authentication device, which comprises: a processor and a memory for storing a computer program operable on the processor, wherein the processor is operable when executing the computer program to perform: scanning the two-dimensional code to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal;
acquiring a first key, and decrypting the platform digital signature through the first key to obtain second platform identification information;
when the platform digital signature is determined to be correct according to the second platform mark information, the personal digital signature is decrypted through the fourth secret key to obtain a second sending content characteristic value; and determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful.
The processor is further configured to, when executing the computer program, perform: acquiring first platform identification information in the authentication information; and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
The processor is further configured to, when executing the computer program, perform: acquiring a first sending content characteristic value in the authentication information; and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
The processor is further configured to, when executing the computer program, perform: acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
The processor is configured to, when running the computer program, execute the acquiring of the fifth key according to the second communication identifier characterizing the identity of the scanning terminal, including: sending the second communication identifier to an authentication platform; and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
Fig. 17 is a schematic structural diagram of a two-dimensional code authentication apparatus according to a seventh embodiment or an eighth embodiment of the present invention, where the two-dimensional code authentication apparatus shown in fig. 17 includes: at least one processor 1701 and memory 1702. The various components of the two-dimensional code authentication device are coupled together by a bus system 1703. It is understood that bus system 1703 is used to enable connected communication between these components.
It will be appreciated that the memory 1702 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memory 1202 described in connection with the embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The memory 1702 of the embodiment of the present invention is used to store various types of data to support the operation of the two-dimensional code authentication apparatus implementing the seventh embodiment or the eighth embodiment.
The methods disclosed in the embodiments of the present invention described above may be applied to the processor 1701 or implemented by the processor 1701. The processor 1701 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by instructions in the form of hardware, integrated logic circuits, or software in the processor 1701. The Processor 1701 may be a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 1701 may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed by the embodiment of the invention can be directly implemented by a hardware decoding processor, or can be implemented by combining hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 1702 and the processor 1701 may read the information in the memory 1702 in conjunction with its hardware to perform the steps of the methods previously described.
In an exemplary embodiment, the two-dimensional code authentication Device implementing seven or eight embodiments may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors (gpus), controllers, Micro Controllers (MCUs), microprocessors (microprocessors), or other electronic components for performing the foregoing methods.
Example nine
In an exemplary embodiment, the present invention further provides a computer readable storage medium, such as a memory 1702 including a computer program, which can be executed by a processor 1701 in a two-dimensional code authentication apparatus to perform the steps of the foregoing method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, performs:
acquiring a platform digital signature and a second key corresponding to identity characteristic information of an issuing terminal, and encrypting a first sending content characteristic value through the second key to generate a personal digital signature, wherein the platform digital signature is obtained by encrypting first platform identification information through a first key;
and determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information.
When the computer program is executed by the processor, the executing the acquiring of the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal comprises:
sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform;
and receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature.
The computer program, when executed by the processor, further performs: calculating a hash value of the sending content to obtain a first sending content characteristic value; setting the first transmission content characteristic value in the authentication information.
The computer program, when executed by the processor, further performs:
acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating a two-dimensional code based on the two-dimensional code information including the authentication information includes:
encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information;
and generating a two-dimensional code based on the encrypted two-dimensional code information.
When the computer program is executed by a processor, the performing the obtaining of the third key according to the second communication identification comprises:
sending the second communication identification to the authentication platform,
and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
Example ten
In an exemplary embodiment, the present invention further provides a computer readable storage medium, such as a memory 1702 including a computer program, which can be executed by a processor 1701 in a two-dimensional code authentication apparatus to perform the steps of the foregoing method. The computer readable storage medium may be Memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface Memory, optical disk, or CD-ROM.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, performs:
scanning the two-dimensional code to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal;
acquiring a first key, and decrypting the platform digital signature through the first key to obtain second platform identification information;
when the platform digital signature is determined to be correct according to the second platform mark information, the personal digital signature is decrypted through the fourth secret key to obtain a second sending content characteristic value; and determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful.
The computer program, when executed by the processor, further performs:
acquiring first platform identification information in the authentication information;
and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
The computer program, when executed by the processor, further performs:
acquiring a first sending content characteristic value in the authentication information;
and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
The computer program, when executed by the processor, further performs:
acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
When the computer program is executed by a processor, the executing the acquiring the fifth key according to the second communication identifier characterizing the identity of the scanning terminal includes:
sending the second communication identifier to an authentication platform;
and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (19)
1. A two-dimensional code authentication method is characterized by comprising the following steps:
acquiring a platform digital signature and a second key corresponding to identity characteristic information of an issuing terminal, and encrypting a first sending content characteristic value through the second key to generate a personal digital signature, wherein the platform digital signature is obtained by encrypting first platform identification information through a first key;
determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information;
the method further comprises the following steps:
acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating a two-dimensional code based on the two-dimensional code information including the authentication information includes:
encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information;
and generating a two-dimensional code based on the encrypted two-dimensional code information.
2. The method of claim 1, wherein obtaining the platform digital signature and the second key corresponding to the identity characteristic information of the issuing terminal comprises:
sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform;
receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature;
and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier.
3. The method of claim 1, further comprising:
calculating a hash value of the sending content to obtain a first sending content characteristic value;
setting the first transmission content characteristic value in the authentication information.
4. The method of claim 1, wherein the obtaining a third key according to the second communication identifier comprises:
sending the second communication identification to the authentication platform,
and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
5. A two-dimensional code authentication method is characterized by comprising the following steps:
scanning the two-dimensional code to obtain two-dimensional code information including authentication information, wherein the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal;
acquiring a first key, and decrypting the platform digital signature through the first key to obtain second platform identification information;
when the platform digital signature is determined to be correct according to the second platform mark information, the personal digital signature is decrypted through the fourth secret key to obtain a second sending content characteristic value; determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful;
the method further comprises the following steps:
acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
6. The method of claim 5, further comprising:
acquiring first platform identification information in the authentication information;
and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
7. The method of claim 5, further comprising:
acquiring a first sending content characteristic value in the authentication information;
and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
8. The method according to claim 5, wherein the obtaining the fifth key according to the second communication identifier characterizing the identity of the scanning terminal comprises:
sending the second communication identifier to an authentication platform;
and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
9. A two-dimensional code authentication device, characterized in that the device comprises: the device comprises an encryption module and a generation module; wherein the content of the first and second substances,
the encryption module is used for acquiring a platform digital signature and a second key corresponding to the identity characteristic information of the issuing terminal, encrypting the first sending content characteristic value through the second key to generate a personal digital signature, and the platform digital signature is obtained by encrypting the first platform identification information through the first key;
the generation module is used for determining authentication information comprising the platform digital signature, a fourth key corresponding to the second key and the personal digital signature, and generating a two-dimensional code based on two-dimensional code information comprising the authentication information;
the apparatus further comprises a first obtaining module configured to:
acquiring a second communication identifier representing the identity characteristic of the scanning terminal, and acquiring a third secret key according to the second communication identifier;
correspondingly, the generating module generates the two-dimensional code based on the two-dimensional code information including the authentication information includes:
encrypting the two-dimension code information through the third secret key to obtain encrypted two-dimension code information;
and generating a two-dimensional code based on the encrypted two-dimensional code information.
10. The apparatus of claim 9, wherein the encryption module obtaining the platform digital signature and the second key corresponding to the identity information of the issuing terminal comprises:
sending a first communication identifier representing the identity characteristic of the issuing terminal to an authentication platform;
receiving a digital certificate and a second secret key which are sent by the authentication platform and correspond to the first communication identifier, wherein the digital certificate carries the platform digital signature;
and issuing the digital certificate and the second secret key corresponding to the first communication identifier after the authentication platform verifies the first communication identifier.
11. The apparatus of claim 9, further comprising a computing module to:
calculating a hash value of the sending content to obtain a first sending content characteristic value;
setting the first transmission content characteristic value in the authentication information.
12. The apparatus of claim 9, wherein the first obtaining module obtains a third key according to the second communication identifier comprises:
sending the second communication identification to the authentication platform,
and receiving a digital certificate which is sent by the authentication platform and corresponds to the second communication identifier, wherein the digital certificate carries the third secret key.
13. A two-dimensional code authentication device, characterized in that the device comprises: the system comprises a scanning module, a first verification module and a second verification module; wherein the content of the first and second substances,
the scanning module is used for scanning the two-dimensional code to obtain two-dimensional code information including authentication information, the authentication information comprises a platform digital signature, a fourth secret key and a personal digital signature, and the fourth secret key corresponds to the identity characteristic information of the issuing terminal;
the first verification module is used for acquiring a first key and decrypting the platform digital signature through the first key to obtain second platform identification information;
the second verification module is configured to decrypt the personal digital signature through the fourth key to obtain a second sent content feature value when the platform digital signature is determined to be correct according to the second platform flag information; determining that the personal digital signature is correct according to the second sending content characteristic value, and determining that the two-dimensional code authentication is successful;
the apparatus further comprises a second obtaining module configured to:
acquiring a fifth key according to a second communication identifier representing the identity characteristic of the scanning terminal;
correspondingly, the scanning module scans the two-dimensional code to obtain the two-dimensional code information including the authentication information includes:
and scanning the two-dimension code to obtain encrypted two-dimension code information, and decrypting the encrypted two-dimension code information through the fifth secret key to obtain the two-dimension code information.
14. The apparatus of claim 13, further comprising a first comparison module configured to:
acquiring first platform identification information in the authentication information;
and when the first platform identification information is the same as the second platform identification information, determining that the platform digital signature is correct according to the second platform identification information.
15. The apparatus of claim 13, further comprising a second comparison module configured to:
acquiring a first sending content characteristic value in the authentication information;
and when the first sending content characteristic value and the second sending content characteristic value are the same, determining that the personal digital signature is correct according to the second sending content characteristic value.
16. The apparatus of claim 13, wherein the second obtaining module obtains the fifth key according to the second communication identifier characterizing the identity of the scanning terminal comprises:
sending the second communication identifier to an authentication platform;
and receiving a digital certificate corresponding to the second communication identifier and sent by the authentication platform, wherein the digital certificate carries the fifth secret key.
17. A two-dimensional code authentication device, characterized in that the device comprises: a processor and a memory for storing a computer program operable on the processor, wherein the processor is operable to perform the steps of the method of any of claims 1 to 4 when the computer program is executed.
18. A two-dimensional code authentication device, characterized in that the device comprises: a processor and a memory for storing a computer program operable on the processor, wherein the processor is operable to perform the steps of the method of any of claims 5 to 8 when the computer program is executed.
19. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to one of the claims 1 to 4, or carries out the steps of the method according to one of the claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710818378.6A CN109495268B (en) | 2017-09-12 | 2017-09-12 | Two-dimensional code authentication method and device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710818378.6A CN109495268B (en) | 2017-09-12 | 2017-09-12 | Two-dimensional code authentication method and device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109495268A CN109495268A (en) | 2019-03-19 |
| CN109495268B true CN109495268B (en) | 2020-12-29 |
Family
ID=65688913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710818378.6A Active CN109495268B (en) | 2017-09-12 | 2017-09-12 | Two-dimensional code authentication method and device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109495268B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086625A (en) * | 2019-03-27 | 2019-08-02 | 深圳市星火电子工程公司 | A kind of mutual authentication method and system based on ciphering two-dimension code |
| CN110336832B (en) * | 2019-07-24 | 2023-11-03 | 深圳传音控股股份有限公司 | Information encryption and decryption methods, devices and terminals |
| CN111104629B (en) * | 2019-11-26 | 2023-04-11 | 广州羊城通有限公司 | Verification method and device of dynamic two-dimensional code |
| CN111539496A (en) * | 2020-04-20 | 2020-08-14 | 山东确信信息产业股份有限公司 | Vehicle information two-dimensional code generation method, two-dimensional code license plate, authentication method and system |
| CN113676332B (en) * | 2021-08-20 | 2022-11-04 | 平安科技(深圳)有限公司 | Two-dimensional code authentication method, communication device and storage medium |
| CN114884729B (en) * | 2022-05-06 | 2023-07-14 | 安徽中电光达通信技术有限公司 | Safe operation control method of Internet of things platform |
| CN117932573A (en) * | 2022-10-17 | 2024-04-26 | 华为云计算技术有限公司 | Two-dimensional code anti-counterfeiting system, method and related equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103795546A (en) * | 2014-02-18 | 2014-05-14 | 广东数字证书认证中心有限公司 | Generating method and authentication method of data label and system of generating method and authentication method |
| CN105024824A (en) * | 2014-11-05 | 2015-11-04 | 祝国龙 | Method for generating and verifying credible label based on asymmetrical encryption algorithm and system |
| CN105187357A (en) * | 2014-06-04 | 2015-12-23 | 北京大学深圳研究生院 | Two-dimension code verification method and system |
| CN103281340B (en) * | 2013-06-26 | 2016-12-28 | 百度在线网络技术(北京)有限公司 | 2 D code verification method, system, client, issue and cloud server |
| CN106899570A (en) * | 2016-12-14 | 2017-06-27 | 阿里巴巴集团控股有限公司 | The processing method of Quick Response Code, apparatus and system |
| CN106897761A (en) * | 2017-03-06 | 2017-06-27 | 山东渔翁信息技术股份有限公司 | A kind of two-dimensional code generation method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9083531B2 (en) * | 2012-10-16 | 2015-07-14 | Symantec Corporation | Performing client authentication using certificate store on mobile device |
-
2017
- 2017-09-12 CN CN201710818378.6A patent/CN109495268B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281340B (en) * | 2013-06-26 | 2016-12-28 | 百度在线网络技术(北京)有限公司 | 2 D code verification method, system, client, issue and cloud server |
| CN103795546A (en) * | 2014-02-18 | 2014-05-14 | 广东数字证书认证中心有限公司 | Generating method and authentication method of data label and system of generating method and authentication method |
| CN105187357A (en) * | 2014-06-04 | 2015-12-23 | 北京大学深圳研究生院 | Two-dimension code verification method and system |
| CN105024824A (en) * | 2014-11-05 | 2015-11-04 | 祝国龙 | Method for generating and verifying credible label based on asymmetrical encryption algorithm and system |
| CN106899570A (en) * | 2016-12-14 | 2017-06-27 | 阿里巴巴集团控股有限公司 | The processing method of Quick Response Code, apparatus and system |
| CN106897761A (en) * | 2017-03-06 | 2017-06-27 | 山东渔翁信息技术股份有限公司 | A kind of two-dimensional code generation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109495268A (en) | 2019-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109495268B (en) | Two-dimensional code authentication method and device and computer readable storage medium | |
| US11323272B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN107743133B (en) | Mobile terminal and access control method and system based on trusted security environment | |
| CN107493273B (en) | Identity authentication method, system and computer readable storage medium | |
| US20200014538A1 (en) | Methods and systems to facilitate authentication of a user | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| WO2018145127A1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
| CN111431719A (en) | Mobile terminal password protection module, mobile terminal and password protection method | |
| CA2879910C (en) | Terminal identity verification and service authentication method, system and terminal | |
| CN109150897B (en) | End-to-end communication encryption method and device | |
| JP2018038068A (en) | Method for confirming identification information of user of communication terminal and related system | |
| WO2023083007A1 (en) | Internet of things device identity authentication method, apparatus and system, and storage medium | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN112187709A (en) | Authentication method, device and server | |
| US20220116230A1 (en) | Method for securely providing a personalized electronic identity on a terminal | |
| WO2014067925A1 (en) | Telecommunications chip card | |
| KR20090071307A (en) | Verification method, method and terminal for certificate management | |
| CN111917536A (en) | Identity authentication key generation method, identity authentication method, device and system | |
| CN114553590A (en) | Data transmission method and related equipment | |
| CN114218548B (en) | Identity verification certificate generation method, authentication method, device, equipment and medium | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device | |
| KR100848966B1 (en) | Method for authenticating and decrypting of short message based on public key | |
| CN114079921A (en) | Generation method of session key, anchor point function network element and system | |
| CN116528230A (en) | Verification code processing method, mobile terminal and trusted service system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |