CN113536277A - Authentication method, system, server, client and storage medium - Google Patents

Authentication method, system, server, client and storage medium Download PDF

Info

Publication number
CN113536277A
CN113536277A CN202010290427.5A CN202010290427A CN113536277A CN 113536277 A CN113536277 A CN 113536277A CN 202010290427 A CN202010290427 A CN 202010290427A CN 113536277 A CN113536277 A CN 113536277A
Authority
CN
China
Prior art keywords
server
token
module
client
qrid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010290427.5A
Other languages
Chinese (zh)
Inventor
王阳
谢军
田峰
何欣
韩志峰
曲大林
张德春
卞淑
王鸿元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Information Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Information Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202010290427.5A priority Critical patent/CN113536277A/en
Publication of CN113536277A publication Critical patent/CN113536277A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention discloses an authentication method, an authentication system, a server, a client and a storage medium. The method comprises the following steps: generating a token according to a received first request, wherein the first request is a request sent by a client and used for authenticating account information; sending a token to the client for the client to generate a SIM signature of the user identity identification card according to the token and the quick response identification QRID; receiving a second request sent by the client, wherein the second request comprises a token, a QRID and a SIM signature; and authenticating the QRID, the token and the SIM signature, so that the client can access the server when the QRID, the token and the SIM signature are authenticated. The authentication method, the authentication system, the server, the client and the storage medium can realize the safe login of the login equipment to the 4A management platform.

Description

Authentication method, system, server, client and storage medium
Technical Field
The present invention relates to the field of data security, and in particular, to a method, a system, a server, a client, and a storage medium for authentication.
Background
At present, accounting (Account), Authorization (Authentication), Authentication (Authorization), and Audit (Audit) are abbreviated as 4A, and a management platform is used as a security service barrier of a current production system, which is of obvious security importance, and the login modes of the existing 4A management platform mainly include Account password login, short message verification code login, or two-dimensional code scanning login based on the Account password login and the short message verification code login.
However, in the daily use process, the problems of password leakage and password stealing often exist in the account password login mode, the risks of short message sniffing and interception, use and illegal login operations by other people exist in the short message verification code login, and the problem of data leakage also exists in the two-dimensional code scanning login mode based on the account password or the short message verification code.
Therefore, the existing login mode of the 4A management platform has a safety problem, and user data is easily leaked.
Disclosure of Invention
The embodiment of the invention provides an authentication method, an authentication system, a server, a client and a storage medium, solves the safety problem and the user data leakage problem existing in the existing 4A management platform login mode, and can realize safe login of the 4A management platform.
In a first aspect, a method applied to authentication of a server is provided, where the method includes:
generating a token according to a received first request, wherein the first request is a request sent by a client and used for authenticating account information;
sending a token to a client, so that the client generates a subscriber identity identification card (SIM) signature according to the token and a Quick Response Identity (QRID);
receiving a second request sent by the client, wherein the second request comprises a token, a QRID and a SIM signature;
and authenticating the QRID, the token and the SIM signature, so that the client can access the server when the QRID, the token and the SIM signature are authenticated.
In some implementations of the first aspect, the server includes a first module, a second module, and a third module; authenticating the QRID, the token and the SIM signature, comprising:
the first module authenticates the QRID;
when the first module passes the QRID authentication, the first module sends a token and an SIM signature to the second module;
when the second module passes the token authentication, the second module sends the SIM signature to the third module;
and the third module authenticates the SIM signature to obtain an authentication result, and the authentication result is sent to the first module through the second module.
In a second aspect, a method applied to authentication of a client is provided, the method including:
sending a first request for authenticating account information to a server, so that the server generates a token according to the first request;
generating a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server;
and sending a second request to the server, wherein the second request comprises a token, a QRID and a SIM signature, and the second request is used for the server to authenticate the QRID, the token and the SIM signature so as to allow the client to access the server when the QRID, the token and the SIM signature are authenticated by the server.
In some implementations of the second aspect, the fast response identification QRID obtained from the server includes:
the client scans the two-dimensional code information provided by the server and acquires the QRID from the two-dimensional code information.
In some implementation manners of the second aspect, before sending the first request for authenticating the account information to the server, the method further includes:
displaying prompt information for prompting a user to input an SIM shield password;
receiving an SIM shield password input by a user;
and authenticating the SIM shield password so as to send a first request to the server side after the SIM shield password passes the authentication.
In a third aspect, a system for authentication is provided, the system comprising:
the client is used for sending a request for authenticating account information to the server so as to authenticate the client by the server;
and the server is used for authenticating the client and allowing the client to access the server when the client passes the authentication.
In some implementations of the third aspect, the request includes a first request and a second request;
the client is also used for sending a first request for authenticating account information to the server, so that the server generates a token according to the first request;
the client is also used for generating a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server;
the client is further used for sending a second request to the server, the second request comprises a token, a QRID and a SIM signature, and the second request is used for the server to authenticate the QRID, the token and the SIM signature, so that the client is allowed to access the server when the QRID, the token and the SIM signature are authenticated by the server.
In some implementations of the third aspect,
the server is further used for generating a token according to the received first request, wherein the first request is a request sent by the client and used for authenticating account information;
the server is also used for sending a token to the client, so that the client can generate a SIM signature of the user identity identification card according to the token and the quick response identifier QRID;
the server is also used for receiving a second request sent by the client, wherein the second request comprises a token, a QRID and a SIM signature;
and the server is also used for authenticating the QRID, the token and the SIM signature, so that the client accesses the server when the QRID, the token authentication and the SIM signature authentication pass.
In some implementations of the third aspect,
the server comprises a first module, a second module and a third module;
the QRID authentication module comprises a first module, a second module and a third module, wherein the first module is used for authenticating the QRID;
the first module is also used for sending the token and the SIM signature to the second module when the QRID is authenticated by the first module;
the second module is used for sending the SIM signature to the third module when the token passes the authentication of the second module;
and the third module is used for authenticating the SIM signature to obtain an authentication result and sending the authentication result to the first module through the second module.
In a fourth aspect, a server is provided, where the server includes:
the processing module is used for generating a token according to a received first request, wherein the first request is a request sent by a client and used for authenticating account information;
the sending module is used for sending the token to the client so that the client can generate a SIM signature of the user identity identification card according to the token and the quick response identification QRID;
the receiving module is used for receiving a second request sent by the client, wherein the second request comprises a token, a QRID and a SIM signature;
and the processing module is further used for authenticating the QRID, the token and the SIM signature, so that the client accesses the server when the QRID, the token authentication and the SIM signature authentication pass.
In some implementations of the fourth aspect, the server includes a first module, a second module, and a third module;
the QRID authentication module comprises a first module, a second module and a third module, wherein the first module is used for authenticating the QRID;
the first module is also used for sending the token and the SIM signature to the second module when the QRID is authenticated by the first module;
the second module is used for sending the SIM signature to the third module when the token passes the authentication of the second module;
and the third module is used for authenticating the SIM signature to obtain an authentication result and sending the authentication result to the first module through the second module.
In a fifth aspect, a client is provided, where the client includes:
the sending module is used for sending a first request for authenticating account information to the server, so that the server generates a token according to the first request;
the processing module is used for generating a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server;
the sending module is further used for sending a second request to the server, the second request comprises a token, a QRID and a SIM signature, and the second request is used for the server to authenticate the QRID, the token and the SIM signature, so that the client is allowed to access the server when the QRID, the token and the SIM signature authentication are passed by the server.
In some implementations of the fifth aspect,
and the scanning module is used for scanning the two-dimensional code information provided by the server side by the client side and acquiring the QRID from the two-dimensional code information.
In some implementations of the fifth aspect,
and the display module can be used for displaying prompt information and prompting a user to input the SIM shield password.
And the receiving module can be used for receiving the SIM shield password input by the user.
The processing module can also be used for authenticating the SIM shield password, so that the first request is sent to the server side after the SIM shield password passes the authentication.
In a sixth aspect, there is provided a computer storage medium having stored thereon computer program instructions which, when executed by a processor, implement the first aspect and a method of authentication in some implementations of the first aspect, or which, when executed by a processor, implement the second aspect and a method of authentication in some implementations of the second aspect.
The embodiment of the invention provides an authentication method, an authentication system, a server, a client and a storage medium, which can generate a Subscriber Identity Module (SIM) signature through an acquired Quick Response Identity (QRID) and a TOKEN, and then perform authentication to realize the safe login of a login device to a 4A management platform, solve the safety problem existing in the login mode of the 4A management platform, and realize the safety of the process of logging in the 4A management platform by the client.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is an interaction diagram of an authentication method according to an embodiment of the present invention;
FIG. 2 is an interaction diagram of another authentication method provided by the embodiment of the invention;
fig. 3 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a client according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an authentication system according to an embodiment of the present invention;
fig. 6 is a block diagram of an exemplary hardware architecture of a computing device provided by an embodiment of the present invention.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below, and in order to make objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
At present, accounting (Account), Authorization (Authentication), Authentication (Authorization), and Audit (Audit) are abbreviated as 4A, and a management platform is used as a security service barrier of a current production system, which is of obvious security importance, and the login modes of the existing 4A management platform mainly include Account password login, short message verification code login, or two-dimensional code scanning login based on the Account password login and the short message verification code login.
However, in the daily use process, the problems of password leakage and password stealing often exist in the account password login mode, the risks of short message sniffing and interception, use and illegal login operations by other people exist in the short message verification code login, and the problem of data leakage also exists in the two-dimensional code scanning login mode based on the account password or the short message verification code.
Therefore, the login mode of the 4A management platform in the technical scheme has a safety problem, and user data leakage is easily caused.
In order to solve the security problem existing in the login manner of the 4A management platform in the above technical solution, embodiments of the present invention provide an authentication method, system, server, client, and storage medium, and after generating a Subscriber Identity Module (SIM) signature through an obtained Quick Response Identity (QRID) and Token, perform authentication, so as to implement secure login of a login device to the 4A management platform, thereby solving the security problem existing in the login manner of the 4A management platform in the above technical solution, and implementing security of the process of logging in the 4A management platform by the client.
It should be noted that, in the embodiment of the present invention, the server may include a first module, a second module, a third module, and a fourth module. The 4A platform login service module may be referred to as a first module, the authentication service module may be referred to as a second module, the SIM authentication module may be referred to as a third module, and the 4A platform side may be referred to as a fourth module.
The technical solutions provided by the embodiments of the present invention are described below with reference to the accompanying drawings.
Fig. 1 is an interaction diagram of an authentication method according to an embodiment of the present invention. As shown in fig. 1, the method is based on two execution bodies, namely a client and a server, and the authentication method may include:
s101: the client sends a first request for authenticating account information to the server.
Specifically, before the client sends the first request for authenticating the account information to the server, the client may display prompt information for prompting the user to input an SIM shield password and receive the SIM shield password input by the user. Optionally, in an embodiment, the client may send the first request to the server through the WAP gateway, where the first request may be a request for account information authentication (number).
S102: and the server generates a token according to the received first request.
S103: the server sends the token to the client.
S104: and the client generates a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server.
The quick response identifier QRID obtained from the server may be two-dimensional code information provided by the client scanning server, and the QRID is obtained from the two-dimensional code information. The two-dimensional code information provided by the server can be an intranet access address for dialing the VPN.
S105: and the client sends a second request to the server.
Wherein the second request may include the token, the QRID, and the SIM signature.
S106: the server side authenticates the QRID, the token and the SIM signature.
When the server passes the QRID, token and SIM signature authentication, the client can be allowed to access the server.
The server may include a first module, a second module, a third module, and a fourth module. The 4A platform login service module may be referred to as a first module, the authentication service module may be referred to as a second module, the SIM authentication module may be referred to as a third module, and the 4A platform side may be referred to as a fourth module. The specific processes of S101 to S105 in fig. 1 may be as shown in fig. 2, and fig. 2 is an interaction schematic diagram of another authentication method provided in the embodiment of the present invention.
As shown in fig. 2, S101, the client sends a first request for authenticating account information to the authentication service module; s102, the authentication service module generates a token according to the first request; s103, the authentication service module sends a token to the client; s104, the client generates an SIM signature according to the token and the QRID; s105, the client sends a second request to the 4A platform login service module; then, S106 in fig. 1 is executed: the server side authenticates the QRID, the token and the SIM signature.
As shown in fig. 2, the process of authenticating the QRID, the token, and the SIM signature by the service end may specifically include that the 4A platform login service module authenticates the QRID, and when the QRID is authenticated by the 4A platform login service module, the 4A platform login service module sends the token and the SIM signature to the authentication service module. And then the authentication service module authenticates the token, and when the authentication service module passes the authentication of the token, the authentication service module sends an SIM signature to the SIM authentication module, namely, the authentication service module equivalently forwards the SIM signature to the SIM authentication module. And then the SIM authentication module authenticates the SIM signature, and after the SIM signature passes the authentication, the SIM authentication module obtains an authentication result, and the authentication result passes the authentication service module and logs in the service module to the 4A platform, so that the authentication process of the service end is completed. The authentication result may include account information.
When the QRID, the token authentication and the SIM signature authentication of the server are passed, the SIM authentication module of the server sends the QRID, the token authentication and the SIM signature authentication to the 4A platform login service module of the server through the authentication service module of the server, so that the client is allowed to access the fourth module through the 4A platform login service module, namely, the client can access the 4A platform through the 4A platform login service module.
The client accesses the 4A platform end through the 4A platform login service module, and the process of safely logging in the 4A platform by the client is completed. Optionally, in an embodiment, when the server passes the QRID, token authentication, and SIM signature authentication, the client interface may be redirected to the 4A platform home page because the client is allowed to access the 4A platform side through the 4A platform login service module.
In the authentication method provided by the embodiment of the invention, a user can use a code scanning application in a client to scan a two-dimensional code of a 4A platform to log in the 4A platform through the client supporting the SIM shield mobile phone card.
Furthermore, as shown in fig. 2, before S101, that is, before the client sends the first request for authenticating account information to the server, the SIM shield password may be authenticated. And after the SIM shield password passes the authentication, sending a first request to the server.
The authentication method provided in the embodiment of the present invention can generate a Subscriber Identity Module (SIM) signature through the obtained Quick Response Identity (QRID) and TOKEN, and then perform authentication to implement secure login to the 4A management platform of the login device, thereby solving the security problem existing in the login manner of the 4A management platform and implementing the security of the client in the process of logging in to the 4A management platform.
Corresponding to the embodiment of the authentication method, the embodiment of the invention also provides a server for authentication.
Fig. 3 is a schematic structural diagram of a server according to an embodiment of the present invention.
As shown in fig. 3, the server may include: the device comprises a processing module 201, a sending module 202 and a receiving module 203.
The processing module 201 may be configured to generate a token according to a received first request, where the first request is a request sent by a client for authenticating account information.
The sending module 202 may be configured to send the token to the client, so that the client generates a SIM signature of the user identity card according to the token and the quick response identifier QRID.
The receiving module 203 may be configured to receive a second request sent by the client, where the second request includes the token, the QRID, and the SIM signature.
The processing module 201 may further be configured to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature pass, the client accesses the server.
The processing module 201 may further be configured to authenticate the QRID using the first module of the server.
The processing module 201 may further be configured to, when the first module of the server passes the authentication of the QRID, send the token and the SIM signature to the second module of the server.
The processing module 201 may further be configured to send the SIM signature to a third module of the server when the second module of the server passes the token authentication.
The processing module 201 may also be configured to authenticate the SIM signature by the third module of the server, obtain an authentication result, and send the authentication result to the first module of the server through the second module of the server.
The server for authentication provided in the embodiment of the present invention may generate a Subscriber Identity Module (SIM) signature through the obtained Quick Response Identity (QRID) and TOKEN, and then perform authentication, so as to implement secure login to the 4A management platform of the login device, solve the security problem in the login manner of the 4A management platform, and implement security of the process of logging in to the 4A management platform by the client.
Corresponding to the embodiment of the authentication method, the embodiment of the invention also provides the client for authentication.
Fig. 4 is a schematic structural diagram of a client according to an embodiment of the present invention.
As shown in fig. 4, the server may include: a sending module 301, a processing module 302, a scanning module 303, a display module 304, and a receiving module 305.
The sending module 301 may be configured to send a first request for authenticating account information to a server, so that the server generates a token according to the first request.
The processing module 302 may be configured to generate a SIM signature of the subscriber identity card according to the token and the quick response identifier QRID obtained from the server.
The sending module 301 may be further configured to send a second request to the server, where the second request includes a token, a QRID, and a SIM signature, and the second request is used for the server to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature are authenticated by the server, the client is allowed to access the server.
The scanning module 303 may be configured to scan the two-dimensional code information provided by the server by the client, and acquire the QRID from the two-dimensional code information.
The display module 304 may be configured to display a prompt message for prompting the user to input the SIM shield password.
The receiving module 305 may be configured to receive a SIM shield password input by a user.
The processing module 302 may further be configured to authenticate the SIM shield password, so that after the SIM shield password passes authentication, the first request is sent to the server.
The client for authentication provided in the embodiment of the present invention can generate a Subscriber Identity Module (SIM) signature through the obtained Quick Response Identity (QRID) and TOKEN, and then perform authentication, so as to implement secure login to the 4A management platform of the login device, solve the security problem in the login manner of the 4A management platform, and implement security of the process of logging in to the 4A management platform by the client.
Corresponding to the embodiment of the authentication method, the embodiment of the invention also provides an authentication system which is used for executing the authentication function.
Fig. 5 is a schematic structural diagram of an authentication system according to an embodiment of the present invention.
As shown in fig. 5, the system of authentication may include: the client 401, the server 402, and the server 402 may further include a first module 403, a second module 404, and a third module 405.
The client 401 may be configured to send a request for authenticating account information to a server, where the request is used for the server to authenticate the client, where the request includes a first request and a second request.
The server 402 may be configured to authenticate the client and allow the client to access the server when the authentication is passed. The client 401 may further be configured to send a first request for authenticating account information to the server, so that the server generates a token according to the first request.
The client 401 may further be configured to generate a SIM signature of the user identity card according to the token and the quick response identifier QRID obtained from the server.
The client 401 may further be configured to send a second request to the server, where the second request includes a token, a QRID, and a SIM signature, and the second request is used for the server to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature are authenticated by the server, the client is allowed to access the server.
The server 402 may further be configured to generate a token according to the received first request, where the first request is a request sent by the client to authenticate account information.
The server 402 may further be configured to send a token to the client, so that the client generates a SIM signature of the user identity card according to the token and the quick response identifier QRID.
The server 402 may further be configured to receive a second request sent by the client, where the second request includes the token, the QRID, and the SIM signature.
The server 402 may further be configured to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature pass, the client accesses the server.
A first module 403 of the server may be configured to authenticate the QRID.
The first module 403 of the server may be further configured to send the token and the SIM signature to the second module when the first module passes the authentication of the QRID.
The second module 404 of the server may be configured to send the SIM signature to the third module when the second module passes the token authentication.
The third module 405 of the server may be configured to authenticate the SIM signature to obtain an authentication result, and send the authentication result to the first module through the second module.
The authentication system provided in the embodiment of the present invention can generate a Subscriber Identity Module (SIM) signature through the obtained Quick Response Identity (QRID) and TOKEN, and then perform authentication to implement secure login to the 4A management platform of the login device, thereby solving the security problem existing in the login manner of the 4A management platform and implementing the security of the client in the process of logging in to the 4A management platform.
Fig. 6 shows a block diagram of an exemplary hardware architecture of a computing device capable of implementing a method of authentication according to an embodiment of the invention. As shown in fig. 6, computing device 500 includes an input device 501, an input interface 502, a central processor 503, a memory 504, an output interface 505, and an output device 506. The input interface 502, the central processing unit 503, the memory 504, and the output interface 505 are connected to each other through a bus 510, and the input device 501 and the output device 506 are connected to the bus 510 through the input interface 502 and the output interface 505, respectively, and further connected to other components of the computing device 500.
Specifically, the input device 501 receives input information from the outside and transmits the input information to the central processor 503 through the input interface 502; the central processor 503 processes input information based on computer-executable instructions stored in the memory 504 to generate output information, temporarily or permanently stores the output information in the memory 504, and then transmits the output information to the output device 506 through the output interface 505; output device 506 outputs the output information outside of computing device 500 for use by a user.
That is, the computing device shown in fig. 6 may also be implemented as an authenticated device that may include: a memory storing computer-executable instructions; and a processor that, when executing computer-executable instructions, may implement the method of authentication provided by embodiments of the present invention.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium has computer program instructions stored thereon; the computer program instructions, when executed by a processor, implement the method of authentication provided by embodiments of the present invention.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present invention, and these modifications or substitutions should be covered within the scope of the present invention.

Claims (12)

1. A method for authentication, applied to a server, includes:
generating a token according to a received first request, wherein the first request is a request sent by a client and used for authenticating account information;
sending the token to the client for the client to generate a SIM signature according to the token and a Quick Response Identifier (QRID);
receiving a second request sent by the client, the second request comprising the token, the QRID and the SIM signature;
authenticating the QRID, the token and the SIM signature, so that the client can access the server when the QRID, the token and the SIM signature are authenticated.
2. The method of claim 1, wherein the server comprises a first module, a second module, and a third module; said authenticating said QRID, said token and said SIM signature comprises:
the first module authenticates the QRID;
when the first module passes the QRID authentication, the first module sends the token and the SIM signature to the second module;
when the second module passes the authentication of the token, the second module sends the SIM signature to the third module;
and the third module authenticates the SIM signature to obtain an authentication result, and sends the authentication result to the first module through the second module.
3. A method for authentication, the method being applied to a client, the method comprising:
sending a first request for authenticating account information to a server, so that the server generates a token according to the first request;
generating a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server;
sending a second request to the server, where the second request includes the token, the QRID, and the SIM signature, and the second request is used for the server to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature are authenticated by the server, the client is allowed to access the server.
4. The method of claim 3, wherein obtaining a Quick Response Identification (QRID) from the server comprises:
scanning the two-dimension code information provided by the server, and acquiring the QRID from the two-dimension code information.
5. The method according to claim 3 or 4, wherein before the sending of the first request for authenticating account information to the server, the method further comprises:
displaying prompt information for prompting a user to input an SIM shield password;
receiving an SIM shield password input by a user;
and authenticating the SIM shield password so as to send the first request to a server after the SIM shield password passes authentication.
6. A system for authentication, the system comprising:
the client is used for sending a request for authenticating account information to the server so as to authenticate the client by the server;
and the server is used for authenticating the client and allowing the client to access the server when the client passes the authentication.
7. The system of claim 6, wherein the request comprises a first request and a second request;
the client is further used for sending a first request for authenticating account information to a server, so that the server generates a token according to the first request;
the client is also used for generating a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server;
the client is further configured to send a second request to the server, where the second request includes the token, the QRID, and the SIM signature, and the second request is used for the server to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature are authenticated by the server, the client is allowed to access the server.
8. The system of claim 7,
the server is further used for generating a token according to the received first request, wherein the first request is a request sent by the client and used for authenticating account information;
the server is further used for sending the token to the client, so that the client can generate a SIM signature of the user identity identification card according to the token and the quick response identifier QRID;
the server is further configured to receive a second request sent by the client, where the second request includes the token, the QRID, and the SIM signature;
the server is further configured to authenticate the QRID, the token and the SIM signature, so that when the QRID, the token authentication and the SIM signature authentication pass, the client accesses the server.
9. The system of claim 8, wherein the server comprises a first module, a second module, and a third module;
the first module is used for authenticating the QRID;
the first module is further configured to send the token and the SIM signature to the second module when the first module passes the authentication of the QRID;
the second module is configured to send the SIM signature to the third module when the second module passes authentication of the token;
and the third module is used for authenticating the SIM signature to obtain an authentication result and sending the authentication result to the first module through the second module.
10. A server, characterized in that the server comprises:
the processing module is used for generating a token according to a received first request, wherein the first request is a request sent by a client and used for authenticating account information;
a sending module, configured to send the token to the client, so that the client generates a SIM signature of a user identity card according to the token and a quick response identifier QRID;
a receiving module, configured to receive a second request sent by the client, where the second request includes the token, the QRID, and the SIM signature;
the processing module is further configured to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature pass authentication, the client accesses the server.
11. A client, the client comprising:
the sending module is used for sending a first request for authenticating account information to a server, so that the server generates a token according to the first request;
the processing module is used for generating a SIM signature of the user identity identification card according to the token and the quick response identification QRID acquired from the server;
the sending module is further configured to send a second request to the server, where the second request includes the token, the QRID, and the SIM signature, and the second request is used for the server to authenticate the QRID, the token, and the SIM signature, so that when the QRID, the token, and the SIM signature are authenticated by the server, the client is allowed to access the server.
12. A computer storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of authentication of any one of claims 1-2 or which, when executed by a processor, implement the method of authentication of any one of claims 3-5.
CN202010290427.5A 2020-04-14 2020-04-14 Authentication method, system, server, client and storage medium Pending CN113536277A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010290427.5A CN113536277A (en) 2020-04-14 2020-04-14 Authentication method, system, server, client and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010290427.5A CN113536277A (en) 2020-04-14 2020-04-14 Authentication method, system, server, client and storage medium

Publications (1)

Publication Number Publication Date
CN113536277A true CN113536277A (en) 2021-10-22

Family

ID=78088039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010290427.5A Pending CN113536277A (en) 2020-04-14 2020-04-14 Authentication method, system, server, client and storage medium

Country Status (1)

Country Link
CN (1) CN113536277A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640460A (en) * 2022-01-28 2022-06-17 成都卫士通信息产业股份有限公司 User login method, device, equipment and medium in application program
CN115696329A (en) * 2022-10-27 2023-02-03 中国联合网络通信集团有限公司 Zero trust authentication method and device, zero trust client device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113551A (en) * 2014-07-28 2014-10-22 百度在线网络技术(北京)有限公司 Platform authorization method, platform server side, application client side and system
US20150017950A1 (en) * 2011-12-30 2015-01-15 Telefonaktiebolaget L M Ericsson (pulb) Virtual sim card cloud platform
US20150163065A1 (en) * 2013-12-05 2015-06-11 Xiaolai Li Identity authentication method and apparatus and server
CN105162764A (en) * 2015-07-30 2015-12-16 北京石盾科技有限公司 Dual authentication method, system and device for SSH safe login
CN109618341A (en) * 2018-12-27 2019-04-12 无锡天脉聚源传媒科技有限公司 A kind of digital signature authentication method, system, device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150017950A1 (en) * 2011-12-30 2015-01-15 Telefonaktiebolaget L M Ericsson (pulb) Virtual sim card cloud platform
US20150163065A1 (en) * 2013-12-05 2015-06-11 Xiaolai Li Identity authentication method and apparatus and server
CN104113551A (en) * 2014-07-28 2014-10-22 百度在线网络技术(北京)有限公司 Platform authorization method, platform server side, application client side and system
CN105162764A (en) * 2015-07-30 2015-12-16 北京石盾科技有限公司 Dual authentication method, system and device for SSH safe login
CN109618341A (en) * 2018-12-27 2019-04-12 无锡天脉聚源传媒科技有限公司 A kind of digital signature authentication method, system, device and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640460A (en) * 2022-01-28 2022-06-17 成都卫士通信息产业股份有限公司 User login method, device, equipment and medium in application program
CN114640460B (en) * 2022-01-28 2024-01-30 成都卫士通信息产业股份有限公司 User login method, device, equipment and medium in application program
CN115696329A (en) * 2022-10-27 2023-02-03 中国联合网络通信集团有限公司 Zero trust authentication method and device, zero trust client device and storage medium

Similar Documents

Publication Publication Date Title
CN101350720B (en) Dynamic cipher authentication system and method
CN107249004B (en) Identity authentication method, device and client
CN109041205A (en) Client registers method, apparatus and system
CN110266642A (en) Identity identifying method and server, electronic equipment
CN107948204A (en) One-key login method and system, related equipment and computer readable storage medium
US9445269B2 (en) Terminal identity verification and service authentication method, system and terminal
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN110278084B (en) eID establishing method, related device and system
CN111800377B (en) Mobile terminal identity authentication system based on safe multi-party calculation
CN104426659A (en) Dynamic password generating method, authentication method, authentication system and corresponding equipment
CN111092899A (en) Information acquisition method, device, equipment and medium
CN104767617A (en) Message processing method, system and related device
US8601270B2 (en) Method for the preparation of a chip card for electronic signature services
CN104796255A (en) A safety certification method, device and system for a client end
CN113536277A (en) Authentication method, system, server, client and storage medium
CN105812398A (en) Remote login authorization method and remote login authorization device
CN114390524B (en) Method and device for realizing one-key login service
CN109587683B (en) Method and system for preventing short message from being monitored, application program and terminal information database
CN108123918A (en) A kind of account authentication login method and device
CN115801450B (en) Multi-dimensional joint authentication method and system for time and terminal
CN114679276B (en) Identity authentication method and device of time-based one-time password algorithm
CN116318819A (en) Authentication method and device based on SIM card and storage medium
CN108076460B (en) Method and terminal for authentication
CN114727276A (en) Method and system for determining account information in user non-login state
KR101879842B1 (en) User authentication method and system using one time password

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination