CN112559993A - Identity authentication method, device and system and electronic equipment - Google Patents

Identity authentication method, device and system and electronic equipment Download PDF

Info

Publication number
CN112559993A
CN112559993A CN202011551761.8A CN202011551761A CN112559993A CN 112559993 A CN112559993 A CN 112559993A CN 202011551761 A CN202011551761 A CN 202011551761A CN 112559993 A CN112559993 A CN 112559993A
Authority
CN
China
Prior art keywords
authentication
identity authentication
target information
cloud server
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011551761.8A
Other languages
Chinese (zh)
Other versions
CN112559993B (en
Inventor
何嘉全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Realme Chongqing Mobile Communications Co Ltd
Original Assignee
Realme Chongqing Mobile Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Realme Chongqing Mobile Communications Co Ltd filed Critical Realme Chongqing Mobile Communications Co Ltd
Priority to CN202011551761.8A priority Critical patent/CN112559993B/en
Publication of CN112559993A publication Critical patent/CN112559993A/en
Application granted granted Critical
Publication of CN112559993B publication Critical patent/CN112559993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The embodiment of the application discloses an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment. The method is applied to a cloud server and can comprise the following steps: receiving an identity authentication request initiated by a cloud application, wherein the cloud application runs in a cloud server; sending an authentication instruction to terminal equipment according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal equipment to carry out user identity authentication and generating target information according to an authentication result; receiving the target information sent by the terminal equipment; and processing the target information to obtain the authentication result, and returning the authentication result to the cloud application. The identity authentication method, the identity authentication device, the identity authentication system and the electronic equipment can improve the safety of using cloud application by the terminal equipment.

Description

Identity authentication method, device and system and electronic equipment
Technical Field
The present application relates to the field of network technologies, and in particular, to an identity authentication method, apparatus, system, and electronic device.
Background
The cloud terminal is a novel terminal technology, and the cloud terminal refers to a terminal device which applies a cloud computing technology to network terminal services and realizes the cloud services through a cloud server. When the cloud terminal is used, the cloud application program does not need to be downloaded, the application program can directly run in the cloud server, and the cloud terminal can use the functions of the cloud application programs through the network. How to improve the security of the terminal device in using the cloud application program becomes a popular research direction at present.
Disclosure of Invention
The embodiment of the application discloses an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment, and can improve the safety of terminal equipment using cloud application.
The embodiment of the application discloses an identity authentication method, which is applied to a cloud server and comprises the following steps:
receiving an identity authentication request initiated by a cloud application, wherein the cloud application runs in a cloud server;
sending an authentication instruction to terminal equipment according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal equipment to carry out user identity authentication and generating target information according to an authentication result;
receiving the target information sent by the terminal equipment;
and processing the target information to obtain the authentication result, and returning the authentication result to the cloud application.
The embodiment of the application discloses an identity authentication method, which is applied to terminal equipment and comprises the following steps:
receiving an authentication instruction sent by a cloud server, wherein the authentication instruction is generated by the cloud server according to an identity authentication request initiated by a cloud application, and the cloud application runs on the cloud server;
performing user identity authentication on the collected user identity information according to the authentication instruction, and generating target information according to an authentication result;
and sending the target information to the cloud server, wherein the target information is used for processing in the cloud server to obtain the authentication result, and the authentication result is returned to the cloud application through the cloud server.
The embodiment of the application discloses identity authentication device is applied to high in the clouds server, the device includes:
the system comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for receiving an identity authentication request initiated by a cloud application, and the cloud application runs in a cloud server;
the sending module is used for sending an authentication instruction to the terminal equipment according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal equipment to carry out user identity authentication and generating target information according to an authentication result;
the information receiving module is used for receiving the target information sent by the terminal equipment;
and the result returning module is used for processing the target information to obtain the authentication result and returning the authentication result to the cloud application.
The embodiment of the application discloses an identity authentication system, which comprises a cloud server and a terminal device, wherein,
the cloud server is used for receiving an identity authentication request initiated by a cloud application and sending an authentication instruction to terminal equipment according to the identity authentication request, wherein the cloud application runs in the cloud server;
the terminal device is used for carrying out user identity authentication on the collected user identity information according to the authentication instruction, generating target information according to an authentication result and then sending the target information to the cloud server;
the cloud server is further configured to receive the target information sent by the terminal device, process the target information to obtain the authentication result, and return the authentication result to the cloud application.
The embodiment of the application discloses an electronic device, which comprises a memory and a processor, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the processor is enabled to realize the method applied to the cloud server.
The embodiment of the application discloses a terminal device, which comprises a memory and a processor, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the processor is enabled to realize the method applied to the terminal device.
According to the identity authentication method, the identity authentication device, the identity authentication system and the electronic equipment, the cloud server receives an identity authentication request initiated by the cloud application, an authentication instruction is sent to the terminal equipment according to the identity authentication request, the terminal equipment can perform user identity authentication according to the authentication instruction, target information is generated according to an authentication result, then the target information is sent to the cloud server, the cloud server can process the target information sent by the terminal equipment to obtain the authentication result, and the authentication result is returned to the cloud application, the cloud application running on the cloud server can normally complete user identity authentication through the terminal equipment, the whole user identity authentication process is performed on the terminal equipment, the problem that the user identity information is leaked can be prevented, and the safety of the terminal equipment using the cloud application is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a diagram of an embodiment of a method for identity authentication;
FIG. 2 is a timing diagram of a method of identity authentication in one embodiment;
FIG. 3 is a flow diagram of a method of identity authentication in one embodiment;
FIG. 4 is a flow chart of a method of identity authentication in another embodiment;
FIG. 5 is a diagram of an application scenario of the identity authentication method in another embodiment;
FIG. 6 is a diagram illustrating an embodiment in which a terminal device outputs a prompt;
FIG. 7 is a flow chart of a method of identity authentication in another embodiment;
FIG. 8 is a block diagram of an identity authentication device in one embodiment;
FIG. 9 is a block diagram of an identity authentication device in another embodiment;
FIG. 10 is a block diagram showing the structure of an electronic apparatus according to an embodiment.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It is to be noted that the terms "comprises" and "comprising" and any variations thereof in the examples and figures of the present application are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
In the related art, for a general terminal device, an installation package of an application program needs to be downloaded, and the application program can be normally used after being installed locally. Because the application program is installed in the local of the terminal equipment, when the application program needs to perform identity authentication in the operation process, the corresponding interface provided by the operating system on the terminal equipment is directly called, so that the user identity information can be acquired and the identity authentication can be completed. For the cloud terminal, all the applications and functions are realized through the cloud server, that is, the applications are separated from the cloud terminal, so that identity authentication cannot be realized.
The embodiment of the application provides an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment, wherein a cloud application running on a cloud server can normally complete user identity authentication through terminal equipment, and the whole user identity authentication process is carried out on the terminal equipment, so that the problem of user identity information leakage can be prevented, and the safety of the terminal equipment in using the cloud application is improved.
Fig. 1 is a diagram illustrating an application scenario of the identity authentication method in one embodiment. As shown in fig. 1, the cloud server 10 may establish a communication connection with the terminal device 20, the terminal device 20 may include, but is not limited to, a mobile phone, a smart wearable device, a tablet Computer, a PC (Personal Computer), a vehicle-mounted terminal, and the like, and the cloud server 10 may be a distributed server cluster composed of a plurality of server devices. In this embodiment of the application, the terminal device 20 may be a cloud terminal, all applications and functions on the terminal device 20 may be implemented by the cloud server 10, the terminal device 20 does not need to download the applications, but logs in the cloud server 10 through a cloud account, and the cloud server 10 allocates a resource space corresponding to the terminal device 20 to the application may be run on the cloud server 10, and the functions of the terminal device 20 are implemented, and meanwhile, the terminal device 20 may also store all data such as images and files in the cloud server 10.
When the cloud application needs to perform identity authentication, the cloud server 10 may obtain an identity authentication request initiated by the cloud application, and send an authentication instruction to the terminal device 20 according to the identity authentication request. The terminal device 20 receives the authentication instruction sent by the cloud server 10, collects user identity information according to the authentication instruction, performs user identity authentication according to the user identity information, generates target information according to an authentication result, and sends the generated target information to the cloud server 10. The cloud server 10 receives the target information sent by the terminal device 20, can process the target information to obtain an authentication result, and returns the authentication result to the cloud application, so that the user identity authentication of the cloud application running on the cloud server in the using process can be realized, and the safety of using the cloud application is ensured.
Fig. 2 is a timing diagram of an identity authentication method in one embodiment. As shown in fig. 2, the identity authentication method processing method may include the following steps according to a processing sequence:
1. the cloud server 10 receives an identity authentication request initiated by the cloud application.
2. The cloud server 10 sends an authentication instruction to the terminal device 20 according to an identity authentication request initiated by the cloud application.
3. The terminal device 20 receives the authentication instruction sent by the cloud server 10, performs user identity authentication on the collected user identity information according to the authentication instruction, and generates target information according to an authentication result.
4. The terminal device 20 transmits the target information to the cloud server 10.
5. The cloud server 10 receives the target information sent by the terminal device 20, processes the target information to obtain an authentication result, and returns the authentication result to the cloud application.
As shown in fig. 3, in an embodiment, an identity authentication method is provided, which can be applied to the cloud server, and the method can include the following steps:
step 310, an identity authentication request initiated by the cloud application is received.
The cloud application may refer to an application program running on a cloud server, and the cloud application may be encapsulated and used in a virtualization environment provided by the cloud server by using an application virtualization technology. The terminal equipment does not need to download and install application programs locally, can establish communication connection with the cloud server through a wireless network, and orders the service of each cloud application in the cloud server, so that the cloud application can be used. Alternatively, the Wireless network may include, but is not limited to, a 4G (4th generation mobile networks, fourth generation mobile communication technology), a 5G (5th generation mobile networks, fifth generation mobile communication technology), a WiFi (Wireless Fidelity) network, and the like. The terminal equipment can display an application interface of the used cloud application, and data processing of the cloud application in the using process is realized in the cloud server.
The cloud application may need to perform identity authentication in the using process, for example, when a user uses the cloud application in a terminal device, and when the user needs to use the cloud application to perform operations with high security requirements, such as payment and account transfer, the cloud application needs to authenticate the identity of the user, or when the user logs in a platform (such as a tax platform and a social security platform) with high security by using the cloud application, the cloud application also needs to authenticate the identity of the user. The scenario that the cloud application performs identity authentication on the user is not limited in the embodiment of the present application.
In some embodiments, the cloud application may initiate an identity authentication request, which may carry information such as an authentication type, an authentication event, and the like. The authentication type may refer to an authentication manner for performing identity authentication, and optionally, the authentication type may include but is not limited to a biometric authentication manner such as face authentication, fingerprint authentication, pupil authentication, and the like, and may also be a password authentication manner, a voice authentication manner, and the like. The authentication item may refer to an operation item that the cloud application needs to perform identity authentication, such as a payment item, a transfer item, a login item, and the like, but is not limited thereto.
And 320, sending an authentication instruction to the terminal equipment according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal equipment to perform user identity authentication, and generating target information according to an authentication result.
The cloud server can generate an authentication instruction according to information such as an authentication type and authentication items carried in the identity authentication request, and sends the authentication instruction to the terminal equipment.
In some embodiments, the terminal device may log in to the cloud server through account information allocated by the cloud server or account information registered in advance, the cloud server may store the account information of the terminal device and a customized cloud application correspondingly, and account information corresponding to different terminal devices is different. Optionally, the cloud server may allocate a corresponding storage space for each account information, and store data of each cloud application, service, and the like customized by the terminal device in the storage space corresponding to the account information. The cloud server can acquire account information corresponding to the cloud application after receiving an identity authentication request initiated by the cloud application, and acquire identification information of the terminal device according to the account information so as to send an authentication instruction to the terminal device according to the identification information. Alternatively, the identification information of the terminal device may include, but is not limited to, an IP (Internet Protocol) address, a MAC (Media Access Control) address, and the like of the terminal device.
After receiving the authentication instruction, the terminal device can analyze the authentication instruction to obtain the information such as the type of authentication to be performed and the corresponding authentication items. The terminal equipment can start a corresponding user information acquisition module according to the authentication type so as to acquire user information through the user information acquisition module and perform user identity authentication according to the acquired user information. If the collected user information is matched with the user information pre-stored in the terminal device, that is, the collected user information is consistent with the pre-stored user information, the authentication result can be determined to be successful, and if the collected user information is not matched with the user information pre-stored in the terminal device, the authentication result can be determined to be failed.
Illustratively, the authentication type is face authentication, and the terminal device may start a camera, collect a face image of the user through the camera, and perform face recognition authentication through the face image. The terminal equipment can compare the collected face image with a face image stored in advance, and judge whether the collected face image is matched with the face image stored in advance so as to obtain a face identification authentication result.
For example, if the authentication type is fingerprint authentication, the terminal device may start the fingerprint acquisition module, acquire fingerprint information of the user through the fingerprint acquisition module, compare the fingerprint information with the fingerprint information entered in advance, and determine whether the acquired fingerprint information matches the fingerprint information entered in advance to obtain a fingerprint authentication result.
In some embodiments, the terminal device may generate a prompt message according to the authentication type and the authentication item, and output the prompt message to prompt the user that the identity authentication is currently required, where the prompt message may be an interface prompt displayed on a screen, or a voice prompt played through a speaker, and the like, and is not limited herein.
User identity authentication is carried out on the terminal equipment, user identity information collected by the terminal equipment does not need to be uploaded to the cloud server, the situation that the user identity information is stolen in the transmission process can be prevented, and information safety of a user is guaranteed.
After the terminal equipment obtains the authentication result of the user identity authentication, the terminal equipment can process the authentication result to obtain the target information. Optionally, the terminal device may package the authentication result according to a preset data packet format to obtain target information, and send the target information to the cloud server.
The authentication result may be represented by a predetermined character, for example, the authentication success is Y, the authentication failure is N, or the authentication success is 1, the authentication failure is 0, but not limited thereto. Further, when the cloud server sends the authentication instruction to the terminal device, the authentication instruction may carry a character representation mode, each character representation mode may be different and may be selected randomly, and then the terminal device may represent the authentication result according to the character representation mode carried in the received authentication instruction. After receiving the target information, the cloud server can discard the authentication result and resend the authentication instruction to the terminal device if detecting that the authentication result is not represented according to the character representation mode, so that the probability of tampering the authentication result can be reduced, and the security is further improved.
And step 330, receiving the target information sent by the terminal equipment.
And 340, processing the target information to obtain an authentication result, and returning the authentication result to the cloud application.
The cloud server can analyze the target information after receiving the target information to obtain an authentication result, and returns the authentication result to the cloud application sending the identity authentication request, and the cloud application can perform the next operation according to the authentication result. For example, if the authentication result is successful, the cloud application may execute authentication items that need to be subjected to identity authentication, and if the authentication result is failed, the cloud application may stop executing the authentication items that need to be subjected to identity authentication, and determine whether an identity authentication request needs to be reinitiated, and if so, the cloud application may reinitiate the identity authentication request to perform identity authentication on the user of the terminal device again.
In the embodiment of the application, the cloud server receives an identity authentication request initiated by the cloud application, an authentication instruction is sent to the terminal device according to the identity authentication request, the terminal device can perform user identity authentication according to the authentication instruction, target information is generated according to an authentication result, the target information is sent to the cloud server, the cloud server can process the target information sent by the terminal device to obtain an authentication result, and the authentication result is returned to the cloud application, the cloud application running on the cloud server can normally complete user identity authentication through the terminal device, and the whole user identity authentication process is performed on the terminal device, so that the problem of user identity information leakage can be prevented, and the safety of the terminal device using the cloud application is improved.
As shown in fig. 4, in an embodiment, another identity authentication method is provided, which can be applied to the cloud server described above, and the method can include the following steps:
step 402, when a login request of the terminal device is received, obtaining a device identifier of the terminal device according to the login request.
In order to improve the security of the cloud application during identity authentication, the authentication result can be transmitted after being processed in encryption and other manners. The cloud server and the terminal equipment can realize the safe transmission of the authentication result according to the set encryption and decryption mode. Before the terminal device uses the cloud application, the terminal device can log in a cloud server through account information, the cloud server receives a login request of the terminal device, and the login request can carry the account information and information such as a device identifier of the terminal device. Alternatively, the device identification of the terminal device may include, but is not limited to, a MAC address, an IMEI (International Mobile Equipment Identity), and the like. The device identification may be used to uniquely identify the terminal device and is not typically easily changed.
In some embodiments, the cloud server may verify the account information and the device identifier after acquiring the account information and the device identifier of the terminal device, which are carried in the login request. The cloud server can search whether the pre-stored account information matched with the account information exists in the database, and if the pre-stored account information matched with the account information exists, the account information is proved to be correct. The cloud server can judge whether the acquired password is consistent with the password corresponding to the consistent pre-stored account identification, and if the password is also consistent, the account information is proved to be correct. If the pre-stored account identification consistent with the acquired account identification does not exist, or the acquired password is inconsistent with the password corresponding to the consistent pre-stored account identification, the account information is wrong, and the terminal equipment fails to log in.
Furthermore, the cloud server can correspondingly store the information of each account and the equipment identifier. When the cloud server determines that the acquired account information is correct, whether the acquired equipment identifier is consistent with the equipment identifier corresponding to the matched pre-stored account information or not can be further judged, if yes, the terminal equipment can be determined to be successfully logged in, and the safety and the accuracy of the terminal equipment in logging in the cloud server can be further improved.
Step 404, inquiring a public key corresponding to the terminal device in the key management server according to the device identifier.
The cloud server can obtain a public key corresponding to the terminal device according to the device identifier of the terminal device sending the login request, and the public key can be used for decrypting the encrypted information sent by the terminal device. Different terminal devices can respectively correspond to different public keys so as to ensure the safety. The key management server may be individually provided for managing key data of the respective terminal devices.
As an embodiment, before each terminal device leaves the factory, a group of key pairs may be generated, where the key pairs include a public key and a private key, where the private key may be stored in the terminal device, the public key and a device identifier of the terminal device may be sent together to a key management server, and the public key and the device identifier are stored by the key management server correspondingly.
Further, the private Key may include a root Key (ATTK), each terminal device may generate a unique root Key, and the generated root Key may be stored in a Trusted Execution Environment (TEE) of the terminal device, where the TEE may be a parallel Execution Environment with a main operating system on the terminal device and may provide a security service to the main operating system, and the main operating system may have an Execution space of the TEE and a higher security level than the main operating system. The public key may be a symmetric key corresponding to the root key, may be an asymmetric key corresponding to the root key, and the like, and is not limited herein. The private key is generated and stored in the TEE of the terminal equipment, so that the private key can be prevented from being leaked, and the security of the private key is ensured.
As another embodiment, when the terminal device registers in the cloud server, the cloud server may generate a set of key pairs, send a private key corresponding to the key pair to the terminal device, store the private key by the terminal device, send a public key corresponding to the key pair and device information of the terminal device to the key management server, and store the public key and the device identifier by the key management server.
Fig. 5 is a diagram illustrating an application scenario of the identity authentication method in another embodiment. As shown in fig. 5, the cloud server 10 may establish a communication connection with the terminal device 20, and the cloud server 10 may also establish a communication connection with the key management server 50. Each time the cloud server 10 receives a login request from the terminal device 20, a query instruction may be generated according to a device identifier such as an IMEI carried in the login request, and the query instruction is sent to the key management server 50. After receiving the query instruction, the key management server 50 may query the corresponding public key according to the device identifier carried in the query instruction, and send the queried public key to the cloud server 20.
Step 406, an identity authentication request initiated by the cloud application is received.
And step 408, sending an authentication instruction to the terminal device according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal device to perform user identity authentication, and encrypting an authentication result to obtain target information.
The descriptions of steps 406 to 408 refer to the descriptions of steps 310 to 320 in the above embodiments, and are not repeated herein.
After receiving the authentication instruction sent by the cloud server, the terminal device can perform user identity authentication according to the collected user information to obtain an authentication result, and can encrypt the authentication result according to the stored private key to obtain target information. Optionally, the terminal device may encrypt the authentication result by using a symmetric encryption algorithm, an asymmetric encryption algorithm, and the like, and the specific encryption algorithm is not limited in the embodiment of the present application.
In some embodiments, after the user identity authentication is performed by the terminal device, the authentication result may be encrypted according to a root key corresponding to the terminal device, so as to obtain the target information. The terminal device can sign the authentication result according to the stored root key to obtain the authentication result with the signature information, namely the target information.
Optionally, after the terminal device starts the user information acquisition module and acquires user information through the user information acquisition module, the user information acquisition module may transmit the acquired user information to the TEE, the TEE may store pre-entered user information, and match the acquired user information with the pre-entered user information in the TEE, if the matching is successful, the authentication result may be an authentication success, and if the matching is failed, the authentication result may be an authentication failure.
The root key of the terminal equipment can be stored in the TEE at the same time, and after the authentication result is obtained in the TEE, the authentication result can be encrypted according to the root key to obtain the target information. The TEE can send the target information to a wireless communication module of the terminal device, and then the wireless communication module sends the target information to the cloud server. The terminal equipment executes the user identity authentication process and the authentication result encryption process in the TEE, so that the safety of the whole identity authentication process can be ensured.
In some embodiments, when receiving an identity authentication request initiated by a cloud application, the cloud server may obtain an application identifier of the cloud application initiating the identity authentication request, where the application identifier may be used to uniquely identify the cloud application, and for example, the application identifier may include an application number, an application name, a version number when the application is issued, and the like, but is not limited thereto. The cloud server can match the application identifier with the interface image displayed by the terminal equipment and judge whether the application identifier corresponds to the displayed interface image.
In this application embodiment, terminal equipment is cloud terminal, and the interface image that shows on this terminal equipment can be sent to terminal equipment again and show after the high in the clouds server is rendered, can reduce the requirement to terminal equipment's rendering ability like this, guarantees the smoothness nature that shows. Therefore, the cloud server can acquire the interface image being displayed on the terminal device in real time, and when the cloud application initiates the identity authentication request, whether the interface image displayed on the terminal device belongs to the cloud application can be judged, that is, whether the terminal device is using the cloud application in the foreground can be judged through the displayed interface image.
If the application identifier of the cloud application initiating the identity authentication request is matched with the interface image displayed by the terminal device, indicating that the terminal device is using the cloud application in the foreground, the cloud server can send an authentication instruction to the terminal device according to the identity authentication request. If the application identifier of the cloud application initiating the identity authentication request is not matched with the interface image displayed by the terminal device, that is, the interface image displayed by the terminal device does not belong to the cloud application, the cloud application can be determined to be in a background running state, and the cloud server can generate prompt information according to the identity authentication request and send the prompt information to the terminal device. The prompt message can be used to prompt the cloud application that identity authentication is being performed.
After receiving the prompt message, the terminal device may output the prompt message, for example, the prompt message may be displayed on a screen, or the prompt message may be played through a speaker, and the manner of outputting the prompt message is not limited herein. Optionally, the prompt information may include application information, an authentication type, authentication items, and the like of the cloud application that initiates the identity authentication request, and the user may accurately and completely learn the identity authentication request sent by the cloud application through the prompt information. If the terminal equipment receives confirmation response information input by the user, and the confirmation response information can be used for representing that the user agrees to perform identity authentication, the confirmation response information can be sent to the cloud server. And after receiving the confirmation response information sent by the terminal equipment, the cloud server can send an authentication instruction to the terminal equipment according to the identity authentication request.
Fig. 6 is a schematic diagram illustrating a terminal device outputting a prompt message in one embodiment. As shown in fig. 6, a prompt message 504 can be displayed on the screen of the terminal device, where the prompt message 504 indicates that "application a is performing payment operation and needs to perform face recognition on you". If the user clicks the 'agree' button, the terminal device receives confirmation response information input by the user, and can send the confirmation response information to the cloud server. If the user clicks the 'reject' button, the terminal device receives reject response information input by the user, the terminal device does not return a message to the cloud server, and if the cloud server does not receive confirmation response information sent by the terminal device within a certain time, the cloud application can reject the identity authentication request initiated by the cloud application. Or the terminal equipment can directly return response refusing information to the cloud server, and the cloud server can refuse the identity authentication request initiated by the cloud application when receiving the response refusing information.
Fig. 6 only shows one way of outputting the prompt information by the terminal device, which is only used to describe the embodiment of the present application, and is not used to limit the way of outputting the prompt information by the terminal device and the content of the prompt information, and the terminal device may also output the prompt information by another way, and the prompt information may also include other contents.
The cloud server matches the cloud application initiating the identity authentication request with the cloud application used by the terminal device in the foreground at present, so that the cloud application running in the background can be prevented from identity authentication under the condition that a user does not know, and the identity authentication safety of the cloud application is further improved.
And step 410, receiving the target information sent by the terminal equipment.
And step 412, decrypting the target information according to the public key corresponding to the terminal device to obtain an authentication result, and returning the authentication result to the cloud application.
The cloud server can decrypt the target information according to the public key corresponding to the terminal equipment and inquired from the key management server after receiving the target information sent by the terminal equipment, and since the private key when the public key and the target information are encrypted is a group of key pairs, the target information can be successfully decrypted to obtain an authentication result.
Since the private key, the public key and the terminal device in the embodiment of the application are all corresponding, the situation that the same terminal device corresponds to a plurality of public keys or one public key corresponds to a plurality of terminal devices does not exist. If the cloud server fails to decrypt the target information according to the public key corresponding to the terminal device, the target information can be determined not to be the target information sent by the terminal device, the target information can be determined to be non-safety information and discarded, and the encrypted target information is obtained from the terminal device again. The safety and the accuracy of the cloud application during identity authentication can be improved.
In some embodiments, when the terminal device logs out from the cloud server, the cloud server may delete the public key corresponding to the terminal device, and obtain the public key from the key management server again when the terminal device sends the login request next time. The key management server can be a server with extremely high security, and the public key can be deleted by the cloud server when the terminal device logs out, so that the condition that the public key is leaked when the cloud server is attacked illegally can be prevented, and the security of the key is ensured.
In the embodiment of the application, the terminal device can encrypt the authentication result of the user identity authentication to obtain the target information, and the cloud server can decrypt the received target information according to the public key corresponding to the terminal device so as to ensure that the target information accurately comes from the terminal device, ensure the accuracy and the safety of the authentication result, and improve the safety of the cloud application in the identity authentication.
As shown in fig. 7, in an embodiment, an identity authentication method is provided, which is applicable to the terminal device described above, and the method may include the following steps:
step 710, receiving an authentication instruction sent by the cloud server, where the authentication instruction is generated by the cloud server according to an identity authentication request initiated by the cloud application.
And 720, performing user identity authentication on the collected user identity information according to the authentication instruction, and generating target information according to an authentication result.
Step 730, sending the target information to the cloud server, where the target information is used for processing at the cloud server to obtain an authentication result, and returning the authentication result to the cloud application through the cloud server.
In the embodiment of the application, the cloud server receives an identity authentication request initiated by the cloud application, an authentication instruction is sent to the terminal device according to the identity authentication request, the terminal device can perform user identity authentication according to the authentication instruction, target information is generated according to an authentication result, the target information is sent to the cloud server, the cloud server can process the target information sent by the terminal device to obtain an authentication result, and the authentication result is returned to the cloud application, the cloud application running on the cloud server can normally complete user identity authentication through the terminal device, and the whole user identity authentication process is performed on the terminal device, so that the problem of user identity information leakage can be prevented, and the safety of the terminal device using the cloud application is improved.
In one embodiment, the step of generating the target information according to the authentication result includes: and encrypting the authentication result to obtain the target information.
In one embodiment, the step of encrypting the authentication result to obtain the target information includes: and encrypting according to the root key authentication result corresponding to the terminal equipment to obtain target information, and decrypting the target information by the cloud server according to the public key corresponding to the terminal equipment to obtain the authentication result.
In one embodiment, before receiving the authentication instruction sent by the cloud server, the method further includes: receiving prompt information sent by a cloud server, and outputting the prompt information, wherein the prompt information is used for prompting that the cloud application is carrying out identity authentication, and the prompt information is generated when the cloud equipment detects that the cloud application initiating an identity authentication request is not matched with an interface image displayed by the terminal equipment; and after receiving confirmation response information input by the user, sending confirmation response information to the cloud server, wherein the confirmation response information is used for triggering the cloud server to send an authentication instruction to the terminal equipment according to the identity authentication request. The cloud server matches the cloud application initiating the identity authentication request with the cloud application used by the terminal device in the foreground at present, so that the cloud application running in the background can be prevented from identity authentication under the condition that a user does not know, and the identity authentication safety of the cloud application is further improved.
It should be noted that, the identity authentication method applied to the terminal device provided in the embodiment of the present application may refer to the description of the identity authentication method applied to the cloud server provided in the foregoing embodiments, and details are not repeated herein.
In the embodiment of the application, the terminal device can encrypt the authentication result of the user identity authentication to obtain the target information, and the cloud server can decrypt the received target information according to the public key corresponding to the terminal device so as to ensure that the target information accurately comes from the terminal device, ensure the accuracy and the safety of the authentication result, and improve the safety of the cloud application in the identity authentication.
In an embodiment, an identity authentication system is further provided in the embodiments of the present application, where the identity authentication system may include a cloud server and a terminal device, and a communication connection may be established between the cloud server and the terminal device.
The cloud server is used for receiving an identity authentication request initiated by the cloud application and sending an authentication instruction to the terminal equipment according to the identity authentication request, and the cloud application runs on the cloud server.
And the terminal equipment is used for carrying out user identity authentication on the collected user identity information according to the authentication instruction, generating target information according to an authentication result and then sending the target information to the cloud server.
And the cloud server is also used for receiving the target information sent by the terminal equipment, processing the target information to obtain the authentication result, and then returning the authentication result to the cloud application.
In the embodiment of the application, the cloud application running on the cloud server can normally complete user identity authentication through the terminal device, the whole user identity authentication process is carried out on the terminal device, the problem of user identity information leakage can be prevented, and the safety of the terminal device using the cloud application is improved.
In one embodiment, the identity authentication system further comprises a key management server for storing a public key corresponding to the device identifier of each terminal device.
The terminal device is further used for sending a login request to the cloud server, wherein the login request carries the device identification of the terminal device.
And the cloud server is further used for acquiring the equipment identifier of the terminal equipment according to the login request when the login request of the terminal equipment is received, and inquiring the public key corresponding to the terminal equipment in the key management server according to the equipment identifier.
In an embodiment, the terminal device is further configured to encrypt the authentication result to obtain the target information after performing user identity authentication.
Optionally, the terminal device is further configured to encrypt the authentication result according to a root key corresponding to the terminal device after the user identity authentication is performed, so as to obtain the target information.
And the cloud server is also used for decrypting the target information according to the public key corresponding to the terminal equipment to obtain an authentication result.
In the embodiment of the application, the terminal device can encrypt the authentication result of the user identity authentication to obtain the target information, and the cloud server can decrypt the received target information according to the public key corresponding to the terminal device so as to ensure that the target information accurately comes from the terminal device, ensure the accuracy and the safety of the authentication result, and improve the safety of the cloud application in the identity authentication.
In an embodiment, the cloud server is further configured to obtain an application identifier of the cloud application after receiving an identity authentication request initiated by the cloud application, match the application identifier with an interface image displayed by the terminal device, send an authentication instruction to the terminal device according to the identity authentication request if the application identifier is matched with the interface image displayed by the terminal device, and send prompt information to the terminal device if the application identifier is not matched with the interface image displayed by the terminal device, where the prompt information is used to prompt the cloud application to perform identity authentication.
And the terminal equipment is also used for receiving the prompt information sent by the cloud server, outputting the prompt information, and sending confirmation response information to the cloud server if the confirmation response information input by the user aiming at the prompt information is received.
And the cloud server is further used for sending an authentication instruction to the terminal equipment according to the identity authentication request after receiving the confirmation response information of the terminal equipment.
In the embodiment of the application, the cloud server matches the cloud application which initiates the identity authentication request with the cloud application which is used by the terminal device at the foreground currently, so that the cloud application running in the background can be prevented from identity authentication under the condition that a user is unaware, and the identity authentication safety of the cloud application is further improved.
As shown in fig. 8, in one embodiment, an identity authentication apparatus 800 is provided, which can be applied to the cloud server. The identity authentication apparatus 800 may include a request receiving module 810, a sending module 820, an information receiving module 830, and a result returning module 840.
The request receiving module 810 is configured to receive an identity authentication request initiated by a cloud application, where the cloud application operates on a cloud server.
A sending module 820, configured to send an authentication instruction to the terminal device according to the identity authentication request, where the authentication instruction is used to instruct the terminal device to perform user identity authentication, and generate target information according to an authentication result.
The information receiving module 830 is configured to receive the target information sent by the terminal device.
And the result returning module 840 is used for processing the target information to obtain an authentication result and returning the authentication result to the cloud application.
In the embodiment of the application, the cloud application running on the cloud server can normally complete user identity authentication through the terminal device, the whole user identity authentication process is carried out on the terminal device, the problem of user identity information leakage can be prevented, and the safety of the terminal device using the cloud application is improved.
In one embodiment, the authentication instruction is further used to instruct the terminal device to perform user identity authentication, and encrypt the authentication result to obtain the target information.
In one embodiment, the authentication instruction is further configured to instruct the terminal device to perform user identity authentication, and encrypt an authentication result according to a root key corresponding to the terminal device to obtain the target information.
The result returning module 840 is further configured to decrypt the target information according to the public key corresponding to the terminal device to obtain an authentication result, and return the authentication result to the cloud application.
In one embodiment, the identity authentication apparatus 800 includes an identifier obtaining module and a query module in addition to the request receiving module 810, the sending module 820, the information receiving module 830 and the result returning module 840.
And the identifier acquisition module is used for acquiring the equipment identifier of the terminal equipment according to the login request when the login request of the terminal equipment is received.
And the inquiry module is used for inquiring the public key corresponding to the terminal equipment in the key management server according to the equipment identifier.
In one embodiment, the identity authentication device 800 further comprises a matching module.
And the matching module is used for acquiring the application identifier of the cloud application and matching the application identifier with the interface image displayed by the terminal equipment.
The sending module 820 is further configured to send an authentication instruction to the terminal device according to the identity authentication request if the application identifier matches the interface image displayed by the terminal device; and the information receiving module 830 is configured to send a prompt message to the terminal device if the application identifier is not matched with the interface image displayed by the terminal device, where the prompt message is used to prompt the cloud application to perform identity authentication, and send an authentication instruction to the terminal device according to the identity authentication request after receiving the confirmation response information of the terminal device.
In the embodiment of the application, the terminal device can encrypt the authentication result of the user identity authentication to obtain the target information, and the cloud server can decrypt the received target information according to the public key corresponding to the terminal device so as to ensure that the target information accurately comes from the terminal device, ensure the accuracy and the safety of the authentication result, and improve the safety of the cloud application in the identity authentication.
As shown in fig. 9, in one embodiment, another identity authentication apparatus 900 is provided, which can be applied to the terminal device. The identity authentication device 900 may include a receiving module 910, an authentication module 920, and a sending module 930.
The receiving module 910 is configured to receive an authentication instruction sent by a cloud server, where the authentication instruction is generated by the cloud server according to an identity authentication request initiated by a cloud application, and the cloud application runs on the cloud server.
And the authentication module 920 is configured to perform user identity authentication on the collected user identity information according to the authentication instruction, and generate target information according to an authentication result.
A sending module 930, configured to send the target information to the cloud server, where the target information is used to be processed at the cloud server to obtain an authentication result, and the authentication result is returned to the cloud application through the cloud server.
In the embodiment of the application, the cloud application running on the cloud server can normally complete user identity authentication through the terminal device, the whole user identity authentication process is carried out on the terminal device, the problem of user identity information leakage can be prevented, and the safety of the terminal device using the cloud application is improved.
In an embodiment, the authentication module 920 is further configured to perform user identity authentication on the collected user identity information according to the authentication instruction, and encrypt an authentication result to obtain the target information.
In an embodiment, the authentication module 920 is further configured to perform user identity authentication on the collected user identity information according to the authentication instruction, and encrypt the collected user identity information according to a root key authentication result corresponding to the terminal device to obtain target information, where the target information is further configured to decrypt the target information by the cloud server according to a public key corresponding to the terminal device to obtain a certificate result.
In an embodiment, the receiving module 910 is further configured to receive a prompt message sent by the cloud server, and output the prompt message, where the prompt message is used to prompt that the cloud application is performing identity authentication, and the prompt message is generated when the cloud device detects that the cloud application initiating the identity authentication request does not match the interface image displayed by the terminal device.
The sending module 930 is further configured to send, after receiving the confirmation response information input by the user, confirmation response information to the cloud server, where the confirmation response information is used to trigger the cloud server to send an authentication instruction to the terminal device according to the identity authentication request.
In the embodiment of the application, the terminal device can encrypt the authentication result of the user identity authentication to obtain the target information, and the cloud server can decrypt the received target information according to the public key corresponding to the terminal device so as to ensure that the target information accurately comes from the terminal device, ensure the accuracy and the safety of the authentication result, and improve the safety of the cloud application in the identity authentication.
FIG. 10 is a block diagram showing the structure of an electronic apparatus according to an embodiment. The electronic device may be the cloud server described above, and as shown in fig. 10, the electronic device 1000 may include one or more of the following components: a processor 1010, and a memory 1020 coupled to the processor 1010, wherein the memory 1020 may store one or more computer programs that may be configured to be executed by the one or more processors 1010 to implement the identity authentication method applied to the cloud server as described in the embodiments above.
Processor 1010 may include one or more processing cores. The processor 1010 interfaces with various components throughout the electronic device 1000 using various interfaces and circuitry to perform various functions of the electronic device 1000 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 1020 and invoking data stored in the memory 1020. Alternatively, the processor 1010 may be implemented in hardware using at least one of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 1010 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 1010, but may be implemented by a communication chip.
The Memory 1020 may include a Random Access Memory (RAM) or a Read-Only Memory (ROM). The memory 1020 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 1020 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described above, and the like. The stored data area may also store data created during use by the electronic device 1000, and the like.
It is understood that the electronic device 1000 may include more or less structural elements than those shown in the above structural block diagrams, for example, a wireless communication module, etc., and is not limited thereto.
In one embodiment, the present application provides a terminal device, which includes a memory and a processor, where the memory stores a computer program, and the computer program, when executed by the processor, causes the processor to implement the identity authentication method applied to the terminal device as described in the foregoing embodiments.
The embodiment of the application discloses a computer-readable storage medium, which stores a computer program, wherein when the computer program is executed by a processor, the identity authentication method applied to a cloud server as described in the embodiment is implemented.
The embodiment of the application discloses a computer readable storage medium, which stores a computer program, wherein the computer program realizes the identity authentication method applied to the terminal device as described in the embodiment when being executed by a processor.
The embodiment of the application discloses a computer program product, which includes a non-transitory computer readable storage medium storing a computer program, and the computer program can be executed by a processor to implement the identity authentication method applied to a cloud server as described in the above embodiments.
An embodiment of the present application discloses a computer program product, which includes a non-transitory computer-readable storage medium storing a computer program, and the computer program can be executed by a processor to implement the identity authentication method applied to a terminal device as described in the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. The storage medium may be a magnetic disk, an optical disk, a ROM, etc.
Any reference to memory, storage, database, or other medium as used herein may include non-volatile and/or volatile memory. Suitable non-volatile memory can include ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM is available in many forms, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), and Direct Rambus DRAM (DRDRAM).
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. Those skilled in the art should also appreciate that the embodiments described in this specification are all alternative embodiments and that the acts and modules involved are not necessarily required for this application.
In various embodiments of the present application, it should be understood that the size of the serial number of each process described above does not mean that the execution sequence is necessarily sequential, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated units, if implemented as software functional units and sold or used as a stand-alone product, may be stored in a computer accessible memory. Based on such understanding, the technical solution of the present application, which is a part of or contributes to the prior art in essence, or all or part of the technical solution, may be embodied in the form of a software product, stored in a memory, including several requests for causing a computer device (which may be a personal computer, a server, a network device, or the like, and may specifically be a processor in the computer device) to execute part or all of the steps of the above-described method of the embodiments of the present application.
The identity authentication method, device, system and electronic device disclosed in the embodiments of the present application are described in detail above, and specific examples are applied in the present application to explain the principle and implementation of the present application. Meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (11)

1. An identity authentication method is applied to a cloud server, and comprises the following steps:
receiving an identity authentication request initiated by a cloud application, wherein the cloud application runs in a cloud server;
sending an authentication instruction to terminal equipment according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal equipment to carry out user identity authentication and generating target information according to an authentication result;
receiving the target information sent by the terminal equipment;
and processing the target information to obtain the authentication result, and returning the authentication result to the cloud application.
2. The method according to claim 1, wherein the authentication instruction is further configured to instruct the terminal device to perform user identity authentication, and encrypt the authentication result to obtain target information;
the processing the target information to obtain the authentication result includes:
and decrypting the target information according to the public key corresponding to the terminal equipment to obtain the authentication result.
3. The method according to claim 2, wherein the authentication instruction is further configured to instruct the terminal device to perform user identity authentication, and encrypt the authentication result according to a root key corresponding to the terminal device to obtain the target information.
4. The method of claim 2 or 3, wherein before the receiving the identity authentication request initiated by the cloud application, the method further comprises:
when a login request of a terminal device is received, acquiring a device identifier of the terminal device according to the login request;
and inquiring a public key corresponding to the terminal equipment in a key management server according to the equipment identifier.
5. The method of claim 1, wherein after receiving the identity authentication request initiated by the cloud application, the method further comprises:
acquiring an application identifier of the cloud application, and matching the application identifier with an interface image displayed by the terminal equipment;
if the application identifier is matched with the interface image displayed by the terminal equipment, executing the authentication instruction sent to the terminal equipment according to the identity authentication request;
and if the application identification is not matched with the interface image displayed by the terminal equipment, sending prompt information to the terminal equipment, wherein the prompt information is used for prompting that the cloud application is carrying out identity authentication, and executing the authentication instruction sent to the terminal equipment according to the identity authentication request after receiving confirmation response information of the terminal equipment.
6. An identity authentication method is applied to terminal equipment, and the method comprises the following steps:
receiving an authentication instruction sent by a cloud server, wherein the authentication instruction is generated by the cloud server according to an identity authentication request initiated by a cloud application, and the cloud application runs on the cloud server;
performing user identity authentication on the collected user identity information according to the authentication instruction, and generating target information according to an authentication result;
and sending the target information to the cloud server, wherein the target information is used for processing in the cloud server to obtain the authentication result, and the authentication result is returned to the cloud application through the cloud server.
7. The method of claim 6, wherein generating the target information according to the authentication result comprises:
encrypting according to the authentication result of the root key corresponding to the terminal equipment to obtain target information;
the target information is also used for decrypting the target information by the cloud server according to a public key corresponding to the terminal equipment so as to obtain the authentication result.
8. An identity authentication device, applied to a cloud server, the device comprising:
the system comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for receiving an identity authentication request initiated by a cloud application, and the cloud application runs in a cloud server;
the sending module is used for sending an authentication instruction to the terminal equipment according to the identity authentication request, wherein the authentication instruction is used for indicating the terminal equipment to carry out user identity authentication and generating target information according to an authentication result;
the information receiving module is used for receiving the target information sent by the terminal equipment;
and the result returning module is used for processing the target information to obtain the authentication result and returning the authentication result to the cloud application.
9. An identity authentication system, which is characterized by comprising a cloud server and a terminal device, wherein,
the cloud server is used for receiving an identity authentication request initiated by a cloud application and sending an authentication instruction to terminal equipment according to the identity authentication request, wherein the cloud application runs in the cloud server;
the terminal device is used for carrying out user identity authentication on the collected user identity information according to the authentication instruction, generating target information according to an authentication result and then sending the target information to the cloud server;
the cloud server is further configured to receive the target information sent by the terminal device, process the target information to obtain the authentication result, and return the authentication result to the cloud application.
10. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program that, when executed by the processor, causes the processor to implement the method of any one of claims 1 to 5.
11. A terminal device, comprising a memory and a processor, the memory having stored therein a computer program which, when executed by the processor, causes the processor to carry out the method of claim 6 or 7.
CN202011551761.8A 2020-12-24 2020-12-24 Identity authentication method, device and system and electronic equipment Active CN112559993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011551761.8A CN112559993B (en) 2020-12-24 2020-12-24 Identity authentication method, device and system and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011551761.8A CN112559993B (en) 2020-12-24 2020-12-24 Identity authentication method, device and system and electronic equipment

Publications (2)

Publication Number Publication Date
CN112559993A true CN112559993A (en) 2021-03-26
CN112559993B CN112559993B (en) 2024-02-02

Family

ID=75033574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011551761.8A Active CN112559993B (en) 2020-12-24 2020-12-24 Identity authentication method, device and system and electronic equipment

Country Status (1)

Country Link
CN (1) CN112559993B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948787A (en) * 2021-04-13 2021-06-11 重庆金康赛力斯新能源汽车设计院有限公司 Method and system for connecting terminal equipment and ADAS controller
CN113726812A (en) * 2021-09-08 2021-11-30 北京鼎普科技股份有限公司 Terminal operation log auditing method and system
CN114157693A (en) * 2021-11-30 2022-03-08 四川虹美智能科技有限公司 Power-on authentication method of communication equipment, communication module and server
CN114338166A (en) * 2021-12-29 2022-04-12 支付宝(杭州)信息技术有限公司 Edge device risk processing method, device, equipment and cloud server
CN115118470A (en) * 2022-06-16 2022-09-27 深圳乐播科技有限公司 Processing method and device for content mis-uploading, computer equipment and storage medium
CN115174275A (en) * 2022-09-07 2022-10-11 平安银行股份有限公司 Remote control method and device based on cloud
CN117714513A (en) * 2024-02-06 2024-03-15 北京云驰未来科技有限公司 Method and system for controlling target equipment based on cloud server

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316169A (en) * 2008-07-18 2008-12-03 张曌 Network identity verification method based on internet third party biological characteristic validation
CN102930661A (en) * 2012-10-31 2013-02-13 浪潮齐鲁软件产业有限公司 Cloud computing-based network invoicing method by using mobile phone
CN103220344A (en) * 2013-03-29 2013-07-24 新浪技术(中国)有限公司 Method and system for using microblog authorization
CN103368958A (en) * 2013-07-05 2013-10-23 腾讯科技(深圳)有限公司 Method, device and system for detecting webpage
CN103391203A (en) * 2012-05-09 2013-11-13 百度在线网络技术(北京)有限公司 Unlocking method, system and device of mobile terminal
US20150012763A1 (en) * 2011-12-30 2015-01-08 Schneider Electric It Corporation Systems and methods of remote communication
WO2015101320A1 (en) * 2013-12-31 2015-07-09 腾讯科技(深圳)有限公司 Account number generation method, terminal and background server
CN105141610A (en) * 2015-08-28 2015-12-09 百度在线网络技术(北京)有限公司 Phishing page detection method and system
KR20160117114A (en) * 2015-03-30 2016-10-10 엔트릭스 주식회사 System for cloud streaming service, method of cloud streaming service using single session multi-access and apparatus for the same
WO2018155822A1 (en) * 2017-02-21 2018-08-30 주식회사 코인플러그 Method for providing simplified account registration service and user authentication service, and authentication server using same
CN108629165A (en) * 2017-03-17 2018-10-09 平安科技(深圳)有限公司 The display methods and device of website
CN110061995A (en) * 2019-04-24 2019-07-26 上海互啊佑智能科技有限公司 A kind of mouse, identity authorization system, method, apparatus and storage medium
CN110636062A (en) * 2019-09-20 2019-12-31 百度在线网络技术(北京)有限公司 Method and device for controlling secure interaction of equipment, electronic equipment and storage medium
CN110795767A (en) * 2019-11-12 2020-02-14 阳光电源股份有限公司 Electric power transaction method, device and system and trusted cloud platform
US20200221150A1 (en) * 2017-09-27 2020-07-09 Tencent Technology (Shenzhen) Company Limited Account login method and system, video terminal, mobile terminal, and storage medium

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101316169A (en) * 2008-07-18 2008-12-03 张曌 Network identity verification method based on internet third party biological characteristic validation
US20150012763A1 (en) * 2011-12-30 2015-01-08 Schneider Electric It Corporation Systems and methods of remote communication
CN103391203A (en) * 2012-05-09 2013-11-13 百度在线网络技术(北京)有限公司 Unlocking method, system and device of mobile terminal
CN102930661A (en) * 2012-10-31 2013-02-13 浪潮齐鲁软件产业有限公司 Cloud computing-based network invoicing method by using mobile phone
CN103220344A (en) * 2013-03-29 2013-07-24 新浪技术(中国)有限公司 Method and system for using microblog authorization
CN103368958A (en) * 2013-07-05 2013-10-23 腾讯科技(深圳)有限公司 Method, device and system for detecting webpage
WO2015101320A1 (en) * 2013-12-31 2015-07-09 腾讯科技(深圳)有限公司 Account number generation method, terminal and background server
KR20160117114A (en) * 2015-03-30 2016-10-10 엔트릭스 주식회사 System for cloud streaming service, method of cloud streaming service using single session multi-access and apparatus for the same
CN105141610A (en) * 2015-08-28 2015-12-09 百度在线网络技术(北京)有限公司 Phishing page detection method and system
WO2018155822A1 (en) * 2017-02-21 2018-08-30 주식회사 코인플러그 Method for providing simplified account registration service and user authentication service, and authentication server using same
CN108629165A (en) * 2017-03-17 2018-10-09 平安科技(深圳)有限公司 The display methods and device of website
US20200221150A1 (en) * 2017-09-27 2020-07-09 Tencent Technology (Shenzhen) Company Limited Account login method and system, video terminal, mobile terminal, and storage medium
CN110061995A (en) * 2019-04-24 2019-07-26 上海互啊佑智能科技有限公司 A kind of mouse, identity authorization system, method, apparatus and storage medium
CN110636062A (en) * 2019-09-20 2019-12-31 百度在线网络技术(北京)有限公司 Method and device for controlling secure interaction of equipment, electronic equipment and storage medium
CN110795767A (en) * 2019-11-12 2020-02-14 阳光电源股份有限公司 Electric power transaction method, device and system and trusted cloud platform

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
贺甲宁: "校园网环境下统一身份认证系统的研究与实现", 信息科技, no. 3, pages 15 - 20 *
郭斌: "SaaS平台访问控制系统设计与实现", 信息科技, no. 9, pages 53 - 60 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948787A (en) * 2021-04-13 2021-06-11 重庆金康赛力斯新能源汽车设计院有限公司 Method and system for connecting terminal equipment and ADAS controller
CN112948787B (en) * 2021-04-13 2023-10-31 重庆金康赛力斯新能源汽车设计院有限公司 Connection method and system of terminal equipment and ADAS controller
CN113726812A (en) * 2021-09-08 2021-11-30 北京鼎普科技股份有限公司 Terminal operation log auditing method and system
CN114157693A (en) * 2021-11-30 2022-03-08 四川虹美智能科技有限公司 Power-on authentication method of communication equipment, communication module and server
CN114338166A (en) * 2021-12-29 2022-04-12 支付宝(杭州)信息技术有限公司 Edge device risk processing method, device, equipment and cloud server
CN115118470A (en) * 2022-06-16 2022-09-27 深圳乐播科技有限公司 Processing method and device for content mis-uploading, computer equipment and storage medium
CN115118470B (en) * 2022-06-16 2023-11-17 深圳乐播科技有限公司 Processing method, device, computer equipment and storage medium for content error uploading
CN115174275A (en) * 2022-09-07 2022-10-11 平安银行股份有限公司 Remote control method and device based on cloud
CN115174275B (en) * 2022-09-07 2022-12-06 平安银行股份有限公司 Remote control method and device based on cloud
CN117714513A (en) * 2024-02-06 2024-03-15 北京云驰未来科技有限公司 Method and system for controlling target equipment based on cloud server
CN117714513B (en) * 2024-02-06 2024-04-26 北京云驰未来科技有限公司 Method and system for controlling target equipment based on cloud server

Also Published As

Publication number Publication date
CN112559993B (en) 2024-02-02

Similar Documents

Publication Publication Date Title
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN113114624B (en) Identity authentication method and device based on biological characteristics
JP6401784B2 (en) Payment authentication system, method and apparatus
CN107864115B (en) Method for user account login verification by using portable terminal
CN106330850B (en) Security verification method based on biological characteristics, client and server
CN106657152B (en) Authentication method, server and access control device
EP3065435A1 (en) Method for generating a digital identity for a user of a mobile device, digital user identity, and authentication method using said digital user identity
JP2018532301A (en) User authentication method and apparatus
CN104753674B (en) A kind of verification method and equipment of application identity
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN111131416B (en) Service providing method and device, storage medium and electronic device
CN110113355B (en) Internet of things cloud access method and device
EP3206329B1 (en) Security check method, device, terminal and server
CN109145628B (en) Data acquisition method and system based on trusted execution environment
CN111130798B (en) Request authentication method and related equipment
CN106357694B (en) Access request processing method and device
CN108833431B (en) Password resetting method, device, equipment and storage medium
WO2014111022A1 (en) Mobile terminal user information display method, mobile terminal, and service system
EP4024311A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
CN105577619B (en) Client login method, client and system
CN112632573A (en) Intelligent contract execution method, device and system, storage medium and electronic equipment
CN111461720A (en) Identity verification method and device based on block chain, storage medium and electronic equipment
CN110417740B (en) User data processing method, intelligent terminal, server and storage medium
CN114501431A (en) Message transmission method and device, storage medium and electronic equipment
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant