CN111770057B - Identity verification system and identity verification method - Google Patents

Identity verification system and identity verification method Download PDF

Info

Publication number
CN111770057B
CN111770057B CN202010479465.5A CN202010479465A CN111770057B CN 111770057 B CN111770057 B CN 111770057B CN 202010479465 A CN202010479465 A CN 202010479465A CN 111770057 B CN111770057 B CN 111770057B
Authority
CN
China
Prior art keywords
communication number
login
desensitization
logged
application client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010479465.5A
Other languages
Chinese (zh)
Other versions
CN111770057A (en
Inventor
李梅文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing QIYI Century Science and Technology Co Ltd
Original Assignee
Beijing QIYI Century Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing QIYI Century Science and Technology Co Ltd filed Critical Beijing QIYI Century Science and Technology Co Ltd
Priority to CN202010479465.5A priority Critical patent/CN111770057B/en
Publication of CN111770057A publication Critical patent/CN111770057A/en
Application granted granted Critical
Publication of CN111770057B publication Critical patent/CN111770057B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an identity authentication system and an identity authentication method, wherein the identity authentication system comprises: the application client is used for acquiring a desensitization communication number of the terminal; the detection module is used for verifying the login communication number of the account to be logged in/logged in by using the data bits which are not subjected to desensitization processing in the desensitization communication number; the authorization module is used for acquiring the authorization of the user for acquiring the actual communication number and acquiring the identity authentication token obtained by encrypting the actual communication number based on the desensitization communication number; and the server is used for calling the verification interface of the operator to decrypt the identity authentication token to obtain an actual communication number, verifying the login communication number of the account to be logged in/logged in according to the actual communication number, and returning the obtained verification result to the application client. The embodiment of the invention can take the actual communication number of the user as the certificate for identity authentication, avoids enterprises from bearing a large amount of short message charges, and has simple operation and convenient use for the user.

Description

Identity verification system and identity verification method
Technical Field
The present application relates to the field of computer technologies, and in particular, to an authentication system and an authentication method.
Background
With the verification mode of replacing mailbox and the like by the mobile phone, identity verification is carried out by sending a verification short message to the user, which becomes a main mode of user identity authentication.
When the identity authentication is carried out by using the short message authentication mode, a user needs to input a mobile phone number firstly, click to obtain an authentication code, check the short message, input the authentication code in the short message to complete verification, and the interaction flow is complex; moreover, the fee for sending the short message to the user needs to be paid by the company, and the fee is very huge with the increasing amount of the user.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, the present application provides an identity authentication system and an identity authentication method.
In a first aspect, the present application provides an identity verification system, comprising: a terminal and a server; the terminal includes: the system comprises an application client, a detection module and an authorization module;
the application client is used for acquiring a desensitization communication number of the terminal when receiving an identity authentication request; desensitizing an actual communication number currently used by the terminal to obtain the desensitized communication number;
the detection module is used for verifying the login communication number of the account to be logged in/logged in by using the data bits which are not subjected to desensitization processing in the desensitization communication number to obtain a verification result;
the authorization module is used for acquiring the authorization of the user for acquiring the actual communication number when the verification result is successful, and acquiring an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number;
the server is used for decrypting the identity authentication token to obtain the actual communication number, verifying the login communication number of the account to be logged in/logged in according to the actual communication number, and returning the obtained verification result to the application client.
Optionally, the application client is further configured to send an acquisition request of a desensitization communication number carrying an application identifier and an application public key to an operator through a communication link between the terminal and the operator, so that the operator acquires an actual communication number used when the terminal establishes the communication link with the operator, and performs desensitization processing on the actual communication number to obtain the desensitization communication number.
Optionally, the detection module is further configured to obtain login state information of the current application client, prompt a user to determine whether the desensitization communication number is a login communication number to be logged in to the application client if it is determined that the current application client is in an unregistered state according to the login state information, and determine that the verification result is successful if a confirmation operation input by the user is received; and if the deleting operation of deleting the desensitized communication number input by the user is received, determining that the verification result is verification failure.
Optionally, the detection module is further configured to, if it is determined that the current application client is in a logged state according to the login state information, match a data bit in the desensitization communication number that is not desensitized with a corresponding data bit in a login communication number that has logged in the application client, and if the data bit in the desensitization communication number that is not desensitized is matched with the corresponding data bit in the login communication number, determine that the verification result is successful; and if the data bits which are not subjected to desensitization processing in the desensitization communication number are not matched with the corresponding data bits in the login communication number, determining that the verification result is verification failure.
Optionally, the authorization module is further configured to display an authorization popup, and after receiving an authorization operation input by a user, determine that the authorization for obtaining the actual communication number is obtained by the user.
Optionally, the authorization module is further configured to send an authorization identifier, an application identifier, and an application public key to the operator while sending the desensitization communication number to the operator, so that the operator searches for a corresponding actual communication number according to the desensitization communication number, and encrypts the actual communication number to obtain the identity authentication token.
Optionally, the server is further configured to obtain login status information of the current application client, obtain, if it is determined according to the login status information that the current application client is in an unregistered state, registration account information through the actual communication number, and if the registration account information corresponding to the actual communication number is obtained, determine that a verification result is successful; and if the registered account information corresponding to the actual communication number is not acquired, determining that the verification result is verification failure.
Optionally, the server is further configured to, if it is determined that the current application client is in a logged-in state according to the login state information, perform consistency check on the actual communication number and a login communication number that has logged in the application client, and if the actual communication number is consistent with the login communication number, determine that the verification result is a successful verification; and if the actual communication number is inconsistent with the login communication number, determining that the verification result is verification failure.
Optionally, the application client is further configured to switch the application client to a login success state, a registration success state, a password modification success state, or a password recovery success state when the verification result is that the verification is successful.
In a second aspect, the present application provides an identity verification method, including:
the method comprises the steps that when an application client receives an identity authentication request, a desensitization communication number of a terminal is obtained; desensitizing an actual communication number currently used by the terminal to obtain the desensitized communication number;
the detection module verifies the login communication number of the account to be logged in/logged in by using the data bits which are not desensitized in the desensitization communication number to obtain a verification result;
when the verification result is successful, the authorization module acquires the authorization of the user for acquiring the actual communication number, and acquires an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number;
the server decrypts the identity authentication token to obtain the actual communication number, verifies the login communication number of the account to be logged in/logged in according to the actual communication number, and returns the obtained verification result to the application client.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
the embodiment of the invention obtains the desensitization communication number of the terminal when the application client receives the identity authentication request; the method comprises the steps of desensitizing an actual communication number currently used by a terminal to obtain the desensitized communication number, verifying a login communication number of a to-be-logged/logged account by using a detection module through a data bit which is not desensitized in the desensitized communication number to obtain a verification result, obtaining authorization of a user to obtain the actual communication number by using an authorization module when the verification result is successful, obtaining an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number, finally decrypting the identity authentication token by using a server to obtain the actual communication number, verifying the login communication number of the to-be-logged/logged account according to the actual communication number, and returning the obtained verification result to an application client.
The embodiment of the invention can take the actual communication number of the user as the certificate of the identity authentication, and does not need to acquire the short message from an operator every time of the identity authentication, thereby avoiding enterprises from bearing a large amount of short message expenses, and the user only needs simple triggering request operation and authorization operation in the whole process, thereby having simpler operation and being convenient for the user to use.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic structural diagram of an identity authentication system according to an embodiment of the present application;
fig. 2 is a flowchart of an identity authentication method according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application.
In the prior art, when the identity authentication is performed by using the short message authentication mode, a user needs to input a mobile phone number first, click to acquire an authentication code, check the short message, input the authentication code in the short message to complete the verification, and the interaction flow is complex; moreover, the fee for sending the short message to the user needs to be paid by the company, and the fee is very huge with the increasing amount of the user. To this end, an embodiment of the present invention provides an identity authentication system and an identity authentication method, where a user triggers an identity authentication request to be generated when an application client logs in, registers, modifies a password, or retrieves a password, and when the application client receives the identity authentication request, the application client obtains a desensitization communication number of a terminal from an operator (including a pre-fetch number code and a desensitization mobile phone number obtained after desensitization processing is performed on an actual communication number), and then a detection module verifies a login communication number of a to-be-logged in/logged in account by using a data bit which is not subjected to desensitization processing in the desensitization communication number (i.e., a data bit which is not subjected to desensitization processing in the desensitization mobile phone number), that is: matching data bits which are not desensitized in the desensitization mobile phone number with corresponding data bits in the login communication number to obtain a verification result, obtaining authorization of a user for obtaining an actual communication number by an authorization module when the verification result is successful, obtaining an identity authentication token obtained by encrypting the actual communication number from an operator based on the desensitization communication number, finally calling a verification interface of the operator by a server to decrypt the identity authentication token to obtain the actual communication number, verifying the login communication number of the to-be-logged/logged-in account according to the actual communication number, and returning the obtained verification result to the application client.
As shown in fig. 1, the authentication system may include: a terminal 11 and a server 12; the terminal 11 includes: an application client 110, a detection module 111 and an authorization module 112; illustratively, the terminal 11 may refer to a mobile phone or a tablet computer, etc.
The application client 110 is configured to obtain a desensitization communication number of the terminal when receiving an identity authentication request; desensitizing an actual communication number currently used by the terminal to obtain the desensitized communication number;
in the embodiment of the invention, in order to facilitate the user to perform operations such as login, registration, authentication, password modification or password recovery on the application client, a button for performing authentication can be displayed on an operation interface such as login, registration, authentication, password modification or password recovery, and the user triggers the generation of the authentication request by clicking the button.
In practical applications, the terminal 11 may establish a communication link with the operator through the SIM card, and after the terminal 11 establishes the communication link with the operator, the operator will obtain an actual communication number of the terminal 11, that is: a cell phone number that establishes a communication link with the operator.
In practical applications, when a user does not input an actual communication number into the application client 110, the application client cannot know the actual communication number of the terminal 11, and the operator may obtain the actual communication number of the terminal 11 after establishing a communication link with the terminal 11, so as to avoid that the actual communication number is illegally stolen at the terminal 11, the application client 110 obtains, at the operator, the actual communication number that is subjected to the desensitization processing, that is: a desensitization communication number, which may include: the code of the pre-fetched number (code) and the desensitization mobile phone number can be processed in a Hash operation mode, a symmetric encryption algorithm or an asymmetric encryption algorithm mode and the like to obtain the code of the pre-fetched number, so that the safety of the actual communication number can be greatly ensured, and the actual communication number cannot be decrypted even if being illegally stolen by others; the actual communication number may be as follows: 13612345678, the middle four digits are printed to obtain desensitized mobile phone number 136 x 5678, so that the safety of the actual communication number can be greatly ensured, and the actual communication number cannot be decrypted even if the actual communication number is illegally stolen.
After the operator generates the desensitization communication number, the operator locally can store the corresponding relation between the desensitization communication number and the actual communication number, so that the desensitization communication number is convenient for subsequent use.
The detection module 111 is configured to verify a login communication number of a to-be-logged/logged-in account by using a data bit that is not desensitized in the desensitization communication number, so as to obtain a verification result;
in the embodiment of the present invention, the detection module 111 may obtain login status information of the application client, determine different login statuses of the application client according to the login status information, and verify the login communication number in different manners to obtain a verification result.
When the application client is in the non-login state, the desensitization communication number can be used as a login communication number of the account to be logged in; and when the application client is in a logged-in state, the communication number used when the user logs in the application client is the logging-in communication number.
Determining different login states of the application client according to the login state information, and verifying the login communication numbers in different modes, namely, when the application client is in a non-login state, verifying the login communication numbers through interaction with a user, for example, the user can simply check whether the actual communication number corresponding to the desensitization communication number is a communication number needing to be logged in by checking data bits which are not subjected to desensitization processing in the desensitization mobile phone number (under a general condition, if the data bits which are not subjected to desensitization processing can be matched, the verification can be considered to be successful); when the application client is in a logged state, the logging communication number is checked through checking the consistency of the actual communication number and the logging communication number, and the consistency check is not carried out on data bits which are not desensitized in the desensitized communication number and corresponding data in the logging communication number.
The authorization module 112 is configured to, when the verification result is that the verification is successful, obtain authorization of the user to obtain the actual communication number, and obtain an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number;
in the embodiment of the present invention, when the detection module 111 successfully verifies the login communication number, the authorization module may be called at the same time, and after the authorization module is called, in order to ensure the security of the actual communication number, the subsequent operator may return the actual communication number to the server only if obtaining the authorization of the user to obtain the actual communication number; furthermore, in order to facilitate the operator to find the actual communication number corresponding to the desensitized communication number, the desensitized communication number needs to be sent to the operator here.
In practical application, an operator may encrypt an actual communication number through a hash operation, a symmetric encryption algorithm, an asymmetric encryption algorithm, or the like, so as to obtain an identity authentication token (token).
The server 12 is configured to decrypt the identity authentication token to obtain the actual communication number, verify the login communication number of the to-be-logged-in/logged-in account according to the actual communication number, and return an obtained verification result to the application client 110.
The server may decrypt the identity authentication token by calling a verification interface of an operator to obtain the actual communication number.
In the embodiment of the invention, in order to ensure the safety of the actual communication number, the operator is still required to decrypt, so that a verification interface of the operator is required to decrypt the identity authentication token to obtain the actual communication number.
In the embodiment of the present invention, the server 12 may locally obtain the login state information of the application client, determine different login states of the application client according to the login state information, and verify the login communication number in different manners to obtain a verification result.
When the application client is in an unregistered state, whether the corresponding registration account information can be found or not can be determined locally by the server to realize verification of the login communication number, and the login communication number is used as a login communication number of an account to be logged in; when the application client is in a logged-on state, the login communication number can be verified by checking consistency between the login communication number used when the user logs in the application client and the actual communication number.
The embodiment of the invention obtains the desensitization communication number of the terminal when the application client receives the identity authentication request; the method comprises the steps of desensitizing an actual communication number currently used by a terminal to obtain the desensitized communication number, verifying a login communication number of a to-be-logged/logged account by using a detection module through a data bit which is not desensitized in the desensitized communication number to obtain a verification result, obtaining authorization of a user to obtain the actual communication number by using an authorization module when the verification result is successful, obtaining an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number, finally decrypting the identity authentication token by using a server to obtain the actual communication number, verifying the login communication number of the to-be-logged/logged account according to the actual communication number, and returning the obtained verification result to an application client.
The embodiment of the invention can take the actual communication number of the user as the certificate of the identity authentication, and does not need to acquire the short message from an operator every time of the identity authentication, thereby avoiding enterprises from bearing a large amount of short message expenses, and the user only needs simple triggering request operation and authorization operation in the whole process, thereby having simpler operation and being convenient for the user to use.
In another embodiment of the present invention, the application client 110 is further configured to send an obtaining request of a desensitization communication number carrying an application identifier and an application public key to an operator through a communication link between the terminal 11 and the operator, so that the operator obtains an actual communication number used when the terminal 11 and the operator establish the communication link, and performs desensitization processing on the actual communication number to obtain the desensitization communication number.
In the embodiment of the present invention, the application identifier may refer to an AppID, the application public key may refer to an AppKey, the application identifier may be set according to the name of each application client, the AppKey may be negotiated with an operator in advance, and the application identifier and the application public key are allocated by the operator, and may be used as a certificate for mutual communication between the application client and the operator, and when the operator receives an acquisition request of a desensitization communication number carrying the application identifier and the application public key, which is sent by the terminal 11, the operator may automatically acquire an actual communication number used when a communication link is established with the terminal 11, and perform desensitization processing on the actual communication number, so as to obtain the desensitization communication number.
The embodiment of the invention can realize mutual trust cooperation with the operator and improve the cooperation efficiency by sending the request for acquiring the desensitization communication number carrying the application identification and the application public key to the operator.
In an actual application, a user may use multiple mobile phone numbers, or a user logs in an application client using a mobile phone number of another person, so as to facilitate the user to determine whether an actual communication number is a communication number that the user wants to use to log in the application client, in yet another embodiment of the present invention, the detection module 111 is further configured to obtain login state information of the current application client 110, prompt the user to determine whether the desensitization communication number is a login communication number to be logged in the application client if the current application client 110 is determined to be in an un-login state according to the login state information, and determine that the verification result is successful if a confirmation operation input by the user is received; and if the deleting operation of deleting the desensitized communication number input by the user is received, determining that the verification result is verification failure.
In the embodiment of the invention, after the desensitization communication number is acquired from the operator, when the application client is determined to be in the unregistered state according to the login state information, the desensitization communication number can be used as the login communication number for logging in the application client and displayed, so that a user can determine whether the desensitization communication number for logging in the application client is a communication number which the user wants to use the login client, and a verification result is obtained according to corresponding operation input by the user, so that the desensitization communication number is convenient for the user to use.
In another embodiment of the present invention, the detecting module 111 is further configured to, if it is determined that the current application client 110 is in the logged-in state according to the login state information, match a data bit that is not desensitized in the desensitized communication number with a corresponding data bit in a login communication number that has logged in the application client, and if the data bit that is not desensitized in the desensitized communication number is matched with the corresponding data bit in the login communication number, determine that the verification result is that the verification is successful; and if the data bits which are not desensitized in the desensitized communication number are not matched with the corresponding data bits in the login communication number, determining that the verification result is verification failure.
Because the pre-fetching number code and the desensitization mobile phone number contained in the desensitization communication number are obtained by respectively encrypting the actual communication number by an operator, when the desensitization communication number is matched with the login communication number, only part of the desensitization mobile phone number in the desensitization communication number needs to be matched with the login communication number, and because the desensitization mobile phone number is obtained by coding a plurality of specified positions in the actual communication number, only the positions which are not coded are matched with the numbers at the corresponding positions in the login communication number, if the matching is successful, the verification can be considered to be successful, otherwise, the verification can be considered to be failed.
The embodiment of the invention can match the desensitization communication number with the login communication number when the current application client is in the logged-in state, so as to determine whether the desensitization communication number currently used is matched with the login communication number of the logged-in application client, and only when the desensitization communication number is matched with the login communication number, the method comprises the following steps: and only when the login communication number is consistent with the actual communication number authorized to be used by the user or the user with the account, the authorization module continues to acquire the authorization of the user for acquiring the actual communication number, so that the safety of identity authentication is ensured.
In another embodiment of the present invention, the authorization module 112 is further configured to display an authorization popup, and after receiving an authorization operation input by a user, determine to acquire authorization of the user to acquire the actual communication number.
In the embodiment of the present invention, the authorization popup may include contents that require user authorization, that is: authorizing and obtaining the authorized content of the actual communication number, and displaying the checking control which agrees with the authorized content, wherein the user can input checking operation in the checking control and display the authorization confirming button control, the user can input clicking operation on the authorization confirming button control, and the authorizing operation can refer to checking the checking operation which agrees with the authorized content and clicking the clicking operation of the authorization confirming button.
The embodiment of the invention can facilitate the user to know the authorization content and input the authorization operation by displaying the authorization popup, has simple operation and is convenient for the user to use.
In another embodiment of the present invention, the authorization module 112 is further configured to send an authorization identifier, an application identifier, and an application public key to the operator while sending the desensitization communication number to the operator, so that the operator searches for a corresponding actual communication number according to the desensitization communication number, and encrypts the actual communication number to obtain the identity authentication token.
In order to facilitate the operator to know that the authorization module and the operator are mutually trusted while sending the desensitization communication number to the operator, an application identifier, that is, an application public key, needs to be sent to the operator at the same time, that is: the application identifier and the application public key can be used as a credential for mutual trust between the application client and the operator; in addition, in order to facilitate the operator to know that the authorization module obtains the authorization of the user, the next step of generating the identity authentication token and returning can be carried out, and the authorization identifier is also sent at the same time, so that the operator can search the corresponding actual communication number according to the desensitization communication number, and encrypt the actual communication number to obtain the identity authentication token.
The authorization module in the embodiment of the invention informs the operator that the authorization module obtains the authorization of the user through the authorization identifier, and informs the operator that the authorization module and the operator are mutually trusted through the application identifier and the application public key, so that the operator can conveniently generate the identity authentication token according to the desensitization communication number, the coordination and cooperation between the authorization module and the operator are realized, and the security of identity authentication is ensured.
In another embodiment of the present invention, the server 12 is further configured to obtain login status information of the current application client 110, obtain, if it is determined that the current application client 110 is in an unregistered state according to the login status information, register account information through the actual communication number, and if the register account information corresponding to the actual communication number is obtained, determine that a verification result is successful; and if the registered account information corresponding to the actual communication number is not acquired, determining that the verification result is verification failure.
In actual application, since the server locally stores the login status information of the current application client, the server may obtain the login status information of the current application client, if the current application client 110 is in an unregistered state, the corresponding registration account information may be obtained according to the actual communication number, if the corresponding registration account information is obtained, it may be determined that the authentication is passed at the server, and it is determined that the authentication result is successful, otherwise, it is determined that the authentication result is failed.
According to the embodiment of the invention, the server side identity authentication is carried out by searching the registered account information corresponding to the actual communication number in the server, and only the registered account at the server side can pass the authentication, so that the condition that the unregistered actual communication number is successfully authenticated is avoided, and the security of the identity authentication is ensured.
In another embodiment of the present invention, the server 12 is further configured to, if it is determined that the current application client 110 is in the logged-in state according to the login state information, perform consistency check on the actual communication number and the login communication number that has logged in the application client 110, and if the actual communication number is consistent with the login communication number, determine that the verification result is successful; and if the actual communication number is not consistent with the login communication number, determining that the verification result is verification failure.
The embodiment of the invention can carry out consistency check on the actual communication number and the login communication number when the application client is in the logged-in state, and the successful verification is determined only when the actual communication number and the login communication number are consistent, thereby ensuring the safety of identity verification.
In another embodiment of the present invention, the application client 110 is further configured to switch the application client to a login successful state, a registration successful state, a password modification successful state, or a password recovery successful state when the verification result is that the verification is successful.
In the embodiment of the invention, in practical application, generally, when a user uses an application client, the user needs to perform authentication when the user needs to perform functions such as login, registration, password modification or password recovery, and the like, so that when the authentication result is successful, the application client can automatically switch to the states of successful login, successful registration, successful password modification or successful password recovery, thereby simplifying the operation process and facilitating the use of the user.
In another embodiment of the present invention, there is also provided an authentication method, as shown in fig. 2, the method may include the following steps:
step S101, when an application client receives an identity authentication request, a desensitization communication number of the terminal is obtained; desensitizing an actual communication number currently used by the terminal to obtain the desensitized communication number;
step S102, a detection module verifies a login communication number of a to-be-logged/logged account by using data bits which are not subjected to desensitization processing in the desensitization communication number to obtain a verification result;
step S103, when the verification result is successful, the authorization module acquires the authorization of the user to acquire the actual communication number, and acquires an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number;
and step S104, the server decrypts the identity authentication token to obtain the actual communication number, verifies the login communication number of the account to be logged in/logged in according to the actual communication number, and returns the obtained verification result to the application client.
The embodiment of the invention can take the actual communication number of the user as the certificate of the identity authentication, and does not need to acquire the short message from an operator every time of the identity authentication, thereby avoiding enterprises from bearing a large amount of short message expenses, and the user only needs simple triggering request operation and authorization operation in the whole process, thereby having simpler operation and being convenient for the user to use.
It is noted that, in this document, relational terms such as "first" and "second," and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (9)

1. An identity verification system, comprising: a terminal and a server; the terminal includes: the system comprises an application client, a detection module and an authorization module;
the application client is used for acquiring a desensitization communication number of the terminal when receiving an identity authentication request; desensitizing an actual communication number currently used by the terminal to obtain the desensitized communication number;
the application client is further configured to send an acquisition request of a desensitization communication number carrying an application identifier and an application public key to an operator through a communication link between the terminal and the operator, so that the operator acquires an actual communication number used when the terminal establishes the communication link with the operator, and performs desensitization processing on the actual communication number to obtain the desensitization communication number;
the detection module is used for verifying the login communication number of the account to be logged in/logged in by using the data bits which are not subjected to desensitization processing in the desensitization communication number to obtain a verification result;
the authorization module is used for acquiring the authorization of the user for acquiring the actual communication number when the verification result is successful, and acquiring an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number;
the server is used for calling a verification interface of an operator to decrypt the identity authentication token to obtain the actual communication number, verifying the login communication number of the account to be logged in/logged in according to the actual communication number, and returning the obtained verification result to the application client.
2. The identity verification system of claim 1,
the detection module is further configured to acquire login state information of a current application client, prompt a user to determine whether the desensitization communication number is a login communication number to be logged in the application client if the current application client is determined to be in an unregistered state according to the login state information, and determine that the verification result is successful if a confirmation operation input by the user is received; and if the deleting operation of deleting the desensitized communication number input by the user is received, determining that the verification result is verification failure.
3. The identity verification system of claim 2,
the detection module is further configured to match data bits, which are not desensitized, in the desensitized communication number with corresponding data bits in a login communication number, which has already logged in the application client, if it is determined that the current application client is in a logged-in state according to the login state information, and determine that the verification result is successful if the data bits, which are not desensitized, in the desensitized communication number are matched with the corresponding data bits in the login communication number; and if the data bits which are not desensitized in the desensitized communication number are not matched with the corresponding data bits in the login communication number, determining that the verification result is verification failure.
4. The identity verification system of claim 1,
and the authorization module is also used for displaying an authorization popup and determining to acquire the authorization of the user for acquiring the actual communication number after receiving the authorization operation input by the user.
5. The identity verification system of claim 1,
the authorization module is further configured to send a desensitization communication number to an operator, and at the same time, send an authorization identifier, an application identifier, and an application public key to the operator, so that the operator searches for a corresponding actual communication number according to the desensitization communication number, and encrypts the actual communication number to obtain the identity authentication token.
6. The identity verification system of claim 1,
the server is further used for obtaining login state information of the current application client, obtaining registration account information through the actual communication number if the current application client is determined to be in an unregistered state according to the login state information, and determining that a verification result is successful if the registration account information corresponding to the actual communication number is obtained; and if the registered account information corresponding to the actual communication number is not acquired, determining that the verification result is verification failure.
7. The identity verification system of claim 6,
the server is further configured to, if it is determined that the current application client is in a logged-in state according to the login state information, perform consistency check on the actual communication number and a logged-in communication number of the logged-in application client, and if the actual communication number is consistent with the logged-in communication number, determine that the verification result is successful; and if the actual communication number is not consistent with the login communication number, determining that the verification result is verification failure.
8. The identity verification system of claim 1,
and the application client is also used for switching the application client to a successful login state, a successful registration state, a successful password modification state or a successful password recovery state when the verification result is that the verification is successful.
9. An identity verification method, the method comprising:
the method comprises the steps that when an application client receives an identity authentication request, a desensitization communication number of a terminal is obtained; desensitizing an actual communication number currently used by the terminal to obtain the desensitized communication number; the application client sends an acquisition request of a desensitization communication number carrying an application identifier and an application public key to an operator through a communication link between the terminal and the operator, so that the operator acquires an actual communication number used when the terminal and the operator establish the communication link, and desensitizes the actual communication number to obtain the desensitization communication number;
the detection module verifies the login communication number of the account to be logged in/logged in by using the data bits which are not desensitized in the desensitization communication number to obtain a verification result;
when the verification result is successful, the authorization module acquires the authorization of the user for acquiring the actual communication number, and acquires an identity authentication token obtained by encrypting the actual communication number based on the desensitized communication number;
the server calls a verification interface of an operator to decrypt the identity authentication token to obtain the actual communication number, verifies the login communication number of the account to be logged in/logged in according to the actual communication number, and returns the obtained verification result to the application client.
CN202010479465.5A 2020-05-29 2020-05-29 Identity verification system and identity verification method Active CN111770057B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010479465.5A CN111770057B (en) 2020-05-29 2020-05-29 Identity verification system and identity verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010479465.5A CN111770057B (en) 2020-05-29 2020-05-29 Identity verification system and identity verification method

Publications (2)

Publication Number Publication Date
CN111770057A CN111770057A (en) 2020-10-13
CN111770057B true CN111770057B (en) 2022-09-30

Family

ID=72719755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010479465.5A Active CN111770057B (en) 2020-05-29 2020-05-29 Identity verification system and identity verification method

Country Status (1)

Country Link
CN (1) CN111770057B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221788B (en) * 2021-11-18 2024-05-14 北京达佳互联信息技术有限公司 Login method, login device, electronic equipment and storage medium
CN114390524B (en) * 2021-12-22 2024-04-23 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN113993127B (en) * 2021-12-28 2022-05-06 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN114500025B (en) * 2022-01-19 2023-10-27 北京达佳互联信息技术有限公司 Account identifier acquisition method, device, server and storage medium
CN114429341B (en) * 2022-01-24 2022-12-02 吉林银行股份有限公司 Grouped payment method, device and equipment
CN114978748A (en) * 2022-06-14 2022-08-30 中国电信股份有限公司 Login control method and device, readable storage medium and electronic equipment
CN115118438B (en) * 2022-08-29 2023-01-20 北京智芯微电子科技有限公司 Block chain-based terminal digital identity management method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592065A (en) * 2015-11-05 2016-05-18 中国银联股份有限公司 Method and system for website registration on the basis of mobile phone message
CN107871083A (en) * 2017-11-07 2018-04-03 平安科技(深圳)有限公司 Desensitize regular collocation method, application server and computer-readable recording medium
CN108616360A (en) * 2018-03-22 2018-10-02 阿里巴巴集团控股有限公司 User identity verification, register method and device
CN108650276A (en) * 2018-05-21 2018-10-12 北京五八信息技术有限公司 A kind of login method, device, electronic equipment and storage medium
CN108712439A (en) * 2018-05-31 2018-10-26 中国联合网络通信集团有限公司 User information management method, device, server and storage medium
CN109688147A (en) * 2018-12-29 2019-04-26 北京达佳互联信息技术有限公司 Using login method, device, terminal, server, system and storage medium
CN110392065A (en) * 2018-12-27 2019-10-29 上海创蓝文化传播有限公司 Dodge the realization method and system for testing number certification SDK

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592065A (en) * 2015-11-05 2016-05-18 中国银联股份有限公司 Method and system for website registration on the basis of mobile phone message
CN107871083A (en) * 2017-11-07 2018-04-03 平安科技(深圳)有限公司 Desensitize regular collocation method, application server and computer-readable recording medium
CN108616360A (en) * 2018-03-22 2018-10-02 阿里巴巴集团控股有限公司 User identity verification, register method and device
CN108650276A (en) * 2018-05-21 2018-10-12 北京五八信息技术有限公司 A kind of login method, device, electronic equipment and storage medium
CN108712439A (en) * 2018-05-31 2018-10-26 中国联合网络通信集团有限公司 User information management method, device, server and storage medium
CN110392065A (en) * 2018-12-27 2019-10-29 上海创蓝文化传播有限公司 Dodge the realization method and system for testing number certification SDK
CN109688147A (en) * 2018-12-29 2019-04-26 北京达佳互联信息技术有限公司 Using login method, device, terminal, server, system and storage medium

Also Published As

Publication number Publication date
CN111770057A (en) 2020-10-13

Similar Documents

Publication Publication Date Title
CN111770057B (en) Identity verification system and identity verification method
CN111917773B (en) Service data processing method and device and server
US20220191016A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
CN107948204B (en) One-key login method and system, related equipment and computer readable storage medium
EP2999189A1 (en) Network authentication method for secure electronic transactions
CN111901346B (en) Identity authentication system
CN109040070B (en) File transmission method, device and computer readable storage medium
KR20180117715A (en) Method and system for user authentication with improved security
CN112861089B (en) Authorization authentication method, resource server, resource user, equipment and medium
CN109981665B (en) Resource providing method and device, and resource access method, device and system
US9055061B2 (en) Process of authentication for an access to a web site
WO2014146446A1 (en) Method, client and system of identity authentication
CN114788226A (en) Unmanaged tool for building decentralized computer applications
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN111628871B (en) Block chain transaction processing method and device, electronic equipment and storage medium
CN104426659A (en) Dynamic password generating method, authentication method, authentication system and corresponding equipment
CN104767617A (en) Message processing method, system and related device
CN111600900B (en) Single sign-on method, server and system based on block chain
KR20230008695A (en) Password recovery method, system and cloud server and electronic device
CN112633884A (en) Local private key recovery method and device for transaction main body identity certificate
WO2018141219A1 (en) Authentication server, authentication system, and authentication method
CN115276978A (en) Data processing method and related device
CN113792345A (en) Data access control method and device
CN108881153B (en) Authentication method for login
WO2019234801A1 (en) Service provision system and service provision method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant