CN114338044A - Method for verifying identity of network user, storage device and processing device - Google Patents
Method for verifying identity of network user, storage device and processing device Download PDFInfo
- Publication number
- CN114338044A CN114338044A CN202210038449.1A CN202210038449A CN114338044A CN 114338044 A CN114338044 A CN 114338044A CN 202210038449 A CN202210038449 A CN 202210038449A CN 114338044 A CN114338044 A CN 114338044A
- Authority
- CN
- China
- Prior art keywords
- terminal
- ipv6 address
- authentication server
- identity
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to the technical field of IPv6 communication, in particular to a method for verifying the identity of a network user, a storage device and a processing device, and aims to solve the problem that privacy is leaked due to the fact that various websites respectively perform real-name authentication in the prior art. The method for verifying the identity of the network user comprises the following steps: the terminal is connected with the identity verification server, and sends an inspection request to the identity verification server, so that the identity verification server checks whether the item to be inspected in the inspection request is matched with the IPv6 address of the terminal, and sends the generated inspection result to the network access authentication server, and the network access authentication server determines whether the terminal is allowed to access the network. The IPv6 address comprises an address prefix and identity information of a user; the item to be checked includes biometric information of the user and/or a device number of the terminal. The invention uniformly carries out real-name authentication through the identity authentication server, thereby avoiding the disclosure of user privacy and potential risks brought by the disclosure.
Description
Technical Field
The invention relates to the technical field of IPv6 communication, in particular to a method for verifying network user identity, storage equipment and processing equipment.
Background
With the development of the internet, the work and the life of people become more convenient and faster. However, it takes a lot of time and labor to combat various illegal criminal acts such as phishing, network rumor, hacking, etc. Real-name networking undoubtedly provides powerful support for remedying these network clutter.
In the prior art, some websites generally perform real-name authentication in a manner of uploading names, identity card numbers, short message authentication mobile phone numbers, uploading certificate photos, even handheld certificate self-shooting photos and the like, and then establish a database in a server to bind user names and identity information. However, if all websites perform this cumbersome authentication, it takes too much time for the user, and in case the personal privacy information is utilized by a lawbreaker, it causes immeasurable loss to the user.
The invention patent with application number CN202010129542.4 (title: method for generating IPv6 address, storage device and processing device, application date: 20200228) discloses a method for generating IPv6 address, by which identity information such as user's identification number or passport number can be embedded in IPv6 address. If an authority department allocates an IPv6 address field containing the user identity information to each user according to the method and each user uses the IPv6 address allocated to the user to surf the internet when using network terminal equipment such as a computer, a mobile phone and the like, real-name system surfing is realized, and a network police can easily trace real users behind a certain operation.
Therefore, how to effectively monitor whether each user really uses the IPv6 address allocated to the user becomes a problem to be solved urgently.
Disclosure of Invention
In order to solve the above problems in the prior art, the invention provides a method for verifying the identity of a network user, a storage device and a processing device, which not only realizes the real-name authentication of the network user, but also effectively avoids the problem of privacy disclosure of personal identification number, biological information and the like.
The invention provides a first method for verifying the identity of a network user, which comprises the following steps:
the terminal is connected with an authentication server so that the authentication server checks the IPv6 address of the terminal; wherein the IPv6 address comprises: address prefixes and identity information of the user.
Preferably, before the "the terminal connects to the authentication server so that the authentication server checks the IPv6 address of the terminal", the method further includes:
the terminal acquires the IPv6 address; or the terminal acquires the identity information of the user and generates the IPv6 address according to the identity information of the user.
Preferably, before the "the terminal connects to the authentication server so that the authentication server checks the IPv6 address of the terminal", the method further includes:
the terminal acquires the biological information of the user; wherein the biological information includes: fingerprint information and/or voiceprint information and/or iris information and/or face information.
Preferably, the step of the terminal connecting to an authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending an inspection request to the authentication server so that the authentication server checks whether an item to be inspected in the inspection request is matched with the IPv6 address of the terminal according to preset identity information and generates an inspection result;
wherein the ping request comprises: the item to be checked; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the verification result includes a verification code indicating an acknowledgement or a denial.
Preferably, after the step of the terminal connecting to the authentication server so that the authentication server checks the IPv6 address of the terminal, the method further includes:
receiving the checking result returned by the identity authentication server;
sending the checking result to a network access authentication server so that: the network access authentication server sends a check request to the identity authentication server according to the check result, and then determines whether the terminal is allowed to access the network according to the check result returned by the identity authentication server;
the collation request includes: the verification code and the IPv6 address of the terminal; the checking result comprises: and checking a code, wherein the checking code indicates whether the verification code is matched with the IPv6 address of the terminal.
Preferably, after the step of the terminal connecting to the authentication server so that the authentication server checks the IPv6 address of the terminal, the method further includes:
receiving the checking result returned by the identity authentication server;
sending the ping result to a destination server such that: the target server sends a checking request to the identity authentication server according to the checking result, and then determines whether the terminal is allowed to access according to the checking result returned by the identity authentication server;
the collation request includes: the verification code and the IPv6 address of the terminal;
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal.
Preferably, the step of the terminal connecting to an authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending a ping request to the authentication server to cause: the identity verification server checks whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to preset identity information, and sends a generated checking result to a network access authentication server, so that the network access authentication server determines whether the terminal is allowed to access the network;
wherein the ping request comprises: the item to be checked; the items to be checked comprise: the biometric information of the user and/or the device number of the terminal. The preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
Preferably, the step of the terminal connecting to an authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending a ping request to the authentication server to cause: the identity authentication server checks whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to preset identity information, and sends a generated checking result to a destination server, so that the destination server determines whether the terminal is allowed to access;
wherein the ping request comprises: the address of the item to be checked and the destination server; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
Preferably, the step of the terminal connecting to an authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending a checking request to the authentication server so that the authentication server checks whether a to-be-checked item in the checking request is matched with the IPv6 address of the terminal according to preset identity information and further determines whether the terminal is allowed to access a network;
wherein the ping request comprises: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more.
The invention provides a second method for verifying the identity of a network user, which comprises the following steps:
the identity authentication server receives a connection request of a terminal;
checking the IPv6 address of the terminal;
wherein, the IPv6 address of the terminal comprises: address prefixes and identity information of the user.
Preferably, after the "the authentication server accepts the connection request of the terminal", before the "checking the IPv6 address of the terminal", the method further includes:
receiving an inspection request sent by the terminal;
wherein the ping request comprises: the item to be checked; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the biological information includes: fingerprint information and/or voiceprint information and/or iris information and/or face information.
Preferably, the step of "checking the IPv6 address of the terminal" includes:
checking whether the items to be checked in the checking request are matched with the IPv6 address of the terminal according to preset identity information, and generating a checking result;
wherein the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the verification result includes a verification code indicating an acknowledgement or a denial.
Preferably, after the step of "pinging the IPv6 address of the terminal", the method further includes:
returning the checking result to the terminal so that the terminal sends the checking result to a network access authentication server;
receiving a check request sent by the network access authentication server, wherein the check request comprises the verification code and the IPv6 address of the terminal;
checking whether the verification code is matched with the IPv6 address of the terminal and generating a check result;
returning the check result to the network access authentication server so that the network access authentication server determines whether the terminal is allowed to access the network;
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal.
Preferably, after the step of "pinging the IPv6 address of the terminal", the method further includes:
returning the checking result to the terminal so that the terminal sends the checking result to a destination server;
receiving a check request sent by the destination server, wherein the check request comprises the verification code and the IPv6 address of the terminal;
checking whether the verification code is matched with the IPv6 address of the terminal and generating a check result;
returning the checking result to the destination server so that the destination server determines whether the terminal is allowed to access;
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal.
Preferably, the step of "checking the IPv6 address of the terminal" includes:
checking whether the items to be checked in the checking request are matched with the IPv6 address of the terminal according to preset identity information, and generating a checking result;
sending the checking result to a network access authentication server so that the network access authentication server determines whether the terminal is allowed to access the network;
wherein the ping request comprises: the item to be checked; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
Preferably, the step of "checking the IPv6 address of the terminal" includes:
checking whether the items to be checked in the checking request are matched with the IPv6 address of the terminal according to preset identity information, and generating a checking result;
sending the checking result to a destination server so that the destination server determines whether to allow the terminal to access;
wherein the ping request comprises: the address of the item to be checked and the destination server; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
Preferably, the step of "checking the IPv6 address of the terminal" includes:
checking whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to preset identity information, and further determining whether the terminal is allowed to access the network;
wherein the ping request comprises: the item to be checked; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more.
The invention also provides a third method for verifying the identity of a network user, which comprises the following steps:
the target server receives an inspection result sent by the terminal, wherein the inspection result is a result which is returned to the terminal after an item to be inspected in an inspection request of the terminal is checked by the identity authentication server according to preset identity information to determine whether the item to be inspected is matched with the IPv6 address of the terminal;
sending a check request to the authentication server so that the authentication server checks whether the verification code in the check request matches the IPv6 address of the terminal and generates a check result;
receiving the check result returned by the identity authentication server;
determining whether the terminal is allowed to access according to the checking result;
wherein the verification result comprises the verification code, the verification code representing an acknowledgement or a negative; the ping request includes: the item to be checked; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the check request comprises the verification code and the IPv6 address of the terminal; the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal; the IPv6 address includes: address prefixes and identity information of the user.
The invention also provides a fourth method for verifying the identity of a network user, which comprises the following steps:
the target server receives an inspection result sent by an identity authentication server, wherein the inspection result is a result generated by the identity authentication server according to the preset identity information to check whether a to-be-inspected item in an inspection request of a terminal is matched with the IPv6 address of the terminal;
determining whether the terminal is allowed to access according to the checking result;
wherein the checking result comprises an authentication code and the IPv6 address of the terminal, and the authentication code represents acknowledgement or negative; the checking request comprises an item to be checked and the address of the destination server; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the IPv6 address includes: address prefixes and identity information of the user.
The invention also provides a fifth method for verifying the identity of a network user, which comprises the following steps:
the network access authentication server receives an inspection result sent by the terminal, wherein the inspection result is a result that the identity authentication server checks whether a to-be-inspected item in an inspection request of the terminal is matched with the IPv6 address of the terminal according to preset identity information and then returns the result to the terminal;
sending a check request to the authentication server so that the authentication server checks whether the verification code in the check request matches the IPv6 address of the terminal and generates a check result;
receiving the check result returned by the identity authentication server;
determining whether to allow the terminal to access a network according to the checking result;
wherein the verification result comprises a verification code, the verification code representing an acknowledgement or a negative; the ping request includes: the item to be checked; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the check request comprises the verification code and the IPv6 address of the terminal; the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal; the IPv6 address includes: address prefixes and identity information of the user.
The invention also provides a sixth method for verifying the identity of a network user, which comprises the following steps:
the network access authentication server receives an inspection result sent by an identity authentication server, wherein the inspection result is a result generated by the identity authentication server according to preset identity information to check whether an item to be inspected in an inspection request of a terminal is matched with the IPv6 address of the terminal;
determining whether the terminal is allowed to access the network according to the checking result;
wherein the checking result comprises an authentication code and the IPv6 address of the terminal, and the authentication code represents acknowledgement or negative; the examination request comprises an item to be examined; the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal; the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more; the IPv6 address includes: address prefixes and identity information of the user.
Preferably, in the above six methods for verifying the identity of a network user, the identity information is a personal identification number or a passport number, or an organization identification number.
Preferably, in the above six methods for verifying the identity of a network user, the verification result further includes: the time at which the verification code was generated.
Preferably, in the above six methods for verifying the identity of a network user, the IPv6 address further includes: interface information; the interface information includes: the class number of the terminal or the ID of the terminal and/or the interface serial number of the terminal.
The present invention also proposes a storage device storing a program adapted to be loaded and executed by a processor to implement the method of verifying the identity of a user of a network as described above.
The invention also proposes a processing device comprising: a processor adapted to execute a program; and a storage device adapted to store the program; the program is adapted to be loaded and executed by the processor to implement the method of verifying the identity of a user of a network as described above.
Compared with the closest prior art, the invention has the following beneficial effects:
the method for verifying the identity of the network user comprises the steps that a terminal sends an inspection request to an identity verification server, the identity verification server checks whether a project to be inspected in the inspection request is matched with an IPv6 address of the terminal (so as to determine whether a current user is a legal owner of the address, namely real-name authentication is carried out), and an inspection result is generated and returned to the terminal; then the terminal sends the checking result to the network access authentication server/destination server, the network access authentication server/destination server receives the result and then sends a checking request to the identity authentication server (after checking, whether the information sent by the terminal is fake is determined), and then whether the terminal is allowed to access the network/access the destination server is determined according to the checking result. Or the identity authentication server does not transmit the check result to the network access authentication server/destination server after obtaining the check result, and the network access authentication server/destination server can determine whether to allow the terminal to access the network/access the destination server according to the check result.
The method for verifying the network user identity can specify a certain program on the terminal to interact with the identity verification server so as to obtain the verification result (the process of network user identity verification is completed), and other programs need to obtain the verification result through the certain program if the other programs need to verify the identity, so that the network access verification server or the target server can obtain only one result. The invention uniformly carries out real-name authentication through the identity authentication server, thereby avoiding the problems of privacy disclosure caused by various APPs and websites asking for user identity numbers and biological information and a great deal of potential risks caused by privacy disclosure.
In addition, the method of the invention is adopted to carry out real-name authentication by the identity authentication server uniformly, thus ensuring that all terminals entering the network are operated by users with real-name authentication, and then implementers of network fraud, hacking, network rumors and other defaulting phenomena can be exposed to the eyes of supervision departments uniformly.
Drawings
Fig. 1 is a schematic diagram of a first way of information interaction among a terminal, an authentication server and a network access authentication server in the invention;
FIG. 2 is a diagram illustrating a second way of information interaction among a terminal, an authentication server and a network access authentication server according to the present invention;
FIG. 3 is a diagram illustrating a first manner of information interaction between a terminal, an authentication server, and a destination server in the present invention;
FIG. 4 is a diagram illustrating a second way of information interaction between a terminal, an authentication server, and a destination server in the present invention;
fig. 5 is a schematic diagram of the structure of the terminal IPv6 address in the present invention.
Detailed Description
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and are not intended to limit the scope of the present invention.
The "terminal" mentioned in the following embodiments includes: all devices capable of surfing the internet, such as mobile phones, PADs, computers, automobiles, household appliances, unmanned aerial vehicles and the like; the "destination server" refers to a network device that a user needs to access when accessing to browse news, inquire information, purchase, transfer accounts, play games, chat and the like after surfing the internet by using the terminal. The "authentication server" is a server that performs an identity check on a user who is currently using a terminal, and may be set and managed by a government-specified department, such as a public security department or an operator. The "network access authentication server" refers to a server for authenticating whether a terminal can access a network, and may be set and managed by an operator, and it may check not only the result returned by the authentication server, but also whether the current network access fee of the terminal is exhausted or the network access time limit is exceeded, and so on. "biological information" includes: fingerprint information and/or voiceprint information and/or iris information and/or face information of a person. The information may be static or dynamic. For example, the face information may be one or several face images, or may be a video including movements of shaking a head, blinking a eye, and the like. The "IPv 6 address of the terminal" includes: address prefixes and identity information of the user. The identity information may be a personal identification number or passport number, or an organization identification number or the like, which can be used to distinguish the identity of a personal user or an organization user (organization such as a company, organization, etc.).
The network user identity authentication method of the invention is based on that an authority department distributes an IPv6 address field containing the user identity information to each user in advance according to a preset rule, and each user is required to use the IPv6 address distributed to the user to surf the internet when using the network terminal equipment such as a computer, a mobile phone and the like of the user. Because the same user may have multiple internet-connected devices, the IPv6 address assigned to each user may be more than one, but one address field. The "preset identity information" mentioned in the following embodiments includes: a plurality of citizen IDs (which may be identification numbers or passport numbers, etc.), and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID. The biological information and the network device number may be one or more. Because the biological information of the same citizen may include different information such as fingerprints, voiceprints, faces and the like, the same citizen may also have a plurality of terminal devices which can access the internet. The network device number may be a MAC address, various license numbers, a serial number, etc.
According to the actual use scene, the identity authentication method can be used before the terminal is connected with the destination server, before payment, before screen unlocking or before startup and shutdown, so as to ensure the authenticity of the user identity executing the operation.
Fig. 1 is a schematic diagram of a first way of information interaction among a terminal, an authentication server and a network access authentication server in the present invention. As shown in fig. 1, before formally accessing a network, a terminal sends an inspection request to an authentication server, and the authentication server checks whether an item to be inspected in the inspection request matches with an IPv6 address of the terminal (to determine whether a current user is a valid owner of the address, that is, performs real-name authentication), and returns an inspection result to the terminal; then the terminal sends the checking result to the network access authentication server, the network access authentication server receives the result and then sends a checking request to the identity authentication server (once checking, whether the information sent by the terminal is fake is determined), and then whether the terminal is allowed to access the network is determined according to the checking result.
Fig. 2 is a schematic diagram of a second way of information interaction among the terminal, the authentication server and the network access authentication server in the invention. As shown in fig. 2, before the terminal formally accesses the network, as in fig. 1, the terminal first sends an authentication request to the authentication server, and the authentication server checks whether the to-be-checked item in the authentication request matches the IPv6 address of the terminal. In a special embodiment, the authentication server may also have a network access authentication function, and at this time, the authentication server may directly determine whether to allow the terminal to access the network after obtaining the verification result.
Fig. 3 is a schematic diagram of a first way of information interaction between a terminal, an authentication server and a destination server in the present invention. As shown in fig. 3, before accessing the destination server, the terminal sends an inspection request to the authentication server, and the authentication server checks whether the to-be-inspected item in the inspection request matches with the IPv6 address of the terminal (to determine whether the current user is the legal owner of the address, i.e. performs real-name authentication), and returns the inspection result to the terminal; then the terminal sends the checking result to the target server, the target server sends a checking request to the authentication server after receiving the result (once checking, whether the information sent by the terminal is fake is determined), and then whether the terminal is allowed to access is determined according to the checking result.
Fig. 4 is a schematic diagram of a second way of information interaction between a terminal, an authentication server and a destination server in the present invention. As shown in fig. 4, before the terminal accesses the destination server, the terminal sends an authentication request to the authentication server, as in fig. 3, and the authentication server checks whether the to-be-checked item in the authentication request matches the IPv6 address of the terminal, which is different from fig. 3 in that the authentication server directly sends the authentication result to the destination server, and the destination server does not need to check the authentication result, so that the authentication process is faster.
Based on the methods in fig. 1 and fig. 3, a specific program on the terminal may be specified to interact with the authentication server to obtain an inspection result (the process of network user authentication is completed), and other APPs can only obtain the inspection result from the program, so that the access authentication server or the destination server can obtain only one result, thereby avoiding the problem of privacy disclosure caused by various APPs and websites asking for the user identity number and biological information.
Based on the methods shown in fig. 2 and fig. 4, a specific program on the terminal may be designated to send an inspection request (including private data such as biological information) to the authentication server, and then the authentication server directly sends an inspection result to the network access authentication server or the destination server, so that the problem of privacy disclosure caused by the fact that various APPs and websites require the user identity number and the biological information can also be avoided.
The following first to seventh embodiments describe the method for verifying the identity of a network user according to the present invention with a terminal as an execution subject.
The method for verifying the identity of the network user provided by the invention comprises the following main steps:
in step a1, the terminal connects to the authentication server, so that the authentication server checks the IPv6 address of the terminal.
The IPv6 address of the terminal comprises the following steps: address prefixes and identity information of the user. The identity information may be a personal identification number or passport number, or an organization identification number or the like, which may be used to distinguish the identity of a personal user or an organization user.
In the above embodiment, the authentication server may know whether the address is an IPv6 address allocated according to a preset rule by checking whether the terminal IPv6 address contains a prefix of a specified number of bits and identity information; by checking the identity information therein, it can be known who the legitimate owner of the IPv6 address is. For most citizens following disciplinary law, the IPv6 address allocated to the citizen is used for surfing the Internet, so that the identity of the user who surfs the Internet at present can be preliminarily judged through the terminal IPv6 address. If someone tries to surf the internet by using the IPv6 address of another person, the method in the following embodiment may be adopted, and the identity of the user may be determined to be true or not by collecting the biometric information of the user and uploading the biometric information to the identity authentication server for comparison.
In an optional embodiment, before the terminal connects to the authentication server, the method may further include the step of acquiring an IPv6 address or generating an IPv6 address:
step A0, the terminal acquires an IPv6 address (acquired by a method such as key pressing and voice input, or acquires an IPv6 address stored in advance from a memory); or, the terminal obtains the identity information of the user (by a method such as key press, voice input, or the like, or obtains the identity information stored in advance from a memory), and generates the IPv6 address according to the identity information of the user.
The second embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step B1, the terminal acquires the biometric information of the user.
And step B2, connecting the authentication server.
And step B3, sending the checking request to the authentication server, so that the authentication server checks whether the item to be checked in the checking request matches with the IPv6 address of the terminal according to the preset identity information, and generates a checking result.
Wherein, the examination request comprises an item to be examined, and the item to be examined comprises: the biological information of the user and/or the equipment number of the terminal; the preset identity information includes: a plurality of citizen IDs (which may be identification numbers or passport numbers, etc.), and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network equipment number can be one or more; the result of the inspection includes an authentication code indicating acknowledgement (the item to be inspected matches the IPv6 address of the terminal) or negative (the item to be inspected does not match the IPv6 address of the terminal).
Specifically, in step B3, the authentication server may first find an IPv6 address segment containing the address in the preset identity information according to the IPv6 address of the terminal, so as to obtain a citizen ID that legally owns the address; if the project to be checked comprises the biological information, the biological information of the citizen is found and compared with the biological information in the project to be checked, and whether the biological information sent by the terminal is matched with the IPv6 address of the terminal is known; if the item to be checked comprises the equipment number of the terminal, the network equipment number of the citizen is found and compared, and whether the equipment number of the terminal is matched with the IPv6 address or not is known. If the biological information and the device number of the terminal are included in the item to be checked, the item to be checked is considered to be matched with the IPv6 address of the terminal when both items are matched with the IPv6 address of the terminal.
Whether the current user using the IPv6 address is a citizen who legally owns the address can be determined by checking whether the biological information is matched with the IPv6 address, so that real-name system internet surfing is guaranteed; by checking whether the device number matches the IPv6 address, it can be determined whether the terminal is currently registered under the citizen's name, i.e., whether the current user is a legitimate user of the terminal.
If the biometric information and the device number are matched with the IPv6 address, it can be determined that the identity of the user currently using the terminal is authentic and the right of use of the terminal is legally possessed. In an actual usage scenario, the current user may be the device owner or the borrower. The owner can register the terminal equipment under the name of the borrower in advance, so that the borrower can legally use the terminal equipment to surf the internet. If the authentication server checks that the current user identity is not authentic or that the current user does not have the right of use of the terminal, an authentication code indicating a denial may be generated. By the method, the mobile phone or the computer which is transferred or stolen privately can be restricted from being operated on the internet, and the user does not need to worry about the fact that money of a financial account is stolen after losing the mobile phone, and even can directly lock the identity of a suspect when the terminal tries to access the internet.
The third embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step C1, the terminal acquires the biometric information of the user.
And step C2, the terminal is connected with the authentication server.
And step C3, sending the checking request to the authentication server, so that the authentication server checks whether the item to be checked in the checking request matches with the IPv6 address of the terminal according to the preset identity information, and generates a checking result.
Wherein, the examination request comprises an item to be examined, and the item to be examined comprises: the biological information of the user and/or the equipment number of the terminal; the verification result includes a verification code indicating an acknowledgement or a denial; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
The specific operation of this step may refer to the specific description of step B3 in embodiment two, and is not described herein again.
And step C4, receiving the checking result returned by the authentication server.
Step C5, sending the result of the verification to the network access authentication server so that: and the network access authentication server sends a check request to the identity verification server according to the check result, and further determines whether the terminal is allowed to access the network according to the check result returned by the identity verification server. The verification request includes: the authentication code and the IPv6 address of the terminal; the checking result comprises: and checking codes, wherein the checking codes are used for indicating whether the verification codes are matched with the IPv6 address of the terminal.
The method of the embodiment is usually used when the terminal is ready to access the network after being powered on or is reconnected after being disconnected, and can also be used when the terminal is powered off and the screen is unlocked.
In an optional embodiment, the checking result may further include: and generating the time of the verification code so that the network access authentication server judges whether the verification code in the checking result sent by the terminal exceeds the preset time limit or not according to the time. The terminal may be barred from accessing the network and may be prompted to authenticate again if found to be expired.
Specifically, in step C5, if the verification code in the verification result is found to indicate "negative", the network access authentication server may directly prohibit the terminal from accessing the network without being checked by the authentication server. A check request is sent to the authentication server only if the verification code is found to represent a "confirmation" and the terminal is allowed to access the network only if the returned check code represents a "match". In addition, if the network access authentication server finds that the verification code in the checking result represents 'denial', the network access authentication server can also send a checking request to the identity authentication server. If the verification code indicates 'denial' and the returned check code indicates 'mismatch', the checking result received by the terminal is possibly wrong, and the network access authentication server can prompt the terminal to perform identity verification again; if the verification code indicates "negative" and the returned verification code indicates "match", the network access authentication server may prohibit the terminal from accessing the network.
The fourth embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step D1, the terminal acquires the biometric information of the user.
And D2, connecting the terminal with the authentication server.
And D3, sending the checking request to the authentication server, so that the authentication server checks whether the item to be checked in the checking request matches with the IPv6 address of the terminal according to the preset identity information, and generating a checking result.
Wherein, the examination request comprises an item to be examined, and the item to be examined comprises: the biological information of the user and/or the equipment number of the terminal; the verification result includes a verification code indicating an acknowledgement or a denial; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
The specific operation of this step may refer to the specific description of step B3 in embodiment two, and is not described herein again.
And step D4, receiving the checking result returned by the authentication server.
Step D5, sending the ping result to the destination server so that: and the target server sends a check request to the authentication server according to the check result, and further determines whether the terminal is allowed to access according to the check result returned by the authentication server.
Wherein the request for verification includes: the authentication code and the IPv6 address of the terminal; the checking result comprises: and checking codes, wherein the checking codes are used for indicating whether the verification codes are matched with the IPv6 address of the terminal.
In an optional embodiment, the checking result may further include: and generating the time of the verification code so that the destination server judges whether the verification code in the checking result exceeds the preset time limit or not according to the time. If the terminal is found to be expired, the terminal may be prohibited from accessing and may be prompted to authenticate again.
When the network access authentication server is set in the network, since the terminal has already performed user authentication once when accessing the network, the method of this embodiment only needs to be used when the terminal accesses a certain destination server for the first time or registers on the destination server. After the registration is completed, the destination server can store the IPv6 address of the terminal in a white list, and when the terminal is accessed again later, the destination server can directly allow the terminal to access the white list, or when special operations such as payment are required, the destination server prompts the terminal again for authentication.
Specifically, in step D5, if the destination server finds that the verification code in the verification result indicates "negative", the terminal may be directly prohibited from accessing without being checked by the authentication server. A check request is sent to the authentication server only if the verification code is found to represent a "confirmation" and access is allowed to the terminal if the returned check code represents a "match". In addition, the destination server may also send a verification request to the authentication server if the verification code in the verification result is found to indicate "negative". If the verification code indicates 'denial' and the returned check code indicates 'mismatch', the checking result received by the terminal is possibly wrong, and the destination server can prompt the terminal to perform identity verification again; if the verification code indicates a "negative" and the returned check code indicates a "match", the destination server may prohibit access by the terminal.
The fifth embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step E1, the terminal acquires the biometric information of the user.
And E2, connecting the authentication server.
Step E3, sending a ping request to the authentication server to: the identity verification server checks whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to the preset identity information, and sends the generated checking result to the network access authentication server, so that the network access authentication server determines whether the terminal is allowed to access the network.
Wherein the ping request comprises: a project to be checked; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the checking result comprises an authentication code and the IPv6 address of the terminal, wherein the authentication code represents confirmation or denial; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
Specifically, the method for the identity authentication server to check whether the to-be-checked item in the check request matches the IPv6 address of the terminal according to the preset identity information in step E3 may refer to the specific description of step B3 in the second embodiment, which is not described herein again.
In this embodiment, the default authentication server may know the address of the network access authentication server in advance, and in practical application, the IP address or the domain name of the network access authentication server may be added to the check request as needed.
The sixth embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step F1, the terminal acquires the biometric information of the user.
Step F2, connecting an authentication server;
step F3, sending a ping request to the authentication server to: the identity authentication server checks whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to the preset identity information, and sends the generated checking result to the destination server, so that the destination server determines whether the terminal is allowed to access.
Wherein the ping request comprises: the address of the item to be checked and the destination server; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the result of the verification includes the authentication code indicating the acknowledgement or negative and the IPv6 address of the terminal. The preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
Specifically, the method for the identity authentication server to check whether the to-be-checked item in the check request matches the IPv6 address of the terminal according to the preset identity information in step F3 may refer to the specific description of step B3 in the second embodiment, which is not described herein again.
In this embodiment, the address of the destination server is added to the ping request, where the address may be an IP address or a domain name of the destination server, and the address is added to inform the authentication server where the ping result is to be sent.
The seventh embodiment of the method for verifying the identity of a network user provided by the invention mainly comprises the following steps:
in step G1, the terminal acquires the biometric information of the user.
And G2, the terminal is connected with the authentication server.
Step G3, sending the ping request to the authentication server, so that the authentication server checks whether the to-be-checked item in the ping request matches with the IPv6 address of the terminal according to the preset identity information, and further determines whether to allow the terminal to access the network.
Wherein the ping request comprises: a project to be checked; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
Specifically, the operation of the identity authentication server checking whether the to-be-checked item in the check request matches the IPv6 address of the terminal according to the preset identity information in step G3 may refer to the specific description of step B3 in embodiment two, and details are not described here.
In this embodiment, the authentication server has both the network user authentication function and the network access authentication function, that is, the network access authentication server function is integrated into the authentication server. Therefore, in step G3, if the checking result is that the item to be checked matches the IPv6 address of the terminal, then it is further checked whether other access conditions of the terminal are met (e.g., whether the internet access fee is exhausted, etc.), and it is determined whether the terminal is allowed to access the network.
The following eight to fourteen embodiments describe the authentication method of the present invention with the authentication server as the execution subject.
The eighth embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step H1, the authentication server accepts the connection request of the terminal.
Step H2, the IPv6 address of the terminal is checked.
The IPv6 address of the terminal comprises the following steps: address prefixes and identity information of the user. The identity information may be a personal identification number or passport number, or an organization identification number or the like, which may be used to distinguish the identity of a personal user or an organization user.
In this embodiment, the authentication server may determine whether the address is an IPv6 address allocated according to a preset rule by checking whether the terminal IPv6 address includes a prefix with a specified number of bits and identity information; by checking the identity information therein, it can be known who the legitimate owner of the IPv6 address is. For most citizens following disciplinary law, the IPv6 address allocated to the citizen is used for surfing the Internet, so that the identity of the user who surfs the Internet at present can be preliminarily judged through the terminal IPv6 address. If someone tries to surf the internet by using the IPv6 address of another person, the method in the following embodiment may be adopted, and the identity of the user may be determined to be true or not by collecting the biometric information of the user and uploading the biometric information to the identity authentication server for comparison.
The ninth embodiment of the method for verifying the identity of a network user provided by the invention mainly comprises the following steps:
in step I1, the authentication server accepts the connection request of the terminal.
In step I2, a ping request from the terminal is received.
Step I3, checking whether the item to be checked in the checking request matches the IPv6 address of the terminal according to the preset identity information, and generating a checking result.
Wherein the ping request comprises: a project to be checked; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the verification result comprises a verification code which indicates confirmation or denial; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
The method for verifying the identity of the network user provided by the invention comprises the following main steps:
in step J1, the authentication server accepts the connection request from the terminal.
And step J2, receiving the ping request sent by the terminal. Wherein the ping request comprises: a project to be checked; the items to be checked include: biometric information of the user and/or a device number of the terminal.
Step J3, checking whether the item to be checked in the ping request matches the IPv6 address of the terminal according to the preset identity information, and generating a ping result.
Wherein, the preset identity information comprises: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network equipment number can be one or more; the result of the verification includes a verification code indicating an acknowledgement or a denial.
And step J4, returning the result of the inspection to the terminal so that the terminal sends the result of the inspection to the network access authentication server.
Step J5, receiving a check request sent by the network access authentication server, wherein the check request comprises a verification code and the IPv6 address of the terminal.
Step J6, checking whether the verification code matches with the IPv6 address of the terminal, and generating a check result. The checking result comprises a checking code, and the checking code indicates whether the verification code is matched with the IPv6 address of the terminal.
Step J7, the checking result is returned to the network access authentication server, so that the network access authentication server determines whether to allow the terminal to access the network.
In an optional embodiment, the checking result may further include: and generating the time of the verification code so that the network access authentication server judges whether the verification code in the checking result exceeds a preset time limit according to the time.
The eleventh embodiment of the method for verifying the identity of a network user provided by the present invention mainly comprises the following steps:
in step K1, the authentication server accepts the connection request from the terminal.
In step K2, a ping request from the terminal is received. Wherein the ping request comprises: a project to be checked; the items to be checked include: biometric information of the user and/or a device number of the terminal.
And step K3, checking whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to the preset identity information, and generating a checking result.
Wherein the inspection result comprises a verification code, the verification code indicating an acknowledgement or a negative; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
Step K4, the terminal returns the result of the inspection to cause the terminal to transmit the result of the inspection to the destination server.
Step K5, receiving the verification request from the destination server. Wherein, the check request comprises the verification code and the IPv6 address of the terminal.
Step K6, checking whether the verification code matches the IPv6 address of the terminal, and generating a check result. Wherein the check result comprises a check code which indicates whether the verification code matches with the IPv6 address of the terminal.
Step K7, the result of the check is returned to the destination server to cause the destination server to determine whether or not to permit the terminal to access.
In an optional embodiment, the checking result may further include: and generating the time of the verification code so that the destination server judges whether the verification code in the checking result exceeds the preset time limit or not according to the time.
The twelfth embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step L1, the authentication server accepts the connection request of the terminal.
In step L2, a ping request from the terminal is received. Wherein the checking request comprises an item to be checked; the items to be checked include: biometric information of the user and/or a device number of the terminal.
And step L3, checking whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to the preset identity information, and generating a checking result. The checking result comprises an authentication code and the IPv6 address of the terminal, wherein the authentication code represents confirmation or denial; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
The result of the verification is transmitted to the network access authentication server, so that the network access authentication server determines whether to allow the terminal to access the network, step L4.
The thirteen main steps of the embodiment of the method for verifying the network user identity provided by the invention comprise:
in step M1, the authentication server accepts the connection request from the terminal.
In step M2, a ping request from the terminal is received. Wherein, the checking request comprises the item to be checked and the address of the destination server; the items to be checked include: biometric information of the user and/or a device number of the terminal.
And step M3, checking whether the to-be-checked item in the ping request matches the IPv6 address of the terminal according to the preset identity information, and generating a ping result. Wherein the verification result includes a verification code indicating an acknowledgement or a negative.
In step M4, the result of the ping is sent to the destination server so that the destination server determines whether to allow the terminal to access.
The fourteenth embodiment of the method for verifying the identity of the network user provided by the invention mainly comprises the following steps:
in step N1, the authentication server accepts the connection request from the terminal.
In step N2, a ping request from the terminal is received. Wherein the checking request comprises an item to be checked; the items to be checked include: biometric information of the user and/or a device number of the terminal.
And step N3, checking whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to the preset identity information, and further determining whether the terminal is allowed to access the network.
Wherein, the preset identity information comprises: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
In this embodiment, the authentication server has both the network user authentication function and the network access authentication function, that is, the network access authentication server function is integrated into the authentication server. Therefore, in step N3, if the checking result is that the item to be checked matches the IPv6 address of the terminal, then it is further checked whether other access conditions of the terminal are met (e.g., whether the internet access fee is exhausted, etc.), and it is determined whether the terminal is allowed to access the network.
In the following embodiments fifteen to sixteen, the method for verifying the identity of the network user according to the present invention is described with the destination server as the execution subject.
A fifteenth embodiment of the method for verifying the identity of a network user according to the present invention comprises the following main steps:
and step O1, the destination server receives the checking result sent by the terminal, wherein the checking result is a result that the authentication server checks whether the item to be checked in the checking request of the terminal is matched with the IPv6 address of the terminal according to the preset identity information, and then returns the result to the terminal.
Wherein the inspection result comprises a verification code, the verification code indicating an acknowledgement or a negative; the examination request comprises an item to be examined; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network equipment number can be one or more; the IPv6 address includes: address prefixes and identity information of the user.
Step O2, sending a check request to the authentication server, so that the authentication server checks whether the verification code in the check request matches the IPv6 address of the terminal, and generates a check result. Wherein, the check request comprises the verification code and the IPv6 address of the terminal.
And step O3, receiving the check result returned by the authentication server. Wherein, the check result comprises a check code which is used for indicating whether the verification code is matched with the IPv6 address of the terminal.
And step O4, determining whether to permit the terminal to access according to the check result.
In an optional embodiment, the checking result may further include: and generating the time of the verification code so that the destination server judges whether the verification code in the checking result exceeds the preset time limit or not according to the time.
Sixteenth, the method for verifying the identity of a network user according to the present invention comprises the following steps:
in step P1, the destination server receives the checking result sent by the authentication server, where the checking result is a result generated by the authentication server checking whether the item to be checked in the checking request of the terminal matches with the IPv6 address of the terminal according to the preset identity information.
The checking result comprises an authentication code and the IPv6 address of the terminal, wherein the authentication code represents confirmation or denial; the checking request comprises the address of the item to be checked and the destination server; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network equipment number can be one or more; the IPv6 address includes: address prefixes and identity information of the user.
And a step P2 of determining whether to allow the terminal to access according to the result of the ping.
In the following embodiments seventeenth to eighteen, the method for verifying the identity of a network user according to the present invention is described with a network access authentication server as an implementation subject.
Seventeenth, the method for verifying the identity of a network user according to the present invention comprises the following main steps:
and step Q1, the network access authentication server receives the checking result sent by the terminal, wherein the checking result is the result that the identity authentication server checks whether the item to be checked in the checking request of the terminal is matched with the IPv6 address of the terminal according to the preset identity information and then returns the result to the terminal.
Wherein the inspection result comprises a verification code, the verification code indicating an acknowledgement or a negative; the examination request comprises an item to be examined; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network device number may be one or more.
And step Q2, sending a check request to the authentication server so that the authentication server checks whether the verification code in the check request is matched with the IPv6 address of the terminal, and further generating a check result.
Wherein, the check request comprises an authentication code and the IPv6 address of the terminal; the checking result comprises a checking code which indicates whether the verification code is matched with the IPv6 address of the terminal; the IPv6 address includes: address prefixes and identity information of the user.
And step Q3, receiving the check result returned by the authentication server.
And step Q4, determining whether to allow the terminal to access the network according to the check result.
In an optional embodiment, the checking result may further include: and generating the time of the verification code so that the network access authentication server judges whether the verification code in the checking result exceeds a preset time limit according to the time.
Eighteen of the embodiments of the method for verifying the identity of a network user according to the present invention include the following main steps:
and step R1, the network access authentication server receives the checking result sent by the identity verification server, wherein the checking result is a result generated by the identity verification server checking whether the item to be checked in the checking request of the terminal is matched with the IPv6 address of the terminal according to the preset identity information.
The checking result comprises an authentication code and the IPv6 address of the terminal, wherein the authentication code represents confirmation or denial; the examination request comprises an item to be examined; the items to be checked include: the biological information of the user and/or the equipment number of the terminal; the preset identity information includes: a plurality of citizen IDs, and an IPv6 address field, biometric information, and/or network device number corresponding to each citizen ID; the biological information and the network equipment number can be one or more; the IPv6 address includes: address prefixes and identity information of the user.
And step R2, determining whether to allow the terminal to access the network according to the result of the ping.
Optionally, in the first to eighteenth embodiments, the IPv6 address may further include, in addition to the address prefix and the identity information of the user, as shown in fig. 5: and interface information. The interface information may include: the class number of the terminal or the ID of the terminal and/or the interface serial number of the terminal. The class number therein may be a number for distinguishing a type of the terminal, for example, the class number is 01 when the terminal is a mobile phone, the class number is 02 when the terminal is an automobile, and the class number is 03 when the terminal is an unmanned aerial vehicle. Through the class number, the supervision department can inquire the information such as the number of various types of equipment accessed to the network at any time.
Although the foregoing embodiments describe the steps in the above sequential order, those skilled in the art will understand that, in order to achieve the effect of the present embodiments, the steps may not be executed in such an order, and may be executed simultaneously (in parallel) or in an inverse order, and these simple variations are within the scope of the present invention.
Further, the present invention also provides an embodiment of a storage device storing a program adapted to be loaded and executed by a processor to implement the method of verifying the identity of a user of a network as described above.
Further, the present invention also provides an embodiment of a processing apparatus, where the processing apparatus of this embodiment includes: a processor and a storage device. Wherein the processor is adapted to execute a program; the storage device is adapted to store the program; the program is adapted to be loaded and executed by a processor to implement the method of verifying the identity of a user of a network as described above.
Those of skill in the art will appreciate that the method steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described above generally in terms of their functionality in order to clearly illustrate the interchangeability of electronic hardware and software. Whether such functionality is implemented as electronic hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
Claims (26)
1. A method of verifying the identity of a user of a network, the method comprising:
the terminal is connected with an authentication server so that the authentication server checks the IPv6 address of the terminal;
wherein the content of the first and second substances,
the IPv6 address includes: address prefixes and identity information of the user.
2. The method of verifying the identity of a network user according to claim 1,
before the "the terminal connects to the authentication server so that the authentication server checks the IPv6 address of the terminal", the method further includes:
the terminal acquires the IPv6 address;
alternatively, the first and second electrodes may be,
and the terminal acquires the identity information of the user and generates the IPv6 address according to the identity information of the user.
3. The method of verifying the identity of a network user according to claim 1,
before the "the terminal connects to the authentication server so that the authentication server checks the IPv6 address of the terminal", the method further includes:
the terminal acquires the biological information of the user;
wherein the content of the first and second substances,
the biological information includes: fingerprint information and/or voiceprint information and/or iris information and/or face information.
4. Method of verifying the identity of a user of a network according to claim 3,
the step that the terminal connects with the authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending an inspection request to the authentication server so that the authentication server checks whether an item to be inspected in the inspection request is matched with the IPv6 address of the terminal according to preset identity information and generates an inspection result;
wherein the content of the first and second substances,
the ping request includes: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes a verification code indicating an acknowledgement or a denial.
5. The method of verifying the identity of a user of a network according to claim 4,
after the step of the terminal connecting to the authentication server so that the authentication server checks the IPv6 address of the terminal, the method further includes:
receiving the checking result returned by the identity authentication server;
sending the checking result to a network access authentication server so that: the network access authentication server sends a check request to the identity authentication server according to the check result, and then determines whether the terminal is allowed to access the network according to the check result returned by the identity authentication server;
wherein the content of the first and second substances,
the collation request includes: the verification code and the IPv6 address of the terminal;
the checking result comprises: and checking a code, wherein the checking code indicates whether the verification code is matched with the IPv6 address of the terminal.
6. The method of verifying the identity of a user of a network according to claim 4,
after the step of the terminal connecting to the authentication server so that the authentication server checks the IPv6 address of the terminal, the method further includes:
receiving the checking result returned by the identity authentication server;
sending the ping result to a destination server such that: the target server sends a checking request to the identity authentication server according to the checking result, and then determines whether the terminal is allowed to access according to the checking result returned by the identity authentication server;
wherein the content of the first and second substances,
the collation request includes: the verification code and the IPv6 address of the terminal;
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal.
7. Method of verifying the identity of a user of a network according to claim 3,
the step that the terminal connects with the authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending a ping request to the authentication server to cause: the identity verification server checks whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to preset identity information, and sends a generated checking result to a network access authentication server, so that the network access authentication server determines whether the terminal is allowed to access the network;
wherein the content of the first and second substances,
the ping request includes: the item to be checked;
the items to be checked comprise: the biometric information of the user and/or the device number of the terminal.
The preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
8. Method of verifying the identity of a user of a network according to claim 3,
the step that the terminal connects with the authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending a ping request to the authentication server to cause: the identity authentication server checks whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to preset identity information, and sends a generated checking result to a destination server, so that the destination server determines whether the terminal is allowed to access;
wherein the content of the first and second substances,
the ping request includes: the address of the item to be checked and the destination server;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
9. Method of verifying the identity of a user of a network according to claim 3,
the step that the terminal connects with the authentication server so that the authentication server checks the IPv6 address of the terminal includes:
the terminal is connected with an identity authentication server;
sending a checking request to the authentication server so that the authentication server checks whether a to-be-checked item in the checking request is matched with the IPv6 address of the terminal according to preset identity information and further determines whether the terminal is allowed to access a network;
wherein the content of the first and second substances,
the ping request includes: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more.
10. A method of verifying the identity of a user of a network, the method comprising:
the identity authentication server receives a connection request of a terminal;
checking the IPv6 address of the terminal;
wherein the content of the first and second substances,
the IPv6 address of the terminal comprises: address prefixes and identity information of the user.
11. The method of verifying the identity of a network user according to claim 10,
after the "the authentication server accepts the connection request of the terminal", before the "checking the IPv6 address of the terminal", the method further includes:
receiving an inspection request sent by the terminal;
wherein the content of the first and second substances,
the ping request includes: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the biological information includes: fingerprint information and/or voiceprint information and/or iris information and/or face information.
12. The method of verifying the identity of a user of a network as claimed in claim 11,
the step of "checking the IPv6 address of the terminal" includes:
checking whether the items to be checked in the checking request are matched with the IPv6 address of the terminal according to preset identity information, and generating a checking result;
wherein the content of the first and second substances,
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes a verification code indicating an acknowledgement or a denial.
13. The method of verifying the identity of a network user according to claim 12,
after the step of "pinging the IPv6 address of the terminal", the method further includes:
returning the checking result to the terminal so that the terminal sends the checking result to a network access authentication server;
receiving a check request sent by the network access authentication server, wherein the check request comprises the verification code and the IPv6 address of the terminal;
checking whether the verification code is matched with the IPv6 address of the terminal and generating a check result;
returning the check result to the network access authentication server so that the network access authentication server determines whether the terminal is allowed to access the network;
wherein the content of the first and second substances,
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal.
14. The method of verifying the identity of a network user according to claim 12,
after the step of "pinging the IPv6 address of the terminal", the method further includes:
returning the checking result to the terminal so that the terminal sends the checking result to a destination server;
receiving a check request sent by the destination server, wherein the check request comprises the verification code and the IPv6 address of the terminal;
checking whether the verification code is matched with the IPv6 address of the terminal and generating a check result;
returning the checking result to the destination server so that the destination server determines whether the terminal is allowed to access;
wherein the content of the first and second substances,
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal.
15. The method of verifying the identity of a user of a network as claimed in claim 11,
the step of "checking the IPv6 address of the terminal" includes:
checking whether the items to be checked in the checking request are matched with the IPv6 address of the terminal according to preset identity information, and generating a checking result;
sending the checking result to a network access authentication server so that the network access authentication server determines whether the terminal is allowed to access the network;
wherein the content of the first and second substances,
the ping request includes: the item to be checked;
the items to be checked comprise: the biometric information of the user and/or the device number of the terminal.
The preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
16. The method of verifying the identity of a user of a network as claimed in claim 11,
the step of "checking the IPv6 address of the terminal" includes:
checking whether the items to be checked in the checking request are matched with the IPv6 address of the terminal according to preset identity information, and generating a checking result;
sending the checking result to a destination server so that the destination server determines whether to allow the terminal to access;
wherein the content of the first and second substances,
the ping request includes: the address of the item to be checked and the destination server;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the verification result includes an authentication code indicating acknowledgement or negative and the IPv6 address of the terminal.
17. The method of verifying the identity of a user of a network as claimed in claim 11,
the step of "checking the IPv6 address of the terminal" includes:
checking whether the item to be checked in the checking request is matched with the IPv6 address of the terminal according to preset identity information, and further determining whether the terminal is allowed to access the network;
wherein the content of the first and second substances,
the ping request includes: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more.
18. A method of verifying the identity of a user of a network, the method comprising:
the target server receives an inspection result sent by the terminal, wherein the inspection result is a result which is returned to the terminal after an item to be inspected in an inspection request of the terminal is checked by the identity authentication server according to preset identity information to determine whether the item to be inspected is matched with the IPv6 address of the terminal;
sending a check request to the authentication server so that the authentication server checks whether the verification code in the check request matches the IPv6 address of the terminal and generates a check result;
receiving the check result returned by the identity authentication server;
determining whether the terminal is allowed to access according to the checking result;
wherein the content of the first and second substances,
the verification result comprises the verification code, and the verification code represents confirmation or denial;
the ping request includes: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the check request comprises the verification code and the IPv6 address of the terminal;
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal;
the IPv6 address includes: address prefixes and identity information of the user.
19. A method of verifying the identity of a user of a network, the method comprising:
the target server receives an inspection result sent by an identity authentication server, wherein the inspection result is a result generated by the identity authentication server according to the preset identity information to check whether a to-be-inspected item in an inspection request of a terminal is matched with the IPv6 address of the terminal;
determining whether the terminal is allowed to access according to the checking result;
wherein the content of the first and second substances,
the checking result comprises an authentication code and the IPv6 address of the terminal, wherein the authentication code represents acknowledgement or negative;
the checking request comprises an item to be checked and the address of the destination server;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the IPv6 address includes: address prefixes and identity information of the user.
20. A method of verifying the identity of a user of a network, the method comprising:
the network access authentication server receives an inspection result sent by the terminal, wherein the inspection result is a result that the identity authentication server checks whether a to-be-inspected item in an inspection request of the terminal is matched with the IPv6 address of the terminal according to preset identity information and then returns the result to the terminal;
sending a check request to the authentication server so that the authentication server checks whether the verification code in the check request matches the IPv6 address of the terminal and generates a check result;
receiving the check result returned by the identity authentication server;
determining whether to allow the terminal to access a network according to the checking result;
wherein the content of the first and second substances,
the verification result comprises a verification code, and the verification code represents confirmation or denial;
the ping request includes: the item to be checked;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the check request comprises the verification code and the IPv6 address of the terminal;
the check result comprises a check code which indicates whether the verification code is matched with the IPv6 address of the terminal;
the IPv6 address includes: address prefixes and identity information of the user.
21. A method of verifying the identity of a user of a network, the method comprising:
the network access authentication server receives an inspection result sent by an identity authentication server, wherein the inspection result is a result generated by the identity authentication server according to preset identity information to check whether an item to be inspected in an inspection request of a terminal is matched with the IPv6 address of the terminal;
determining whether the terminal is allowed to access the network according to the checking result;
wherein the content of the first and second substances,
the checking result comprises an authentication code and the IPv6 address of the terminal, wherein the authentication code represents acknowledgement or negative decision;
the examination request comprises an item to be examined;
the items to be checked comprise: the biological information of the user and/or the equipment number of the terminal;
the preset identity information comprises: a plurality of citizens IDs, IPv6 address fields and biometric information and/or network device numbers corresponding to each of the citizens IDs; the biological information and the network equipment number are one or more;
the IPv6 address includes: address prefixes and identity information of the user.
22. A method of verifying the identity of a network user according to any of claims 1 to 2, 10 or 18 to 21, wherein the identity information is a personal identification number or a passport number, or an institution identification number.
23. A method of verifying the identity of a user of a network as claimed in any one of claims 5 to 6, 13 to 14, 18 or 20, wherein the result of the verification further comprises: the time at which the verification code was generated.
24. Method of verifying the identity of a user of a network according to any of claims 1 to 21,
the IPv6 address further includes: interface information; the interface information includes: the class number of the terminal or the ID of the terminal and/or the interface serial number of the terminal.
25. A storage device having a program stored thereon, wherein the program is adapted to be loaded and executed by a processor to implement the method of verifying the identity of a user of a network as claimed in any one of claims 1 to 24.
26. A processing device, comprising:
a processor adapted to execute a program; and
a storage device adapted to store the program;
characterised in that the program is adapted to be loaded and executed by the processor to implement the method of verifying the identity of a user of a network according to any one of claims 1 to 24.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210038449.1A CN114338044A (en) | 2022-01-13 | 2022-01-13 | Method for verifying identity of network user, storage device and processing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210038449.1A CN114338044A (en) | 2022-01-13 | 2022-01-13 | Method for verifying identity of network user, storage device and processing device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338044A true CN114338044A (en) | 2022-04-12 |
Family
ID=81026841
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210038449.1A Pending CN114338044A (en) | 2022-01-13 | 2022-01-13 | Method for verifying identity of network user, storage device and processing device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338044A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040943A (en) * | 2023-10-10 | 2023-11-10 | 华中科技大学 | Cloud network endophytic security defense method and device based on IPv6 address driving |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080076386A1 (en) * | 2006-09-22 | 2008-03-27 | Amit Khetawat | Method and apparatus for preventing theft of service in a communication system |
| CN102769621A (en) * | 2012-07-20 | 2012-11-07 | 清华大学 | Real user identity-oriented host moving method |
| US20150281234A1 (en) * | 2014-03-27 | 2015-10-01 | Genband Us Llc | Systems, Methods, and Computer Program Products for Third Party Authentication in Communication Services |
| CN111327561A (en) * | 2018-12-13 | 2020-06-23 | 中国电信股份有限公司 | Authentication method, system, authentication server, and computer-readable storage medium |
| CN111343298A (en) * | 2020-02-28 | 2020-06-26 | 中星科源(北京)信息技术有限公司 | Method for generating IPv6 address, storage device and processing device |
| CN113055176A (en) * | 2019-12-26 | 2021-06-29 | 中国电信股份有限公司 | Terminal authentication method and system, terminal device, P2P verification platform and medium |
-
2022
- 2022-01-13 CN CN202210038449.1A patent/CN114338044A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080076386A1 (en) * | 2006-09-22 | 2008-03-27 | Amit Khetawat | Method and apparatus for preventing theft of service in a communication system |
| CN102769621A (en) * | 2012-07-20 | 2012-11-07 | 清华大学 | Real user identity-oriented host moving method |
| US20150281234A1 (en) * | 2014-03-27 | 2015-10-01 | Genband Us Llc | Systems, Methods, and Computer Program Products for Third Party Authentication in Communication Services |
| CN111327561A (en) * | 2018-12-13 | 2020-06-23 | 中国电信股份有限公司 | Authentication method, system, authentication server, and computer-readable storage medium |
| CN113055176A (en) * | 2019-12-26 | 2021-06-29 | 中国电信股份有限公司 | Terminal authentication method and system, terminal device, P2P verification platform and medium |
| CN111343298A (en) * | 2020-02-28 | 2020-06-26 | 中星科源(北京)信息技术有限公司 | Method for generating IPv6 address, storage device and processing device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040943A (en) * | 2023-10-10 | 2023-11-10 | 华中科技大学 | Cloud network endophytic security defense method and device based on IPv6 address driving |
| CN117040943B (en) * | 2023-10-10 | 2023-12-26 | 华中科技大学 | Cloud network endophytic security defense method and device based on IPv6 address driving |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4390122B2 (en) | User authentication system using biometric information | |
| CN107800672B (en) | Information verification method, electronic equipment, server and information verification system | |
| CN101310286B (en) | Improved single sign on | |
| CN101374050B (en) | Apparatus, system and method for implementing identification authentication | |
| US9087183B2 (en) | Method and system of securing accounts | |
| EP1610201A2 (en) | System and method for secure execution of an application | |
| USRE47533E1 (en) | Method and system of securing accounts | |
| US11477190B2 (en) | Dynamic user ID | |
| US20050138394A1 (en) | Biometric access control using a mobile telephone terminal | |
| CN101729514A (en) | Method, device and system for implementing service call | |
| CN109151820A (en) | One kind being based on the safety certifying method and device of " one machine of a people, one card No.1 " | |
| CN101951321A (en) | Device, system and method for realizing identity authentication | |
| CN105868970A (en) | Authentication method and electronic device | |
| CN110071806A (en) | The method and system of data processing based on interface check | |
| WO2007129635A1 (en) | Authentication computer and program | |
| CN104184709A (en) | Verification method, device, server, service data center and system | |
| CN110581835B (en) | Vulnerability detection method and device and terminal equipment | |
| CN109496443A (en) | Mobile authentication method and system for it | |
| CN106992859A (en) | A kind of fort machine private key management method and device | |
| CN114338044A (en) | Method for verifying identity of network user, storage device and processing device | |
| EP3407241B1 (en) | User authentication and authorization system for a mobile application | |
| KR20000063739A (en) | System and method for monitoring fraudulent use of id and media for storing program source thereof | |
| CN110971609A (en) | Anti-cloning method of DRM client certificate, storage medium and electronic equipment | |
| JP2004070814A (en) | Server security management method, device and program | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |