CN113032749A - Synchronous authentication method and device - Google Patents

Synchronous authentication method and device Download PDF

Info

Publication number
CN113032749A
CN113032749A CN202110234389.6A CN202110234389A CN113032749A CN 113032749 A CN113032749 A CN 113032749A CN 202110234389 A CN202110234389 A CN 202110234389A CN 113032749 A CN113032749 A CN 113032749A
Authority
CN
China
Prior art keywords
user information
server
user
page
service identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110234389.6A
Other languages
Chinese (zh)
Inventor
顾乐威
王强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Duwo Network Technology Co ltd
Original Assignee
Beijing Duwo Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Duwo Network Technology Co ltd filed Critical Beijing Duwo Network Technology Co ltd
Priority to CN202110234389.6A priority Critical patent/CN113032749A/en
Publication of CN113032749A publication Critical patent/CN113032749A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2151Time stamp

Abstract

The invention provides a synchronous authentication method and a synchronous authentication device.A client acquires user information sent by a user and carries out identity verification on the user according to the user information; if the user passes the identity authentication, a service identifier application request is sent to the server, so that the server generates a corresponding service identifier based on the service identifier application request and feeds the service identifier back to the client; the client sends the service identifier and the user information sent by the server to the server, and the server generates a temporary code according to the service identifier and the user information and returns the temporary code to the client; the client sends the temporary code fed back by the server to an H5 page, the H5 page sends the temporary code to the server, the server analyzes the temporary code and sends the obtained target user information to an H5 page, and the H5 page carries out identity verification on the user based on the target user information. According to the invention, when the user accesses the H5 page through the client, the user does not need to perform identity authentication for many times, so that the purpose of improving the user experience is achieved.

Description

Synchronous authentication method and device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for synchronous authentication.
Background
With the continuous development of computer technology, the application of data transmission by using applets and H5 pages is more and more extensive.
In the prior art, when a user uses an applet to transmit data to an H5 page, after the applet needs to perform authentication on the applet, after the applet passes the authentication, the applet then performs authentication on an H5 page, and after the applet passes the authentication on an H5 page, the user can access the H5 page and transmit data to the H5 page through the applet, which requires multiple times of authentication, resulting in poor user experience.
Disclosure of Invention
In view of this, the present invention provides a synchronous authentication method and apparatus, so as to achieve the purpose that when a user accesses an H5 page through a client, multiple times of authentication are not required, thereby improving user experience.
The invention discloses a synchronous authentication method in a first aspect, which is applied to a client, and comprises the following steps:
acquiring user information sent by a user, and performing identity authentication on the user according to the user information;
if the user passes the identity authentication, a service identifier application request is sent to a server, so that the server generates a corresponding service identifier based on the service identifier application request, and the service identifier is fed back to the client;
sending the service identifier and the user information sent by the server to the server, so that the server generates a temporary code according to the service identifier and the user information, and returns the temporary code to the client;
sending the temporary code fed back by the server to an H5 page, enabling the H5 page to send the temporary code to the server, enabling the server to analyze the temporary code, sending the obtained target user information to the H5 page, and enabling the H5 page to carry out identity verification on the user based on the target user information, wherein the target user information is the same as the user information.
Optionally, the performing identity authentication according to the user information includes:
acquiring user information sent by the user, wherein the user information comprises the user identification and the identity information;
acquiring target identity information of the user according to the user identification;
if the target identity information is consistent with the identity information, determining that the identity authentication of the user passes;
and if the target identity information is inconsistent with the identity information, determining that the identity authentication of the user fails.
Optionally, the sending the temporary code fed back by the server to an H5 page includes:
receiving the time code fed back by the server;
the nonce is sent to the H5 page in the form of a url parameter.
The second aspect of the present invention discloses a synchronous authentication method, which is applied to a server side, and the method comprises:
when a service identification application request sent by a client is received, generating a corresponding service identification based on the service identification request, and sending the service identification to the client;
when the service identifier and the user information sent by the client are received, generating a temporary code according to the service identifier and the user information, sending the temporary code to the client, enabling the client to send the temporary code to an H5 page, and enabling the H5 page to send the temporary code to the server;
when the time code sent by the H5 page is received, analyzing the time code to obtain target user information, wherein the target user information is the same as the user information;
and sending the target user information to the H5 page, so that the H5 page authenticates the user based on the target user information.
Optionally, the generating a time code according to the service identifier and the user information, where the service identifier carries a validity period of the service identifier, includes:
if the validity period of the service identifier is not expired, acquiring a random numerical value salt, wherein the random numerical value salt is a random numerical value salt which is generated by the server and corresponds to the service identifier when the client applies the service identifier to the server;
acquiring a current timestamp and a random character string of the server, and generating a target character string according to the user information, the service identifier, the current timestamp and the random character string;
and generating a temporary code according to the target character string and the random numerical value salt.
Optionally, the method further includes:
when the H5 page receives the temporary code sent by the client, the temporary code is sent to the server;
and when the H5 page receives the target user information sent by the server, performing identity authentication on the user based on the target user information.
The third aspect of the present invention discloses a synchronous authentication device, which is applied to a client, and comprises:
the first verification unit is used for acquiring user information sent by a user and verifying the identity of the user according to the user information;
a first sending unit, configured to send a service identifier application request to a server if the user passes authentication, where the server generates a corresponding service identifier based on the service identifier application request, and feeds the service identifier back to the client;
a second sending unit, configured to send the service identifier and the user information sent by the server to the server, so that the server generates a temporary code according to the service identifier and the user information, and returns the temporary code to the client;
a third sending unit, configured to send the temporary code fed back by the server to an H5 page, so that the H5 page sends the temporary code to the server, so that the server analyzes the temporary code, and sends the obtained target user information to the H5 page, so that the H5 page performs identity verification on the user based on the target user information, where the target user information is the same as the user information.
Optionally, the first verification unit includes:
a first obtaining unit, configured to obtain user information sent by the user, where the user information includes the user identifier and identity information;
the second acquisition unit is used for acquiring the target identity information of the user according to the user identification;
the first determining unit is used for determining that the identity authentication of the user passes if the target identity information is consistent with the identity information;
and the second determining unit is used for determining that the authentication of the user is not passed if the target identity information is inconsistent with the identity information.
Optionally, the third sending unit includes:
a receiving unit, configured to receive the time code fed back by the server;
and the fourth sending unit is used for sending the temporary code to the H5 page in the form of url parameters.
The fourth aspect of the present invention discloses a synchronous authentication device, which is applied to a server side, and the device comprises:
the system comprises a first generating unit, a second generating unit and a service identification sending unit, wherein the first generating unit is used for generating a corresponding service identification based on a service identification request when receiving the service identification application request sent by a client and sending the service identification to the client;
a second generating unit, configured to generate a temporary code according to the service identifier and the user information when receiving the service identifier and the user information sent by the client, and send the temporary code to the client, so that the client sends the temporary code to an H5 page, and the H5 page sends the temporary code to the server;
the analyzing unit is used for analyzing the time code to obtain target user information when the time code sent by the H5 page is received, wherein the target user information is the same as the user information;
a fifth sending unit, configured to send the target user information to the H5 page, so that the H5 page authenticates the user based on the target user information.
The invention provides a synchronous authentication method and a synchronous authentication device, which are used for carrying out identity authentication on a user according to acquired user information sent by the user; under the condition that the user identity authentication is passed, a service identification application request is sent to the server side, the server side generates a corresponding service identification based on the service identification application request, and the service identification is fed back to the client side; the client sends the received service identifier and the user information to the server, so that the server generates a temporary code according to the service identifier and the user information and returns the temporary code to the client; the client sends the temporary code fed back by the server to the H5 page, so that the H5 page sends the temporary code to the server, the server can analyze the temporary code and send the obtained user information to the H5 page, the H5 page can authenticate the user based on the target user information, after the authentication is passed, the user can directly access the H5 page, the user does not need to perform authentication again on the H5 page, the number of times of performing authentication in person by the user is reduced, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a synchronous authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of another synchronous authentication method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of another synchronous authentication method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a synchronous authentication device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of another synchronous authentication device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules, or units, and are not used for limiting the order or interdependence of the functions performed by the devices, modules, or units.
It is noted that references to "a", "an", and "the" modifications in the disclosure are exemplary rather than limiting, and that those skilled in the art will understand that "one or more" unless the context clearly dictates otherwise.
Referring to fig. 1, a schematic flow chart of a synchronous authentication method provided in an embodiment of the present invention is shown, where the synchronous authentication method specifically includes the following steps:
s101: the client acquires the user information sent by the user and carries out identity authentication on the user according to the user information.
In the specific process of executing step S101, an applet may be installed in the client, the user may input user information of the user by opening the applet installed in the client, and after receiving the user information input by the user, the client may perform authentication on the user according to the received user information.
In the embodiment of the application, the user information comprises user identification and identity information, the identity information can be an identity card number of a user, and the user identification can be a mobile phone number handled by the user with own identity information; the identity information of the user can be compared with the target identity information according to the target identity information of the user in the database of the user identification, and if the identity information of the user is consistent with the target identity information, the identity authentication of the user is determined to be passed; and if the identity information of the user is inconsistent with the target identity information, determining that the identity authentication of the user fails.
S102: and if the user passes the authentication, the client sends a service identification application request to the server.
In the specific process of executing step S102, the client sends a service identifier application request to the server when determining that the user passes the authentication.
S103: the server generates a corresponding service identifier based on the service identifier application request, and feeds back the service identifier to the client.
In the process of specifically executing step S103, when receiving a service identifier application request sent by the client, the server randomly generates a service identifier corresponding to the service identifier application request and the validity period of the service identifier, and returns the generated service identifier to the client. The service identifier returned to the client carries the validity period of the service identifier.
In the embodiment of the application, when the service end generates the service identifier, a random number salt corresponding to the service identifier is also generated, and when the service identifier is used for generating the temporary code, the expiration time of the temporary code is used.
S104: and the client sends the service identifier and the user information to the server.
In the specific process of executing step S104, after receiving the service identifier sent by the server, the client sends the received service identifier and the user information of the user to the server, so that the server generates the time code according to the service identifier and the user information.
S105: and the server generates a time code according to the service identifier and the user information.
In the process of specifically executing step S105, after receiving the service identifier and the user information sent by the client, the server determines whether the validity period of the service identifier is expired, and generates a corresponding temporary code according to the service identifier and the user information when the validity period of the service identifier is not expired.
In the embodiment of the present application, the process of generating the corresponding time code according to the service identifier and the user information may specifically be: acquiring a random numerical value salt corresponding to the service identifier, a current timestamp of the server and a random character string, forming a character string in a json format by the user information, the service identifier and the current timestamp of the server (for convenience of distinguishing, the formed character string is called a target character string), encrypting the target character string and the random numerical value salt by sha1, and generating a signature sign; and carrying out base64 coding on the target character string, and then combining the target character string with the signature sign to generate a temporary code.
S106: and the server returns the temporary code to the client.
In the specific process of executing step S107, after the server generates the temporary code according to the service identifier and the user information, the server sends the generated temporary code to the client, so that the client sends the received temporary code to the H5 page.
S107: the client sends the temporary code fed back by the server to the H5 page.
In the specific process of executing step S107, after receiving the temporary code fed back by the server, the client determines whether the temporary code generated according to the service identifier and fed back by the server is expired according to the expiration time of the temporary code carried by the service identifier, and sends the temporary code to the H5 page in the form of a Uniform Resource Locator (url) parameter when determining that the temporary code is not expired.
S108: the H5 page sends the temporary code to the server.
In the specific process of executing step S108, after receiving the temporary code sent by the client in the url parameter form, the H5 page sends the received temporary code to the server.
S109: and the server analyzes the time code to obtain target user information, wherein the target user information is the same as the user information.
In the process of specifically executing step S109, after receiving the temporary code sent by the H5 page, the server parses the received temporary code, specifically, after parsing the target character string encoded by base64 from the temporary code, the server performs base64 decoding on the target character string encoded by base64 to obtain the target character string, and further parses the target character string to obtain the target user information, where the target user information is the same as the user information sent by the user to the client.
S110: the server sends the target user information to the H5 page.
In the specific process of executing step S110, after the server analyzes the temporary code to obtain the target user information, the obtained target user information is sent to the H5 page, so that the H5 page performs authentication on the user according to the received target user information.
S111: the H5 page authenticates the user based on the target user information.
In the specific process of executing step S110, after receiving the target user information sent by the server, the H5 page compares the identity information in the target user information with the target identity information according to the target identity information of the user in the database based on the user identifier in the target user information, and if the identity information in the target user information is consistent with the target identity information, determines that the identity authentication of the user corresponding to the target user information passes; and if the identity information of the target user is inconsistent with the target identity information, determining that the identity authentication of the user corresponding to the target user information is not passed.
The invention provides a synchronous authentication method, which carries out identity authentication on a user according to acquired user information sent by the user; under the condition that the user identity authentication is passed, a service identification application request is sent to the server side, the server side generates a corresponding service identification based on the service identification application request, and the service identification is fed back to the client side; the client sends the received service identifier and the user information to the server, so that the server generates a temporary code according to the service identifier and the user information and returns the temporary code to the client; the client sends the temporary code fed back by the server to the H5 page, so that the H5 page sends the temporary code to the server, the server can analyze the temporary code and send the obtained user information to the H5 page, the H5 page can authenticate the user based on the target user information, after the authentication is passed, the user can directly access the H5 page, the user does not need to perform authentication again on the H5 page, the number of times of performing authentication in person by the user is reduced, and the user experience is improved.
The synchronous authentication method provided by the embodiment of the invention is described below from the perspective of the client and the server, respectively.
Referring to fig. 2, a schematic flow chart of a synchronization authentication method provided in the embodiment of the present invention is shown, where the synchronization authentication method is applied to a client, and specifically includes the following steps:
s201: and acquiring user information sent by the user, and authenticating the identity of the user according to the user information.
In the specific process of executing step S201, the applet may be installed in the client, the user may input user information of the user by opening the applet, so as to send the user information of the user, and after receiving the user information sent by the user, the client may perform authentication on the user according to the received user information. The user information comprises user identification and identity information of the user.
In the embodiment of the application, the identity information of the user can be compared with the target identity information according to the target identity information of the user in the database of the user identification, and if the identity information of the user is consistent with the target identity information, the identity authentication of the user is determined to be passed; and if the identity information of the user is inconsistent with the target identity information, determining that the identity authentication of the user fails.
S202: and if the user passes the identity authentication, sending a service identifier application request to the server, so that the server generates a corresponding service identifier based on the service identifier application request and feeds the service identifier back to the client.
In the specific process of executing step S202, the client sends a service identifier application request to the server when determining that the user passes the authentication, so that the server randomly generates a service identifier corresponding to the service identifier application request and the validity period of the service identifier when receiving the service identifier application request sent by the client, and returns the generated service identifier to the client.
It should be noted that, when the service end generates the service identifier, it also generates a random number salt corresponding to the service identifier, and when the service identifier is used to generate the temporary code, the expiration time of the temporary code is used.
S203: and sending the service identifier and the user information sent by the server to the server, so that the server generates a temporary code according to the service identifier and the user information, and returns the temporary code to the client.
In the process of specifically executing step S203, after receiving a service identifier sent by a server, a client sends the received service identifier and user information of a user to the server, so that the server determines whether the validity period of the service identifier is expired after receiving the service identifier and the user information sent by the client, and obtains a random number salt corresponding to the service identifier, a current timestamp of the server, and a random character string if the validity period of the service identifier is not expired, and combines the user information, the service identifier, and the current timestamp of the server into a character string in a json format (for convenience of distinguishing, the combined character string is referred to as a target character string), and encrypts the target character string and the random number salt by sha1 to generate a signature sign; and carrying out base64 coding on the target character string, and then combining the target character string with the signature sign to generate a temporary code.
S204: and sending the temporary code fed back by the server to an H5 page, enabling the H5 page to send the temporary code to the server, enabling the server to analyze the temporary code, and sending the obtained target user information to an H5 page, and enabling the H5 page to carry out identity verification on the user based on the target user information, wherein the target user information is the same as the user information.
In the specific process of executing step S204, after receiving the temporary code fed back by the server, the client determines whether the temporary code generated according to the service identifier and fed back by the server is expired according to the expiration time of the temporary code carried by the service identifier, and sends the temporary code to the H5 page in the form of Uniform Resource Locator (url) parameter under the condition that the temporary code is determined to be unexpired, so that the H5 page sends the temporary code to the server, so that the server parses the temporary code, and sends the obtained target user information to the H5 page, so that the H5 page performs identity verification on the user based on the target user information, where the target user information is the same as the user information.
In the embodiment of the application, after the server analyzes the target character string subjected to base64 coding from the temporal code, the server performs base64 decoding on the target character string subjected to base64 coding to obtain the target character string, and further analyzes the target character string to obtain the target user information, wherein the target user information is the same as the user information sent to the client by the user.
The invention relates to a synchronous authentication method, which is applied to a client, wherein the client carries out identity verification on a user according to acquired user information sent by the user; under the condition that the user identity authentication is passed, a service identification application request is sent to the server, so that the server generates a corresponding service identification based on the service identification application request and feeds the service identification back to the client; sending the received service identifier and the user information to a server so that the server can generate a temporary code according to the service identifier and the user information and return the temporary code to the client; the temporary code fed back by the server is sent to an H5 page, so that the temporary code is sent to the server by an H5 page, the server can analyze the temporary code, the obtained user information is sent to an H5 page, the H5 page can authenticate the user based on the target user information, after the authentication is passed, the user can directly access the H5 page, the user does not need to perform authentication again on the H5 page, the number of times of authentication performed by the user himself is reduced, and the user experience is improved.
Referring to fig. 3, a schematic flow diagram of a synchronous authentication method provided in an embodiment of the present invention is shown, where the synchronous authentication method is applied to a server, and the synchronous authentication method specifically includes the following steps:
s301: and when a service identification application request sent by the client is received, generating a corresponding service identification based on the service identification request, and sending the service identification to the client.
In the specific process of executing step S301, an applet may be installed on the client, the user may input user information of the user by opening the applet installed in the client, the client may perform authentication on the user according to the received user information after receiving the user information input by the user, and send a service identifier application request to the server if it is determined that the user passes the authentication, and when receiving the service identifier application request sent by the client, the server randomly generates a service identifier corresponding to the service identifier application request and an expiration date of the service identifier, and returns the generated service identifier to the client, so that the client sends the received service identifier and the user information to the server. The service identifier returned to the client carries the validity period of the service identifier.
In the embodiment of the application, when the service end generates the service identifier, a random number salt corresponding to the service identifier is also generated, and when the service identifier is used for generating the temporary code, the expiration time of the temporary code is used.
S302: when receiving the service identifier and the user information sent by the client, generating a temporary code according to the service identifier and the user information, and sending the temporary code to the client, so that the client sends the temporary code to an H5 page, and the H5 page sends the temporary code to the server.
In the specific process of executing step S302, after receiving the service identifier and the user information sent by the client, the server determines whether the validity period of the service identifier is expired, and generates a corresponding temporary code according to the service identifier and the user information if the validity period of the service identifier is not expired, and sends the generated temporary code to the client, so that after receiving the temporary code fed back by the server, the client determines whether the temporary code generated according to the service identifier and fed back by the server is expired according to the expiration time of the temporary code carried by the service identifier, and when determining that the temporary code is not expired, sends the temporary code to the H5 page in the form of Uniform Resource Locator (url) parameter, so that the H5 page sends the temporary code to the server.
In the embodiment of the present application, the process of generating the corresponding time code according to the service identifier and the user information may specifically be: acquiring a random numerical value salt corresponding to the service identifier, a current timestamp of the server and a random character string, forming a character string in a json format by the user information, the service identifier and the current timestamp of the server (for convenience of distinguishing, the formed character string is called a target character string), encrypting the target character string and the random numerical value salt by sha1, and generating a signature sign; and carrying out base64 coding on the target character string, and then combining the target character string with the signature sign to generate a temporary code.
S303: when the temporary code sent by the H5 page is received, the temporary code is analyzed to obtain target user information, wherein the target user information is the same as the user information.
In the process of specifically executing step S303, after receiving the temporary code sent by the H5 page, the server parses the received temporary code, specifically, after parsing the target character string encoded by base64 from the temporary code, the server performs base64 decoding on the target character string encoded by base64 to obtain the target character string, and further parses the target character string to obtain the target user information, where the target user information is the same as the user information sent by the user to the client.
S304: the target user information is sent to the H5 page, which causes the H5 page to authenticate the user based on the target user information.
In the specific process of executing step S303, after the server parses the temporary code to obtain the target user information, the obtained target user information is sent to the H5 page, so that the H5 page performs authentication on the user according to the received target user information.
The invention relates to a synchronous authentication method, which is applied to a server, wherein when the server receives a service identification application request sent by a client under the condition that the identity verification of a user passes, the server generates a corresponding service identification based on the service identification application request and feeds the service identification back to the client so that the client can send the received service identification and user information to the server; generating a temporary code according to the service identifier and the user information sent by the client, and returning the temporary code to the client, so that the client sends the temporary code to an H5 page, and the H5 page sends the temporary code to a server; the received temporary code sent by the H5 page is analyzed, the obtained user information is sent to the H5 page, the H5 page carries out identity verification on the user based on the target user information, after the identity verification is passed, the user can directly access the H5 page, the user does not need to carry out identity verification on the H5 page again, the number of times of carrying out identity verification by the user himself is reduced, and therefore user experience is improved.
Corresponding to the synchronous authentication method provided by the embodiment of the present invention, the present invention further provides a synchronous authentication device, as shown in fig. 4, the synchronous authentication device includes:
a first verification unit 41, configured to obtain user information sent by a user, and perform identity verification on the user according to the user information;
a first sending unit 42, configured to send a service identifier application request to the server if the user passes the identity authentication, where the service generates a corresponding service identifier based on the service identifier application request, and feeds back the service identifier to the client;
a second sending unit 43, configured to send the service identifier and the user information sent by the server to the server, so that the server generates a temporary code according to the service identifier and the user information, and returns the temporary code to the client;
a third sending unit 44, configured to send the temporary code fed back by the server to the H5 page, so that the H5 page sends the temporary code to the server, so that the server analyzes the temporary code, and sends the obtained target user information to the H5 page, so that the H5 page performs identity verification on the user based on the target user information, where the target user information is the same as the user information.
It should be noted that, the specific principle and the execution process of each unit in the synchronous authentication device disclosed in the above embodiment of the present invention are the same as the synchronous authentication method disclosed in the above embodiment of fig. 2 of the present invention, and reference may be made to the corresponding parts in the synchronous authentication method disclosed in the above embodiment of fig. 2 of the present invention, which are not described herein again.
The invention provides a synchronous authentication device, which is applied to a client, wherein the client carries out identity verification on a user according to acquired user information sent by the user; under the condition that the user identity authentication is passed, a service identification application request is sent to the server, so that the server generates a corresponding service identification based on the service identification application request and feeds the service identification back to the client; sending the received service identifier and the user information to a server so that the server can generate a temporary code according to the service identifier and the user information and return the temporary code to the client; the temporary code fed back by the server is sent to an H5 page, so that the temporary code is sent to the server by an H5 page, the server can analyze the temporary code, the obtained user information is sent to an H5 page, the H5 page can authenticate the user based on the target user information, after the authentication is passed, the user can directly access the H5 page, the user does not need to perform authentication again on the H5 page, the number of times of authentication performed by the user himself is reduced, and the user experience is improved.
Optionally, the first verification unit includes:
the first acquisition unit is used for acquiring user information sent by a user, wherein the user information comprises a user identifier and identity information;
the second acquisition unit is used for acquiring target identity information of the user according to the user identification;
the first determining unit is used for determining that the identity authentication of the user passes if the target identity information is consistent with the identity information;
and the second determining unit is used for determining that the identity authentication of the user does not pass if the target identity information is inconsistent with the identity information.
Optionally, the third sending unit includes:
the receiving unit is used for receiving the temporary codes fed back by the server;
and the fourth sending unit is used for sending the temporary code to the H5 page in the form of url parameter.
Corresponding to the synchronous authentication method provided by the embodiment of the present invention, the present invention further provides a synchronous authentication device, as shown in fig. 5, the synchronous authentication device includes:
a first generating unit 51, configured to generate, when receiving a service identifier application request sent by a client, a corresponding service identifier based on the service identifier request, and send the service identifier to the client;
the second generating unit 52 is configured to, when receiving the service identifier and the user information sent by the client, generate a temporary code according to the service identifier and the user information, and send the temporary code to the client, so that the client sends the temporary code to an H5 page, and the H5 page sends the temporary code to the server;
the analyzing unit 53 is configured to, when receiving the temporary code sent by the H5 page, analyze the temporary code to obtain target user information, where the target user information is the same as the user information;
and a fifth sending unit 54, configured to send the target user information to the H5 page, so that the H5 page authenticates the user based on the target user information.
It should be noted that, the specific principle and the execution process of each unit in the synchronous authentication device disclosed in the above embodiment of the present invention are the same as the synchronous authentication method disclosed in the above embodiment of fig. 3 of the present invention, and reference may be made to the corresponding parts in the synchronous authentication method disclosed in the above embodiment of fig. 3 of the present invention, which are not described herein again.
The invention provides a synchronous authentication device, which is applied to a server, wherein when the server receives a service identifier application request sent by a client under the condition that the identity verification of a user passes, the server generates a corresponding service identifier based on the service identifier application request and feeds the service identifier back to the client so that the client can send the received service identifier and user information to the server; generating a temporary code according to the service identifier and the user information sent by the client, and returning the temporary code to the client, so that the client sends the temporary code to an H5 page, and the H5 page sends the temporary code to a server; the received temporary code sent by the H5 page is analyzed, the obtained user information is sent to the H5 page, the H5 page carries out identity verification on the user based on the target user information, after the identity verification is passed, the user can directly access the H5 page, the user does not need to carry out identity verification on the H5 page again, the number of times of carrying out identity verification by the user himself is reduced, and therefore user experience is improved.
Optionally, the second generating unit includes:
a third obtaining unit, configured to obtain a random number salt if the validity period of the service identifier is not expired, where the random number salt is a random number salt corresponding to the service identifier, and the random number salt is generated by the server when the client applies the service identifier to the server;
the third generation unit is used for acquiring the current timestamp and the random character string of the server and generating a target character string according to the user information, the service identifier, the current timestamp and the random character string;
and the fourth generation unit is used for generating the temporary code according to the target character string and the random numerical value salt.
Further, the synchronous authentication device provided by the present application further includes:
a sixth sending unit, configured to send the temporary code to the server when the H5 page receives the temporary code sent by the client;
and the second verification unit is used for carrying out identity verification on the user based on the target user information when the H5 page receives the target user information sent by the server.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are merely illustrative, wherein units described as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Claims (10)

1. A synchronous authentication method is applied to a client, and comprises the following steps:
acquiring user information sent by a user, and performing identity authentication on the user according to the user information;
if the user passes the identity authentication, a service identifier application request is sent to a server, so that the server generates a corresponding service identifier based on the service identifier application request, and the service identifier is fed back to the client;
sending the service identifier and the user information sent by the server to the server, so that the server generates a temporary code according to the service identifier and the user information, and returns the temporary code to the client;
sending the temporary code fed back by the server to an H5 page, enabling the H5 page to send the temporary code to the server, enabling the server to analyze the temporary code, sending the obtained target user information to the H5 page, and enabling the H5 page to carry out identity verification on the user based on the target user information, wherein the target user information is the same as the user information.
2. The method of claim 1, wherein the performing identity verification according to the user information comprises:
acquiring user information sent by the user, wherein the user information comprises the user identification and the identity information;
acquiring target identity information of the user according to the user identification;
if the target identity information is consistent with the identity information, determining that the identity authentication of the user passes;
and if the target identity information is inconsistent with the identity information, determining that the identity authentication of the user fails.
3. The method of claim 1, wherein the sending the temporary code fed back by the server to an H5 page comprises:
receiving the time code fed back by the server;
the nonce is sent to the H5 page in the form of a url parameter.
4. A synchronous authentication method is applied to a server side, and the method comprises the following steps:
when a service identification application request sent by a client is received, generating a corresponding service identification based on the service identification request, and sending the service identification to the client;
when the service identifier and the user information sent by the client are received, generating a temporary code according to the service identifier and the user information, sending the temporary code to the client, enabling the client to send the temporary code to an H5 page, and enabling the H5 page to send the temporary code to the server;
when the time code sent by the H5 page is received, analyzing the time code to obtain target user information, wherein the target user information is the same as the user information;
and sending the target user information to the H5 page, so that the H5 page authenticates the user based on the target user information.
5. The method of claim 4, wherein the service identifier carries a validity period of the service identifier, and the generating a time code according to the service identifier and the user information comprises:
if the validity period of the service identifier is not expired, acquiring a random numerical value salt, wherein the random numerical value salt is a random numerical value salt which is generated by the server and corresponds to the service identifier when the client applies the service identifier to the server;
acquiring a current timestamp and a random character string of the server, and generating a target character string according to the user information, the service identifier, the current timestamp and the random character string;
and generating a temporary code according to the target character string and the random numerical value salt.
6. The method of claim 4, further comprising:
when the H5 page receives the temporary code sent by the client, the temporary code is sent to the server;
and when the H5 page receives the target user information sent by the server, performing identity authentication on the user based on the target user information.
7. A synchronous authentication device applied to a client, the device comprising:
the first verification unit is used for acquiring user information sent by a user and verifying the identity of the user according to the user information;
a first sending unit, configured to send a service identifier application request to a server if the user passes authentication, where the server generates a corresponding service identifier based on the service identifier application request, and feeds the service identifier back to the client;
a second sending unit, configured to send the service identifier and the user information sent by the server to the server, so that the server generates a temporary code according to the service identifier and the user information, and returns the temporary code to the client;
a third sending unit, configured to send the temporary code fed back by the server to an H5 page, so that the H5 page sends the temporary code to the server, so that the server analyzes the temporary code, and sends the obtained target user information to the H5 page, so that the H5 page performs identity verification on the user based on the target user information, where the target user information is the same as the user information.
8. The apparatus of claim 7, wherein the first authentication unit comprises:
a first obtaining unit, configured to obtain user information sent by the user, where the user information includes the user identifier and identity information;
the second acquisition unit is used for acquiring the target identity information of the user according to the user identification;
the first determining unit is used for determining that the identity authentication of the user passes if the target identity information is consistent with the identity information;
and the second determining unit is used for determining that the authentication of the user is not passed if the target identity information is inconsistent with the identity information.
9. The apparatus of claim 7, wherein the third sending unit comprises:
a receiving unit, configured to receive the time code fed back by the server;
and the fourth sending unit is used for sending the temporary code to the H5 page in the form of url parameters.
10. A synchronous authentication device, applied to a server, the device comprising:
the system comprises a first generating unit, a second generating unit and a service identification sending unit, wherein the first generating unit is used for generating a corresponding service identification based on a service identification request when receiving the service identification application request sent by a client and sending the service identification to the client;
a second generating unit, configured to generate a temporary code according to the service identifier and the user information when receiving the service identifier and the user information sent by the client, and send the temporary code to the client, so that the client sends the temporary code to an H5 page, and the H5 page sends the temporary code to the server;
the analyzing unit is used for analyzing the time code to obtain target user information when the time code sent by the H5 page is received, wherein the target user information is the same as the user information;
a fifth sending unit, configured to send the target user information to the H5 page, so that the H5 page authenticates the user based on the target user information.
CN202110234389.6A 2021-03-03 2021-03-03 Synchronous authentication method and device Pending CN113032749A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110234389.6A CN113032749A (en) 2021-03-03 2021-03-03 Synchronous authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110234389.6A CN113032749A (en) 2021-03-03 2021-03-03 Synchronous authentication method and device

Publications (1)

Publication Number Publication Date
CN113032749A true CN113032749A (en) 2021-06-25

Family

ID=76465870

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110234389.6A Pending CN113032749A (en) 2021-03-03 2021-03-03 Synchronous authentication method and device

Country Status (1)

Country Link
CN (1) CN113032749A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017080385A1 (en) * 2015-11-10 2017-05-18 阿里巴巴集团控股有限公司 Webpage application acquiring method, device and system
CN107277038A (en) * 2017-07-18 2017-10-20 北京微影时代科技有限公司 Access control method, device and system
CN108306877A (en) * 2018-01-30 2018-07-20 泰康保险集团股份有限公司 Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN108616499A (en) * 2018-03-02 2018-10-02 努比亚技术有限公司 A kind of method for authenticating of application program, terminal and computer readable storage medium
CN109040098A (en) * 2018-08-23 2018-12-18 四川长虹电器股份有限公司 A method of MQTT protocol authentication is realized based on JWT
CN111125655A (en) * 2019-12-20 2020-05-08 紫光云(南京)数字技术有限公司 Method for secure communication of OSS-API interface
CN111191200A (en) * 2019-12-20 2020-05-22 北京淇瑀信息科技有限公司 Page display method and device and electronic equipment
CN111628971A (en) * 2017-02-09 2020-09-04 阿里巴巴集团控股有限公司 Trust login method
CN112202705A (en) * 2020-08-21 2021-01-08 上海微亿智造科技有限公司 Digital signature verification generation and verification method and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017080385A1 (en) * 2015-11-10 2017-05-18 阿里巴巴集团控股有限公司 Webpage application acquiring method, device and system
CN111628971A (en) * 2017-02-09 2020-09-04 阿里巴巴集团控股有限公司 Trust login method
CN107277038A (en) * 2017-07-18 2017-10-20 北京微影时代科技有限公司 Access control method, device and system
CN108306877A (en) * 2018-01-30 2018-07-20 泰康保险集团股份有限公司 Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN108616499A (en) * 2018-03-02 2018-10-02 努比亚技术有限公司 A kind of method for authenticating of application program, terminal and computer readable storage medium
CN109040098A (en) * 2018-08-23 2018-12-18 四川长虹电器股份有限公司 A method of MQTT protocol authentication is realized based on JWT
CN111125655A (en) * 2019-12-20 2020-05-08 紫光云(南京)数字技术有限公司 Method for secure communication of OSS-API interface
CN111191200A (en) * 2019-12-20 2020-05-22 北京淇瑀信息科技有限公司 Page display method and device and electronic equipment
CN112202705A (en) * 2020-08-21 2021-01-08 上海微亿智造科技有限公司 Digital signature verification generation and verification method and system

Similar Documents

Publication Publication Date Title
CN110691087B (en) Access control method, device, server and storage medium
CN109359691B (en) Identity verification method and system based on block chain
CN110958118B (en) Certificate authentication management method, device, equipment and computer readable storage medium
CN108259437B (en) HTTP access method, HTTP server and system
US8484472B2 (en) System and method of filtering unsolicited messages
CN111522516B (en) Processing method and system for cloud broadcast print data
CN110808840B (en) Service processing method and device, electronic equipment and storage medium
CN105554098A (en) Device configuration method, server and system
CN105025041A (en) File upload method, file upload apparatus and system
CN103888255A (en) Identity authentication method, device and system
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN109936552B (en) Key authentication method, server and system
CN106779705B (en) Dynamic payment method and system
CN101426009A (en) Identity management platform, service server, uniform login system and method
WO2016131575A1 (en) Method of providing a hash value for a piece of data, electronic device and computer program
CN108259502A (en) For obtaining the identification method of interface access rights, server-side and storage medium
CN110557400B (en) Login control method and device
EP3544226A1 (en) Unified secure device provisioning
CN104580256A (en) Method and device for logging in through user equipment and verifying user's identity
WO2010149400A1 (en) System and method for reliably authenticating an appliance
EP2262165B1 (en) User generated content registering method, apparatus and system
CN105072132A (en) Validation method, validation system and communication device
CN112491890A (en) Access method and device
CN110417724B (en) Method, system, server and terminal for combined authentication of login states of application programs
GB2567715A (en) Authentication system, method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination