CN113905377B - Authentication method and server - Google Patents

Authentication method and server Download PDF

Info

Publication number
CN113905377B
CN113905377B CN202010573179.5A CN202010573179A CN113905377B CN 113905377 B CN113905377 B CN 113905377B CN 202010573179 A CN202010573179 A CN 202010573179A CN 113905377 B CN113905377 B CN 113905377B
Authority
CN
China
Prior art keywords
authentication
identification code
acquiring
result
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010573179.5A
Other languages
Chinese (zh)
Other versions
CN113905377A (en
Inventor
郑夏妍
苗岩
柯腾辉
彭家立
戴鹏
周壮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202010573179.5A priority Critical patent/CN113905377B/en
Publication of CN113905377A publication Critical patent/CN113905377A/en
Application granted granted Critical
Publication of CN113905377B publication Critical patent/CN113905377B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an authentication method and a server, wherein the method comprises the following steps: acquiring registration information of an authentication entity through authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information; if the result is that the verification is successful, acquiring a communication identification code corresponding to the registration information, and acquiring a global cell identification code of the position of the terminal corresponding to the communication identification code; if the pre-stored global cell identification code is judged, a target base station corresponding to the global cell identification code is obtained; acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station; if the distance is smaller than or equal to the preset distance threshold, the authentication entity is judged to be successfully authenticated. By accurately judging whether the user holding the registered authentication entity is consistent with the registered user, the authentication accuracy and the security of the authentication system are improved.

Description

Authentication method and server
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an authentication method and a server.
Background
With the overall development of socioeconomic performance, user authentication is increasingly being used in daily life. For example, when a user enters a district or a company to limit the entrance and exit of personnel, the user can verify whether the user can enter the limited area through user authentication.
General user authentication mostly uses RFID (Radio Frequency Identification, abbreviated as radio frequency identification) and NFC (Near Field Communication, abbreviated as near field communication) technologies to implement simple and rapid authentication of users. The user can obtain an authentication entity with authentication function, such as an access card, through registering information in a cell or a company. When the user uses the authentication entity to verify the identity, the sensor with the authentication function collects the information stored in the authentication entity and transmits the information back to the authentication system to inquire whether the user is registered. If registered, the user can enter the restricted area, and if there is no authentication entity or there is an entity but not registered, the user cannot enter the restricted area.
However, the verification process for realizing the user authentication by using the near field communication technology is single, and the defect that the user information is easy to copy exists. If the lawless person uses the defect that the authentication entity is easy to copy, the registered authentication entity is used for copying the same authentication entity, and the copied authentication entity is illegally used to enter a limiting area, so that the personal safety and property safety of the user are seriously affected.
Disclosure of Invention
The invention aims to provide an authentication method and a server so as to improve the accuracy of an authentication result and the security of an authentication system.
In a first aspect, the present invention provides an authentication method, including:
acquiring registration information of an authentication entity through authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information;
if the result is that the verification is successful, acquiring a communication identification code corresponding to the registration information and acquiring a global cell identification code of the position of the terminal corresponding to the communication identification code;
if the global cell identification code is judged to be pre-stored, a target base station corresponding to the global cell identification code is obtained;
acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station;
and if the distance is smaller than or equal to a preset distance threshold, judging that the authentication of the authentication entity is successful.
In one possible design, the obtaining, according to the target base station, the distance between the current location of the terminal corresponding to the communication identification code and the authentication device includes:
acquiring the height of the target base station and the position information of the target base station through a pre-stored database, and acquiring a first distance between the target base station and the authentication equipment according to the position information of the target base station;
Acquiring the latest tracking identification signaling of the terminal, and acquiring the time advance of the current position of the terminal according to the latest tracking identification signaling;
acquiring a second distance between the current position of the terminal and the target base station according to the time advance and the height of the target base station;
and determining the distance between the current position of the terminal and the authentication equipment according to the first distance and the second distance.
In one possible design, the acquiring the communication identifier corresponding to the registration information and acquiring the global cell identifier corresponding to the communication identifier and at the location of the terminal includes:
acquiring a communication identification code corresponding to the registration information according to a pre-stored database, wherein the communication identification code is a telephone number of a user;
and acquiring the latest system message signaling of the terminal corresponding to the communication identification code through a network management platform, and acquiring the global cell identification code of the position of the terminal according to the latest system message signaling.
In one possible design, after the acquiring the global cell identifier of the location of the terminal corresponding to the communication identifier, the method further includes:
acquiring a communication address of a wireless module of a terminal corresponding to the communication identification code;
Acquiring all wireless signals identified by the authentication equipment, determining communication addresses of all wireless signals, and storing all communication addresses as a wireless connection list;
and obtaining a first authentication result according to the wireless connection list and the communication address of the wireless module of the terminal, if the wireless connection list contains the communication address of the wireless module of the terminal, assigning the first authentication result as a first value, otherwise, assigning the first authentication result as a second value.
In one possible design, after the obtaining, according to the target base station, the distance between the current location of the terminal corresponding to the communication identification code and the authentication device, the method further includes:
obtaining a second authentication result according to the distance between the terminal corresponding to the communication identification code and the authentication equipment, if the distance is smaller than or equal to a preset distance threshold value, assigning the second authentication result as a first value, otherwise, assigning the second authentication result as a second value;
acquiring a first weight value corresponding to the first authentication result and a second weight value corresponding to the second authentication result, respectively calculating the product of the first authentication result and the first weight value to obtain a first result, obtaining a second result by the product of the second authentication result and the second weight value, and summing according to the first result and the second result to obtain an authentication parameter;
And if the authentication parameter is greater than or equal to a preset authentication threshold, judging that the authentication of the authentication entity is successful.
In one possible design, the wireless communication address includes a multiple access channel address of a wireless network module or a multiple access channel address of a bluetooth communication module.
In one possible design, the obtaining the result of the authority verification according to the registration information includes:
judging whether the pre-stored user information record list contains the registration information or not;
if the user information record table contains the registration information, the result is verification success, otherwise, the result is verification failure.
In one possible design, the obtaining the target base station corresponding to the global cell identifier includes:
and taking the base station corresponding to the global cell identification code obtained through a pre-stored database as a target base station, wherein the database is used for storing the position information of all base stations covering the authentication equipment area and the global cell identification code corresponding to all base stations.
In a second aspect, an embodiment of the present invention provides a server including a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
Acquiring registration information of an authentication entity through authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information;
if the result is that the verification is successful, acquiring a communication identification code corresponding to the registration information and acquiring a global cell identification code of the position of the terminal corresponding to the communication identification code;
if the global cell identification code is judged to be pre-stored, a target base station corresponding to the global cell identification code is obtained;
acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station;
and if the distance is smaller than or equal to a preset distance threshold, judging that the authentication of the authentication entity is successful.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer-executable instructions are stored, when executed by a processor, to implement the network fault location method according to any one of the first aspects.
According to the authentication method and the server provided by the embodiment of the invention, when the current authentication entity authority verification passes and the distance between the user terminal and the authentication equipment is smaller than or equal to the preset distance threshold, the authentication entity is used for authentication verification in the effective authentication area by the legal user, the authentication of the authentication entity is successful, and the legal user can enter the relevant area. The authentication result is obtained by using the communication data of the user, so that the condition that an illegal user successfully authenticates by using a copied authentication entity is avoided, the authentication result of the authentication entity is judged according to a method for verifying whether the user with the registered authentication entity is consistent with the registered user, and the accuracy of the authentication result and the security of an authentication system are improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is a schematic diagram of an existing authentication application scenario provided in an embodiment of the present invention;
fig. 2 is a flowchart of an authentication method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a second authentication method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of communication between a terminal and a base station according to an embodiment of the present invention;
fig. 5 is a flowchart of an authentication method according to an embodiment of the present invention;
fig. 6 is a flowchart of an authentication method according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an authentication device according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a server structure according to an embodiment of the present invention.
Detailed Description
Specific embodiments of the present invention have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Along with the comprehensive development of social economy, more and more application scenes need to realize the off-line user authentication function, such as building entrance guard or office areas and other places needing to verify identities, the legitimacy of the user identity is verified by using the user authentication technology. Fig. 1 is a schematic diagram of a conventional authentication application scenario provided in an embodiment of the present invention. As shown in fig. 1, the existing authentication application scenario mainly includes: an authentication entity 11, an authentication device 12 and an authentication server 13. Wherein personal information of the user is entered in the authentication entity 11, and the authentication device 12 is provided with information acquisition means, such as an inductor or the like, for acquiring the personal information stored in the authentication entity. After the user has registered personal information in the authentication system, the authentication entity 11 having entered personal information is obtained. When a user enters into a valid authentication area, the authentication device 12 transmits the collected personal information to the authentication server 13, and the authentication server 13 inquires of the system whether the personal information of the user is registered. If the authentication server 13 inquires that the user has registered personal information in the system, it is determined that the authentication of the user is passed, and the user is allowed to enter the relevant area.
Currently, user authentication mostly uses RFID (Radio Frequency Identification, abbreviated as radio frequency identification) and NFC (Near Field Communication, abbreviated as near field communication) technologies to implement simple and rapid authentication of a user. However, the technical method for realizing authentication by using radio frequency identification or near field communication is single, registered user information is easy to copy, and whether the user holding the registered authentication entity is consistent with the registered user can not be accurately judged. If the user with illegal identity copies the personal information in the authentication entity 11, the authentication entity with illegal authority is obtained, and the illegal authentication entity is used to enter the relevant area, thus seriously affecting the personal safety and property safety of the user.
In order to avoid the technical problems, the invention improves the current authentication method, and judges the distance between the legal user and the authentication equipment through the communication data of the user mobile phone based on the habit that the current user carries the mobile phone with the mobile phone. If the distance between the user and the authentication equipment is far, the authentication cannot be passed even if the information in the authentication entity is inquired to be registered, so that the condition that the authentication of the illegal user by using the copied authentication entity is successful is effectively avoided. By verifying whether the user with the registered authentication entity is consistent with the registered user, the accuracy of the authentication result and the security of the authentication system are improved.
Fig. 2 is a flowchart of an authentication method according to an embodiment of the present invention. The execution body of the method of the present embodiment may be a server in an authentication system, as shown in fig. 2, and the authentication method includes the following steps:
s201: and acquiring registration information of the authentication entity through the authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information.
The authentication equipment is provided with information acquisition devices such as an inductor and the like, when the authentication entity is in an effective verification area, the inductor acquires registration information of a user stored by the authentication entity and sends the acquired registration information to a server. The server obtains the result of the authority verification of the authentication entity according to the registration information, if the server contains the registration information, the result of the authority verification is successful, otherwise, the server judges that the authentication of the authentication entity fails. The range of the effective verification area may be different according to the sensing technology of the authentication entity, and the sensing technology and the range of the effective verification area are not particularly limited in the present invention.
S202: if the result is that the verification is successful, the communication identification code corresponding to the registration information is obtained, and the global cell identification code of the position of the terminal corresponding to the communication identification code is obtained.
And if the server contains the registration information, the authority verification result is successful. However, when the authority verification is performed only based on the registration information, it cannot be determined whether the authentication entity is a duplicate illegal authentication entity. In order to avoid the condition that the illegal user successfully authenticates by using the copied authentication entity, the validity of the authentication entity can be further confirmed by using the communication data of the legal user. Wherein the server contains all registration information and communication identification codes of users corresponding to all registration information. The server can obtain the communication data of the user according to the communication identification code of the user, and obtain the global cell identification code corresponding to the current position of the user according to the communication data of the user. The global district identification code is used for identifying a district in a position area and consists of a mobile user country code, a mobile network number, a position area identification code and a district identification code.
S203: and if the global cell identification code is judged to be pre-stored, acquiring a target base station corresponding to the global cell identification code.
After the server obtains the global cell identification code, inquiring whether the global cell identification code is contained in the server. If the server judges that the global cell identification code is stored, the server determines a base station corresponding to the global cell identification code according to the global cell identification code, takes the obtained base station as a target base station, and if the global cell identification code is not stored in the server, judges that the authentication of the authentication entity fails. If the information of the base station corresponding to the global cell identification code is stored in the server, the signal of the base station which is used for communicating with the user terminal corresponding to the communication identification code is indicated to cover the authentication device, namely the current position of the user terminal and the authentication device are in the coverage range of the same base station. When the current position of the user terminal and the authentication equipment are judged to be in the coverage range of the same base station, the user terminal is indicated to be in the vicinity of the authentication equipment, and the range of the position of the user terminal is narrowed.
S204: and acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station.
However, when there is an illegal user to verify by using the copied authentication entity, the legal user terminal is also located around the authentication device, and the validity of the authentication entity cannot be determined only in the range of the location of the user terminal. Therefore, whether the legal user uses the authentication entity for identity verification can be further judged by judging the distance between the authentication equipment and the current position information of the user terminal. Wherein the server stores the distances between the base station of the authentication device and the authentication device covered by all signals. The server can obtain the horizontal distance between the target base station and the authentication equipment according to the information of the target base station. The server can obtain the distance between the current position of the user terminal and the target base station according to the stored information of the target base station and the communication data of the user terminal. The server can obtain the distance between the current position of the user terminal corresponding to the communication identification code and the authentication equipment according to the distance between the target base station and the authentication equipment and the distance between the current position of the user and the base station.
S205: if the distance is smaller than or equal to the preset distance threshold, the authentication entity is judged to be successfully authenticated.
If the distance between the current position of the user terminal and the authentication device is equal to or greater than a preset distance threshold, the position between the current position of the user terminal and the authentication device can be determined to be very close. If the right verification in the current authentication entity is judged to pass and the user terminal is close to the authentication equipment, the authentication entity is used for authentication verification by the legal user, and the authentication success of the authentication entity is judged. If the distance between the current position of the user terminal and the authentication equipment is larger than a preset distance threshold value, judging that the authentication of the authentication entity fails.
According to the embodiment, based on the habit that most users carry mobile phones with them, the distance between the current position of the user and the authentication equipment is obtained by using the communication data of the user terminal, and when the authority verification of the current authentication entity passes and the distance between the user terminal and the authentication equipment is smaller than or equal to the preset distance threshold, the authentication is carried out by the legal user in the effective authentication area by using the authentication entity, and the authentication of the authentication entity is successful, so that the legal user can enter the relevant area. The authentication result is obtained by using the communication data of the user, so that the condition that an illegal user successfully authenticates by using a copied authentication entity is avoided, the authentication result of the authentication entity is judged according to a method for verifying whether the user with the registered authentication entity is consistent with the registered user, and the accuracy of the authentication result and the security of an authentication system are improved.
Fig. 3 is a flowchart of a second authentication method according to an embodiment of the present invention, and based on the embodiment of fig. 2, as shown in fig. 3, a specific implementation manner of step S204 is as follows:
s2041: and acquiring the height of the target base station and the position information of the target base station through a pre-stored database, and acquiring a first distance between the target base station and the authentication equipment according to the position information of the target base station.
The database of the server stores the base station information of all the signal coverage authentication devices, wherein the base station information comprises the height of the base station and the plane linear distance between the base station and the authentication area. Therefore, the distance between the target base station and the authentication device can be acquired according to a database, and the acquired distance D is taken as the first distance.
Table 1 is a database of authentication systems for users of a building, as shown in table 1,
s2042: and acquiring the latest tracking identification signaling of the terminal, and acquiring the time advance of the current position of the terminal according to the latest tracking identification signaling.
The communication identification code is the mobile phone number of the user, and the latest tracking identification signaling of the mobile phone number of the user can be obtained through the network management platform, wherein the tracking identification signaling comprises the time advance of the current position of the user, and the time advance can represent the distance between the user terminal and the antenna port of the base station. In a mobile communication system, an important feature of uplink transmission is that different terminals are orthogonally multiple-access in time-frequency, i.e. uplink transmissions from different terminals in the same cell do not interfere with each other. It must be ensured that the time of arrival of signals at the base station for different terminals using the same communication subframe but different frequency domain resources is substantially aligned. However, because the distances between different user terminals and the base station are different, the time of the wireless signal transmission in the air is also different, i.e. the more distant the user from the base station, the longer the signal takes to reach the base station. In order to realize uplink time synchronization, an uplink timing advance mechanism is adopted. The base station sets different time advance values for the user terminals at different distances, and each user terminal sets the time offset between the starting time of receiving the downlink subframe and the time of transmitting the uplink subframe according to the time advance values.
S2043: and acquiring a second distance between the current position of the terminal and the target base station according to the time advance and the height of the target base station.
Fig. 4 is a schematic diagram of communication between a terminal and a base station according to an embodiment of the present invention. As shown in FIG. 4, d TA And the length of an aerial straight line path between the current position of the user and a base station to which the mobile phone is attached is represented, the vertical height difference between the base station and the authentication area is H, and the straight line distance d between the user terminal and the plane of the target base station. Wherein d is calculated from the time advance TA TA The formula of (2) is as follows:
d TA =TA*78.12
where 78.12 is the coefficient of linear propagation of the signal in air. When TA is 1, the distance between the terminal and the base station is 1×78.12m=78.12m, when TA is 2, the distance between the terminal and the base station is 2×78.12m= 156.24m, and so on. The value of the time offset will vary according to the change in the location of the user terminal. As shown in fig. 4, if the included angle between the line between the current location of the user and the mobile phone attached base station and the horizontal ground is θ, the formula for calculating the linear distance d between the user terminal and the plane of the target base station is:
s2044: and determining the distance between the current position of the terminal and the authentication equipment according to the first distance and the second distance.
In S2041, a first distance D between the base station and the plane line of the authentication area is obtained, and in S2043, a second distance D between the user terminal and the target base station is calculated, and then a formula for calculating a distance between the current position of the terminal and the authentication device is as follows:
Since the TA value is 1 when the air straight line path length between the user's location and the base station to which the mobile phone is attached is [0,78.12], and the TA value is 2 when the path length is [78.12,156.24], and so on, there is an error of 1 TA in the critical case. There is also a corresponding error between the calculated position of the user and the actual position of the authentication area, where the error value is denoted by k (unit: m), and the calculation method is as follows:
therefore, when the distance between the current location of the terminal and the authentication device satisfies the following condition:
|D-d|≤k
namely:
at this time, it may be determined that the current location of the user terminal is very close to the location between the authentication device. If the right verification in the current authentication entity is judged to pass and the user terminal is close to the authentication equipment, the authentication entity is used for authentication verification by the legal user, and the authentication success of the authentication entity is judged.
From the above embodiment, it can be seen that the information of the target base station is obtained through the pre-stored database, the first distance between the target base station and the authentication device is obtained according to the position information of the target base station, then the time advance of the current position of the terminal is obtained according to the latest tracking and identifying signaling of the terminal, and the second distance between the current position of the terminal and the target base station is obtained according to the height of the time advance. The method provided by the embodiment of the invention utilizes the network management platform to obtain the communication data between the user terminal and the base station, and obtains the distance between the current position of the terminal and the authentication equipment according to the communication data. And judging whether the user with the registered authentication entity is consistent with the registered user by the distance between the current position of the terminal and the authentication equipment, thereby improving the accuracy of authentication and the security of an authentication system.
Fig. 5 is a flowchart III of an authentication method according to an embodiment of the present invention, and based on the embodiment of fig. 2, as shown in fig. 5, a specific implementation manner of step S202 is as follows:
s2021: and acquiring a communication identification code corresponding to the registration information according to a pre-stored database, wherein the communication identification code is a telephone number of the user.
After receiving the personal information registered by the user, the server stores the registered information of the user and the communication identification code of the user in a database. Preferably, in the embodiment of the present invention, the communication identification code may be a telephone number of a user. When a user enters a valid verification area, a sensor in the authentication device collects user registration information stored in an authentication entity, and the authentication entity sends the registration information to a server. The server inquires whether the same registration information exists in the database, and if the registration information is judged to be pre-stored, the corresponding communication identification code when the registration information is stored is obtained.
S2022: and acquiring the latest system message signaling of the terminal corresponding to the communication identification code through the network management platform, and acquiring the global cell identification code of the position of the terminal according to the latest system message signaling.
In the embodiment of the present invention, the network management platform preferably includes a wireless network management platform, a core network management platform and other types of integrated network management platforms capable of recording the residence information of the user in the mobile communication system. The server can obtain the latest system message signaling of the mobile phone number of the user through the network management platform, and extract the global cell identification code of the cell where the current user terminal resides from the latest system message signaling.
As can be seen from the above embodiments, by pre-storing the registration information of the user and the corresponding communication identification code in the server, the network management platform is utilized to obtain the latest system message signaling corresponding to the communication identification code, and the global cell identification code of the cell where the current user terminal resides is extracted from the latest system message signaling. The current position information of the legal user can be judged through the global cell identification code of the cell where the current user terminal resides, so that the distance between the current position of the user and the communication base station can be conveniently obtained by utilizing the global cell identification code subsequently. The embodiment of the invention improves the accuracy of authentication and the safety of an authentication system by accurately judging whether the user holding the registered authentication entity is consistent with the registered user.
Fig. 6 is a flowchart of an authentication method according to an embodiment of the present invention. As shown in fig. 6, the authentication method includes the steps of:
s601: and acquiring registration information of the authentication entity through the authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information.
In the embodiment of the present invention, optionally, obtaining the result of the authority verification according to the registration information includes: judging whether the pre-stored user information record list contains registration information, if so, the result is that the verification is successful, otherwise, the result is that the verification is failed.
Table 2 is a user information record table in which, as shown in table 2, the user name, whether or not it is a registered user, and the mobile phone number of the user are recorded. If the user name recorded in the registration information inquired in the user registration information is registered, the result is that the authentication is successful, and the user identity authentication passes, otherwise, the result of the authority authentication function is that the authentication fails.
S602: if the result is that the verification is successful, the communication identification code corresponding to the registration information is obtained, and the global cell identification code of the position of the terminal corresponding to the communication identification code is obtained.
The content of S602 in the embodiment of the present invention and S202 in the embodiment of fig. 2 is repeated, and will not be described here again.
S603: and acquiring the communication address of the wireless module of the terminal corresponding to the communication identification code.
In the embodiment of the invention, the communication address of the wireless module of the terminal corresponding to the communication identification code is acquired through the network management platform. Optionally, the wireless module of the terminal is a wireless network module or a bluetooth communication module. The communication address of the wireless module is the physical address of the wireless network module.
S604: and acquiring all wireless signals identified by the authentication equipment, determining communication addresses of all wireless signals, and storing all communication addresses as a wireless connection list.
The authentication device detects all accessible wireless signals and stores the communication addresses of all detected wireless signals in a wireless connection list. Optionally, when the wireless module is a wireless network module, all physical addresses of the accessible wireless network signals are stored in the wireless connection list. When the wireless module is a bluetooth module, all physical addresses of accessible bluetooth signals are stored in the wireless connection list.
S605: and obtaining a first authentication result according to the wireless connection list and the communication address of the wireless module of the terminal, if the wireless connection list contains the communication address of the wireless module of the terminal, assigning the first authentication result as a first value, otherwise, assigning the first authentication result as a second value.
And the server obtains a first authentication result X by inquiring whether the communication address of the wireless module corresponding to the communication identification code exists in the wireless connection list. And if the wireless connection list contains the communication address of the wireless module of the terminal, assigning the first authentication result X as a first value, otherwise, assigning the first authentication result X as a second value. In one embodiment of the present invention, the first value is 1 and the second value is 0, respectively. Correspondingly, when the first authentication result X is 1, the distance between the wireless module of the terminal and the authentication equipment is very close, which can be considered that the legal user uses the authentication entity to authenticate, and when the first authentication result X is 0, the distance between the wireless module of the terminal and the authentication equipment is very far, and the server can judge that the illegal user uses the copied authentication entity to authenticate.
S606: and if the global cell identification code is judged to be pre-stored, acquiring a target base station corresponding to the global cell identification code.
In the embodiment of the present invention, optionally, the obtaining the target base station corresponding to the global cell identifier includes: and taking the base station corresponding to the global cell identification code obtained through a pre-stored database as a target base station, wherein the database is used for storing the position information of all base stations covering the authentication equipment area and the global cell identification code corresponding to all base stations.
The database of the server stores the global cell identification codes corresponding to all the operator base stations covering the authentication area, and the global cell identification codes corresponding to the base stations covering the authentication area, which are constructed for realizing higher-precision authentication. The server uses the base station corresponding to the global cell identification code obtained by pre-storing the database as a target base station. The target base station not only communicates with the user terminal, but also the authentication device is within the signal coverage of the target base station,
s607: and acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station.
The contents of S607 in the embodiment of the present invention and S204 in the embodiment of fig. 2 are repeated, and are not repeated here.
S608: and obtaining a second authentication result according to the distance between the terminal corresponding to the communication identification code and the authentication equipment, if the distance is smaller than or equal to a preset distance threshold value, assigning the second authentication result as a first value, otherwise, assigning the second authentication result as a second value.
The distance between the user terminal and the authentication device is used for authentication or authentication is carried out according to whether the wireless connection list contains the communication address of the wireless module of the terminal, and errors of the two authentication results can be caused by the influence of site limitation or the environment where the authentication device is located. Therefore, the two authentication modes can be combined to obtain comprehensive authentication results of various authentication modes, and the accuracy of the authentication results can be improved. If the distance is smaller than or equal to the preset distance threshold, the distance between the current position of the user terminal and the authentication equipment is small, and the user terminal can be considered as a legal user to use the authentication entity to authenticate, the second authentication result Y is assigned to be a first value, and otherwise, the second authentication result Y is assigned to be a second value. In one embodiment of the present invention, the first value is 1 and the second value is 0, respectively. Correspondingly, when the second authentication result Y is 1, the fact that the legal user uses an authentication entity to carry out authentication is indicated according to the fact that the distance between the terminal and the authentication equipment is very close; when the second authentication result Y is 0, it indicates that the illegal user uses the copied authentication entity to perform identity verification according to the fact that the distance between the terminal and the authentication device is far.
S609: and obtaining a first weight value corresponding to the first authentication result and a second weight value corresponding to the second authentication result, respectively calculating the product of the first authentication result and the first weight value to obtain a first result, obtaining a second result by the product of the second authentication result and the second weight value, and summing according to the first result and the second result to obtain an authentication parameter.
And acquiring a first weight value a corresponding to the first authentication result X and a second weight value b corresponding to the second authentication result Y, and acquiring comprehensive authentication parameters of various authentication modes according to the first authentication result X, the first weight value a, the second authentication result Y and the second weight value b. Wherein, the formula for calculating the authentication parameter M is as follows:
M=aX+bY
in the embodiment of the invention, the authentication results of the wireless network module and the Bluetooth module can be referred to simultaneously, wherein the communication addresses of all wireless networks accessible by the authentication equipment and the network addresses of all identified Bluetooth communication are stored in the wireless connection list simultaneously. Specifically, whether the wireless connection list contains a first authentication result X obtained by the communication address of the wireless network module of the terminal is judged, and a first weight value of the first authentication result is set as a; a second authentication result Y is obtained by judging whether the distance between the current position of the terminal and the authentication equipment is smaller than or equal to a preset distance threshold value, and a second weight value of the second authentication result is set as b; and judging whether the wireless connection list contains a third authentication result Z obtained by the communication address of the Bluetooth module of the terminal, and setting a third weight value of the third authentication result as c. The formula for calculating the authentication parameter M is as follows:
M=aX+bY+cY
S610: if the authentication parameter is larger than or equal to the preset authentication threshold, the authentication entity is judged to be successfully authenticated.
The preset authentication threshold value stored by the server is m, wherein the authentication threshold value m is more than or equal to 0 and less than 1 decimal. When the authentication parameter M is greater than or equal to the preset authentication threshold M, it can be considered that the authentication of the authentication entity is judged to be successful. Alternatively, the authentication threshold m may be set according to the severity of the authentication system, and when the authentication threshold m is larger, the authentication of the authentication system is described as being more severe, and the authentication threshold m is typically set to a fraction greater than 0.5.
From the above embodiments, it can be known that by adopting various authentication means, the accuracy of the authentication result can be improved. The authentication method provided by the embodiment of the invention is not limited by the site of the authentication equipment, can meet the indoor or outdoor user authentication scene, can accurately judge whether the user holding the registered authentication entity is consistent with the registered user by adopting various authentication means to obtain the comprehensive authentication result, and improves the authentication accuracy and the security of an authentication system.
Fig. 7 is a schematic structural diagram of an authentication device according to an embodiment of the present invention. As shown in fig. 7, the authentication apparatus includes: the first acquisition module 71, the second acquisition module 72, the third acquisition module 73, and the first determination module 74.
The first obtaining module 71 is configured to obtain registration information of the authentication entity through the authentication device, and obtain a result of authority verification of the authentication entity according to the registration information.
A second obtaining module 72, configured to obtain a communication identifier corresponding to the registration information and obtain a global cell identifier corresponding to the communication identifier where the terminal is located if the verification is successful; and if the global cell identification code is judged to be pre-stored, acquiring a target base station corresponding to the global cell identification code.
And the third obtaining module 73 is configured to obtain, according to the target base station, a distance between the current location of the terminal corresponding to the communication identification code and the authentication device.
The first determining module 74 is configured to determine that the authentication entity is successfully authenticated if the distance is less than or equal to the preset distance threshold.
In this embodiment, the authentication device may adopt the method of the embodiment shown in fig. 2, and the technical scheme and the technical effects thereof are similar, which are not described herein.
In one embodiment of the present invention, the third obtaining module 73 is specifically further configured to: acquiring the height of the target base station and the position information of the target base station through a pre-stored database, and acquiring a first distance between the target base station and the authentication equipment according to the position information of the target base station; acquiring a latest tracking identification signaling of the terminal, and acquiring the time advance of the current position of the terminal according to the latest tracking identification signaling; acquiring a second distance between the current position of the terminal and the target base station according to the time advance and the height of the target base station; and determining the distance between the current position of the terminal and the authentication equipment according to the first distance and the second distance.
In one embodiment of the present invention, the second obtaining module 72 is specifically further configured to: acquiring a communication identification code corresponding to the registration information according to a pre-stored database, wherein the communication identification code is a telephone number of a user; and acquiring the latest system message signaling of the terminal corresponding to the communication identification code through the network management platform, and acquiring the global cell identification code of the position of the terminal according to the latest system message signaling.
In one embodiment of the present invention, the authentication device further includes an assignment module, configured to obtain a wireless communication address of the terminal connection corresponding to the communication identification code; acquiring all wireless signals identified by the authentication equipment, determining wireless communication addresses of all wireless signals, and storing all wireless communication addresses as a wireless connection list; and obtaining a first authentication result according to the wireless connection list and the wireless communication address connected with the terminal, if the wireless connection list contains the wireless communication address, assigning the first authentication result as a first value, otherwise, assigning the first authentication result as a second value.
In one embodiment of the present invention, the authentication device further includes a second determining module, configured to obtain a second authentication result according to a distance between the terminal corresponding to the communication identification code and the authentication device, and if the distance is less than or equal to a preset distance threshold, assign the second authentication result to a first value, and otherwise assign the second authentication result to a second value; acquiring a first weight value corresponding to the first authentication result and a second weight value corresponding to the second authentication result, respectively calculating the product of the first authentication result and the first weight value to obtain a first result, obtaining the product of the second authentication result and the second weight value to obtain a second result, and summing according to the first result and the second result to obtain an authentication parameter; if the authentication parameter is larger than or equal to the preset authentication threshold, the authentication entity is judged to be successfully authenticated.
In one embodiment of the present invention, the first obtaining module 71 is specifically further configured to: judging whether a pre-stored user information record list contains registration information or not; if the user information record table contains the registration information, the result is that the verification is successful, otherwise, the result is that the verification is failed.
In one embodiment of the present invention, the second obtaining module 72 is specifically further configured to: and taking the base station corresponding to the global cell identification code obtained through a pre-stored database as a target base station, wherein the database is used for storing the position information of all base stations covering the authentication equipment area and the global cell identification code corresponding to all base stations.
Fig. 8 is a schematic diagram of a server structure according to an embodiment of the present invention. As shown in fig. 8, the server of the present embodiment includes: a processor 81, a memory 82 and a computer program stored in the memory 82 and executable on the processor 81, the processor 81 implementing the following steps when executing the computer program: acquiring registration information of an authentication entity through authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information; if the result is that the verification is successful, acquiring a communication identification code corresponding to the registration information, and acquiring a global cell identification code of the position of the terminal corresponding to the communication identification code; if the pre-stored global cell identification code is judged, a target base station corresponding to the global cell identification code is obtained; acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station; if the distance is smaller than or equal to the preset distance threshold, the authentication entity is judged to be successfully authenticated.
In one possible design, the processor 81 when executing the computer program also implements the following steps: acquiring the height of the target base station and the position information of the target base station through a pre-stored database, and acquiring a first distance between the target base station and the authentication equipment according to the position information of the target base station; acquiring a latest tracking identification signaling of the terminal, and acquiring the time advance of the current position of the terminal according to the latest tracking identification signaling; acquiring a second distance between the current position of the terminal and the target base station according to the time advance and the height of the target base station; and determining the distance between the current position of the terminal and the authentication equipment according to the first distance and the second distance.
In one possible design, the processor 81 when executing the computer program also implements the following steps: acquiring a communication identification code corresponding to the registration information according to a pre-stored database, wherein the communication identification code is a telephone number of a user; and acquiring the latest system message signaling of the terminal corresponding to the communication identification code through the network management platform, and acquiring the global cell identification code of the position of the terminal according to the latest system message signaling.
In one possible design, the processor 81 when executing the computer program also implements the following steps: acquiring a wireless communication address of terminal connection corresponding to a communication identification code; acquiring all wireless signals identified by the authentication equipment, determining wireless communication addresses of all wireless signals, and storing all wireless communication addresses as a wireless connection list; and obtaining a first authentication result according to the wireless connection list and the wireless communication address connected with the terminal, if the wireless connection list contains the wireless communication address, assigning the first authentication result as a first value, otherwise, assigning the first authentication result as a second value.
In one possible design, the processor 81 when executing the computer program also implements the following steps: obtaining a second authentication result according to the distance between the terminal corresponding to the communication identification code and the authentication equipment, if the distance is smaller than or equal to a preset distance threshold value, assigning the second authentication result as a first value, otherwise, assigning the second authentication result as a second value; acquiring a first weight value corresponding to the first authentication result and a second weight value corresponding to the second authentication result, respectively calculating the product of the first authentication result and the first weight value to obtain a first result, obtaining the product of the second authentication result and the second weight value to obtain a second result, and summing according to the first result and the second result to obtain an authentication parameter; if the authentication parameter is larger than or equal to the preset authentication threshold, the authentication entity is judged to be successfully authenticated.
In one possible design, the processor 81 when executing the computer program also implements the following steps: judging whether a pre-stored user information record list contains registration information or not; if the user information record table contains the registration information, the result is that the verification is successful, otherwise, the result is that the verification is failed.
In one possible design, the processor 81 when executing the computer program also implements the following steps: and taking the base station corresponding to the global cell identification code obtained through a pre-stored database as a target base station, wherein the database is used for storing the position information of all base stations covering the authentication equipment area and the global cell identification code corresponding to all base stations.
Reference may be made in particular to the relevant description of the embodiments of the method described above.
In one possible design, memory 82 may be separate or integrated with processor 81.
When the memory 82 is provided separately, the server further comprises a bus 83 for connecting the memory 82 and the processor 81.
The embodiment of the invention also provides a computer readable storage medium, wherein computer execution instructions are stored in the computer readable storage medium, and when a processor executes the computer execution instructions, the authentication method is realized.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to implement the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each module may exist alone physically, or two or more modules may be integrated in one unit. The units formed by the modules can be realized in a form of hardware or a form of hardware and software functional units.
The integrated modules, which are implemented in the form of software functional modules, may be stored in a computer readable storage medium. The software functional modules described above are stored in a storage medium and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or processor to perform some of the steps of the methods described in various embodiments of the present application.
It should be understood that the above processor may be a central processing unit (Central Processing Unit, abbreviated as CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, abbreviated as DSP), application specific integrated circuits (Application Specific Integrated Circuit, abbreviated as ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile memory NVM, such as at least one magnetic disk memory, and may also be a U-disk, a removable hard disk, a read-only memory, a magnetic disk or optical disk, etc.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (Peripheral Component Interconnect, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or one type of bus.
The storage medium may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuits, ASIC for short). It is also possible that the processor and the storage medium reside as discrete components in an electronic device or a master device.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (7)

1. An authentication method, comprising:
acquiring registration information of an authentication entity through authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information;
if the result is that the verification is successful, acquiring a communication identification code corresponding to the registration information and acquiring a global cell identification code of the position of the terminal corresponding to the communication identification code;
if the global cell identification code is judged to be pre-stored, a target base station corresponding to the global cell identification code is obtained;
acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station;
If the distance is smaller than or equal to a preset distance threshold, judging that the authentication of the authentication entity is successful;
the step of obtaining the distance between the current position of the terminal corresponding to the communication identification code and the authentication device according to the target base station comprises the following steps:
acquiring the height of the target base station and the position information of the target base station through a pre-stored database, and acquiring a first distance between the target base station and the authentication equipment according to the position information of the target base station;
acquiring the latest tracking identification signaling of the terminal, and acquiring the time advance of the current position of the terminal according to the latest tracking identification signaling;
acquiring a second distance between the current position of the terminal and the target base station according to the time advance and the height of the target base station;
determining the distance between the current position of the terminal and the authentication equipment according to the first distance and the second distance;
after the global cell identification code of the terminal corresponding to the communication identification code is obtained, the method further comprises the following steps:
acquiring a communication address of a wireless module of a terminal corresponding to the communication identification code;
acquiring all wireless signals identified by the authentication equipment, determining communication addresses of all wireless signals, and storing all communication addresses as a wireless connection list;
Obtaining a first authentication result according to the wireless connection list and the communication address of the wireless module of the terminal, if the wireless connection list contains the communication address of the wireless module of the terminal, assigning the first authentication result as a first value, otherwise, assigning the first authentication result as a second value;
after the distance between the current position of the terminal corresponding to the communication identification code and the authentication device is obtained according to the target base station, the method further comprises the following steps:
obtaining a second authentication result according to the distance between the terminal corresponding to the communication identification code and the authentication equipment, if the distance is smaller than or equal to a preset distance threshold value, assigning the second authentication result as a first value, otherwise, assigning the second authentication result as a second value;
acquiring a first weight value corresponding to the first authentication result and a second weight value corresponding to the second authentication result, respectively calculating the product of the first authentication result and the first weight value to obtain a first result, obtaining a second result by the product of the second authentication result and the second weight value, and summing according to the first result and the second result to obtain an authentication parameter;
And if the authentication parameter is greater than or equal to a preset authentication threshold, judging that the authentication of the authentication entity is successful.
2. The method according to claim 1, wherein the acquiring the communication identifier corresponding to the registration information and acquiring the global cell identifier corresponding to the communication identifier where the terminal is located, includes:
acquiring a communication identification code corresponding to the registration information according to a pre-stored database, wherein the communication identification code is a telephone number of a user;
and acquiring the latest system message signaling of the terminal corresponding to the communication identification code through a network management platform, and acquiring the global cell identification code of the position of the terminal according to the latest system message signaling.
3. The method of claim 1, wherein the wireless module is a wireless network module or a bluetooth communication module.
4. A method according to any one of claims 1 to 3, wherein said obtaining a result of rights verification from said registration information comprises:
judging whether the pre-stored user information record list contains the registration information or not;
if the user information record table contains the registration information, the result is verification success, otherwise, the result is verification failure.
5. A method according to any one of claims 1 to 3, wherein the obtaining the target base station corresponding to the global cell identity comprises:
and taking the base station corresponding to the global cell identification code obtained through a pre-stored database as a target base station, wherein the database is used for storing the position information of all base stations covering the authentication equipment area and the global cell identification code corresponding to all base stations.
6. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of when executing the computer program:
acquiring registration information of an authentication entity through authentication equipment, and acquiring a result of authority verification of the authentication entity according to the registration information;
if the result is that the verification is successful, acquiring a communication identification code corresponding to the registration information and acquiring a global cell identification code of the position of the terminal corresponding to the communication identification code;
if the global cell identification code is judged to be pre-stored, a target base station corresponding to the global cell identification code is obtained;
acquiring the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment according to the target base station;
If the distance is smaller than or equal to a preset distance threshold, judging that the authentication of the authentication entity is successful;
the processor, when executing the computer program, further performs the steps of: acquiring the height of the target base station and the position information of the target base station through a pre-stored database, and acquiring a first distance between the target base station and the authentication equipment according to the position information of the target base station; acquiring the latest tracking identification signaling of the terminal, and acquiring the time advance of the current position of the terminal according to the latest tracking identification signaling; acquiring a second distance between the current position of the terminal and the target base station according to the time advance and the height of the target base station; determining the distance between the current position of the terminal and the authentication equipment according to the first distance and the second distance;
the processor, when executing the computer program, further performs the steps of:
after the global cell identification code of the terminal corresponding to the communication identification code is obtained, the communication address of the wireless module of the terminal corresponding to the communication identification code is obtained; acquiring all wireless signals identified by the authentication equipment, determining communication addresses of all wireless signals, and storing all communication addresses as a wireless connection list; obtaining a first authentication result according to the wireless connection list and the communication address of the wireless module of the terminal, if the wireless connection list contains the communication address of the wireless module of the terminal, assigning the first authentication result as a first value, otherwise, assigning the first authentication result as a second value;
The processor, when executing the computer program, further performs the steps of: after the distance between the current position of the terminal corresponding to the communication identification code and the authentication equipment is obtained according to the target base station, a second authentication result is obtained according to the distance between the terminal corresponding to the communication identification code and the authentication equipment, if the distance is smaller than or equal to a preset distance threshold value, the second authentication result is assigned to be a first value, and otherwise, the second authentication result is assigned to be a second value; acquiring a first weight value corresponding to the first authentication result and a second weight value corresponding to the second authentication result, respectively calculating the product of the first authentication result and the first weight value to obtain a first result, obtaining a second result by the product of the second authentication result and the second weight value, and summing according to the first result and the second result to obtain an authentication parameter; and if the authentication parameter is greater than or equal to a preset authentication threshold, judging that the authentication of the authentication entity is successful.
7. A computer readable storage medium having stored therein computer executable instructions which, when executed by a processor, implement the authentication method of any of claims 1 to 5.
CN202010573179.5A 2020-06-22 2020-06-22 Authentication method and server Active CN113905377B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010573179.5A CN113905377B (en) 2020-06-22 2020-06-22 Authentication method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010573179.5A CN113905377B (en) 2020-06-22 2020-06-22 Authentication method and server

Publications (2)

Publication Number Publication Date
CN113905377A CN113905377A (en) 2022-01-07
CN113905377B true CN113905377B (en) 2023-07-18

Family

ID=79186140

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010573179.5A Active CN113905377B (en) 2020-06-22 2020-06-22 Authentication method and server

Country Status (1)

Country Link
CN (1) CN113905377B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941303A (en) * 2022-11-28 2023-04-07 中国联合网络通信集团有限公司 Identity information checking method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674109A (en) * 2009-10-19 2010-03-17 宇龙计算机通信科技(深圳)有限公司 NFC monitoring device, NFC communication terminal and monitoring system
CN102917358A (en) * 2011-11-01 2013-02-06 广州盛华信息技术有限公司 Method and system for achieving authentication service of micro base station
CN106255102A (en) * 2016-07-26 2016-12-21 广东欧珀移动通信有限公司 The authentication method of a kind of terminal unit and relevant device
CN108769959A (en) * 2018-04-11 2018-11-06 南京熊猫通信科技有限公司 A kind of communication terminal near field identifying system and method based on microcell base station

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009040477A1 (en) * 2009-09-08 2011-03-10 Deutsche Telekom Ag Authentication in the mobile network by authentication cell
US20180234418A1 (en) * 2016-02-03 2018-08-16 Averon Us, Inc. Method and apparatus for facilitating access to publish or post utilizing frictionless two-factor authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101674109A (en) * 2009-10-19 2010-03-17 宇龙计算机通信科技(深圳)有限公司 NFC monitoring device, NFC communication terminal and monitoring system
CN102917358A (en) * 2011-11-01 2013-02-06 广州盛华信息技术有限公司 Method and system for achieving authentication service of micro base station
CN106255102A (en) * 2016-07-26 2016-12-21 广东欧珀移动通信有限公司 The authentication method of a kind of terminal unit and relevant device
CN108769959A (en) * 2018-04-11 2018-11-06 南京熊猫通信科技有限公司 A kind of communication terminal near field identifying system and method based on microcell base station

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Huawei Technologies, Hisilicon.S2-152243 "Support of retrieval of Location Information for support of IMS ES for WLAN interworking based on TR 23.771 phase 1 conclusion".3GPP tsg_sa\WG2_Arch.2015,(第TSGS2_110_Dubrovnik期),全文. *
基于无线通信技术可提供本地交互应用和信息服务系统的实现;王井清;;价值工程(第25期);全文 *
基于窄带物联网的智能门禁锁的设计与实现;张天奇;王进;李跃华;;南通大学学报(自然科学版)(第02期);全文 *

Also Published As

Publication number Publication date
CN113905377A (en) 2022-01-07

Similar Documents

Publication Publication Date Title
CN105472737B (en) A kind of method of locating terminal and server
EP2476272B1 (en) Method and system for user authentication by means of a cellular mobile radio network
US8831564B2 (en) System and method for identity protection using mobile device signaling network derived location pattern recognition
US20130185166A1 (en) Cardholder mobile device positioning system and method
US9736676B2 (en) Method of controlling access to a cellular network
CN103493456A (en) A method of and a support node for requesting registration of stationary user equipment in a cellular telecommunication system
WO2020120672A1 (en) Communication network node, methods, and a mobile terminal
US11317287B2 (en) Method and system for authenticating cellular devices and non-SIM devices for accessing a Wi-Fi access point using a cloud platform
CN108200568B (en) Mobile communication electronic SIM card data processing method and device
US6988279B1 (en) Intelligent agent authentication via position locator system
CN113905377B (en) Authentication method and server
CN107567015A (en) A kind of log-on message acquisition method and log-on message acquisition system based on intelligent terminal
CN101631313B (en) Method for network management and associated device
US20080016557A1 (en) Mobile communication terminal and method for authenticating data registration
JP5584479B2 (en) Terminal line opening system and terminal line opening method
CN113515612A (en) Heiyou mobile phone number identification method and device
KR20090112359A (en) System and method for providing location based service
JP5004635B2 (en) Authentication device, authentication system, broadcast device, authentication method, and broadcast method
KR100599001B1 (en) Restriction method and system for illegal use of mobile communication terminal using Universal Subscriber Identity Module
KR101910737B1 (en) System for checking communication quality according to position of user mobile and control method thereof
US20230010440A1 (en) System and Method for Performing Identity Management
CN113923660A (en) Authentication method, equipment and storage medium for terminal access local area network
CN104105055A (en) Communication processing method and device
US20100162376A1 (en) Authentication system and method using device identification information in ubiquitous environment
CN106203080A (en) System calling method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant