CN113672897A - Data communication method, device, electronic equipment and storage medium - Google Patents

Data communication method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113672897A
CN113672897A CN202110832735.0A CN202110832735A CN113672897A CN 113672897 A CN113672897 A CN 113672897A CN 202110832735 A CN202110832735 A CN 202110832735A CN 113672897 A CN113672897 A CN 113672897A
Authority
CN
China
Prior art keywords
client
certificate
server
verification
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110832735.0A
Other languages
Chinese (zh)
Other versions
CN113672897B (en
Inventor
翁迟迟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing QIYI Century Science and Technology Co Ltd
Original Assignee
Beijing QIYI Century Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing QIYI Century Science and Technology Co Ltd filed Critical Beijing QIYI Century Science and Technology Co Ltd
Priority to CN202110832735.0A priority Critical patent/CN113672897B/en
Publication of CN113672897A publication Critical patent/CN113672897A/en
Application granted granted Critical
Publication of CN113672897B publication Critical patent/CN113672897B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a data communication method, a data communication device, electronic equipment and a computer readable storage medium, and belongs to the technical field of computers. The method comprises the following steps: in the process of establishing data communication between the client and the server, when the client responds to identity verification operation, an identity verification request can be sent to the server, the identity verification request comprises certificate information, the certificate information comprises information corresponding to a client certificate issued after the identity verification of the client by the server is passed, then the server performs identity verification on the client certificate according to the certificate information and generates a verification result aiming at the client to establish communication connection, so that the client certificate related to the client identity information is subjected to bidirectional identity information transmission in a certificate verification mode under the condition that bidirectional transmission exists between the client and the server, the bidirectional identity verification of data transmission is realized, the authentication mode can be flexibly configured, and the applicability of the identity authentication is improved.

Description

Data communication method, device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data communication method, a data communication apparatus, an electronic device, and a computer-readable storage medium.
Background
With the development of internet technology, more and more offline services are gradually realized through online interaction. In order to achieve online interaction, a user generally needs to install an application on his terminal (e.g., a mobile phone, a tablet computer, etc.), and then interact with a server through the application, or interact with users of other applications through the application. During the use of the application installed on the terminal of the user, the server side verifies the identity of the user by the need. For example, before a user performs services such as account login, message publishing, balance inquiry, online transaction, and the like, the server needs to verify the identity of the user to ensure data security. In the identity verification process, the client side can only perform identity information authentication on the server side in a one-way mode, or the server side performs identity information authentication on the client side in a one-way mode, and no matter which side of the client side is subjected to identity authentication, the risk that data tampering is performed by a middleman easily exists, and data leakage is caused.
Disclosure of Invention
The invention provides a data communication method, a data communication device, electronic equipment and a computer readable storage medium, which are used for solving the problem of low safety of authentication in the data communication process in the prior art to a certain extent.
According to a first aspect of the present invention, there is provided a data communication method, the method comprising:
the client responds to identity verification operation and sends an identity verification request to the server, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
the server side carries out security verification on the client side certificate according to the certificate information to generate a verification result aiming at the client side;
and if the verification result is that the client is credible, the server establishes data communication with the client.
Optionally, the certificate information includes a certificate identifier corresponding to the client certificate and a user identifier of the client, and the server performs security verification on the client certificate according to the certificate information to generate a verification result for the client, including:
the server side obtains an issuing user identification corresponding to the certificate identification, and compares the issuing user identification with the using user identification;
if the issuing user identification is the same as the using user identification, the server generates a credible verification result aiming at the client;
and if the issuing user identification is different from the using user identification, the server generates an untrusted verification result aiming at the client.
Optionally, before the client sends an authentication request to the server in response to an authentication operation, the method further includes:
the client side responds to equipment verification operation, obtains equipment verification information corresponding to the equipment verification operation, and sends the equipment verification information to the server side;
and if the server detects that the equipment verification information is the same as the preset verification information, taking the terminal to which the client belongs as a trusted terminal.
Optionally, after the target client uses the terminal as a trusted terminal, the method further includes:
the client side responds to the client side verification operation and sends an identity authentication request to the server side, wherein the identity authentication request comprises the equipment verification information and the equipment fingerprint information of the credible terminal;
the server side adopts the equipment verification information and the equipment fingerprint information to carry out identity authentication on the client side, generates a client side certificate aiming at the client side, and records an issuing user identification corresponding to the client side certificate;
and the client receives a client certificate sent by the server.
Optionally, the method further comprises:
the server side obtains configuration parameters corresponding to the client side, and judges the running state of the client side according to the configuration parameters;
if the configuration parameters represent that the running state of the client is a normal state, the server side keeps the client certificate valid;
if the configuration parameters represent that the running state of the client is an abnormal state, the server side logs out the client certificate;
wherein the configuration parameters include at least one of interface access parameters, device parameters, and user parameters.
According to a second aspect of the present invention, there is provided a data communication method applied to a client, the method including:
responding to the detected identity verification operation, sending an identity verification request to a server, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
receiving a verification result for the client certificate;
and if the verification result is that the client is credible, establishing data communication with the server.
According to a third aspect of the present invention, there is provided a data communication method applied to a server, the method including:
acquiring an identity verification request sent by a client, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the identity authentication of the client by the server is passed;
according to the certificate information, performing security verification on the client certificate to generate a verification result aiming at the client;
and if the verification result is that the client is credible, establishing data communication with the client.
According to a fourth aspect of the present invention, there is provided a data communication apparatus, applied to a client, the apparatus comprising:
the identity authentication request sending module is used for responding to the detected identity authentication operation and sending an identity authentication request to the server, wherein the identity authentication request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes the identity authentication of the client;
a verification result receiving module for receiving a verification result for the client certificate;
and the data communication module is used for establishing data communication with the server side if the verification result is that the client side is credible.
According to a fifth aspect of the present invention, there is provided a data communication apparatus, applied to a server, the apparatus including:
the identity authentication request acquisition module is used for acquiring an identity authentication request sent by a client, wherein the identity authentication request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the identity authentication of the client by the server is passed;
the verification result generation module is used for carrying out security verification on the client certificate according to the certificate information and generating a verification result aiming at the client;
and the data communication module is used for establishing data communication with the client if the verification result is that the client is credible.
According to a sixth aspect of the present invention, there is provided an electronic apparatus comprising:
one or more processors; and
one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the electronic device to perform a data communication method as described above.
According to a seventh aspect of the present invention, there is provided a computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the data communication method as described above.
Aiming at the prior art, the invention has the following advantages:
in the embodiment of the invention, in the process of establishing data communication between a client and a server, when the client responds to identity verification operation, an identity verification request can be sent to the server, the identity verification request comprises certificate information, the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client, then the server can verify the identity of the client certificate according to the certificate information and generate a verification result aiming at the client, if the verification result is that the client is credible, the server establishes data communication with the client, so that the client certificate associated with the client identity information is subjected to bidirectional identity information transmission of the server-client and the client-server in a certificate verification mode under the condition that bidirectional transmission exists between the client and the server, the bidirectional identity authentication of data transmission is realized, the authentication mode can be flexibly configured, and the applicability of the identity authentication is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
FIG. 1 is a flow chart of the steps of a data communication method embodiment of the present invention;
FIG. 2 is a schematic diagram of a process for certificate issuance provided in an embodiment of the present invention;
FIG. 3 is a schematic illustration of certificate management provided in an embodiment of the present invention;
FIG. 4 is a schematic diagram of data processing provided in an embodiment of the present invention;
FIG. 5 is a flow chart of the steps of a data communication method embodiment of the present invention;
FIG. 6 is a flow chart of the steps of a data communication method embodiment of the present invention;
FIG. 7 is a block diagram of a data communication system embodiment of the present invention;
FIG. 8 is a block diagram of an embodiment of a data communication device of the present invention;
FIG. 9 is a block diagram of an embodiment of a data communication device of the present invention;
fig. 10 is a block diagram of an electronic device of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As an example, a user typically needs to install a client on his terminal (e.g., a mobile phone, a tablet, etc.), and then interact with the server through the client, or interact with users of other clients through the client. Before a user performs services such as account login, message sending, balance inquiry, online transaction, link access and the like, a client side can perform one-way identity authentication by adopting http (HyperText Transfer Protocol), perform identity authentication on a server side, and execute corresponding services after the authentication is successful; the server performs one-way identity authentication on the client, performs identity authentication on the client, and executes corresponding service after the authentication is successful; the bidirectional authentication can also be performed between the client and the server, but the client still can perform the one-way authentication only or the server performs the one-way authentication only in the bidirectional authentication process. Therefore, in the related art, no matter what identity verification method is adopted, the identity information of the client can only be transmitted in a single direction for single-direction authentication, namely, through the identity information verification method, the risk of data tampering by a middleman easily exists, and data leakage is caused.
In view of the above, one of the core invention points of the embodiment of the present invention is that before the client and the server establish data communication, the server may perform identity authentication on the client and issue a corresponding client certificate, the client receives and locally stores the client certificate, so as to implement identity authentication of the client by the server, when data communication needs to be established, the client sends the client certificate and corresponding certificate information to the server for identity authentication, and after the client successfully authenticates, establishes a corresponding data communication connection, so as to perform bidirectional identity information transmission of "server-client" and "client-server" on the client certificate associated with the client identity information, thereby implementing bidirectional identity authentication of data transmission, and flexibly configuring an authentication mode, the applicability of identity authentication is improved.
Specifically, referring to fig. 1, a flowchart illustrating steps of an embodiment of a data communication method according to the present invention is shown, which may specifically include the following steps:
step 101, a client sends an identity verification request to a server in response to an identity verification operation, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
in the embodiment of the present invention, the client may be an application running on the user terminal, and the application includes a life application, an instant messaging application, a game application, a payment application, and the like, and in the embodiment of the present invention, the client is exemplified as the instant messaging application, and a bidirectional encryption channel may be established between the client and the server through bidirectional tls (mtls), so as to implement bidirectional transmission of data.
When the client triggers the identity verification operation, an identity verification request may be sent to the server, where the identity verification request may include certificate information, and the certificate information may include information corresponding to a client certificate issued after the server performs identity authentication on the client. Each user account logged in the client can correspond to a client certificate, so that the client certificate has uniqueness; the certificate information may be identification information associated with the client certificate, etc.
In a specific implementation, before using a client certificate, a client needs to pass identity authentication of a server, and before performing the identity authentication, the client can perform device verification on a terminal device to which the client belongs, specifically, the client responds to the device verification operation, obtains device verification information corresponding to the device verification operation, and sends the device verification information to the server, and if the server detects that the device verification information is the same as preset verification information, the terminal to which the client belongs is taken as a trusted terminal; and if the server side detects that the equipment verification information is different from the preset verification information, prompting related risk information.
The preset verification information may be information set according to a verification type, such as a short message verification code, a graphic verification code, a digital verification code, fingerprint information and iris features stored in a local or a server, and the like received by a terminal. For example, when a user wants to log in a related account, the application program can require short message verification to verify whether the terminal is a trusted terminal or not, the terminal can receive a corresponding short message verification code, the user can input the short message verification code into the application program, the application program sends the short message verification code to the server for verification, and if the short message verification code is the same as the verification code in the short message sent by the server, the terminal is determined to be the trusted terminal; if the terminal identity is different from the trusted terminal identity, the verification failure is prompted, re-verification is required, and the like, so that whether the terminal is a trusted terminal or not can be verified through related equipment verification operations, and the basis of a trust chain of identity verification is guaranteed.
After the client successfully verifies the terminal to which the client belongs, the client can respond to the client verification operation and send an identity authentication request to the server, wherein the identity authentication request can comprise equipment verification information and equipment fingerprint information of a credible terminal, the server responds to the identity authentication request, adopts the equipment verification information and the equipment fingerprint information to perform identity authentication on the client, generates a client certificate aiming at the client, records an issuing user identifier corresponding to the client certificate, then sends the client certificate to the corresponding client, and the client receives the client certificate and performs local encryption storage.
After the client determines that the terminal is a trusted terminal, the client can further perform client verification operation, send an identity authentication request to the server, and perform identity verification on the client by the server to send a corresponding client certificate. The device fingerprint information may include a unique Identifier of the client, an MAC address, a WIFI list, an IDFA (Identifier For Identifier), an International Mobile Equipment Identity (IMEI), and the like, and the server may perform Identity authentication on the client based on the device authentication information and the device fingerprint information after receiving the device authentication information and the device fingerprint information, generate a client certificate, and an issuing user Identifier corresponding to the client certificate, where the issuing user Identifier may be a user Identifier corresponding to an account logged in the client, and is used to ensure the uniqueness of the client certificate. After receiving the client certificate, the client can encrypt the client certificate and then store the client certificate locally, so that the security of the client certificate is ensured.
In an example, referring to fig. 2, a schematic diagram illustrating a flow of certificate issuance provided in the embodiment of the present invention is shown, where a corresponding client runs in a terminal, and the client and a server may determine whether the terminal to which the client belongs is a trusted terminal based on short message verification, so as to implement security verification of a device. When the terminal is a trusted terminal, the client may initiate an identity authentication request to the server, so as to implement identity authentication of the server to the client. Specifically, the server may operate a corresponding security wind control system, and after receiving the short message authentication information and the device fingerprint information sent by the client, the security wind control system may first determine whether the short message authentication information is corresponding short message authentication information in the device authentication process, if so, sign a corresponding client certificate based on the device fingerprint information, record a corresponding signed user identifier, and then issue the client certificate to the client. After receiving the client certificate, the client can perform local encryption storage in a P12 mode, so that the client is authenticated through the server, bidirectional authentication between the client and the server is realized, and the security of data transmission is ensured.
It should be noted that, in the embodiment of the present invention, short message verification is taken as an example for illustration, and it is understood that device verification may also include fingerprint verification, iris verification, and the like, which is not limited in the present invention.
After the client stores the corresponding client certificate, when the user performs corresponding business operation, the corresponding authentication operation can be triggered, the client sends certificate information corresponding to the client certificate to the server to realize authentication, and after the server successfully authenticates the client, the user is allowed to execute corresponding business operation, such as instant messaging, page access, online payment and the like.
102, the server side performs security verification on the client side certificate according to the certificate information to generate a verification result aiming at the client side;
in the embodiment of the present invention, the certificate information may include a certificate identifier corresponding to the client certificate and a user identifier of the client, and the server may first obtain an issuing user identifier corresponding to the certificate identifier, and then compare the issuing user identifier with the user identifier; if the issuing user identification is the same as the using user identification, the server generates a credible verification result aiming at the client; and if the issuing user identification is different from the using user identification, the server generates an untrusted verification result aiming at the client.
The user identifier can be an identifier corresponding to a user account currently logged in by the client; the certificate identification can be a serial number of the client certificate, different client certificates can correspond to different serial numbers, and in the process of authenticating the identity of the client certificate, the server can obtain an issuing user identification recorded when the certificate is issued based on the certificate identification, compare the issuing user identification with the user identification, judge whether the issuing user identification is the same as the user identification, and if the issuing user identification is the same as the user identification, judge that the client is credible; if the client side is not credible, the client side is judged to be not credible, corresponding risk prompt is carried out, and therefore the certificate is verified, bidirectional authentication between the client side and the server side is achieved, and safety of data transmission is guaranteed.
Optionally, in addition to comparing the user identifiers, a validity period of the client certificate may be set when the client certificate is issued, and when the client is authenticated, the status of the client may be determined by determining whether the validity period of the client certificate expires, which is not limited in the present invention.
Step 103, if the verification result is that the client is authentic, the server establishes data communication with the client.
After the identity of the client is verified by the server, a corresponding verification result can be generated and sent to the client, and if the verification result is that the client is credible, the server can establish data communication with the client so that the client can perform related business operation; if the verification result is that the client is not credible, the client can perform corresponding risk prompt, such as prompt of failure of verification, prompt of secondary verification and the like, so that through the certificate verification mode, the bidirectional identity authentication of data transmission between the client and the server can be realized, the authentication mode can be flexibly configured, and the applicability of the identity authentication is improved.
In addition, the server side can issue corresponding client side certificates and manage the client side certificates, so that the security of certificate management is improved. Specifically, after establishing data communication connection with the client, the server can determine a configuration parameter corresponding to the client according to the configuration parameter, and determine the operating state of the client; if the configuration parameters represent that the running state of the client is a normal state, the server keeps the client certificate valid; and if the configuration parameters represent that the running state of the client is an abnormal state, the server side logs out the client certificate. Wherein the configuration parameters at least comprise one of interface access parameters, device parameters and user parameters.
Specifically, the server may extract the access frequency of the client interface from the interface access parameter, and if the access frequency of the corresponding interface is greater than or equal to a preset threshold, it may be determined that the interface access is abnormal, and perform corresponding risk prompt; or extracting the equipment authority state from the equipment parameters, judging whether the terminal to which the client belongs is cracked, if the terminal is in the cracked state, judging that the equipment is abnormal, and canceling the corresponding client certificate; or extracting an equipment identifier from the equipment parameters, judging whether the terminal to which the client belongs is matched with the equipment identifier, if not, judging that the equipment is abnormal, and prompting secondary verification and the like; the corresponding user identification can be obtained from the user parameters, whether the user identification is valid or not is judged, specifically, the server side can be connected with the corresponding user management system, the user identification is stored in the user management system, and the validity of the user identification is classified, so that whether the client side is abnormal or not can be judged by judging whether the user identification is valid or not, the validity of the client side certificate is kept, and the safety of client side certificate management is improved.
In an example, referring to fig. 3, a schematic diagram of certificate management provided in the embodiment of the present invention is shown, where a client and a server may start bidirectional authentication of mTLS, and after the client verifies that a terminal to which the client belongs is a trusted terminal and obtains a corresponding client certificate, the client certificate may be subjected to white-box encryption locally, and a certificate check in the client and secure wind control management that transmits corresponding configuration parameters to the server are started through load balancing of a server proxy Nginx, for example, information such as device fingerprint information and a certificate may be sent to the server through a Header such as x-key, and a secure wind control management system performs identity verification on the client and risk monitoring. In the risk monitoring process of the client, the security wind control management may identify an operating state corresponding to the client based on the configuration parameters, and determine a risk level corresponding to the operating state, for example, determine whether a corresponding user identifier is valid according to a used user identifier, determine a use state of an interface according to an interface configuration parameter, determine a state of the device according to a device parameter, and the like. After determining the operating state of the client, the security wind control management may determine a corresponding risk level, including a low risk, a medium risk, a high risk, and the like, for example, if the user identifier is invalid, it may be determined as a high risk; if the interface configuration parameter represents that the interface is frequently used, the interface can be judged to be high-risk; if the device parameter representation device is different from the device to which the client belongs, the risk can be determined as medium risk; if the abnormal condition does not exist, the abnormal condition can be judged to be low risk, the low risk can not be processed, the medium risk can be prompted to carry out secondary verification, and the high risk can adopt a certificate cancellation mode to ensure the safety of data transmission, so that on one hand, the bidirectional identity verification between the client and the server is realized through the certificate mode, and on the other hand, the safety of certificate management is improved through monitoring the client.
In addition, for the client, a common client and a management client may be included, different permissions may be configured between different clients according to a logged-in user account, for the common client and the management client, both have permissions to use basic functions, and the difference is that the management client has permissions to manage the common client, for example, the management client may obtain configuration parameters of the common client, manage usage permissions of the common client, and the like. In one example, the configuration parameters of the common client can be monitored through the management client, if a user to which the management client belongs finds that the common client is possibly abnormal, the management client can obtain the configuration parameters of the common client and send the configuration parameters to the server, and the server performs wind control management to determine whether the common client is in an abnormal state, so that the data security is ensured; in another example, a security detection mechanism may also be configured in the common client, and when it is detected that there may be an abnormality in the use process of the client, the common client may obtain corresponding configuration parameters, and send the configuration parameters to the server, and the server performs wind control management to determine whether the common client is in an abnormal state, so as to ensure the security of data. Optionally, the foregoing processes may be implemented individually or in combination, and the present invention is not limited thereto.
It should be noted that the embodiments of the present invention include, but are not limited to, the above examples, and it is understood that, under the guidance of the idea of the present invention, those skilled in the art may also set the embodiments according to actual needs, and the present invention is not limited to these.
In the embodiment of the invention, in the process of establishing data communication between a client and a server, when the client responds to identity verification operation, an identity verification request can be sent to the server, the identity verification request at least comprises certificate information, the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client, then the server can verify the identity of the client certificate according to the certificate information and generate a verification result aiming at the client, if the verification result is that the client is credible, the server establishes data communication with the client, so that the client certificate associated with the client identity information is subjected to bidirectional identity information transmission of the client-client and the client-server in a certificate verification mode under the condition that bidirectional transmission exists between the client and the server, the bidirectional identity authentication of data transmission is realized, the authentication mode can be flexibly configured, and the applicability of the identity authentication is improved.
In order to make those skilled in the art better understand the technical solutions of the embodiments of the present invention, the following explanation is made by an example.
Referring to fig. 4, which is a schematic diagram illustrating data processing provided in the embodiment of the present invention, for a client, the client may operate on a user side, and may apply for client certificate authentication from a server through a certificate acquisition interface, and after the client certificate is successfully authenticated, acquire a client certificate issued by the server, and then may encrypt the client certificate by using a root certificate of the client, and store the client certificate in a local place.
The mTLS bidirectional authentication can be started between the client and the server through a Uniform Resource Identifier (URI), so that bidirectional authentication between the client and the server is realized through a certificate.
For the server, the server may include a server certificate so that the client performs identity authentication on the server, and the server may transmit information such as a client certificate and the like through Nignx through Proxy-Header to perform security management, including certificate issuing, certificate auditing, certificate management and the like. For certificate issuance, the server side can issue an intermediate certificate according to a request message transmitted by the client side, and use the intermediate certificate as a client side certificate, specifically, the server side can issue the intermediate certificate by adopting an offline root certificate, then store the intermediate certificate as the client side certificate, and issue the client side certificate to the corresponding client side; for certificate auditing, a corresponding certificate log of canceling, a corresponding certificate log of signing and issuing and the like can be recorded in a server; for certificate management, the server may perform query management, logout management, and the like of the corresponding client certificate.
By means of certificate verification, bidirectional identity authentication of data transmission between the client and the server can be achieved, the authentication mode can be configured flexibly, and the applicability of identity authentication is improved.
Referring to fig. 5, a flowchart illustrating steps of an embodiment of a data communication method according to the present invention is shown, and applied to a client, the method specifically includes the following steps:
step 501, in response to detection of an identity verification operation, sending an identity verification request to a server, where the identity verification request at least includes certificate information, and the certificate information includes information corresponding to a client certificate issued after the server passes identity authentication on the client;
step 502, receiving a verification result aiming at the client certificate;
step 503, if the verification result is that the client is trusted, establishing data communication with the server.
In an optional embodiment of the present invention, before sending the authentication request to the server in response to detecting the authentication operation, the method further includes:
and responding to the detected equipment verification operation, acquiring equipment verification information corresponding to the equipment verification operation, and sending the equipment verification information to a server side so as to verify whether the user terminal to which the client belongs is a trusted terminal.
In an optional embodiment of the present invention, after the terminal to which the client belongs is taken as a trusted terminal, the method further includes:
if the user terminal is a trusted terminal, responding to the detection of a client verification operation, and sending an identity authentication request to a server, wherein the identity authentication request comprises the equipment verification information and the equipment fingerprint information of the trusted terminal;
and receiving a client certificate aiming at the identity authentication request, and storing the client certificate, wherein the client certificate is a certificate generated according to the equipment verification information and the equipment fingerprint information.
In the embodiment of the invention, in the process of establishing data communication between the client and the server, when the client responds to the authentication operation, an authentication request can be sent to the server, the authentication request at least comprises certificate information, the certificate information comprises information corresponding to a client certificate issued after the server authenticates the client, the server can then authenticate the client certificate according to the certificate information and generate an authentication result aiming at the client, if the authentication result is that the client is credible, the server establishes data communication with the client, so that the client certificate associated with the client identity information is subjected to bidirectional identity information transmission of 'server-client' and 'client-server' in a certificate authentication mode under the condition that bidirectional transmission exists between the client and the server, the bidirectional identity authentication of data transmission is realized, the authentication mode can be flexibly configured, and the applicability of the identity authentication is improved.
Referring to fig. 6, a flowchart illustrating steps of an embodiment of a data communication method according to the present invention is shown, and applied to a server, the method specifically includes the following steps:
601, acquiring an identity verification request sent by a client, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
step 602, according to the certificate information, performing security verification on the client certificate, and generating a verification result for the client;
step 603, if the verification result is that the client is authentic, establishing data communication with the client.
In an optional embodiment of the present invention, the performing, according to the certificate information, security verification on the client certificate to generate a verification result for the client includes:
acquiring an issuing user identification corresponding to the certificate identification, and comparing the issuing user identification with the user identification;
if the issuing user identification is the same as the using user identification, generating a credible verification result aiming at the client, and sending the credible verification result to the client;
and if the issuing user identification is different from the using user identification, generating an untrusted verification result aiming at the client, and sending the untrusted verification result to the client.
In an optional embodiment of the present invention, before acquiring the authentication request sent by the client, the method further includes:
acquiring equipment verification information sent by the client;
and if the equipment verification information is the same as the preset verification information, taking the user terminal to which the client belongs as a trusted terminal.
In an optional embodiment of the present invention, after the user terminal to which the client belongs is taken as a trusted terminal, the method further includes:
acquiring an identity authentication request, wherein the identity authentication request comprises the equipment authentication information and the equipment fingerprint information of the trusted terminal;
and adopting the equipment verification information and the equipment fingerprint information to carry out identity authentication on the client, generating a client certificate aiming at the client, and recording an issuing user identification corresponding to the client certificate.
In an optional embodiment of the present invention, further comprising:
acquiring configuration parameters corresponding to the client, and judging the running state of the client according to the configuration parameters;
if the configuration parameters represent that the running state of the client is a normal state, keeping the client certificate valid;
if the configuration parameters represent that the running state of the client is an abnormal state, the client certificate is cancelled;
wherein the configuration parameters include at least one of interface access parameters, device parameters, and user parameters.
In the embodiment of the invention, in the process of establishing data communication between the client and the server, when the client responds to the authentication operation, an authentication request can be sent to the server, the authentication request can comprise certificate information, the certificate information comprises information corresponding to a client certificate issued after the server authenticates the client, the server can then authenticate the client certificate according to the certificate information and generate an authentication result aiming at the client, if the authentication result is that the client is credible, the server establishes data communication with the client, so that the client certificate associated with the client identity information is subjected to bidirectional identity information transmission of 'server-client' and 'client-server' in a certificate authentication mode under the condition that bidirectional transmission exists between the client and the server, the bidirectional identity authentication of data transmission is realized, the authentication mode can be flexibly configured, and the applicability of the identity authentication is improved.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 7, a block diagram of a data communication system according to an embodiment of the present invention is shown, where the data communication system includes a client and a server, and the data communication system may specifically include:
an identity verification request sending module 701 located at the client, configured to send an identity verification request to a server in response to an identity verification operation, where the identity verification request at least includes certificate information, and the certificate information includes information corresponding to a client certificate issued after the server passes identity authentication on the client;
a verification result generation module 702 at the server, configured to perform security verification on the client certificate according to the certificate information, and generate a verification result for the client;
and the data communication module 703 is located at the server and configured to establish data communication between the server and the client if the verification result indicates that the client is trusted.
In an optional embodiment of the present invention, the certificate information includes a certificate identifier corresponding to the client certificate and a user identifier of the client, and the verification result generating module 702 is specifically configured to:
acquiring an issuing user identification corresponding to the certificate identification, and comparing the issuing user identification with the user identification;
if the issuing user identification is the same as the using user identification, generating a credible verification result aiming at the client;
and if the issuing user identification is different from the using user identification, generating an untrusted verification result aiming at the client.
In an optional embodiment of the invention, the system further comprises:
the equipment verification information acquisition module is positioned at the client and used for responding to equipment verification operation, acquiring equipment verification information corresponding to the equipment verification operation and sending the equipment verification information to the server;
and the equipment verification module is positioned at the server and used for taking the terminal to which the client belongs as a trusted terminal if the equipment verification information is the same as the preset verification information.
In an optional embodiment of the invention, the system further comprises:
the identity authentication request sending module is positioned at the client and used for responding to the verification operation of the client and sending an identity authentication request to the server, wherein the identity authentication request comprises the equipment verification information and the equipment fingerprint information of the credible terminal;
the client certificate generating module is positioned at the server and used for carrying out identity authentication on the client by adopting the equipment verification information and the equipment fingerprint information, generating a client certificate aiming at the client and recording an issuing user identifier corresponding to the client certificate;
and the client certificate receiving module is positioned at the client and used for receiving the client certificate sent by the server.
In an optional embodiment of the present invention, further comprising:
the operation scene determining module is positioned at the server and used for acquiring configuration parameters corresponding to the client, judging the operation state of the client according to the configuration parameters and acquiring an operation scene corresponding to the client;
the certificate holding module is located at the server and used for holding the client certificate to be valid if the configuration parameters represent that the running state of the client is a normal state;
the certificate canceling module is positioned at the server and used for canceling the client certificate if the configuration parameters represent that the running state of the client is an abnormal state;
wherein the configuration parameters include at least one of interface access parameters, device parameters, and user parameters.
Referring to fig. 8, a block diagram of a data communication apparatus according to an embodiment of the present invention is shown, and applied to a client, the data communication apparatus may specifically include the following modules:
an identity verification request sending module 801, configured to send, in response to detection of an identity verification operation, an identity verification request to a server, where the identity verification request at least includes certificate information, and the certificate information includes information corresponding to a client certificate issued after the server passes identity authentication on the client;
a verification result receiving module 802, configured to receive a verification result for the client certificate;
a data communication module 803, configured to establish data communication with the server if the verification result is that the client is trusted.
In an optional embodiment of the invention, the apparatus further comprises:
and the equipment verification information acquisition module is used for responding to the detected equipment verification operation, acquiring equipment verification information corresponding to the equipment verification operation, and sending the equipment verification information to the server so as to verify whether the user terminal to which the client belongs is a trusted terminal.
In an optional embodiment of the invention, the apparatus further comprises:
an identity authentication request sending module, configured to send an identity authentication request to a server in response to detecting a client verification operation if the user terminal is a trusted terminal, where the identity authentication request includes the device verification information and device fingerprint information of the trusted terminal;
and the client certificate processing module is used for receiving a client certificate aiming at the identity authentication request and storing the client certificate, wherein the client certificate is a certificate generated according to the equipment verification information and the equipment fingerprint information.
Referring to fig. 9, a block diagram of a data communication apparatus according to an embodiment of the present invention is shown, and the data communication apparatus is applied to a server and specifically includes the following modules:
an identity verification request obtaining module 901, configured to obtain an identity verification request sent by a client, where the identity verification request at least includes certificate information, and the certificate information includes information corresponding to a client certificate issued after the server performs identity authentication on the client;
a verification result generation module 902, configured to perform security verification on the client certificate according to the certificate information, and generate a verification result for the client;
a data communication module 903, configured to establish data communication with the client if the verification result is that the client is trusted.
In an optional embodiment of the present invention, the certificate information includes a certificate identifier corresponding to the client certificate and a user identifier of the client, and the verification result generating module 902 is specifically configured to:
acquiring an issuing user identification corresponding to the certificate identification, and comparing the issuing user identification with the user identification;
if the issuing user identification is the same as the using user identification, generating a credible verification result aiming at the client, and sending the credible verification result to the client;
and if the issuing user identification is different from the using user identification, generating an untrusted verification result aiming at the client, and sending the untrusted verification result to the client.
In an optional embodiment of the invention, the apparatus further comprises:
the equipment verification information acquisition module is used for acquiring the equipment verification information sent by the client;
and the terminal judging module is used for taking the user terminal to which the client belongs as a trusted terminal if the equipment verification information is the same as preset verification information.
In an optional embodiment of the invention, the apparatus further comprises:
an identity authentication request obtaining module, configured to obtain an identity authentication request, where the identity authentication request includes the device authentication information and the device fingerprint information of the trusted terminal;
and the client certificate processing module is used for performing identity authentication on the client by adopting the equipment verification information and the equipment fingerprint information, generating a client certificate aiming at the client and recording an issuing user identifier corresponding to the client certificate.
In an optional embodiment of the present invention, further comprising:
the operation scene acquisition module is used for acquiring configuration parameters corresponding to the client, judging the operation state of the client according to the configuration parameters and acquiring an operation scene corresponding to the client;
the certificate keeping module is used for keeping the client certificate valid if the configuration parameters represent that the running state of the client is a normal state;
the certificate logout module is used for logging out the client certificate if the configuration parameters represent that the running state of the client is an abnormal state;
wherein the configuration parameters include at least one of interface access parameters, device parameters, and user parameters.
For the above device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, refer to the partial description of the method embodiment.
In addition, an electronic device according to an embodiment of the present invention is further provided, as shown in fig. 10, and includes a processor 1001, a communication interface 1002, a memory 1003, and a communication bus 1004, where the processor 1001, the communication interface 1002, and the memory 1003 complete mutual communication through the communication bus 1004,
a memory 1003 for storing a computer program;
the processor 1001 is configured to implement the following steps when executing the program stored in the memory 1003:
the client responds to identity verification operation and sends an identity verification request to the server, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
the server side carries out security verification on the client side certificate according to the certificate information to generate a verification result aiming at the client side;
and if the verification result is that the client is credible, the server establishes data communication with the client.
In an optional embodiment of the present invention, the certificate information includes a certificate identifier corresponding to the client certificate and a user identifier of the client, and the server performs security verification on the client certificate according to the certificate information to generate a verification result for the client, where the method includes:
the server side obtains an issuing user identification corresponding to the certificate identification, and compares the issuing user identification with the using user identification;
if the issuing user identification is the same as the using user identification, the server generates a credible verification result aiming at the client;
and if the issuing user identification is different from the using user identification, the server generates an untrusted verification result aiming at the client.
In an optional embodiment of the present invention, before the client sends an authentication request to the server in response to the authentication operation, the method further includes:
the client side responds to equipment verification operation, obtains equipment verification information corresponding to the equipment verification operation, and sends the equipment verification information to the server side;
and if the server detects that the equipment verification information is the same as the preset verification information, taking the terminal to which the client belongs as a trusted terminal.
In an optional embodiment of the present invention, after the target client uses the terminal as a trusted terminal, the method further includes:
the client side responds to the client side verification operation and sends an identity authentication request to the server side, wherein the identity authentication request comprises the equipment verification information and the equipment fingerprint information of the credible terminal;
the server side adopts the equipment verification information and the equipment fingerprint information to carry out identity authentication on the client side, generates a client side certificate aiming at the client side, and records an issuing user identification corresponding to the client side certificate;
and the client receives a client certificate sent by the server.
In an optional embodiment of the present invention, further comprising:
the server side obtains configuration parameters corresponding to the client side, and judges the running state of the client side according to the configuration parameters;
if the configuration parameters represent that the running state of the client is a normal state, the server side keeps the client certificate valid;
if the configuration parameters represent that the running state of the client is an abnormal state, the server side logs out the client certificate;
wherein the configuration parameters include at least one of interface access parameters, device parameters, and user parameters. The communication bus mentioned in the above terminal may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the terminal and other equipment.
The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In yet another embodiment of the present invention, a computer-readable storage medium is further provided, which has instructions stored therein, which when run on a computer, cause the computer to perform the data communication method described in any of the above embodiments.
In a further embodiment of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the data communication method of any of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (11)

1. A method of data communication, comprising:
the client responds to identity verification operation and sends an identity verification request to the server, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
the server side carries out security verification on the client side certificate according to the certificate information to generate a verification result aiming at the client side;
and if the verification result is that the client is credible, the server establishes data communication with the client.
2. The method according to claim 1, wherein the certificate information includes a certificate identifier corresponding to the client certificate and a user identifier of the client, and the server performs security verification on the client certificate according to the certificate information to generate a verification result for the client, including:
the server side obtains an issuing user identification corresponding to the certificate identification, and compares the issuing user identification with the using user identification;
if the issuing user identification is the same as the using user identification, the server generates a credible verification result aiming at the client;
and if the issuing user identification is different from the using user identification, the server generates an untrusted verification result aiming at the client.
3. The method of claim 1, wherein before the client sends the authentication request to the server in response to the authentication operation, the method further comprises:
the client side responds to equipment verification operation, obtains equipment verification information corresponding to the equipment verification operation, and sends the equipment verification information to the server side;
and if the server detects that the equipment verification information is the same as the preset verification information, taking the terminal to which the client belongs as a trusted terminal.
4. The method of claim 3, wherein after the target client treats the terminal as a trusted terminal, the method further comprises:
the client side responds to the client side verification operation and sends an identity authentication request to the server side, wherein the identity authentication request comprises the equipment verification information and the equipment fingerprint information of the credible terminal;
the server side adopts the equipment verification information and the equipment fingerprint information to carry out identity authentication on the client side, generates a client side certificate aiming at the client side, and records an issuing user identification corresponding to the client side certificate;
and the client receives a client certificate sent by the server.
5. The method of claim 1, further comprising:
the server side obtains configuration parameters corresponding to the client side, and judges the running state of the client side according to the configuration parameters;
if the configuration parameters represent that the running state of the client is a normal state, the server side keeps the client certificate valid;
if the configuration parameters represent that the running state of the client is an abnormal state, the server side logs out the client certificate;
wherein the configuration parameters include at least one of interface access parameters, device parameters, and user parameters.
6. A data communication method, applied to a client, the method comprising:
responding to the detected identity verification operation, sending an identity verification request to a server, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes identity authentication on the client;
receiving a verification result for the client certificate;
and if the verification result is that the client is credible, establishing data communication with the server.
7. A data communication method, applied to a server, the method comprising:
acquiring an identity verification request sent by a client, wherein the identity verification request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the identity authentication of the client by the server is passed;
according to the certificate information, performing security verification on the client certificate to generate a verification result aiming at the client;
and if the verification result is that the client is credible, establishing data communication with the client.
8. A data communication apparatus, applied to a client, the apparatus comprising:
the identity authentication request sending module is used for responding to the detected identity authentication operation and sending an identity authentication request to the server, wherein the identity authentication request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the server passes the identity authentication of the client;
a verification result receiving module for receiving a verification result for the client certificate;
and the data communication module is used for establishing data communication with the server side if the verification result is that the client side is credible.
9. A data communication apparatus, applied to a server, the apparatus comprising:
the identity authentication request acquisition module is used for acquiring an identity authentication request sent by a client, wherein the identity authentication request at least comprises certificate information, and the certificate information comprises information corresponding to a client certificate issued after the identity authentication of the client by the server is passed;
the verification result generation module is used for carrying out security verification on the client certificate according to the certificate information and generating a verification result aiming at the client;
and the data communication module is used for establishing data communication with the client if the verification result is that the client is credible.
10. An electronic device, comprising:
one or more processors; and
one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the electronic device to perform the data communication method of any of claims 1-5 or 6 or 7.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the data communication method according to any one of claims 1 to 5 or 6 or 7.
CN202110832735.0A 2021-07-22 2021-07-22 Data communication method, device, electronic equipment and storage medium Active CN113672897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110832735.0A CN113672897B (en) 2021-07-22 2021-07-22 Data communication method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110832735.0A CN113672897B (en) 2021-07-22 2021-07-22 Data communication method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113672897A true CN113672897A (en) 2021-11-19
CN113672897B CN113672897B (en) 2024-03-08

Family

ID=78540128

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110832735.0A Active CN113672897B (en) 2021-07-22 2021-07-22 Data communication method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113672897B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124572A (en) * 2021-12-07 2022-03-01 建信金融科技有限责任公司 Data transmission method, device, equipment and medium based on unidirectional network
CN114785522A (en) * 2022-04-25 2022-07-22 浙江吉利控股集团有限公司 Internet of vehicles information security authentication method, system, terminal and storage medium
CN115834245A (en) * 2023-01-05 2023-03-21 卓望数码技术(深圳)有限公司 Security authentication method, system, equipment and storage medium
CN116055769A (en) * 2023-03-31 2023-05-02 深圳市东信时代信息技术有限公司 CID advertisement early warning method, apparatus, computer device and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014000281A1 (en) * 2012-06-29 2014-01-03 华为技术有限公司 Identity authentication method and device
CA2826126A1 (en) * 2012-09-11 2014-03-11 Blackberry Limited Systems, devices and methods for authorizing endpoints of a push pathway
CN206726219U (en) * 2017-02-23 2017-12-08 天津市科迪信息技术有限责任公司 A kind of communication system based on fingerprint recognition
CN109409041A (en) * 2018-09-04 2019-03-01 航天信息股份有限公司 A kind of server-side safety certifying method and system based on the application of more certificates
CN110213246A (en) * 2019-05-16 2019-09-06 南瑞集团有限公司 A kind of wide area multiple-factor identity authorization system
CN110380852A (en) * 2019-07-22 2019-10-25 中国联合网络通信集团有限公司 Mutual authentication method and communication system
CN111414599A (en) * 2020-02-26 2020-07-14 北京奇艺世纪科技有限公司 Identity authentication method, device, terminal, server and readable storage medium
CN112019493A (en) * 2019-05-31 2020-12-01 北京京东尚科信息技术有限公司 Identity authentication method, identity authentication device, computer device, and medium
CN112511505A (en) * 2020-11-16 2021-03-16 北京中关村银行股份有限公司 Authentication system, method, device, equipment and medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014000281A1 (en) * 2012-06-29 2014-01-03 华为技术有限公司 Identity authentication method and device
CA2826126A1 (en) * 2012-09-11 2014-03-11 Blackberry Limited Systems, devices and methods for authorizing endpoints of a push pathway
CN206726219U (en) * 2017-02-23 2017-12-08 天津市科迪信息技术有限责任公司 A kind of communication system based on fingerprint recognition
CN109409041A (en) * 2018-09-04 2019-03-01 航天信息股份有限公司 A kind of server-side safety certifying method and system based on the application of more certificates
CN110213246A (en) * 2019-05-16 2019-09-06 南瑞集团有限公司 A kind of wide area multiple-factor identity authorization system
CN112019493A (en) * 2019-05-31 2020-12-01 北京京东尚科信息技术有限公司 Identity authentication method, identity authentication device, computer device, and medium
CN110380852A (en) * 2019-07-22 2019-10-25 中国联合网络通信集团有限公司 Mutual authentication method and communication system
CN111414599A (en) * 2020-02-26 2020-07-14 北京奇艺世纪科技有限公司 Identity authentication method, device, terminal, server and readable storage medium
CN112511505A (en) * 2020-11-16 2021-03-16 北京中关村银行股份有限公司 Authentication system, method, device, equipment and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘青;: "关于手机银行客户端安全测评的研究", 信息通信, no. 06, 15 June 2018 (2018-06-15) *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124572A (en) * 2021-12-07 2022-03-01 建信金融科技有限责任公司 Data transmission method, device, equipment and medium based on unidirectional network
CN114124572B (en) * 2021-12-07 2023-06-27 建信金融科技有限责任公司 Data transmission method, device, equipment and medium based on unidirectional network
CN114785522A (en) * 2022-04-25 2022-07-22 浙江吉利控股集团有限公司 Internet of vehicles information security authentication method, system, terminal and storage medium
CN115834245A (en) * 2023-01-05 2023-03-21 卓望数码技术(深圳)有限公司 Security authentication method, system, equipment and storage medium
CN116055769A (en) * 2023-03-31 2023-05-02 深圳市东信时代信息技术有限公司 CID advertisement early warning method, apparatus, computer device and storage medium
CN116055769B (en) * 2023-03-31 2023-08-04 深圳市东信时代信息技术有限公司 CID advertisement early warning method, apparatus, computer device and storage medium

Also Published As

Publication number Publication date
CN113672897B (en) 2024-03-08

Similar Documents

Publication Publication Date Title
US10129247B2 (en) System and method for utilizing behavioral characteristics in authentication and fraud prevention
US11831642B2 (en) Systems and methods for endpoint management
US9942220B2 (en) Preventing unauthorized account access using compromised login credentials
US11252142B2 (en) Single sign on (SSO) using continuous authentication
CN113672897B (en) Data communication method, device, electronic equipment and storage medium
US9264423B2 (en) Password-less authentication system and method
US10362019B2 (en) Managing security credentials
KR101451359B1 (en) User account recovery
US9767262B1 (en) Managing security credentials
WO2014014793A1 (en) Anti-cloning system and method
CN114629719B (en) Resource access control method and resource access control system
US20190297071A1 (en) Managing security credentials
JP5186648B2 (en) System and method for facilitating secure online transactions
CN117155716B (en) Access verification method and device, storage medium and electronic equipment
CN112560102A (en) Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium
CN116668190A (en) Cross-domain single sign-on method and system based on browser fingerprint
CN113886802A (en) Security authentication method, device, electronic equipment and storage medium
KR20130055116A (en) Authentification method and server
CN114500074B (en) Single-point system security access method and device and related equipment
CN116962088B (en) Login authentication method, zero trust controller and electronic equipment
CN116192460A (en) Traffic forwarding method and device, storage medium and electronic equipment
CN111711602A (en) Login authentication method and device, electronic equipment and readable storage medium
CN114402647A (en) Communication server apparatus and method for determining presence of revocation attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant