CN113868625A - Identity authentication method and system - Google Patents
Identity authentication method and system Download PDFInfo
- Publication number
- CN113868625A CN113868625A CN202111153219.1A CN202111153219A CN113868625A CN 113868625 A CN113868625 A CN 113868625A CN 202111153219 A CN202111153219 A CN 202111153219A CN 113868625 A CN113868625 A CN 113868625A
- Authority
- CN
- China
- Prior art keywords
- authentication
- identity
- request
- identity authentication
- result data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012545 processing Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000000644 propagated effect Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000000586 desensitisation Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention provides an identity authentication method and system. The authentication method comprises the following steps: receiving a first identity authentication request aiming at a user and sent by a client through an identity authentication system, and sending the request to an authentication server; if the identity authentication system receives the message that the authentication server passes the request, the identity authentication system requests the user identity identification from the authentication server; analyzing the user identity received from the authentication server through the identity authentication system to obtain authentication result data, and encrypting the authentication result data aiming at least one service scene; and decrypting the encrypted authentication result data when the client uses the service in the at least one service scenario, and allowing the client to use the service in the at least one service scenario when the decryption is successful. The identity authentication method and system can reduce the dependence of identity authentication operation on an authentication server and enhance the reliability and stability of identity authentication.
Description
Technical Field
The present invention generally relates to the field of data processing, and in particular, to a method and system for identity authentication.
Background
Authentication is now the first line of protection for internet services. Identity authentication is an important means for guaranteeing information security in the field of data processing, and the general concept is to confirm whether a visitor has the right to access data or perform data operation at the present time through the authenticity and timeliness of one or more parameters.
The traditional identity authentication mode often needs to frequently complete real and time-based verification at an authentication server. This results in a high degree of dependence on the authentication server in the conventional identity authentication method when data frequently interacts, and a single point of risk and a performance bottleneck exist. For example, due to excessive reliance on the authentication server, when a certain software or service in the system fails, the risk of the entire system running abnormally or producing an incomplete service may result.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an identity authentication method and system, which can reduce the dependence of identity authentication operation on an authentication server and enhance the reliability and stability of identity authentication.
In order to solve the technical problem, the invention provides an identity authentication method, which comprises the following steps:
receiving a first identity authentication request aiming at a user and sent by a client through an identity authentication system, and sending the request to an authentication server;
if the identity authentication system receives the message that the authentication server passes the request, the identity authentication system requests a user identity identifier from the authentication server according to the context information of the request;
analyzing the user identity received from the authentication server through the identity authentication system to obtain authentication result data, encrypting the authentication result data aiming at least one service scene, and returning the encrypted authentication result data to the client; and
when the client uses the service in the at least one service scene, the encrypted authentication result data is provided in the at least one service scene through the client, the encrypted authentication result data is decrypted, and when the decryption is successful, the client is allowed to use the service in the at least one service scene.
In an embodiment of the present invention, the method further includes receiving, by the identity authentication system, at least one set of authentication information while receiving the request by the identity authentication system, and sending, while sending the request to an authentication server, the at least one set of authentication information, where the at least one set of authentication information includes a user name and a password that are registered in the authentication server by the user in advance.
In an embodiment of the invention, the user identity comprises a unique identity serial number.
In an embodiment of the present invention, the method further includes requesting, by the identity authentication system, user identity information that is screened from sensitive information from the authentication server while requesting, by the identity authentication system, a user identity from the authentication server.
In an embodiment of the present invention, when the request fails, a result of the request failure is returned to the client, and all process data of the request sent to the authentication server by the identity authentication system is destroyed.
In an embodiment of the present invention, the identity authentication system configures a public key for the at least one service scenario, a private key matched with the public key is used when the authentication result data is encrypted, and when the encrypted authentication result data is decrypted, if the public key is matched with the private key, the decryption is successful.
Another aspect of the present invention further includes an identity authentication system, including:
the authentication request processing module is configured to receive a first identity authentication request aiming at a user and sent by a client side, and send the request to an authentication server;
the identity identification acquisition module is configured to request the user identity identification from the authentication server according to the requested context information; and
and the data encryption module is configured to analyze the user identity to obtain authentication result data, encrypt the authentication result data aiming at least one service scene and return the encrypted authentication result data to the client.
In an embodiment of the present invention, the data encryption module is further configured to configure a public key for the at least one service scenario in advance, and encrypt the authentication result data using a private key matching the public key.
In another aspect, the present invention further provides an identity authentication system, comprising a memory for storing instructions executable by a processor; and the processor is used for executing the instruction to realize the identity authentication method.
Another aspect of the present invention also proposes a computer-readable medium having stored thereon computer program code which, when executed by a processor, implements the identity authentication method described above.
Compared with the prior art, the invention has the following advantages: according to the identity authentication method and system, bridges are constructed among different service scenes, the authentication server and the client, so that the client can safely use services in different service scenes only by requesting verification once to obtain the identity token. The identity authentication method and the identity authentication system not only can solve the decentralized authentication problem, but also can solve the authentication problem of the service request in various field scenes under the micro-service scene.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the principle of the invention. In the drawings:
fig. 1 is a flowchart illustrating an identity authentication method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a method of identity authentication according to an embodiment of the present invention;
FIG. 3 is an architecture diagram of an identity authentication system in accordance with an embodiment of the present invention; and
fig. 4 is an architecture diagram of an identity authentication system according to another embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below. It is obvious that the drawings in the following description are only examples or embodiments of the application, from which the application can also be applied to other similar scenarios without inventive effort for a person skilled in the art. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
As used in this application and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
The relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present application unless specifically stated otherwise. Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description. Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate. In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
In the description of the present application, it is to be understood that the orientation or positional relationship indicated by the directional terms such as "front, rear, upper, lower, left, right", "lateral, vertical, horizontal" and "top, bottom", etc., are generally based on the orientation or positional relationship shown in the drawings, and are used for convenience of description and simplicity of description only, and in the case of not making a reverse description, these directional terms do not indicate and imply that the device or element being referred to must have a particular orientation or be constructed and operated in a particular orientation, and therefore, should not be considered as limiting the scope of the present application; the terms "inner and outer" refer to the inner and outer relative to the profile of the respective component itself.
Spatially relative terms, such as "above … …," "above … …," "above … …," "above," and the like, may be used herein for ease of description to describe one device or feature's spatial relationship to another device or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if a device in the figures is turned over, devices described as "above" or "on" other devices or configurations would then be oriented "below" or "under" the other devices or configurations. Thus, the exemplary term "above … …" can include both an orientation of "above … …" and "below … …". The device may be otherwise variously oriented (rotated 90 degrees or at other orientations) and the spatially relative descriptors used herein interpreted accordingly.
It should be noted that the terms "first", "second", and the like are used to define the components, and are only used for convenience of distinguishing the corresponding components, and the terms have no special meanings unless otherwise stated, and therefore, the scope of protection of the present application is not to be construed as being limited. Further, although the terms used in the present application are selected from publicly known and used terms, some of the terms mentioned in the specification of the present application may be selected by the applicant at his or her discretion, the detailed meanings of which are described in relevant parts of the description herein. Further, it is required that the present application is understood not only by the actual terms used but also by the meaning of each term lying within.
It will be understood that when an element is referred to as being "on," "connected to," "coupled to" or "contacting" another element, it can be directly on, connected or coupled to, or contacting the other element or intervening elements may be present. In contrast, when an element is referred to as being "directly on," "directly connected to," "directly coupled to" or "directly contacting" another element, there are no intervening elements present. Similarly, when a first component is said to be "in electrical contact with" or "electrically coupled to" a second component, there is an electrical path between the first component and the second component that allows current to flow. The electrical path may include capacitors, coupled inductors, and/or other components that allow current to flow even without direct contact between the conductive components.
An embodiment of the present invention provides an identity authentication method 10 according to fig. 1, which can reduce the dependence of identity authentication operations on an authentication server and enhance the reliability and stability of identity authentication.
FIG. 1 uses a flowchart in this application to illustrate the operations performed by a system according to embodiments of the present application. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, various steps may be processed in reverse order or simultaneously. Meanwhile, other operations are added to or removed from these processes.
According to fig. 1, the identity authentication method 10 comprises the following steps.
Illustratively, in some embodiments of the present invention, the identity authentication method is based on the method 10 shown in fig. 1, and further includes receiving at least one set of authentication information by the identity authentication system while receiving the request by the identity authentication system in step 11, and sending the at least one set of authentication information while sending the request to the authentication server, wherein the at least one set of authentication information includes a user name and a password that the user has registered in the authentication server in advance. Through the detailed setting, the safety of the user information can be further improved, namely, only registered users with the request identity authentication qualification can request the operation of 'first identity authentication' from the authentication server through the identity authentication system in the scheme.
Further, according to fig. 1, step 12 is a step of determining whether the request in step 11 passes, and if the identity authentication system receives a message that the authentication server passes the request, step 13 is executed to request the authentication server for the user identity according to the requested context information.
Specifically, the context information requested here may include the relevant information of the user himself or may include the relevant information about the client that issued the identity authentication request, and through the information related to the identity authentication operation, the identity authentication system in the present solution may request the corresponding user identity from the authentication server more specifically.
Illustratively, in some embodiments of the present invention, including fig. 1, the user identity requested by the identity authentication system from the authentication server in step 13 based on the requested context information comprises a unique identity serial number. Specifically, the unique id serial number may be embodied as a code stored in the client server and used as a security token of the client, and is encrypted in a later step, and then may be used as a direct proof of the true identity of the user when using services of different service scenarios.
Preferably, in some other embodiments of the identity authentication method of the present invention, step 13 shown in fig. 1 is executed while the identity authentication system requests the user identity information screened by the sensitive information from the authentication server. In particular, when a user registers through a client, other relevant information richer than basic identity information may be provided, and important information related to the privacy of the user is not lacked in the information. When the identity authentication system processes different first identity authentication requests sent by the client, sometimes, some information related to the service scenario needs to be acquired in addition to the unique identity identification serial number.
For example, when the client is an image processing type application, it is necessary to simultaneously acquire related information such as a user avatar while requesting the user id from the authentication server in this step 13, so that the client can implement functions in different service scenarios. At this moment, through the screening of sensitive information, the identity authentication system in the scheme can be ensured not to simultaneously acquire unnecessary and sensitive privacy information when acquiring information from the authentication server, so that the possibility of user privacy disclosure is reduced, and the safety of interaction between systems is improved.
Illustratively, the service scenarios mentioned in step 14 include full-type and full-channel service scenarios such as a mobile phone application, an applet plug-in, a browser, an order service, a product service, and a store service. With the identity authentication method 10 shown in fig. 1 of the present invention, in step 14, the authentication result data generated in step 14 according to the user identity authentication identifier may be uniformly encrypted for one or more of the service scenarios, and the encrypted authentication result data is returned to the client. After the operation, the encrypted authentication result data is used as a security token of the user, so that the tedious steps of continuously and repeatedly verifying the identity in one or more different service scenes can be avoided, the dependence on an authentication server is reduced, and the problem of authentication of the service request in various field scenes in a micro-service scene is solved.
Therefore, based on the steps 11-14 in the identity authentication method 10, the process of verifying and authorizing the first identity authentication request sent by the client is completed. After the initial review in step 12 and the encryption authorization for one or more service scenarios in steps 13 to 14, the user can safely use different service scenarios according to step 15 below, and the authentication server does not need to request authorization continuously during each use, so as to frequently perform data interaction with the authentication server.
Finally, according to fig. 1, step 15 is to provide the encrypted authentication result data in the at least one service scenario by the client when the client uses the service in the at least one service scenario, decrypt the encrypted authentication result data, and allow the client to use the service in the at least one service scenario when the decryption is successful.
More specifically, in some embodiments of the present invention, the operation of performing decryption in step 15 is performed by matching a public key and a private key. In this way, before the client uses different service scenarios, the identity authentication system configures a public key for at least one service scenario, and uses a private key matching the public key when encrypting the authentication result data in step 14. Therefore, when the encrypted authentication result data is decrypted in step 15, it is determined whether the public key matches the private key, and if the public key matches the private key, the decryption is successful, and the user is allowed to use the service in the service scenario.
It is to be understood that although the present invention proposes the use of public key and private key matching, the present invention is not so limited. In practical application, other ways of encrypting the authentication result data can be selected according to the applicable decryption ways in different service scenarios, and the ways of encrypting and decrypting the authentication result data to complete the identity authentication method shown in fig. 1 of the present invention all belong to the idea of the present invention.
Through the identity authentication method, it can be seen that a bridge of information interaction is established among different service scenes, the authentication server and the client, and after the first identity authentication request in steps 11-14 is completed, when the authorized service scene in step 14 is used in step 15, the identity authentication is not required to be repeatedly requested to the authentication server any more, so that the dependence on the authentication server is effectively reduced, and the safety of service use is guaranteed.
The authentication server mentioned above is an authentication server that needs to perform data interaction frequently in the conventional identity authentication method mentioned in the above prior art. For example, A, B, C, D services in four service scenarios in a system all need to invoke authentication to ensure security of use. Although A, B, C, D four services can operate stably in each scenario, based on the traditional identity authentication method, the pressure of the authentication service is the traffic aggregate of A, B, C, D four service scenarios, and if the authentication server itself is not powerful enough or fails, the secure use of users in the four service scenarios is brought into use, which is the risk and performance bottleneck mentioned in the prior art. In contrast, through the improvement of the scheme, the problem can be fundamentally solved, on the basis of ensuring the security of the service used by the user (namely encrypting the authentication result data and decrypting the encrypted authentication result data when using the service), when the user uses the service in different service scenes, the encrypted authentication result data can be independently confidential in different service scenes so as to allow the identity user to use the service, and therefore frequent interaction with a traditional authentication server is not needed any more.
On the basis of the above description, it is preferable that, as can be seen from fig. 1, when the determination result of whether the request passes in step 12 is no, step 16 is executed to return the result of the request failure to the client, and destroy all the process data of the request sent to the authentication server by the identity authentication system. Therefore, the safety and the reliability of the scheme are further improved.
For a better understanding of the identity authentication method 10 as shown in fig. 1, the principle of the identity authentication method 10 as shown in fig. 1 of the present invention is explained in further detail below with reference to fig. 2.
It should be noted that fig. 2 may correspond to steps 11 to 14 of the identity authentication method 10 shown in fig. 1. Specifically, an identity authentication request is first issued by the user to the identity authentication system, and the identity authentication system further sends the request to the authentication server for verification. And if the basic information in the request fails to be checked, returning a result of failure request to the user through the identity authentication system. This is also the first barrier in this solution to guarantee safe use of the service.
Further, if the request passes, the identity authentication system requests the user identity from the authentication server, which may be, for example, a serial number of the shifted identity in the form of a string of codes. More perfectly, besides the user identity identification, some information related to the service of the user in different service scenes can be requested, and privacy desensitization operation is performed on the information, so that the safety of information interaction between systems is further improved.
On the basis, the identity authentication system analyzes the acquired user identity to obtain an authentication data result, further encrypts the authentication data result aiming at one or more service scenes, and returns the encrypted authentication data result as a security token to the user. After the user has the security token for one or more service scenarios, the authorization of the one or more service scenarios is obtained, and during subsequent use, the user can be allowed to use the corresponding service only by decrypting the security token by each of the different service scenarios.
Through the description of the identity authentication method, the scheme can be seen to reduce the dependence degree on the authentication server in the traditional mode on the basis of ensuring the safe use of the service, and integrally enhance the reliability and stability of the identity authentication.
Another aspect of the present invention further provides an identity authentication system, as shown in fig. 3, which is an architecture diagram of an identity authentication system 30 according to an embodiment of the present invention. Referring to fig. 3, an identity authentication system 30 of the present invention includes an authentication request processing module 31, an identity obtaining module 32, and a data encryption module 33.
Specifically, the authentication request processing module 31 is configured to receive a first identity authentication request for a user from a client, and send the request to an authentication server. The identity retrieval module 32 is configured to request a user identity from the authentication server based on the requested context information. The data encryption module 33 is configured to parse the user id to obtain authentication result data, encrypt the authentication result data for at least one service scenario, and return the encrypted authentication result data to the client.
In some embodiments of the present invention, the data encryption module 33 is further configured to configure a public key for at least one service scenario in advance, and encrypt the authentication result data using a private key matching the public key.
For example, the identity authentication system 30 shown in fig. 3 may be applied to the identity authentication method 10 described above with reference to fig. 1 and 2. Therefore, other details of the identity authentication system 30 can also refer to the above description of the identity authentication method 10, and are not described herein again.
The present invention also provides an identity authentication system 40 as shown in fig. 4, which includes a memory for storing instructions executable by a processor, and a processor for executing the instructions to implement the identity authentication method.
Specifically, an identity authentication system of the present invention is shown as the identity authentication system 40 in fig. 4 in one embodiment. According to fig. 4, the identity authentication system 40 may include an internal communication bus 41, a Processor (Processor)42, a Read Only Memory (ROM)43, a Random Access Memory (RAM)44, and a communication port 45. When used on a personal computer, the identity authentication system 40 may also include a hard disk 46.
The internal communication bus 41 may enable data communication among the components of the identity authentication system 40. Processor 42 may make the determination and issue a prompt. In some embodiments, processor 42 may be comprised of one or more processors. The communication port 45 may enable data communication between the identity authentication system 40 and the outside. In some embodiments, the identity authentication system 40 may send and receive information and data from the network through the communication port 45.
The identity authentication system 40 may also include various forms of program storage units and data storage units, such as a hard disk 46, Read Only Memory (ROM)43 and Random Access Memory (RAM)44, capable of storing various data files for computer processing and/or communication, and possibly program instructions for execution by the processor 42. The processor executes these instructions to implement the main parts of the method. The results processed by the processor are communicated to the user device through the communication port and displayed on the user interface.
On this basis, another aspect of the present invention also proposes a computer-readable medium storing computer program code, which when executed by a processor implements the above-mentioned identity authentication method.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing disclosure is by way of example only, and is not intended to limit the present application. Various modifications, improvements and adaptations to the present application may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present application and thus fall within the spirit and scope of the exemplary embodiments of the present application.
Also, this application uses specific language to describe embodiments of the application. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the present application is included in at least one embodiment of the present application. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the present application may be combined as appropriate.
Aspects of the present application may be embodied entirely in hardware, entirely in software (including firmware, resident software, micro-code, etc.) or in a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. The processor may be one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), digital signal processing devices (DAPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, or a combination thereof. Furthermore, aspects of the present application may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media. For example, computer-readable media may include, but are not limited to, magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips … …), optical disks (e.g., Compact Disk (CD), Digital Versatile Disk (DVD) … …), smart cards, and flash memory devices (e.g., card, stick, key drive … …).
The computer readable medium may comprise a propagated data signal with the computer program code embodied therein, for example, on a baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, and the like, or any suitable combination. The computer readable medium can be any computer readable medium that can communicate, propagate, or transport the program for use by or in connection with an instruction execution system, apparatus, or device. Program code on a computer readable medium may be propagated over any suitable medium, including radio, electrical cable, fiber optic cable, radio frequency signals, or the like, or any combination of the preceding.
Similarly, it should be noted that in the preceding description of embodiments of the application, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to require more features than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
Although the present application has been described with reference to the present specific embodiments, it will be recognized by those skilled in the art that the foregoing embodiments are merely illustrative of the present application and that various changes and substitutions of equivalents may be made without departing from the spirit of the application, and therefore, it is intended that all changes and modifications to the above-described embodiments that come within the spirit of the application fall within the scope of the claims of the application.
Claims (10)
1. An identity authentication method, comprising the steps of:
receiving a first identity authentication request aiming at a user and sent by a client through an identity authentication system, and sending the request to an authentication server;
if the identity authentication system receives the message that the authentication server passes the request, the identity authentication system requests a user identity identifier from the authentication server according to the context information of the request;
analyzing the user identity received from the authentication server through the identity authentication system to obtain authentication result data, encrypting the authentication result data aiming at least one service scene, and returning the encrypted authentication result data to the client; and
when the client uses the service in the at least one service scene, the encrypted authentication result data is provided in the at least one service scene through the client, the encrypted authentication result data is decrypted, and when the decryption is successful, the client is allowed to use the service in the at least one service scene.
2. The method of claim 1, further comprising receiving at least one set of authentication information by the identity authentication system while receiving the request by the identity authentication system, and sending the at least one set of authentication information while sending the request to an authentication server, wherein the at least one set of authentication information includes a username and a password that the user previously registered with the authentication server.
3. The method of claim 1, wherein the user identity comprises a unique identity serial number.
4. The method of claim 1, further comprising requesting, by the authentication system, sensitive information filtered user identity information from the authentication server while requesting, by the authentication system, a user identity from the authentication server.
5. The method of claim 1, wherein when the request fails, returning a result of the request failure to the client, destroying all process data that was sent to the authentication server by the identity authentication system.
6. The method of claim 1, further comprising configuring, by the identity authentication system, a public key for the at least one service scenario, using a private key that matches the public key when encrypting the authentication result data, and when decrypting the encrypted authentication result data, if the public key matches the private key, then the decryption is successful.
7. An identity authentication system, comprising:
the authentication request processing module is configured to receive a first identity authentication request aiming at a user and sent by a client side, and send the request to an authentication server;
the identity identification acquisition module is configured to request the user identity identification from the authentication server according to the requested context information; and
and the data encryption module is configured to analyze the user identity to obtain authentication result data, encrypt the authentication result data aiming at least one service scene and return the encrypted authentication result data to the client.
8. The system of claim 7, wherein the data encryption module is further configured to pre-configure a public key for the at least one service scenario, and encrypt the authentication result data using a private key matching the public key.
9. An identity authentication system comprising:
a memory for storing instructions executable by the processor; and a processor for executing the instructions to implement the method of any one of claims 1-6.
10. A computer-readable medium having stored thereon computer program code which, when executed by a processor, implements the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111153219.1A CN113868625A (en) | 2021-09-29 | 2021-09-29 | Identity authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111153219.1A CN113868625A (en) | 2021-09-29 | 2021-09-29 | Identity authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113868625A true CN113868625A (en) | 2021-12-31 |
Family
ID=79000662
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111153219.1A Pending CN113868625A (en) | 2021-09-29 | 2021-09-29 | Identity authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113868625A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| CN108206821A (en) * | 2016-12-20 | 2018-06-26 | 航天信息股份有限公司 | A kind of identity authentication method and system |
| US10462112B1 (en) * | 2019-01-09 | 2019-10-29 | Cyberark Software Ltd. | Secure distributed authentication data |
| CN112995131A (en) * | 2021-02-01 | 2021-06-18 | 北京拉勾网络技术有限公司 | Page login method, system and computing device |
-
2021
- 2021-09-29 CN CN202111153219.1A patent/CN113868625A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108206821A (en) * | 2016-12-20 | 2018-06-26 | 航天信息股份有限公司 | A kind of identity authentication method and system |
| CN106850699A (en) * | 2017-04-10 | 2017-06-13 | 中国工商银行股份有限公司 | A kind of mobile terminal login authentication method and system |
| US10462112B1 (en) * | 2019-01-09 | 2019-10-29 | Cyberark Software Ltd. | Secure distributed authentication data |
| CN112995131A (en) * | 2021-02-01 | 2021-06-18 | 北京拉勾网络技术有限公司 | Page login method, system and computing device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10616222B2 (en) | Authenticator centralization and protection based on authenticator type and authentication policy | |
| CN107294900B (en) | Identity registration method and device based on biological characteristics | |
| JP6586446B2 (en) | Method for confirming identification information of user of communication terminal and related system | |
| US20200358614A1 (en) | Securing Transactions with a Blockchain Network | |
| CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN110784441A (en) | Authentication method for client through network | |
| KR101817152B1 (en) | Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| KR20130103537A (en) | User account recovery | |
| CN111275419A (en) | Block chain wallet signature right confirming method, device and system | |
| CN104767617A (en) | Message processing method, system and related device | |
| CN113872989B (en) | SSL protocol-based authentication method, SSL protocol-based authentication device, computer equipment and storage medium | |
| WO2022042745A1 (en) | Key management method and apparatus | |
| CN112039857B (en) | Calling method and device of public basic module | |
| KR20220075723A (en) | Personal authentication method and system using decentralized identifiers | |
| CN111147501A (en) | Bluetooth key inquiry method and device | |
| CN114070571B (en) | Method, device, terminal and storage medium for establishing connection | |
| KR102016976B1 (en) | Unified login method and system based on single sign on service | |
| CN113868625A (en) | Identity authentication method and system | |
| CN114679299A (en) | Communication protocol encryption method, device, computer equipment and storage medium | |
| CN116018590A (en) | Dynamic privacy protection application authentication | |
| CN107846276B (en) | Communication data encryption method and system in open environment | |
| KR101705293B1 (en) | Authentication System and method without secretary Password |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211231 |