CN111541692B - Identity verification method, system, device and equipment - Google Patents

Identity verification method, system, device and equipment Download PDF

Info

Publication number
CN111541692B
CN111541692B CN202010321693.XA CN202010321693A CN111541692B CN 111541692 B CN111541692 B CN 111541692B CN 202010321693 A CN202010321693 A CN 202010321693A CN 111541692 B CN111541692 B CN 111541692B
Authority
CN
China
Prior art keywords
client
equipment
information
server
environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010321693.XA
Other languages
Chinese (zh)
Other versions
CN111541692A (en
Inventor
赵文龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202111155034.4A priority Critical patent/CN113923001B/en
Priority to CN202010321693.XA priority patent/CN111541692B/en
Publication of CN111541692A publication Critical patent/CN111541692A/en
Application granted granted Critical
Publication of CN111541692B publication Critical patent/CN111541692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Collating Specific Patterns (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An identity authentication method, system, device and equipment are disclosed. When the user needs to be authenticated, the server sends an authentication instruction to the client, instructs the client to collect other equipment information in the surrounding environment and sends the information to the server, so that the server can match the equipment information of the client based on the pre-stored safety environment equipment information and the other equipment information, and if the matching is passed, the authentication is passed.

Description

Identity verification method, system, device and equipment
Technical Field
The embodiments of the present disclosure relate to the field of information technologies, and in particular, to a method, a system, a device, and an apparatus for identity authentication.
Background
The problem of authentication has long been in the field of internet security. In many cases, the account name and password are insufficient as conditions for authentication, and other conditions need to be used as supplements. For example, using a user's fingerprint or facial features for authentication. However, in some situations, the authentication is cumbersome because the biometric features of the user may be occluded, such as the user wearing a mask or gloves.
Based on this, a more convenient authentication scheme is needed.
Disclosure of Invention
It is an object of embodiments of the present application to provide a convenient authentication scheme.
In order to solve the above technical problem, the embodiment of the present application is implemented as follows:
in a first aspect, an embodiment of the present specification provides an identity authentication method, where secure environment device information of a client is stored in a server in advance, and the method includes:
the server side sends an identity verification instruction to the client side to be verified;
the client to be verified acquires information of other equipment in the current environment according to the identity verification instruction, and sends the acquired information of the other equipment to the server;
and the server judges whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, the server confirms that the authentication of the client is passed.
In a second aspect, an embodiment of the present specification further provides an identity authentication method, which is applied to a server, where secure environment device information of a client is stored in advance in the server, and the method includes:
sending an identity verification instruction to a client to be verified, so that the client to be verified can acquire information of other equipment in the current environment according to the identity verification instruction and send the acquired information of the other equipment to a server;
receiving other equipment information sent by the client;
and judging whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, confirming that the identity authentication of the client passes.
In a third aspect, an embodiment of the present specification further provides an identity authentication method, which is applied to a client, where secure environment device information of the client is stored in advance at a server, and the method includes:
receiving an identity verification instruction sent by a server;
acquiring other equipment information in the surrounding environment according to the identity verification instruction;
and sending the information of the other equipment to a server so that the server can judge whether the received information of the other equipment is matched with the pre-stored information of the equipment in the safe environment of the client, and carrying out identity authentication.
In a fourth aspect, an embodiment of the present specification further provides an identity authentication method, which is applied to a server, where secure environment device information of a client is stored in advance in the server, and the method includes:
sending an identity verification instruction to a client to be verified, wherein the identity verification instruction comprises designated equipment information and designated state information so as to indicate the client side to be verified to adjust the designated equipment to the designated state; wherein the designated device is a device in the secure environment of the client;
obtaining an actual state of the designated device;
and judging whether the actual state is matched with the specified state, and if so, confirming that the identity authentication of the client passes.
Corresponding to the first aspect, an embodiment of the present specification provides an identity authentication system, including a server and a client, where secure environment device information of the client is stored in advance at the server, and in the system:
the server side sends an identity verification instruction to the client side to be verified;
the client to be verified acquires information of other equipment in the current environment according to the identity verification instruction, and sends the acquired information of the other equipment to the server;
and the server judges whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, the server confirms that the authentication of the client is passed.
Corresponding to the second aspect, an embodiment of the present specification provides an identity authentication apparatus, which is applied to a server, and stores secure environment device information of a client in advance at the server, where the apparatus includes:
the sending module is used for sending an identity verification instruction to the client to be verified so that the client to be verified can obtain information of other equipment in the current environment according to the identity verification instruction and send the obtained information of the other equipment to the server;
the receiving module is used for receiving the information of other equipment sent by the client;
and the verification module is used for judging whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client or not, and if so, confirming that the identity verification of the client is passed.
An embodiment of the present specification further provides an identity authentication apparatus, which is applied to a client, and stores secure environment device information of the client in advance in a server, where the apparatus includes:
the receiving module is used for receiving an identity verification instruction sent by the server;
the acquisition module acquires information of other equipment in the surrounding environment according to the identity verification instruction;
and the sending module is used for sending the information of the other equipment to the server so that the server can judge whether the received information of the other equipment is matched with the pre-stored information of the equipment in the safe environment of the client or not and carry out identity authentication.
The embodiment of the present specification further provides an identity authentication apparatus, which is applied to a server, and stores security environment device information of a client in advance in the server, where the apparatus includes:
the system comprises a sending module, a receiving module and a verification module, wherein the sending module sends an identity verification instruction to a client to be verified, and the identity verification instruction comprises appointed equipment information and appointed state information so as to indicate the client side to be verified to adjust the appointed equipment to the appointed state; wherein the designated device is a device in the secure environment of the client;
the acquisition module is used for acquiring the actual state of the specified equipment;
and the verification module is used for judging whether the actual state is matched with the specified state or not, and if so, confirming that the identity verification of the client passes.
According to the scheme provided by the embodiment of the specification, when the user needs to be authenticated, the server side sends the authentication instruction to the client side to indicate the client side to collect other equipment information in the surrounding environment and send the information to the server side, so that the server side can match the equipment information based on the pre-stored safety environment of the client side and the other equipment information, if the matching is passed, the authentication is passed, and in the process, the authentication can be conveniently completed without collecting the biological characteristics of the user.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the invention.
In addition, any one of the embodiments in the present specification is not required to achieve all of the effects described above.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present specification, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a schematic flowchart of an authentication method provided in an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of another authentication method provided in the embodiments of the present disclosure;
fig. 3 is a schematic flowchart of another authentication method provided in an embodiment of the present disclosure;
fig. 4 is a schematic flow chart of an identity verification method according to a fourth aspect provided in an embodiment of the present specification;
FIG. 5 is a block diagram of a system according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an authentication device according to a second aspect provided in an embodiment of the present specification;
fig. 7 is a schematic structural diagram of an authentication apparatus according to a third aspect provided in an embodiment of the present specification;
fig. 8 is a schematic structural diagram of an authentication apparatus according to a fourth aspect provided in an embodiment of the present specification;
fig. 9 is a schematic structural diagram of an apparatus for configuring a method according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
Authentication based on a user's biometric feature is a common way today. For example, authentication may be performed using a device fingerprint (e.g., International Mobile Equipment Identity (IMEI)) or a user fingerprint, biometric. On one hand, the schemes relate to privacy data of the user, which may cause privacy disclosure, and on the other hand, in some scenes, the biological features of the user may be blocked and cannot be collected successfully.
With the continuous upgrade and confrontation of the black products and the continuous enhancement of laws and regulations aiming at protecting the privacy of users, key privacy data of many users are broken through by the black products and are limited to be collected, and the users pay more and more attention to the privacy protection of the users, particularly the protection of biological characteristics. Based on this, the embodiments of the present disclosure provide an authentication scheme that does not involve the biometric features of the user, thereby fundamentally avoiding the use of the biometric features of the user and facilitating authentication.
As shown in fig. 1, fig. 1 is a schematic flowchart of an authentication method provided in an embodiment of the present specification, where the method includes:
s101, the server side sends an identity verification instruction to the client side to be verified.
Specifically, when an account is in a suspicious situation (for example, when a client attempts to log in at a strange geographic location, change a password, transfer a large amount of money to a stranger and the like), the server sends an authentication instruction to the client to be authenticated to verify whether the account logged in to the client is a legal account or not. Of course, the authentication command may be sent to the client terminal in case of normal payment.
Before the server side sends the authentication instruction, the user has pre-stored some safety environment equipment information in the server side. The secure environment device information refers to other device information that the user has registered in the server in advance.
A secure environment device is a plurality of devices that are closely related to the user's living environment. Such as air conditioners, televisions, refrigerators, etc., associated with the user's home environment, or personal computers and routers, etc., associated with the user's office environment. It is clear that anyone else who has stolen the account or the device where the client is located has difficulty knowing the device information of these secure environment devices and is unlikely to be able to be in the same environment as the secure environment devices. Thus, this secure environment device information may be used for authentication.
Secure environment device information may include device characteristics such as the device's class, device model, date of manufacture, or device serial number. The safety environment equipment information uniquely characterizes the living environment of the user, and can be used for uniquely characterizing the user, namely can be regarded as an environment fingerprint.
And S103, the client to be verified acquires information of other equipment in the current environment according to the identity verification instruction, and sends the acquired information of the other equipment to the server.
When the client to be verified receives the identity verification instruction, the client to be verified starts to acquire information of other devices in the surrounding environment according to the instruction of the instruction. In particular, other device information in the surrounding environment may be scanned. In practice, these other devices may have previously been subscription bound with the device on which the client is located.
That is, these other devices (which may also be smart devices, e.g., smart home devices, including sweeping robots, smart refrigerators, smart air conditioners, etc.) allow the device where the client is located to scan itself and provide its device information to the device where the client is located.
The number of other devices obtained by scanning may be one or more. The device information for each other device may include a number of static characteristics of the device, such as: the type of device, the model number of the device, the date of manufacture, the serial number of the device, etc., and it is not necessary to include private data for each device in these static features.
It is obvious that here the client is located in a device that is different from the other devices, i.e. not the same device. For example, the device where the client is located may be a user's mobile phone, tablet, etc., while the other devices may be the user's refrigerator, air conditioner, etc.
In conventional authentication, if the device of the user is stolen, the thief may use the user device to directly obtain related information for authentication, for example, directly obtain device information (for example, the aforementioned IMEI identifier) where the client is located, or use the device where the client is located to receive authentication information required for authentication sent by the server (for example, after the mobile phone of the user is stolen, the authentication code is still often sent to the mobile phone where the client is located), and use other device information for authentication, which may avoid the foregoing situation.
And S105, the server judges whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, the server confirms that the authentication of the client is passed.
Since the secure environment device information of one client is already stored in the server, the server can obtain the secure environment device information of the device and compare the secure environment device information with other device information sent by the client.
Specifically, the way of verifying whether the other device information matches the preset device information may be to compare whether the scanned other device information is the same as the secure environment device information of the client, if so, the other device information is considered to be matched, otherwise, the other device information is considered to be not matched; or comparing the similarity of the other equipment information and the safety environment equipment information, and when the similarity exceeds a threshold value, considering that the two are matched.
For example, one method for calculating the similarity may be to perform feature query on each feature in the scanned other device information from the secure environment device information, and calculate a ratio of the number of the features that can be queried to the total number of features in the other device information as the similarity. Of course, in practical applications, there are other ways to calculate the similarity.
According to the scheme provided by the embodiment of the specification, when the user needs to be authenticated, the server side sends the authentication instruction to the client side to indicate the client side to collect other equipment information in the surrounding environment and send the information to the server side, so that the server side can match the equipment information based on the pre-stored safety environment of the client side and the other equipment information, if the matching is passed, the authentication is passed, and in the process, the authentication can be conveniently completed without collecting the biological characteristics of the user.
In one embodiment, a data structure for storing the secure environment device information may be predefined based on actual needs, and a preset data record including the secure environment device information may be obtained. Based on actual needs, the data structure may be in the form of an array, a linked list, or a matrix, for example, and only the data records stored in the data structure may be used for calculating the similarity between each other.
Furthermore, when receiving other device information sent by the client, the server may generate a data record including the other device information according to a preset data structure, and perform similarity calculation with the preset data record, and based on the form of the data structure, may include calculation manners such as Bhattacharyya Distance Measure (BDM), KS-test, Hellinger distance, KL-subvangence, and the like.
For example, when the preset data structure is a feature matrix, the server may encode features included in other device information uploaded by the internet of things device to obtain the feature matrix, and in the feature matrix, each row (or each column) corresponds to device information of one device. The preset verification matrix is obtained by using the same encoding method based on the multiple features of the secure environment devices, the form of the verification matrix is shown in table 1, table 1 is a schematic diagram of a form of the verification matrix provided in the embodiments of the present specification, in the matrix, each row represents a multi-dimensional feature of one secure environment device, that is, there are n secure environment devices in total, and each secure environment device has m features.
TABLE 1 Pre-stored characterization matrix of Security Environment device information
A1,1 A1,2 A1,3 A1,m
A2,1 A2,2 A2,3 A2,m
An,1 An,2 An,3 An,m
In this embodiment, since the preset security environment device information may be feature information of a plurality of devices, the number of other devices scanned may be less than the number of preset security environment devices. For example, the feature matrix registered in advance contains features of 5 devices, but only a part of the devices (for example, 3 devices) are acquired during scanning, and then the similarity may be calculated according to the part of the devices and the sub-matrix in the feature matrix (i.e., the sub-matrix corresponding to the part of the devices), so that the calculation result is more accurate.
In one embodiment, dynamic device authentication may be performed in addition to the authentication of other static device information. Specifically, the authentication instruction further includes designated state information of the designated device, and the client needs to additionally acquire an actual state of the designated device when scanning to obtain information of other devices. Wherein, the specified device should be a secure environment device of the client, and if the scanned other devices do not include the specified device, the authentication should be considered as failed. The designated device may be one or more secure environment devices and the designated state may be one or more states.
For example, the specified state is used to require the one or more specified devices to reach a specified operational state. For example, the operation state of the refrigerator is adjusted to 20 degrees celsius, or the blowing mode of the air conditioner is adjusted to "medium wind", or the sweeping robot and the air conditioner are waken up from sleep, etc.
Since these other devices have previously signed up with the client (i.e., the client may operate these other devices directly, or indirectly through the cloud server of these other devices), the client may change the operating state of the specified device to a verified state.
Meanwhile, the client can also continuously receive the information which is sent by the specified equipment and contains the actual state, and the obtained actual state of the specified equipment is sent to the server, so that the server can verify whether the received actual state of the specified equipment is matched with the specified state or not, and identity verification is carried out. If the actual state is consistent with the specified state, the identity authentication is passed, otherwise, the identity authentication is failed.
In practical applications, a time limit may be added to such status-based authentication, for example, within 5 minutes after the authentication instruction is sent, the actual status of the specified device acquired by the client needs to be received and is consistent with the authentication status, so that the authentication is passed. Obviously, if the user is not around the designated device, the state of the designated device cannot be regulated. Through the dynamic verification, the user of the account can be further ensured to be in the safety environment of the safety environment equipment on the basis of the verification based on the static equipment information, and the legality of the user of the account can be ensured.
The foregoing describes a scheme of an embodiment of the present specification in terms of multi-side interaction, and in correspondence with the first aspect, the embodiment of the present specification further provides a single-side authentication method, including the second aspect and the third aspect.
In a second aspect, an embodiment of the present specification further provides another identity authentication method, which is applied to a server, where secure environment device information of a client is stored in advance in the server, as shown in fig. 2, and fig. 2 is a flowchart of another identity authentication method according to the embodiment of the present specification, and includes:
s201, an identity verification instruction is sent to a client to be verified, so that the client to be verified can obtain information of other equipment in the current environment according to the identity verification instruction, and the obtained information of the other equipment is sent to a server;
s203, receiving other equipment information sent by the client;
s205, judging whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, confirming that the identity authentication of the client is passed.
In a third aspect, an embodiment of the present specification further provides another identity authentication method, which is applied to a client, where secure environment device information of the client is stored in advance in a server, as shown in fig. 3, fig. 3 is a schematic flow diagram of another identity authentication method provided in the embodiment of the present specification, where the method includes:
s301, receiving an identity verification instruction sent by a server;
s303, acquiring information of other devices in the surrounding environment according to the identity verification instruction;
s305, the other device information is sent to the server side, so that the server side can judge whether the received other device information is matched with the pre-stored safe environment device information of the client side, and identity authentication is carried out.
Further, when the authentication instruction further includes a specific state including a specific device, the obtaining of the information about the other devices in the surrounding environment correspondingly further includes: receiving information containing actual states sent by the specified equipment; correspondingly, the sending the information of the other devices to the server further includes: and sending the actual state of the specified equipment to a server. Specific contents have been described in the foregoing first aspect, and are not described herein again.
In a fourth aspect, an embodiment of the present specification further provides an identity authentication method, which is applied to a server, where secure environment device information of a client is stored in advance in the server as shown in fig. 4, and fig. 4 is a schematic flow diagram of the identity authentication method according to the fourth aspect provided in the embodiment of the present specification, and includes:
s401, an identity verification instruction is sent to a client to be verified, wherein the identity verification instruction comprises designated equipment information and designated state information so as to indicate the client side to be verified to adjust the designated equipment to the designated state; wherein the specified device is a device in the secure environment of the client.
As described above, the number of the designated devices may be one or more, and the designated state information is used to request the designated devices to reach the designated operating state. For example, the operation state of the refrigerator is adjusted to 20 degrees, or the blowing mode of the air conditioner is adjusted to "medium wind", or the sweeping robot and the air conditioner are waken up from dormancy, etc.
If the client side can directly or indirectly operate the equipment, the user can adjust the actual state of the specified equipment to the specified state through the client. Or, the user may also directly operate the operating state of the specified device to a specified state without through the client or manually. Obviously, since the designated device is a device in the secure environment of the client, if the user of the client is not in the secure environment, the operating state of the designated device cannot be adjusted.
S403, obtaining the actual state of the specified device.
The designated device can be other devices directly connected with the server side, so that the working state of the designated device can be sent to the server side in real time. Fig. 5 is a schematic diagram of an architecture of a system according to an embodiment of the present disclosure, as shown in fig. 5. Or, the server may also indirectly obtain the actual state of the specified device through a cloud server associated with the specified device.
S405, judging whether the actual state is matched with the specified state, and if so, confirming that the identity authentication of the client passes.
In this way of verification, the actual state needs to be completely consistent with the specified state. For example, if the designated state is "adjust the air-conditioning wind speed to be large", it is necessary that the actual state transmitted by the air conditioner is actually "wind speed is large". For another example, if the designated status is "turn on the air conditioner and the television", the actual status sent by the television and the air conditioner is "turn on" to pass the verification.
In this way, the identity authentication can be conveniently carried out without using the biological characteristic data of the user during the identity authentication, and the fact that the appointed equipment does not need to send the actual state of the appointed equipment through the client during the identity authentication is also realized, so that the client is prevented from tampering the actual state of the appointed equipment.
An embodiment of the present specification corresponding to the first aspect further provides an identity authentication system, including a server and a client, where secure environment device information of the client is stored in advance at the server, and in the system:
the server side sends an identity verification instruction to the client side to be verified;
the client to be verified acquires information of other equipment in the current environment according to the identity verification instruction, and sends the acquired information of the other equipment to the server;
and the server judges whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, the server confirms that the authentication of the client is passed.
Corresponding to the second aspect, an embodiment of the present specification further provides an identity authentication apparatus, which is applied to a server, where secure environment device information of a client is stored in advance in the server, as shown in fig. 6, and fig. 6 is a schematic structural diagram of the identity authentication apparatus provided in the embodiment of the present specification, where the apparatus includes:
the sending module 601 is configured to send an identity verification instruction to a client to be verified, so that the client to be verified obtains information of other devices in the current environment according to the identity verification instruction, and sends the obtained information of the other devices to a server;
a receiving module 603, configured to receive information of other devices sent by the client;
the verification module 605 determines whether the received other device information matches with the pre-stored secure environment device information of the client, and if so, determines that the authentication of the client is passed.
Further, the verification module 605 generates a data record containing the information of the other devices according to a preset data structure; and calculating the similarity between the data record and a preset data record, and determining whether the data record is matched according to the similarity, wherein the preset data record comprises the safety environment equipment information of the client.
Further, when the preset data structure is a feature matrix, the verification module 605 generates a feature matrix including information of the other devices, where each row or column in the feature matrix corresponds to device information of one device; and calculating the similarity between the feature matrix and a preset verification matrix, and determining whether the feature matrix is matched with the preset verification matrix according to the similarity, wherein one row or one column in the preset verification matrix corresponds to the equipment information of one piece of safety environment equipment.
Further, the identity verification instruction further includes a designated state of a designated device, so that the client adjusts the designated device to the designated state after receiving the identity verification instruction, wherein the designated device is a device in a secure environment of the client; the corresponding receiving module 603 receives the actual state of the specified device sent by the client; correspondingly, the verification module 605 determines whether the actual state matches the specified state, and if so, the identity verification is passed.
Corresponding to the third aspect, an embodiment of the present specification further provides an identity authentication apparatus, which is applied to a client, and stores security environment device information of the client in advance in a server, as shown in fig. 7, where fig. 7 is a schematic structural diagram of the identity authentication apparatus provided in the embodiment of the present specification, and the apparatus includes:
a receiving module 701, configured to receive an identity verification instruction sent by a server;
the obtaining module 703 is configured to obtain information of other devices in the surrounding environment according to the identity verification instruction, where obviously, the device where the client is located is different from the other devices;
the sending module 705 sends the other device information to the server, so that the server can determine whether the received other device information matches with the pre-stored secure environment device information of the client, and perform identity authentication.
Further, when the identity verification instruction further includes a specified state including a specified device, correspondingly, the obtaining module 703 is further configured to receive information including an actual state sent by the specified device; correspondingly, the sending module 705 is further configured to send the actual state of the specified device to a server.
As shown in fig. 8, fig. 8 is a schematic structural diagram of an authentication apparatus provided in this specification, where the authentication apparatus is applied to a server, and the server stores security environment device information of a client in advance, and the authentication apparatus includes:
a sending module 801, configured to send an authentication instruction to a to-be-authenticated client, where the authentication instruction includes specified device information and specified state information, so as to instruct the to-be-authenticated client to adjust the specified device to the specified state; wherein the designated device is a device in the secure environment of the client;
an obtaining module 803, which obtains the actual state of the specified device;
the verification module 805 determines whether the actual state matches the specified state, and if so, determines that the authentication of the client is passed.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the authentication method shown in fig. 2 when executing the program.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the authentication method shown in fig. 3 when executing the program.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the authentication method shown in fig. 4 when executing the program.
Fig. 9 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored, where the computer program is executed by a processor to implement the identity authentication method shown in fig. 2.
Embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored, where the computer program is executed by a processor to implement the identity authentication method shown in fig. 3.
Embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored, where the computer program is executed by a processor to implement the identity authentication method shown in fig. 4.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, methods, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the method embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to the partial description of the method embodiment for relevant points. The above-described method embodiments are merely illustrative, wherein the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present specification. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, a plurality of modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.

Claims (12)

1. An identity authentication method, which prestores the secure environment equipment information of a client at a server, comprises the following steps:
the server side sends an identity verification instruction to the client side to be verified;
the client to be verified acquires information of other equipment in the current environment according to the identity verification instruction, and sends the acquired information of the other equipment to the server; the other equipment is signed and bound with the equipment where the client to be verified is located in advance;
the server side judges whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client side, and if the received other equipment information is matched with the pre-stored safety environment equipment information of the client side, the server side confirms that the identity verification of the client side is passed; the secure environment device information of the client includes other device information previously registered in the server by the user.
2. The method of claim 1, wherein the step of the server determining whether the received other device information matches with the pre-stored secure environment device information of the client comprises:
the server generates a data record containing the information of the other equipment according to a preset data structure;
and calculating the similarity between the data record and a preset data record, and determining whether the data record is matched according to the similarity, wherein the preset data record comprises the safety environment equipment information of the client.
3. The method according to claim 2, wherein when the preset data structure is a feature matrix, the server determines whether the received other device information matches with the pre-stored secure environment device information of the client, including:
the server generates a feature matrix containing the information of the other devices, wherein each row or column in the feature matrix corresponds to the device information of one device;
and calculating the similarity between the feature matrix and a preset verification matrix, and determining whether the feature matrix is matched with the preset verification matrix according to the similarity, wherein one row or one column in the preset verification matrix corresponds to the equipment information of one piece of safety environment equipment.
4. The method according to claim 1, wherein the authentication command further includes designated state information of a designated device, so that the client adjusts the designated device to the designated state after receiving the authentication command, wherein the designated device is a device in a secure environment of the client;
correspondingly, the client to be verified is also used for acquiring the actual state of the specified equipment and sending the actual state to the server;
correspondingly, the server judges whether the received other device information is matched with the pre-stored safe environment device information of the client, and the method further comprises the following steps: and the server judges whether the actual state is matched with the specified state.
5. An identity authentication method is applied to a server, and the server stores the secure environment equipment information of a client in advance, wherein the secure environment equipment information of the client comprises other equipment information which is registered in the server by a user in advance, and the method comprises the following steps:
sending an identity verification instruction to a client to be verified, so that the client to be verified can acquire information of other equipment in the current environment according to the identity verification instruction and send the acquired information of the other equipment to a server; the other equipment is signed and bound with the equipment where the client to be verified is located in advance;
receiving other equipment information sent by the client;
and judging whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, confirming that the identity authentication of the client passes.
6. An identity authentication method is applied to a client, and the secure environment equipment information of the client is stored in a server in advance, wherein the secure environment equipment information of the client comprises other equipment information which is registered in the server by a user in advance, and the method comprises the following steps:
receiving an identity verification instruction sent by a server;
acquiring other equipment information in the surrounding environment according to the identity verification instruction; the other equipment is signed and bound with the equipment where the local terminal is located in advance;
and sending the information of the other equipment to a server so that the server can judge whether the received information of the other equipment is matched with the pre-stored information of the equipment in the safe environment of the client, and carrying out identity authentication.
7. An identity authentication method is applied to a server, and the server stores the secure environment equipment information of a client in advance, wherein the secure environment equipment information of the client comprises other equipment information which is registered in the server by a user in advance, and the method comprises the following steps:
sending an identity verification instruction to a client to be verified, wherein the identity verification instruction comprises designated equipment information and designated state information so as to indicate the client side to be verified to adjust the designated equipment to the designated state; wherein the designated device is a device in the secure environment of the client; the appointed equipment is signed and bound with the equipment where the client to be verified is located in advance;
obtaining an actual state of the designated device;
and judging whether the actual state is matched with the specified state, and if so, confirming that the identity authentication of the client passes.
8. An identity authentication system comprises a server and a client, wherein the server stores the secure environment equipment information of the client in advance, the secure environment equipment information of the client comprises other equipment information registered in the server by a user in advance, and in the system:
the server side sends an identity verification instruction to the client side to be verified;
the client to be verified acquires information of other equipment in the current environment according to the identity verification instruction, and sends the acquired information of the other equipment to the server; the other equipment is signed and bound with the equipment where the client to be verified is located in advance;
and the server judges whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client, and if so, the server confirms that the authentication of the client is passed.
9. An identity authentication device is applied to a server, and the server stores the security environment equipment information of a client in advance, wherein the security environment equipment information of the client comprises other equipment information which is registered in the server in advance by a user, and the identity authentication device comprises:
the sending module is used for sending an identity verification instruction to the client to be verified so that the client to be verified can obtain information of other equipment in the current environment according to the identity verification instruction and send the obtained information of the other equipment to the server; the other equipment is signed and bound with the equipment where the client to be verified is located in advance;
the receiving module is used for receiving the information of other equipment sent by the client;
and the verification module is used for judging whether the received other equipment information is matched with the pre-stored safety environment equipment information of the client or not, and if so, confirming that the identity verification of the client is passed.
10. An identity authentication device is applied to a client, and the secure environment equipment information of the client is stored in a server in advance, wherein the secure environment equipment information of the client comprises other equipment information which is registered in the server in advance by a user, and the identity authentication device comprises:
the receiving module is used for receiving an identity verification instruction sent by the server;
the acquisition module acquires information of other equipment in the surrounding environment according to the identity verification instruction; the other equipment is signed and bound with the equipment where the local terminal is located in advance;
and the sending module is used for sending the information of the other equipment to the server so that the server can judge whether the received information of the other equipment is matched with the pre-stored information of the equipment in the safe environment of the client or not and carry out identity authentication.
11. An identity authentication device is applied to a server, and the server stores the security environment equipment information of a client in advance, wherein the security environment equipment information of the client comprises other equipment information which is registered in the server in advance by a user, and the identity authentication device comprises:
the system comprises a sending module, a receiving module and a verification module, wherein the sending module sends an identity verification instruction to a client to be verified, and the identity verification instruction comprises appointed equipment information and appointed state information so as to indicate the client side to be verified to adjust the appointed equipment to the appointed state; wherein the designated device is a device in the secure environment of the client; the appointed equipment is signed and bound with the equipment where the client to be verified is located in advance;
the acquisition module is used for acquiring the actual state of the specified equipment;
and the verification module is used for judging whether the actual state is matched with the specified state or not, and if so, confirming that the identity verification of the client passes.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 5 to 7 when executing the program.
CN202010321693.XA 2020-04-22 2020-04-22 Identity verification method, system, device and equipment Active CN111541692B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111155034.4A CN113923001B (en) 2020-04-22 Identity verification method, system, device and equipment
CN202010321693.XA CN111541692B (en) 2020-04-22 2020-04-22 Identity verification method, system, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010321693.XA CN111541692B (en) 2020-04-22 2020-04-22 Identity verification method, system, device and equipment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202111155034.4A Division CN113923001B (en) 2020-04-22 Identity verification method, system, device and equipment

Publications (2)

Publication Number Publication Date
CN111541692A CN111541692A (en) 2020-08-14
CN111541692B true CN111541692B (en) 2021-08-10

Family

ID=71980149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010321693.XA Active CN111541692B (en) 2020-04-22 2020-04-22 Identity verification method, system, device and equipment

Country Status (1)

Country Link
CN (1) CN111541692B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114255042A (en) * 2021-12-27 2022-03-29 中国农业银行股份有限公司 Secret payment-free signing method and device, computer equipment and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685106A (en) * 2012-03-27 2012-09-19 北京百纳威尔科技有限公司 Safety verification method and equipment
CN104065653A (en) * 2014-06-09 2014-09-24 韩晟 Interactive authentication method, device, system and related equipment
CN104869107A (en) * 2014-02-26 2015-08-26 腾讯科技(深圳)有限公司 Identity authentication method, wearable equipment, authentication server and system thereof
CN106412041A (en) * 2016-09-20 2017-02-15 徐蔚 System for connecting mobile terminal with service providing equipment and service providing method
CN107391977A (en) * 2017-07-04 2017-11-24 阿里巴巴集团控股有限公司 Control, automatic switching method, device and the equipment of authority
CN107749844A (en) * 2017-10-16 2018-03-02 维沃移动通信有限公司 Auth method and mobile terminal
US9917821B2 (en) * 2015-12-29 2018-03-13 Itron, Inc. Hardware cryptographic authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685106A (en) * 2012-03-27 2012-09-19 北京百纳威尔科技有限公司 Safety verification method and equipment
CN104869107A (en) * 2014-02-26 2015-08-26 腾讯科技(深圳)有限公司 Identity authentication method, wearable equipment, authentication server and system thereof
CN104065653A (en) * 2014-06-09 2014-09-24 韩晟 Interactive authentication method, device, system and related equipment
US9917821B2 (en) * 2015-12-29 2018-03-13 Itron, Inc. Hardware cryptographic authentication
CN106412041A (en) * 2016-09-20 2017-02-15 徐蔚 System for connecting mobile terminal with service providing equipment and service providing method
CN107391977A (en) * 2017-07-04 2017-11-24 阿里巴巴集团控股有限公司 Control, automatic switching method, device and the equipment of authority
CN107749844A (en) * 2017-10-16 2018-03-02 维沃移动通信有限公司 Auth method and mobile terminal

Also Published As

Publication number Publication date
CN113923001A (en) 2022-01-11
CN111541692A (en) 2020-08-14

Similar Documents

Publication Publication Date Title
US10044761B2 (en) User authentication based on user characteristic authentication rules
KR102141836B1 (en) Two factor authentication
EP3343831A1 (en) Identity authentication method and apparatus
CN111241517B (en) Method and device for constructing biological feature verification question-answer library
CN106453205B (en) identity verification method and device
CN104902028A (en) Onekey registration authentication method, device and system
US9667613B1 (en) Detecting mobile device emulation
CN105100108A (en) Login authentication method, device and system based on face identification
CN107248995B (en) Account verification method and device
CN110519280B (en) Crawler identification method and device, computer equipment and storage medium
US11824850B2 (en) Systems and methods for securing login access
US20190319843A1 (en) Trusted Platform Module-Based Prepaid Access Token for Commercial IoT Online Services
CN105101205A (en) One-click login authentication method, device and system
CN105187412A (en) Login authentication method, device and system based on gesture recognition
CN111541692B (en) Identity verification method, system, device and equipment
CN111125656B (en) Service processing method and device and electronic equipment
CN106685914B (en) Information verification method, server and client
CN112434301A (en) Risk assessment method and device
CN113923001B (en) Identity verification method, system, device and equipment
US11693957B1 (en) Operation behavior monitoring method and apparatus, electronic device, and storage medium
CN111062010B (en) Identity verification method, device and equipment
CN108881513B (en) Method, device, equipment and storage medium for generating equipment code
CN112291786A (en) Wireless access point control method, computer device, and storage medium
CN110544099A (en) Payment method, payment processing system and payment acceptance terminal based on block chain
US11736940B2 (en) L8p8 secure transmission system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40035434

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant