CN112788021B - Cloud data-based digital city management data sharing system for identity verification method - Google Patents
Cloud data-based digital city management data sharing system for identity verification method Download PDFInfo
- Publication number
- CN112788021B CN112788021B CN202011636570.1A CN202011636570A CN112788021B CN 112788021 B CN112788021 B CN 112788021B CN 202011636570 A CN202011636570 A CN 202011636570A CN 112788021 B CN112788021 B CN 112788021B
- Authority
- CN
- China
- Prior art keywords
- identification information
- identity identification
- identity
- information
- connection request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a digital city management data sharing system based on cloud data for an identity verification method, which comprises the following steps: responding to the acquired connection request, and acquiring a first identity code in the connection request; randomly selecting a plurality of first identity identification information in a feature database according to the first identity identification code; analyzing the first identity identification information to obtain a first feature code in the first identity identification information, wherein the first feature code comprises time and an address; sending the first feature code to a terminal sending a connection request; responding to the feedback of the terminal sending the connection request, and acquiring second identity identification information in the feedback; comparing the first identity identification information with second identity identification information corresponding to the first identity identification information; and when the comparison result of the first identity identification information and the second identity identification information is consistent, establishing a data communication relation with the terminal sending the connection request. The method and the device are used for identity authentication before access between terminals, and can improve the access security.
Description
Technical Field
The application relates to the technical field of identity authentication, in particular to a cloud data-based digital city management data sharing system for an identity verification method.
Background
The city digitization is to learn about the city more deeply in a data manner, so that the city can operate more efficiently, in the process, data access and use of multiple departments are involved, numerous servers and frequent access are involved, and how to ensure the security of the data becomes an important research and development subject.
Disclosure of Invention
The application provides a digital city management data sharing system based on cloud data for an identity verification method, which can improve the access security.
In a first aspect, the present application provides an identity authentication method, including:
responding to the acquired connection request, and acquiring a first identity code in the connection request;
randomly selecting a plurality of first identity identification information in a feature database according to the first identity identification code;
analyzing the first identity identification information to obtain a first feature code in the first identity identification information, wherein the first feature code comprises time and an address;
sending the first feature code to a terminal sending a connection request;
responding to the feedback of the terminal sending the connection request, and acquiring second identity identification information in the feedback;
comparing the first identity identification information with second identity identification information corresponding to the first identity identification information; and
and when the comparison result of the first identity identification information and the second identity identification information is consistent, establishing a data communication relation with the terminal sending the connection request.
By adopting the technical scheme, the terminal needing to be accessed can be verified through the random first identification information, so that the first identification information participating in verification every time is different, the cracking difficulty is increased, and the access safety can be improved.
In a possible implementation manner of the first aspect, the plurality of first identification information obtained from the identification database belong to different time nodes in a time sequence.
By adopting the technical scheme, the complexity of the first identity identification information source is increased, and the access security can be further improved.
In a possible implementation manner of the first aspect, the second identification information in the feedback of the terminal sending the connection request is processed by an information summarization algorithm;
the feedback also comprises the code number of the information abstract algorithm;
further comprising:
acquiring a code number of an information summary algorithm in feedback of a terminal sending a connection request;
processing the first identity identification information by using the same type of information abstract algorithm; and
and comparing the first identity identification information processed by the information abstract algorithm with the corresponding second identity identification information processed by the information abstract algorithm.
By adopting the technical scheme, the first identity identification information and the second identity identification information are processed by using the abstract information algorithm, so that the possibility of cracking is further reduced, and the access safety is improved.
In a possible implementation manner of the first aspect, in time series, a plurality of first identity identifications are sequentially converted by using a digest information algorithm, and any two adjacent first identity identifications are converted by using different digest information algorithms;
in the time sequence, a plurality of second identification information are sequentially converted by using a summary information algorithm, and any two adjacent second identification information are converted by using different summary information algorithms;
the first identification information and the second identification information corresponding to the first identification information are converted by using the same abstract information algorithm.
By adopting the technical scheme, the complexity of encrypting the first identity identification information and the second identity identification information is further increased.
In a possible implementation manner of the first aspect, after establishing a data communication relationship with a terminal that sends a connection request, the method further includes:
requesting one or more identification information from a terminal; and
the identification information is stored in a feature database as first identification information.
By adopting the technical scheme, after each access, the number of the identity identification information can be increased, and the cracking difficulty can be increased.
In a possible implementation manner of the first aspect, before storing the identification information as the first identification information in the feature database, the method further includes:
randomly selecting one or more first identity identification information in a feature database and deleting the first identity identification information;
wherein the number of the deleted first identification information is less than, equal to, or less than the number of the identification information requested to the terminal.
By adopting the technical scheme, a dynamic management mode is used for the first identity identification information, the cracking difficulty is further improved, and the access safety is improved.
In one possible implementation manner of the first aspect, the number of the first identification information in the feature database is within a preset number threshold interval.
By adopting the technical scheme, the quantity of the first identity identification information can be controlled within a reasonable range, and the situation of too much or too little can not occur.
In a second aspect, the present application provides an authentication apparatus, comprising:
the first acquisition unit is used for responding to the acquired connection request and acquiring a first identity code in the connection request;
the first selection unit is used for randomly selecting a plurality of pieces of first identity identification information in the feature database according to the first identity identification code;
the second selection unit is used for analyzing the first identity identification information to acquire a first feature code in the first identity identification information, wherein the first feature code comprises time and an address;
the first communication unit is used for sending the first feature code to a terminal sending a connection request;
the second acquisition unit is used for responding to the feedback of the terminal sending the connection request and acquiring second identification information in the feedback;
comparing the first identity identification information with second identity identification information corresponding to the first identity identification information; and
and when the comparison result of the first identity identification information and the second identity identification information is consistent, establishing a data communication relation with the terminal sending the connection request.
In a third aspect, the present application provides a digital city management data sharing system based on cloud data, the system including:
one or more memories for storing instructions; and
one or more processors configured to invoke and execute the instructions from the memory, and perform the authentication method according to the first aspect and any possible implementation manner of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium comprising:
a program that, when executed by a processor, performs the authentication method as described in the first aspect and any possible implementation manner of the first aspect.
In a fifth aspect, the present application provides a computer program product comprising program instructions for performing an authentication method as described in the first aspect and any possible implementation manner of the first aspect when the program instructions are executed by a computing device.
In a sixth aspect, the present application provides a system on a chip comprising a processor configured to perform the functions recited in the above aspects, such as generating, receiving, sending, or processing data and/or information recited in the above methods.
The chip system may be formed by a chip, or may include a chip and other discrete devices.
In one possible design, the system-on-chip further includes a memory for storing necessary program instructions and data. The processor and the memory may be decoupled, disposed on different devices, connected in a wired or wireless manner, or coupled on the same device.
Drawings
Fig. 1 is a schematic diagram illustrating a selection process of first identification information according to an embodiment of the present application.
Fig. 2 is a schematic diagram illustrating a comparison process between first identification information and second identification information according to an embodiment of the present application.
Fig. 3 is a schematic diagram illustrating updating of a feature database according to an embodiment of the present application.
Fig. 4 is a schematic diagram of another feature database update provided in an embodiment of the present application.
Detailed Description
The technical solution of the present application will be described in further detail below with reference to the accompanying drawings.
In the process of city datamation, the cooperative action of a plurality of departments is involved, frequent data access and data exchange occur in the process, particularly, continuous data access and data exchange are performed along with continuous generation of new data, the data can be mined through data flow, potential values in the data can be mined, and the data can be connected in an isolated island manner through a data flow mode to form a viable data network.
Before data access and data exchange, the participating terminals need to perform identity authentication, the terminals are hidden in the network and cannot perform physical identity recognition, and when malicious terminal access exists, the risk of data leakage exists.
The embodiment of the application provides an identity authentication method based on random feature authentication, different authentication information is adopted in each authentication, and the security of data access can be improved.
Referring to fig. 1 and fig. 2, an identity authentication method disclosed in an embodiment of the present application includes the following steps:
s101, responding to the acquired connection request, and acquiring a first identity code in the connection request;
s102, randomly selecting a plurality of pieces of first identity identification information in a feature database according to the first identity identification codes;
s103, analyzing the first identity identification information to obtain a first feature code in the first identity identification information, wherein the first feature code comprises time and an address;
s104, sending the first feature code to a terminal sending a connection request;
s105, responding to the feedback of the terminal sending the connection request, and acquiring second identity identification information in the feedback;
s106, comparing the first identity identification information with second identity identification information corresponding to the first identity identification information; and
s107, when the comparison result of the first identity identification information and the second identity identification information is consistent, a data communication relation is established with the terminal sending the connection request.
The identity authentication method provided by the embodiment of the application is applied to a server where a database is located, and for convenience of description, the server is referred to as a first server, and a server which sends an access request is referred to as a second server, specifically, in step S101, the second server sends a connection request requesting data communication with the first server, and then, for the first server, in response to the obtained connection request sent by the second server, the connection request is analyzed to obtain a first identity code in the connection request, and through the first identity code, the first server selects a corresponding identity authentication policy to determine the identity of the second server.
It should be understood that the identity authentication method in the embodiment of the present application is performed based on dynamic authentication, and then different identification information needs to be used for authentication for different second servers, and the information is generated based on the second server to be authenticated, that is, for each second server, there is a corresponding identification information group.
In step S102, the first server randomly selects a plurality of first identification information from the feature database according to the first identification code, and the purpose of this step is to randomly select a plurality of first identification information from the plurality of first identification information to participate in the subsequent verification process.
It will be appreciated that the use of a random selection means allows differences in the first identity information to be used each time, and that such a dynamic authentication means is significantly more secure than a single authentication means, and in particular for random access, authentication is hardly possible without all first identity information being available.
In step S103, the first server parses the first identity information to obtain a first feature code in the first identity information, where the first feature code is used to send to the second server, so as to obtain a feedback, which may be understood that the second server needs to use the first feature code for retrieval, and then feeds back a retrieval result to the first secondary weapon.
The first feature code includes two pieces of information, the first is time, the second is address, the time represents storage time of the feedback, the address represents storage location of the feedback, and for the second server, it is necessary to send storage information corresponding to the time and the address in the first feature code to the first server, that is, the contents in step S104 and step S105.
It should be understood that if the second server issues a real access request, its feedback should be real, and if the second server issues a malicious access request, its feedback cannot be determined because it is randomly generated and cannot be calculated, and if frequent accesses are made, it is also ineffective because each feedback is different because it is attempted to be resolved by hitting the library.
In step S106, the first server compares the first identification information with the corresponding second identification information, and the comparison result has two types, where the first type is consistent and the second type is inconsistent.
And when the comparison result is inconsistent, rejecting to establish the data communication relation with the terminal sending the connection request.
On the whole, the identity authentication method shown in the embodiment of the present application is a dynamic authentication method, and for the first server, a plurality of pieces of first identity identification information stored in the first server are randomly selected for use, in the authentication process, only time and an address are sent to the second server, the second server performs retrieval according to the two pieces of information, and then sends a retrieval result to the first server for comparison, and for the second server, retrieval can be performed only according to the information, and decryption cannot be performed, so that higher security is achieved.
For a server performing malicious access, relevant storage information cannot be acquired from the second server.
As a specific implementation manner of the identity verification method provided by the application, in a time series, a plurality of pieces of first identity identification information obtained from the identity identification database belong to different time nodes, for example, in an identity verification process, five pieces of first identity identification information are selected as a basis for verification, and then the five pieces of first identity identification information should belong to different time nodes.
For time nodes belonging to different groups, it should be understood that the time at which the first identity information is created may be different, for example belonging to different batches, and the selected time nodes may belong to different batches, since the first identity information is from the second server and thus should store information corresponding to the first identity information of the batches.
In order to further improve the security in the information transmission process, encryption can be used for processing in the transmission process, so that the information is prevented from being cracked in the transmission process.
As a specific implementation manner of the authentication method provided by the application, before comparing the first identification information with the corresponding second identification information, encryption processing is performed, so as to reduce the possibility of leakage.
It should be understood that after the second server sends the second identification information, if the second identification information is monitored by a server with malicious intent, there is a possibility that a secret is leaked, and after a long-time recording, all the second identification information may be analyzed.
Therefore, the second identification information in the feedback of the terminal sending the connection request needs to be processed by an information summary algorithm and then sent out, and the summary information algorithm is an irreversible algorithm, cannot be reversely deduced, and has higher safety.
The second identification information processed by the digest algorithm and the type of the digest information algorithm used by the second identification information are sent to the first server, and for the first server, the following steps are required:
s201, acquiring a code number of an information summary algorithm in feedback of a terminal sending a connection request;
s202, processing the first identity identification information by using the same type of information abstract algorithm; and
s203, comparing the first identity identification information processed by the information summarization algorithm with the second identity identification information processed by the information summarization algorithm corresponding to the first identity identification information.
Specifically, the first identification information is processed according to the code number of the information summarization algorithm in the feedback, then the two pieces of first identification information processed by the information summarization algorithm are compared with the second identification information, and if the two pieces of first identification information are consistent with the second identification information, a data communication relation is established with the second server.
It will be appreciated that for the comparison process, since it involves the transfer of information, there is a possibility that only two scrambling codes will be available if there is an intrusion, and that a reverse derivation cannot be made from the two scrambling codes.
With respect to the code of the message digest algorithm, it should be understood that there are many algorithms of the message digest algorithm, which, if represented by a code, increase the difficulty of reversing the type of message digest algorithm from the code, and if the code is changed, further increase the difficulty of being cracked.
As a specific implementation of the identity authentication method provided by the application, the summary information algorithm is further optimized as follows:
in time sequence, a plurality of first identity identification information are sequentially converted by using a summary information algorithm, and any two adjacent first identity identification information are converted by using different summary information algorithms;
in the time sequence, a plurality of second identification information are sequentially converted by using a summary information algorithm, and any two adjacent second identification information are converted by using different summary information algorithms;
the first identification information and the corresponding second identification information are converted by using the same abstract information algorithm.
That is, for a plurality of first identification information, different summary information algorithms are respectively used for processing, and similarly, the corresponding second identification information is also processed by using different summary information algorithms, so that the difficulty of cracking is further increased, and the safety of the identification authentication is improved.
Referring to fig. 3, as a specific embodiment of the identity authentication method applied for, after establishing a data communication relationship with a terminal that sends a connection request, the following steps are further added:
s301, requesting one or more identity identification information from a terminal; and
s302, the identity identification information is stored in a feature database as first identity identification information.
Specifically, the first identification information in the first server needs to be expanded, that is, the number of the stored first identification information is increased every time the first identification information is communicated with the second server, so that for subsequent communication requests, when the first identification information is selected, the sample capacity is increased, which means that the randomness of the selection is increased, and the difficulty of being cracked can be further improved.
Referring to fig. 4, as an embodiment of the identity verification method provided by the application, for the added first identity information, a corresponding quantity processing is further required, and the steps are as follows,
randomly selecting one or more first identity identification information in a feature database and deleting the first identity identification information;
wherein the number of the deleted first identification information is less than, equal to, or less than the number of the identification information requested to the terminal.
That is, for the first identity identification information which is newly stored, a part of the original first identity identification information needs to be selected and deleted, and the purpose of doing so is two, the first is to limit the number of the first identity identification information and avoid the disordered increase of the number of the first identity identification information; the second is to realize the influence on the subsequent verification process by means of random deletion, because the cluster of the first identity recognition information is continuously changed, that is, for the subsequent identity verification, the randomness thereof is stronger, and the difficulty of cracking is larger.
Furthermore, the number of the first identification information in the feature database is within a preset number threshold interval, so that the number of the first identification information can meet the requirement of identity verification, redundancy caused by too much number is avoided, and randomness reduction caused by too little number is avoided.
An embodiment of the present application further provides an identity authentication apparatus, including:
the first acquisition unit is used for responding to the acquired connection request and acquiring a first identity code in the connection request;
the first selection unit is used for randomly selecting a plurality of pieces of first identity identification information in the feature database according to the first identity identification code;
the second selection unit is used for analyzing the first identity identification information to acquire a first feature code in the first identity identification information, wherein the first feature code comprises time and an address;
the first communication unit is used for sending the first feature code to a terminal sending a connection request;
a second obtaining unit, configured to obtain second identification information in response to a feedback of a terminal that sent the connection request;
comparing the first identity identification information with second identity identification information corresponding to the first identity identification information; and
and when the comparison result of the first identity identification information and the second identity identification information is consistent, establishing a data communication relation with the terminal sending the connection request.
In one example, the units in any of the above apparatuses may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more Digital Signal Processors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), or a combination of at least two of these integrated circuit forms.
For another example, when a unit in the apparatus can be implemented in the form of a processing element scheduler, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling programs. As another example, these units may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Various objects such as various messages/information/devices/network elements/systems/devices/actions/operations/procedures/concepts may be named in the present application, it is to be understood that these specific names do not constitute limitations on related objects, and the named names may vary according to circumstances, contexts, or usage habits, and the understanding of the technical meaning of the technical terms in the present application should be mainly determined by the functions and technical effects embodied/performed in the technical solutions.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It should also be understood that, in various embodiments of the present application, the first, second, etc. are merely intended to represent that a plurality of objects are different. For example, the first time window and the second time window are merely to show different time windows. And should not have any influence on the time window itself, and the above-mentioned first, second, etc. should not impose any limitation on the embodiments of the present application.
It is also to be understood that, in various embodiments of the present application, unless otherwise specified or conflicting in logic, terms and/or descriptions between different embodiments are consistent and may be mutually referenced, and technical features in different embodiments may be combined to form a new embodiment according to their inherent logical relationship.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product, which is stored in a computer-readable storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned computer-readable storage media comprise: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiment of the application also provides a digital city management data sharing system based on cloud data, and the system comprises:
one or more memories for storing instructions; and
one or more processors configured to invoke and execute the instructions from the memory to perform the authentication method as described above.
The embodiment of the present application further provides a computer program product, which includes instructions that, when executed, cause the digital city management data sharing system to perform the operations of the digital city management data sharing system corresponding to the above method.
Embodiments of the present application further provide a chip system, which includes a processor, and is configured to implement the functions referred to in the foregoing, for example, to generate, receive, transmit, or process data and/or information referred to in the foregoing methods.
The chip system may be formed by a chip, or may include a chip and other discrete devices.
The processor mentioned in any of the above may be a CPU, a microprocessor, an ASIC, or one or more integrated circuits for controlling the execution of the program of the method for transmitting feedback information.
In one possible design, the system-on-chip further includes a memory for storing necessary program instructions and data. The processor and the memory may be decoupled, respectively disposed on different devices, and connected in a wired or wireless manner to support the chip system to implement various functions in the above embodiments. Alternatively, the processor and the memory may be coupled to the same device.
Optionally, the computer instructions are stored in a memory.
Alternatively, the memory is a storage unit in the chip, such as a register, a cache, and the like, and the memory may also be a storage unit outside the chip in the terminal, such as a ROM or another type of static storage device that can store static information and instructions, a RAM, and the like.
It will be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory.
The non-volatile memory may be ROM, programmable Read Only Memory (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), or flash memory.
Volatile memory can be RAM, which acts as external cache memory. There are many different types of RAM, such as Static Random Access Memory (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synclink DRAM (SLDRAM), and direct memory bus RAM.
The embodiments of the present invention are preferred embodiments of the present application, and the scope of protection of the present application is not limited by the embodiments, so: all equivalent changes made according to the structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (7)
1. An identity verification method, comprising:
responding to the acquired connection request, and acquiring a first identity code in the connection request;
randomly selecting a plurality of first identity identification information in a feature database according to the first identity identification code;
analyzing the first identity identification information to obtain a first feature code in the first identity identification information, wherein the first feature code comprises time and an address, in the time sequence, a plurality of first identity identification information are sequentially converted by using a summary information algorithm, and any two adjacent first identity identification information are converted by using different summary information algorithms;
sending the first feature code to a terminal sending a connection request;
responding to feedback of a terminal sending a connection request, and acquiring second identification information in the feedback, wherein the second identification information in the feedback of the terminal sending the connection request is processed by an information summarization algorithm, in a time sequence, a plurality of second identification information are sequentially converted by using a summarization information algorithm, and any two adjacent second identification information are converted by using different summarization information algorithms;
acquiring a code number of an information summary algorithm in feedback of a terminal sending a connection request;
the first identity identification information and the second identity identification information corresponding to the first identity identification information are converted by using the same abstract information algorithm;
comparing the first identity identification information processed by the information abstract algorithm with the second identity identification information processed by the information abstract algorithm corresponding to the first identity identification information; and
when the comparison result of the first identity identification information and the second identity identification information is consistent, establishing a data communication relation with the terminal sending the connection request;
requesting one or more identification information from the terminal which has established data communication; and
the identification information is stored in a feature database as first identification information.
2. An authentication method according to claim 1, wherein the plurality of first identification information obtained from the identification database belong to different time nodes in time series.
3. An authentication method according to claim 1, wherein before storing the identification information as the first identification information in the feature database, further comprising:
randomly selecting one or more first identity identification information in a feature database and deleting the first identity identification information;
wherein the number of the deleted first identification information is less than, equal to, or less than the number of the identification information requested to the terminal.
4. An authentication method according to claim 1, wherein the amount of the first identification information in the feature database is within a preset amount threshold interval.
5. An authentication apparatus, comprising:
the first acquisition unit is used for responding to the acquired connection request and acquiring a first identity code in the connection request;
the first selection unit is used for randomly selecting a plurality of pieces of first identity identification information in the feature database according to the first identity identification code;
the second selection unit is used for analyzing the first identity identification information to acquire a first feature code in the first identity identification information, wherein the first feature code comprises time and an address, a plurality of first identity identification information are sequentially converted by using a summary information algorithm in a time sequence, and any two adjacent first identity identification information are converted by using different summary information algorithms;
sending the first feature code to a terminal sending a connection request;
the first communication unit is used for sending the first feature code to a terminal sending a connection request;
a second obtaining unit, configured to obtain second identification information in response to a feedback from a terminal that sent a connection request, where, in a time sequence, a plurality of first identification information are sequentially converted using a digest information algorithm, and any two adjacent first identification information are converted using different digest information algorithms;
acquiring a code number of an information summary algorithm in feedback of a terminal sending a connection request;
the first identity identification information and the second identity identification information corresponding to the first identity identification information are converted by using the same abstract information algorithm; and
when the comparison result of the first identity identification information and the second identity identification information is consistent, establishing a data communication relation with the terminal sending the connection request;
requesting one or more identification information from the terminal which has established data communication; and
the identification information is stored in a feature database as first identification information.
6. A digital city management data sharing system based on cloud data, the system comprising:
one or more memories for storing instructions; and
one or more processors configured to invoke and execute the instructions from the memory to perform the authentication method of any one of claims 1 to 4.
7. A computer-readable storage medium, the computer-readable storage medium comprising:
program which, when executed by a processor, performs the authentication method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011636570.1A CN112788021B (en) | 2020-12-31 | 2020-12-31 | Cloud data-based digital city management data sharing system for identity verification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011636570.1A CN112788021B (en) | 2020-12-31 | 2020-12-31 | Cloud data-based digital city management data sharing system for identity verification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112788021A CN112788021A (en) | 2021-05-11 |
| CN112788021B true CN112788021B (en) | 2023-02-03 |
Family
ID=75754934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011636570.1A Active CN112788021B (en) | 2020-12-31 | 2020-12-31 | Cloud data-based digital city management data sharing system for identity verification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112788021B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208704B (en) * | 2022-09-16 | 2023-01-13 | 欣诚信息技术有限公司 | Identity authentication system and political service application system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102834831A (en) * | 2010-02-15 | 2012-12-19 | 株式会社希爱思异 | Content presentation-type authentication system |
| CN105553926A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Authentication method, server, and terminal |
| CN106209793A (en) * | 2016-06-30 | 2016-12-07 | 上海斐讯数据通信技术有限公司 | A kind of auth method and checking system |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
| CN107563764A (en) * | 2017-09-05 | 2018-01-09 | 深圳支点电子智能科技有限公司 | A kind of method of network payment and system |
| CN109450850A (en) * | 2018-09-26 | 2019-03-08 | 深圳壹账通智能科技有限公司 | Auth method, device, computer equipment and storage medium |
| CN109523266A (en) * | 2018-10-22 | 2019-03-26 | 国信优易数据有限公司 | A kind of payment authentication method, method of payment, system and electronic equipment |
| CN110321687A (en) * | 2018-03-30 | 2019-10-11 | 谢维 | A kind of personal identification method |
-
2020
- 2020-12-31 CN CN202011636570.1A patent/CN112788021B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102834831A (en) * | 2010-02-15 | 2012-12-19 | 株式会社希爱思异 | Content presentation-type authentication system |
| CN105553926A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Authentication method, server, and terminal |
| CN106209793A (en) * | 2016-06-30 | 2016-12-07 | 上海斐讯数据通信技术有限公司 | A kind of auth method and checking system |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
| CN107563764A (en) * | 2017-09-05 | 2018-01-09 | 深圳支点电子智能科技有限公司 | A kind of method of network payment and system |
| CN110321687A (en) * | 2018-03-30 | 2019-10-11 | 谢维 | A kind of personal identification method |
| CN109450850A (en) * | 2018-09-26 | 2019-03-08 | 深圳壹账通智能科技有限公司 | Auth method, device, computer equipment and storage medium |
| CN109523266A (en) * | 2018-10-22 | 2019-03-26 | 国信优易数据有限公司 | A kind of payment authentication method, method of payment, system and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112788021A (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10178076B2 (en) | Cryptographic security functions based on anticipated changes in dynamic minutiae | |
| CN108900533B (en) | Shared data privacy protection method, system, terminal and medium | |
| CN110881063B (en) | Storage method, device, equipment and medium of private data | |
| CN112818380A (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN111753320A (en) | Data encryption method and device based on interceptor and computer equipment | |
| CN111340483A (en) | Data management method based on block chain and related equipment | |
| Li et al. | An efficient blind filter: Location privacy protection and the access control in FinTech | |
| CN111680013A (en) | Data sharing method based on block chain, electronic equipment and device | |
| CN112788021B (en) | Cloud data-based digital city management data sharing system for identity verification method | |
| US11063920B2 (en) | Cryptographic security functions based on anticipated changes in dynamic minutiae | |
| EP3839791B1 (en) | Identification and authorization of transactions via smart contracts | |
| CN113901520A (en) | Data processing method, device, equipment and medium based on block chain | |
| CN112088376A (en) | File storage method and device and storage medium | |
| CN115687368B (en) | Data storage method, device and system and storage medium | |
| CN115834694A (en) | Data storage method, device, storage chip and computer readable storage medium | |
| US20180309577A1 (en) | Systems and methods for hashing obfuscation | |
| CN110995437B (en) | ETC system-based user information input method, device, equipment and storage medium | |
| CN115361198A (en) | Decryption method, encryption method, device, computer equipment and storage medium | |
| CN114745178A (en) | Identity authentication method, identity authentication device, computer equipment, storage medium and program product | |
| KR102204428B1 (en) | Blockchain system for personal information management | |
| CN114238915A (en) | Digital certificate adding method and device, computer equipment and storage medium | |
| CN114124469A (en) | Data processing method, device and equipment | |
| CN112632497A (en) | Identity information verification method and system based on block chain | |
| CN115062063B (en) | Data query method and device based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |