CN110062383A - A kind of authentication method, terminal, certificate server, application server - Google Patents
A kind of authentication method, terminal, certificate server, application server Download PDFInfo
- Publication number
- CN110062383A CN110062383A CN201910335400.0A CN201910335400A CN110062383A CN 110062383 A CN110062383 A CN 110062383A CN 201910335400 A CN201910335400 A CN 201910335400A CN 110062383 A CN110062383 A CN 110062383A
- Authority
- CN
- China
- Prior art keywords
- user
- height
- certificate server
- terminal
- quick information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000004044 response Effects 0.000 claims description 37
- 230000005540 biological transmission Effects 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 8
- 230000000694 effects Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 8
- 235000013399 edible fruits Nutrition 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- BQCADISMDOOEFD-UHFFFAOYSA-N Silver Chemical compound [Ag] BQCADISMDOOEFD-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000010304 firing Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 229910052709 silver Inorganic materials 0.000 description 1
- 239000004332 silver Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present embodiments relate to a kind of authentication method, terminal, certificate server, application servers, belong to field of information security technology.Wherein, this method comprises: receiving the certification request for the carrying user identifier that certificate server is sent, wherein, certification request is that certificate server determines the corresponding user of user identifier to send when validated user, the quick information of height stored in SIM card is encrypted according to the Encryption Algorithm being arranged in SIM card, the encrypted quick information of height is sent to certificate server, so that certificate server verifies the encrypted quick information of height.The technical solution provided by the embodiment of the present disclosure avoids data information easily stolen the technical issues of taking of user in the prior art, and realizes the storage safety to user data information, verifies hidden technical effect.
Description
Technical field
The present embodiments relate to field of information security technology more particularly to a kind of authentication method, terminal, authentication services
Device, application server.
Background technique
With the fast development of mobile interchange, type of business is continuously increased, and penetrates into each neck of people's work, life
Domain.In contrast, network attack is made a lot of variety, and data safety faces a severe challenge so that user and service face on both side it is huge
Big trust crisis.
In the prior art, the safety of data information, Huo Zhetong are mainly ensured in such a way that user carries out password setting
The mode for crossing head portrait identification technology ensures the safety of data information.
Summary of the invention
According to an aspect of an embodiment of the present invention, the embodiment of the invention provides a kind of authentication method, terminal, certification clothes
Business device, application server.
According to the one aspect of the embodiment of the present disclosure, the embodiment of the invention provides a kind of authentication methods, are applied to terminal,
The described method includes:
Receive the certification request for the carrying user identifier that certificate server is sent, wherein the certification request is described to recognize
Card server determines the user identifier corresponding user to send when validated user;
The quick information of height stored in the SIM card is encrypted according to the Encryption Algorithm being arranged in SIM card;
The encrypted quick information of height is sent to the certificate server, so as to the certificate server to the encryption after
The quick information of height verified.
In some embodiments, after the certification request for the carrying user identifier that the reception certificate server is sent,
The method also includes:
The inquiry request to inquire PIN code is sent to the user;
Receive the PIN code of the user feedback;
By the PIN code of the user feedback and prestores PIN code and be compared;
It is consistent with the PIN code that prestores in response to the PIN code of the user feedback, it executes described according to being arranged in SIM card
The Encryption Algorithm the step of quick information of height stored in the SIM card is encrypted.
According to the other side of the embodiment of the present disclosure, the embodiment of the invention provides a kind of authentication method, applied to recognizing
Demonstrate,prove server, which comprises
The certification request that application server is sent is received, and the certification request is sent to terminal;
Receive the encrypted quick information of height that the terminal is sent;
Decipherment algorithm corresponding with the terminal is determined according to the user identifier carried in certification request, wherein described to recognize
Card request is that application server is sent;
The encrypted quick information of height is decrypted according to the decipherment algorithm, obtains high quick information;
The quick information of height prestored corresponding with the terminal is determined according to the user identifier;
The quick information of height is compared with the quick information of height prestored;
Consistent with the quick information of height prestored in response to the quick information of height, it is logical that Xiang Suoshu application server sends certification
The response message crossed.
In some embodiments, after the certification request that the reception application server is sent, the method also includes:
According to the user identifier carried in the certification request, judge whether user corresponding with the user identifier is to have
Effectiveness family;
In response to the user be validated user when, the certification request is sent to the terminal.
According to the other side of the embodiment of the present disclosure, the embodiment of the invention provides a kind of authentication method, applied to answering
With server, which comprises
Obtain the access request for the carrying user identifier that user is sent by user terminal;
The certification request for carrying the user identifier is generated according to the access request;
The certification request is sent to certificate server, so that certificate server in the certification request according to carrying
User identifier judges whether the user is validated user;
Receive the response message that the certificate server passes through according to the certification that the user is validated user feedback;
Application corresponding with the access request is opened according to the response message.
According to the other side of the embodiment of the present disclosure, the embodiment of the invention provides a kind of terminal, the terminal includes:
First receiving module, the certification request of the carrying user identifier for receiving certificate server transmission, wherein described
Certification request is that the certificate server determines the corresponding user of the user identifier to send when validated user;
Encrypting module, for being carried out according to the Encryption Algorithm being arranged in SIM card to the quick information of height stored in the SIM card
Encryption;
First sending module, for the encrypted quick information of height to be sent to the certificate server, so as to the certification
Server verifies the encrypted quick information of height.
In some embodiments, the terminal further include:
First sending module is also used to, and Xiang Suoshu user sends the inquiry request to inquire PIN code;
First receiving module is also used to, and receives the PIN code of the user feedback;
First comparison module, for by the PIN code of the user feedback and prestoring PIN code and being compared;
It is consistent with the PIN code that prestores in response to the PIN code of the user feedback, described is executed by the encrypting module
The step of quick information of height stored in the SIM card is encrypted according to the Encryption Algorithm being arranged in SIM card.
It is described to recognize the embodiment of the invention provides a kind of certificate server according to the other side of the embodiment of the present disclosure
Demonstrate,proving server includes:
The certification request that application server is sent is received, and the certification request is sent to terminal;
Second receiving module is also used to, and receives the encrypted quick information of height that the terminal is sent;
Determining module, for determining that decryption corresponding with the terminal is calculated according to the user identifier carried in certification request
Method;
Deciphering module obtains Gao Min for the encrypted quick information of height to be decrypted according to the decipherment algorithm
Information;
The determining module is also used to, and determines the Gao Minxin that prestores corresponding with the terminal according to the user identifier
Breath;
Second comparison module, for the quick information of height to be compared with the quick information of height prestored;
Second sending module is answered to described for consistent with the quick information of height prestored in response to the quick information of height
The response message that certification passes through is sent with server.
In some embodiments, the certificate server further include:
Judgment module, for judging corresponding with the user identifier according to the user identifier carried in the certification request
User whether be validated user;
Second sending module is also used to, and is validated user in response to the user, the certification request is sent to
The terminal.
It is described to answer the embodiment of the invention provides a kind of application server according to the other side of the embodiment of the present disclosure
Include: with server
Module is obtained, for obtaining the access request for the carrying user identifier that user is sent by user terminal;
Generation module, for generating the certification request for carrying the user identifier according to the access request;
Third sending module, for the certification request to be sent to certificate server, so as to the certificate server root
Judge whether the user is validated user according to the user identifier carried in the certification request;
Third receiving module is logical according to the certification that the user is validated user feedback for receiving the certificate server
The response message crossed;
Opening module, for opening application corresponding with the access request according to the response message.
The beneficial effect of the embodiment of the present invention is, due to using the carrying user identifier for receiving certificate server and sending
Certification request, wherein certification request be certificate server determine the corresponding user of user identifier be validated user when send,
The quick information of height stored in SIM card is encrypted according to the Encryption Algorithm being arranged in SIM card, the quick information of encrypted height is sent out
It send to certificate server, so as to the technical solution that certificate server verifies the encrypted quick information of height, avoids existing
The data information of user easily stolen the technical issues of taking in technology, realizes the storage safety to user data information, verifying
Hidden technical effect.
Detailed description of the invention
Fig. 1 is a kind of signaling diagram of the authentication method provided according to the embodiment of the present disclosure;
Fig. 2 is the module diagram according to a kind of terminal of the embodiment of the present disclosure;
Fig. 3 is the module diagram according to a kind of certificate server of the embodiment of the present disclosure;
Fig. 4 is the module diagram according to a kind of application server of the embodiment of the present disclosure;
Appended drawing reference:
11, the first receiving module, 12, encrypting module, the 13, first sending module, the 14, first comparison module, 21, second connects
Receipts module, 22, determining module, 23, deciphering module, the 24, second comparison module, the 25, second sending module, 26, judgment module,
31, module, 32, generation module, 33, third sending module, 34, third receiving module, 35, opening module are obtained.
Specific embodiment
In being described below, for illustration and not for limitation, propose such as specific system structure, interface, technology it
The detail of class, to understand thoroughly the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system and method
Detailed description, in order to avoid unnecessary details interfere description of the invention.
The embodiment of the invention provides a kind of authentication method, terminal, certificate server, application servers.
Referring to Fig. 1, Fig. 1 is a kind of signaling diagram of the authentication method provided according to the embodiment of the present disclosure.
As shown in Figure 1, this method comprises:
S1: user sends the access request for carrying user identifier by user terminal to application server.
In this step, it when user needs to access to certain application, needs first to apply corresponding application server to this
Access request is sent, and carries the user identifier of the user in the access request.
Wherein, user identifier is the information to distinguish to different users.Such as user name or user's pet name,
Or ID card No. of user etc..Using the APP for installation on the subscriber terminal.User terminal is that can be mobile device example
Such as mobile phone, laptop tablet computer, personal digital assistant, are also possible to fixed equipment, such as desktop computer etc..
Specifically: user needs to access 163 mailboxes (as applying) on user terminal, then clicks on user terminal
163 mailboxes, and user name is inputted at the logentry of 163 mailboxes, to send access request to application server.In the implementation
In example, user name is user identifier.
S2: the certification request for carrying user identifier is generated according to access request.
S3: certification request is sent to certificate server.
In the prior art, it when needing to access 163 mailbox, needs to input username and password.By application server base
The password prestored corresponding with user name is determined in user name.The password of user's input and the password prestored are compared, such as
Both fruits are consistent, then user can access to 163 mailboxes.
And in the present embodiment, user can only input user name, certainly, can also input username and password.But regardless of
It is that user only inputs user name or user not only inputs user name, but also input password.In the present embodiment, it is required to by authenticating
Server is authenticated.To avoid user username and password it is stolen caused by the drawbacks such as user information is stolen.
That is, in the present embodiment, if user only inputs user name, authenticated by certificate server, with
Determine whether user can be carried out access.If user not only inputs user name, but also input password, then first taken by the application of 163 mailboxes
Business device authenticates the username and password that user inputs for the first time, is authenticated when certification passes through, then by certificate server.
S4: certificate server extracts the user identifier in the certification request that application server is sent.
S5: certificate server judges whether user is validated user according to user identifier.
Wherein, validated user refers to the user being stored in advance in certificate server.That is, validated user is
The user of 163 mailboxes registration is carried out.
Such as, certificate server matches user name (i.e. user identifier) with pre-stored mass users name, if
Include using the name in an account book in mass users name, then illustrates the user for validated user.If in mass users name not including the user
Name then illustrates that the user is inactive users.
If user is validated user, execute S6: certification request is sent to terminal by certificate server.
For terminal in the certification request for receiving certificate server, execute S7: terminal is to user's transmission to inquire PIN code
Inquiry request.
Such as, terminal displays the prompt box on its display, so that user inputs PIN code in prompting frame.
S8: user feeds back PIN code to terminal.
Such as, user inputs PIN code in prompting frame.
S9: terminal is by the PIN code of user feedback and prestores PIN code and is compared, if the two is consistent, executes S10.Such as
Both fruits are inconsistent, then process terminates.
Wherein, user can preset PIN code.If such as user, the PIN code Ying Huiyu inputted prestores PIN code
Unanimously.Only under the two unanimous circumstances, subsequent process is just executed, otherwise process terminates.To ensure the peace of user information
Entirely.
In some embodiments, the number for the PIN code that settable user can input.If user can input 3 PIN codes, such as
The PIN code of fruit 3 times inputs is inconsistent with default PIN code, then process terminates.If the PIN code and default PIN of the 2nd input
Code is consistent, then executes S10.
S10: terminal encrypts the quick information of height stored in SIM card according to the Encryption Algorithm being arranged in SIM card.
Wherein, high quick information refers to that user wants the information of secrecy, the i.e. private information of user.Such as ID card No., silver
Row clip pin etc..
It should be noted that due to the diversity and otherness of user demand, letter of the different users for desired secrecy
Breath may be different.Therefore, for different users, high quick information is not identical.User can be arranged corresponding based on the demand of itself
Information be high quick information, and requesting terminal stores high quick information to SIM card.
And the Encryption Algorithm encrypted to high quick information is additionally provided in SIM card.Wherein, Encryption Algorithm can be used existing
There is the Encryption Algorithm in technology to carry out.It no longer limits herein.
In some embodiments, it using high quick information as root, is counted so that Encryption Algorithm carries out encryption as root using high quick information
It calculates.
S11: encrypted high-density information is sent to certificate server by terminal.
Certificate server receive terminal transmission encrypted high-density information when, execute S12: certificate server according to
The user identifier carried in certification request determines decipherment algorithm corresponding with terminal.
In the present embodiment, it can be realized in such a way that mapping table is set.Such as: memory map assignments in certificate server are reflected
The corresponding relationship of user identifier and terminal is had recorded in firing table, the corresponding relationship and user of user identifier and decipherment algorithm are marked
The corresponding relationship of the quick information of height known and prestored.
S13: certificate server is decrypted the encrypted quick information of height according to decipherment algorithm, obtains high quick information.
S14: high quick information is compared by certificate server with the quick information of height prestored.If high quick information with prestore
High quick information is consistent, then executes S15.If the two is inconsistent, process terminates.
S15: certificate server sends the response message that certification passes through to application server.
If application server receives the response message that certification passes through, show that user is corresponding on the subscriber terminal
The related content (such as inbox, outbox etc.) of (specially user name is corresponding) 163 mailbox.
Disclosure implementation provides a kind of authentication method, is applied to terminal.This method comprises:
S100: terminal receives the certification request for the carrying user identifier that certificate server is sent, wherein certification request is to recognize
Card server determines user identifier corresponding user to send when validated user;
S101: terminal encrypts the quick information of height stored in SIM card according to the Encryption Algorithm being arranged in SIM card;
S102: the encrypted quick information of height is sent to certificate server by terminal, so that certificate server is to encrypted
High quick information is verified.
In some embodiments, after S100, this method further include:
S103: inquiry request of the terminal to user's transmission to inquire PIN code;
S104: the PIN code of terminal reception user feedback;
S105: terminal is by the PIN code of user feedback and prestores PIN code and is compared;
Consistent with PIN code is prestored in response to the PIN code of user feedback, terminal executes S101.
Other side according to an embodiment of the present invention, the embodiment of the invention provides a kind of authentication method, applied to recognizing
Demonstrate,prove server.This method comprises:
S200: certificate server receives the certification request that application server is sent, and certification request is sent to terminal;
S201: certificate server receives the encrypted quick information of height that terminal is sent;
S202: certificate server determines decipherment algorithm corresponding with terminal according to the user identifier carried in certification request;
S203: certificate server is decrypted the encrypted quick information of height according to decipherment algorithm, obtains high quick information;
S204: certificate server determines the quick information of height prestored corresponding with terminal according to user identifier;
S205: high quick information is compared by certificate server with the quick information of height prestored;
S206: authentication server response Yu Gaomin information is consistent with the quick information of height prestored, recognizes to application server transmission
Demonstrate,prove the response message passed through.
In some embodiments, after the certification request that certificate server receives that application server is sent, this method is also
Include:
S207: certificate server judges user corresponding with user identifier according to the user identifier carried in certification request
It whether is validated user;
It is validated user in response to user, executes S208: certification request is sent to terminal.
Other side according to an embodiment of the present invention, the embodiment of the invention provides a kind of authentication method, applied to answering
Use server.
S300: application server obtains the access request for the carrying user identifier that user is sent by user terminal;
S301: application server generates the certification request for carrying user identifier according to access request;
S302: certification request is sent to certificate server by application server, so that certificate server is according to certification request
The user identifier of middle carrying judges whether the user is validated user;
S303: application server receives certificate server to be believed according to the response that the certification that user is validated user feedback passes through
Breath;
S304: information opens application corresponding with access request to application server according to response.
Other side according to an embodiment of the present invention, the embodiment of the invention provides a kind of terminals.
Referring to Fig. 2, Fig. 2 is the module diagram according to a kind of terminal of the embodiment of the present disclosure.
As shown in Fig. 2, the terminal includes:
First receiving module 11, the certification request of the carrying user identifier for receiving certificate server transmission, wherein recognize
Card request is that certificate server determines the corresponding user of user identifier to send when validated user;
Encrypting module 12, for being added according to the Encryption Algorithm being arranged in SIM card to the quick information of height stored in SIM card
It is close;
First sending module 13, for the encrypted quick information of height to be sent to certificate server, so as to certificate server
The encrypted quick information of height is verified.
In conjunction with Fig. 2 it is found that in some embodiments, the terminal further include:
First sending module 13 is also used to, the inquiry request to user's transmission to inquire PIN code;
First receiving module 11 is also used to, and receives the PIN code of user feedback;
First comparison module 14, for by the PIN code of user feedback and prestoring PIN code and being compared;
It is consistent with PIN code is prestored in response to the PIN code of user feedback, it is executed by encrypting module 12 according to being arranged in SIM card
The Encryption Algorithm the step of quick information of height stored in SIM card is encrypted.
Other side according to an embodiment of the present invention, the embodiment of the invention provides a kind of certificate servers.
Referring to Fig. 3, Fig. 3 is the module diagram according to a kind of certificate server of the embodiment of the present disclosure.
As shown in figure 3, the certificate server includes:
Second receiving module 21 receives the certification request that application server is sent, and certification request is sent to terminal;
Second receiving module 21 is also used to, and receives the encrypted quick information of height that terminal is sent;
Determining module 22, for determining decipherment algorithm corresponding with terminal according to the user identifier carried in certification request;
Deciphering module 23 obtains high quick information for the encrypted quick information of height to be decrypted according to decipherment algorithm;
Determining module 22 is also used to, and determines the quick information of height prestored corresponding with terminal according to user identifier;
Second comparison module 24, for high quick information to be compared with the quick information of height prestored;
Second sending module 25, for consistent with the quick information of height prestored in response to high quick information, to application server hair
Send the response message that certification passes through.
In conjunction with Fig. 3 it is found that in some embodiments, the certificate server further include:
Judgment module 26, for judging that user corresponding with user identifier is according to the user identifier carried in certification request
No is validated user;
Second sending module 25 is also used to, in response to user be validated user when, certification request is sent to terminal.
Other side according to an embodiment of the present invention, the embodiment of the invention provides a kind of application servers.
Referring to Fig. 4, Fig. 4 is the module diagram according to a kind of application server of the embodiment of the present disclosure.
As shown in figure 4, the application server includes:
Module 31 is obtained, for obtaining the access request for the carrying user identifier that user is sent by user terminal;
Generation module 32, for generating the certification request for carrying user identifier according to access request;
Third sending module 33, for certification request to be sent to certificate server, so that certificate server is according to certification
The user identifier carried in request judges whether user is validated user;
Third receiving module 34, the sound passed through for receiving certificate server according to the certification that user is validated user feedback
Answer information;
Opening module 35, information opens application corresponding with access request according to response.
Reader should be understood that in the description of this specification reference term " one embodiment ", " is shown " some embodiments "
The description of example ", " specific example " or " some examples " etc. means specific features described in conjunction with this embodiment or example, structure
Or feature is included at least one embodiment or example of the invention.In the present specification, to the schematic of above-mentioned term
Statement need not be directed to identical embodiment or example.Moreover, specific features, structure or the feature of description can be any
It can be combined in any suitable manner in a or multiple embodiment or examples.In addition, without conflicting with each other, the technology of this field
The feature of different embodiments or examples described in this specification and different embodiments or examples can be combined by personnel
And combination.
It is apparent to those skilled in the art that for convenience of description and succinctly, the dress of foregoing description
The specific work process with unit is set, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of unit, only
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.
Unit may or may not be physically separated as illustrated by the separation member, shown as a unit
Component may or may not be physical unit, it can and it is in one place, or may be distributed over multiple networks
On unit.It can select some or all of unit therein according to the actual needs to realize the mesh of the embodiment of the present invention
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, is also possible to two or more units and is integrated in one unit.It is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.
It, can if integrated unit is realized in the form of SFU software functional unit and when sold or used as an independent product
To be stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention substantially or
Say that all or part of the part that contributes to existing technology or the technical solution can embody in the form of software products
Out, which is stored in a storage medium, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes all or part of each embodiment method of the present invention
Step.And storage medium above-mentioned include: USB flash disk, it is mobile hard disk, read-only memory (ROM, Read-Only Memory), random
Access various Jie that can store program code such as memory (RAM, Random Access Memory), magnetic or disk
Matter.
It should also be understood that magnitude of the sequence numbers of the above procedures are not meant to execute sequence in various embodiments of the present invention
It is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention
Journey constitutes any restriction.
More than, only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, and it is any to be familiar with
Those skilled in the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or substitutions,
These modifications or substitutions should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be wanted with right
Subject to the protection scope asked.
Claims (10)
1. a kind of authentication method is applied to terminal, which is characterized in that the described method includes:
Receive the certification request for the carrying user identifier that certificate server is sent, wherein the certification request is the certification clothes
Business device determines the user identifier corresponding user to send when validated user;
The quick information of height stored in the SIM card is encrypted according to the Encryption Algorithm being arranged in SIM card;
The encrypted quick information of height is sent to the certificate server, so that the certificate server is to the encrypted height
Quick information is verified.
2. according to method described in right 1, which is characterized in that in the carrying user identifier that the reception certificate server is sent
After certification request, the method also includes:
The inquiry request to inquire PIN code is sent to the user;
Receive the PIN code of the user feedback;
By the PIN code of the user feedback and prestores PIN code and be compared;
Prestore that PIN code is consistent with described in response to the PIN code of the user feedback, execute it is described according to being arranged in SIM card plus
The step of close algorithm encrypts the height quick information stored in the SIM card.
3. a kind of authentication method is applied to certificate server, which is characterized in that the described method includes:
The certification request that application server is sent is received, and the certification request is sent to terminal;
Receive the encrypted quick information of height that the terminal is sent;
Decipherment algorithm corresponding with the terminal is determined according to the user identifier carried in the certification request;
The encrypted quick information of height is decrypted according to the decipherment algorithm, obtains high quick information;
The quick information of height prestored corresponding with the terminal is determined according to the user identifier;
The quick information of height is compared with the quick information of height prestored;
Consistent with the quick information of height prestored in response to the quick information of height, Xiang Suoshu application server sends what certification passed through
Response message.
4. according to the method described in claim 3, it is characterized in that, it is described reception application server send certification request it
Afterwards, the method also includes:
According to the user identifier carried in the certification request, judge whether user corresponding with the user identifier is effective
Family;
It is validated user in response to the user, the certification request is sent to the terminal.
5. a kind of authentication method is applied to application server, which is characterized in that the described method includes:
Obtain the access request for the carrying user identifier that user is sent by user terminal;
The certification request for carrying the user identifier is generated according to the access request;
The certification request is sent to certificate server, so that the certificate server in the certification request according to carrying
User identifier judges whether the user is validated user;
Receive the response message that the certificate server passes through according to the certification that the user is validated user feedback;
Application corresponding with the access request is opened according to the response message.
6. a kind of terminal, which is characterized in that the terminal includes:
First receiving module, the certification request of the carrying user identifier for receiving certificate server transmission, wherein the certification
Request is that the certificate server determines the corresponding user of the user identifier to send when validated user;
Encrypting module, for being added according to the Encryption Algorithm being arranged in SIM card to the quick information of height stored in the SIM card
It is close;
First sending module, for the encrypted quick information of height to be sent to the certificate server, so as to the authentication service
Device verifies the encrypted quick information of height.
7. terminal according to claim 6, which is characterized in that the terminal further include:
First sending module is also used to, and Xiang Suoshu user sends the inquiry request to inquire PIN code;
First receiving module is also used to, and receives the PIN code of the user feedback;
First comparison module, for by the PIN code of the user feedback and prestoring PIN code and being compared;
It is consistent with the PIN code that prestores in response to the PIN code of the user feedback, the basis is executed by the encrypting module
The step of Encryption Algorithm being arranged in SIM card encrypts the height quick information stored in the SIM card.
8. a kind of certificate server, which is characterized in that the certificate server includes:
Second receiving module receives the certification request that application server is sent, and the certification request is sent to terminal;
Second receiving module is also used to, and receives the encrypted quick information of height that the terminal is sent;
Determining module, for determining decipherment algorithm corresponding with the terminal according to the user identifier carried in certification request;
Deciphering module obtains high quick information for the encrypted quick information of height to be decrypted according to the decipherment algorithm;
The determining module is also used to, and determines the quick information of height prestored corresponding with the terminal according to the user identifier;
Second comparison module, for the quick information of height to be compared with the quick information of height prestored;
Second sending module, for consistent with the quick information of height prestored in response to the quick information of height, to application clothes
Business device sends the response message that certification passes through.
9. certificate server according to claim 8, which is characterized in that the certificate server further include:
Judgment module, for judging user corresponding with the user identifier according to the user identifier carried in the certification request
It whether is validated user;
Second sending module is also used to, and is validated user in response to the user, the certification request is sent to described
Terminal.
10. a kind of application server, which is characterized in that the application server includes:
Module is obtained, for obtaining the access request for the carrying user identifier that user is sent by user terminal;
Generation module, for generating the certification request for carrying the user identifier according to the access request;
Third sending module, for the certification request to be sent to certificate server, so that the certificate server is according to institute
It states the user identifier carried in certification request and judges whether the user is validated user;
Third receiving module passes through for receiving the certificate server according to the certification that the user is validated user feedback
Response message;
Opening module, for opening application corresponding with the access request according to the response message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910335400.0A CN110062383A (en) | 2019-04-24 | 2019-04-24 | A kind of authentication method, terminal, certificate server, application server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910335400.0A CN110062383A (en) | 2019-04-24 | 2019-04-24 | A kind of authentication method, terminal, certificate server, application server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110062383A true CN110062383A (en) | 2019-07-26 |
Family
ID=67320595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910335400.0A Pending CN110062383A (en) | 2019-04-24 | 2019-04-24 | A kind of authentication method, terminal, certificate server, application server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110062383A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768836A (en) * | 2019-10-28 | 2020-02-07 | 中国联合网络通信集团有限公司 | Network slice management method and device |
WO2021129012A1 (en) * | 2019-12-25 | 2021-07-01 | 中兴通讯股份有限公司 | Privacy information transmission method, apparatus, computer device and computer-readable medium |
CN114666786A (en) * | 2020-12-04 | 2022-06-24 | 中国联合网络通信集团有限公司 | Identity authentication method and system based on telecommunication smart card |
CN115002761A (en) * | 2021-04-27 | 2022-09-02 | 中移互联网有限公司 | Data processing method and device and electronic equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1547142A (en) * | 2003-12-12 | 2004-11-17 | ���пƼ���ѧ | A dynamic identity certification method and system |
CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
CN105847245A (en) * | 2016-03-21 | 2016-08-10 | 杭州朗和科技有限公司 | Electronic mail box login authentication method and device |
CN106034123A (en) * | 2015-03-17 | 2016-10-19 | 中国移动通信集团湖北有限公司 | Authentication method, application system server and client |
CN106973041A (en) * | 2017-03-02 | 2017-07-21 | 飞天诚信科技股份有限公司 | A kind of method, system and certificate server for issuing authentication authority |
WO2017177435A1 (en) * | 2016-04-15 | 2017-10-19 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
CN108234385A (en) * | 2016-12-12 | 2018-06-29 | 中国移动通信集团公司 | A kind of method for authenticating user identity and device |
-
2019
- 2019-04-24 CN CN201910335400.0A patent/CN110062383A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1547142A (en) * | 2003-12-12 | 2004-11-17 | ���пƼ���ѧ | A dynamic identity certification method and system |
CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
CN106034123A (en) * | 2015-03-17 | 2016-10-19 | 中国移动通信集团湖北有限公司 | Authentication method, application system server and client |
CN105847245A (en) * | 2016-03-21 | 2016-08-10 | 杭州朗和科技有限公司 | Electronic mail box login authentication method and device |
WO2017177435A1 (en) * | 2016-04-15 | 2017-10-19 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
CN108234385A (en) * | 2016-12-12 | 2018-06-29 | 中国移动通信集团公司 | A kind of method for authenticating user identity and device |
CN106973041A (en) * | 2017-03-02 | 2017-07-21 | 飞天诚信科技股份有限公司 | A kind of method, system and certificate server for issuing authentication authority |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768836A (en) * | 2019-10-28 | 2020-02-07 | 中国联合网络通信集团有限公司 | Network slice management method and device |
CN110768836B (en) * | 2019-10-28 | 2022-02-08 | 中国联合网络通信集团有限公司 | Network slice management method and device |
WO2021129012A1 (en) * | 2019-12-25 | 2021-07-01 | 中兴通讯股份有限公司 | Privacy information transmission method, apparatus, computer device and computer-readable medium |
CN114666786A (en) * | 2020-12-04 | 2022-06-24 | 中国联合网络通信集团有限公司 | Identity authentication method and system based on telecommunication smart card |
CN115002761A (en) * | 2021-04-27 | 2022-09-02 | 中移互联网有限公司 | Data processing method and device and electronic equipment |
CN115002761B (en) * | 2021-04-27 | 2023-09-05 | 中移互联网有限公司 | Data processing method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7268167B2 (en) | Systems and methods for second factor authentication of customer support calls | |
CN107733852B (en) | A kind of auth method and device, electronic equipment | |
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
US8423768B2 (en) | Method for controlling the location information for authentication of a mobile station | |
CN110062383A (en) | A kind of authentication method, terminal, certificate server, application server | |
US8769612B2 (en) | Portable device association | |
EP2316097B1 (en) | Protocol for device to station association | |
US8302175B2 (en) | Method and system for electronic reauthentication of a communication party | |
US20160182500A1 (en) | Systems and methods for anonymous authentication using multiple devices | |
CN108684041A (en) | The system and method for login authentication | |
US11245526B2 (en) | Full-duplex password-less authentication | |
CN105101183B (en) | The method and system that privacy content on mobile terminal is protected | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
US11438316B2 (en) | Sharing encrypted items with participants verification | |
JP2009140231A (en) | Communication system and communication terminal apparatus | |
AU2012310295A1 (en) | Method of controlling access to an internet-based application | |
US20220116385A1 (en) | Full-Duplex Password-less Authentication | |
CN112448958B (en) | Domain policy issuing method and device, electronic equipment and storage medium | |
CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
US20200014543A1 (en) | Identity authentication | |
CN109492359B (en) | Secure network middleware for identity authentication and implementation method and device thereof | |
Murdoch | Insecure by design: Protocols for encrypted phone calls | |
CN110784395B (en) | Mail safety login method and system based on FIDO authentication | |
US20230169160A1 (en) | Method and system for user authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190726 |
|
RJ01 | Rejection of invention patent application after publication |