CN114501441A - User authentication method and device - Google Patents
User authentication method and device Download PDFInfo
- Publication number
- CN114501441A CN114501441A CN202011154556.8A CN202011154556A CN114501441A CN 114501441 A CN114501441 A CN 114501441A CN 202011154556 A CN202011154556 A CN 202011154556A CN 114501441 A CN114501441 A CN 114501441A
- Authority
- CN
- China
- Prior art keywords
- terminal
- equipment
- private
- authentication
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000004422 calculation algorithm Methods 0.000 claims description 32
- 238000004364 calculation method Methods 0.000 claims description 18
- 238000005336 cracking Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 20
- 230000006870 function Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 8
- 230000000694 effects Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a user authentication method and device, wherein the method comprises the following steps: receiving an authentication request sent by a terminal, wherein the authentication request carries a device factor and a private identification of the terminal; searching for a device identifier and a private identifier of the terminal which are locally stored; according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculating based on the equipment factor sent by the terminal, authenticating the terminal and obtaining an authentication result; and sending the authentication result to the terminal. The invention can realize the safety certification of the independent hardware equipment, eliminate the influence on all equipment after the key information of the operator is leaked, and reduce the risk of user identity leakage and equipment hardware cracking or embezzlement.
Description
Technical Field
The invention relates to the technical field of network security and authentication, in particular to a user authentication method and device.
Background
With the rapid development of networks, the issue of Network security is more and more emphasized, for example, a client on a computer device, an Access point device (NAS), and an Authentication Authorization Accounting (AAA) Server cooperate with each other to perform admission control on the computer device accessing a corresponding Network. RADIUS (remote Authentication Dial In User service) is a remote User Dial-up Authentication service protocol of client/server structure, which aims at authenticating, authorizing and accounting (AAA) for Dial-up User, and any computer device running NAS software can become a client of RADIUS.
A current user authentication method includes the steps of: the method comprises the steps that a user name and a password are stored in a configuration file or a database of the RADIUS server in a plaintext mode by the RADIUS server, when a user wants to use a certain service, the user can log in a client of the service, the client is triggered to send an access request to corresponding access point equipment during logging in, when the access point equipment receives the access request, an authentication request is sent to the RADIUS server, the authentication request carries a user identifier and a password, the RADIUS server obtains the corresponding password from a local configuration file or the database according to the user identifier carried in the authentication request, and the password is compared with the password carried in the authentication request. When the password is consistent with the password carried in the authentication request, the RADIUS server sends an authentication passing notice to the access point equipment, and when the password is inconsistent with the password carried in the authentication request, the RADIUS server sends an authentication failing notice to the access point equipment.
In the authentication method, the password stored in the RADIUS server is in a plaintext form, so the password is easy to expose, and once the user identifier and the password are exposed, other users can log in the client by using the password on any computer equipment, so that the information of the user is leaked, and great threat is caused to the network security. The authentication is simply carried out according to the user identification and the password mode, and great potential safety hazards exist.
In addition, some other requirements need to be met for user authentication in some application scenarios. For example, automobiles are currently authenticated and managed using customized automobile keys. However, in a shared car or car rental scenario, it is often impossible to assign a specific key to each customer, thereby limiting the customer to only rent and return cars at specific locations, which can be inconvenient.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present invention is to provide a user authentication method and device, so as to improve the security and convenience of user authentication.
In order to solve the above technical problem, an embodiment of the present invention provides a user authentication method, including:
receiving an authentication request sent by a terminal, wherein the authentication request carries a device factor and a private identification of the terminal;
searching for a device identifier and a private identifier of the terminal which are locally stored;
according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculating based on the equipment factor sent by the terminal, authenticating the terminal and obtaining an authentication result;
and sending the authentication result to the terminal.
Optionally, when the locally stored device identifier and private identifier of the terminal are respectively matched with the device identifier sent by the terminal and the private identifier calculated based on the device factor sent by the terminal, an authentication result that the terminal passes authentication is obtained, otherwise, an authentication result that the terminal fails authentication is obtained.
Optionally, the authenticating the terminal according to whether the locally stored device identifier and the private identifier of the terminal are matched with the device identifier sent by the terminal and the private identifier calculated based on the device factor sent by the terminal includes:
judging whether the private identity stored locally is the same as the private identity sent by the terminal: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; if the terminal identification is the same as the equipment identification, calculating to obtain the equipment identification of the terminal according to the equipment factor of the terminal;
judging whether the locally stored equipment identification is the same as the equipment identification of the terminal obtained by calculation: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; and if the authentication result is the same, obtaining the authentication result that the terminal passes the authentication.
Optionally, before receiving the device factor and the private identity sent by the terminal, the method further includes:
receiving a registration request which is sent by the terminal and carries the equipment factor of the terminal;
and calculating to obtain the private identification and the equipment identification of the terminal according to the equipment factor sent by the terminal, sending the generated private identification of the terminal to the terminal, establishing a corresponding relation between the user identity of the terminal and the private identification and the equipment identification of the terminal, and storing the corresponding relation locally.
Optionally, the calculating, according to the device factor sent by the terminal, to obtain the private identity and the device identity of the terminal includes:
calculating the equipment factor and a first preset parameter sent by the terminal by using a first encryption algorithm to obtain a private identifier of the terminal;
calculating the equipment factor and a second preset parameter sent by the terminal by using a second encryption algorithm to obtain an equipment identifier of the terminal;
wherein the first encryption algorithm is different from the second encryption algorithm, and/or the first preset parameter is different from the second preset parameter.
The embodiment of the invention also provides another user authentication method which is applied to a terminal and comprises the following steps:
collecting the device factors of the terminal and a private identification stored locally, wherein the private identification is obtained by a server based on the device factors sent by the terminal and is sent to the terminal;
sending an authentication request carrying the equipment factor and the private identification of the terminal to a server;
and receiving an authentication result returned by the server.
Optionally, before collecting the device factor of the terminal itself and the locally stored private identity, the method further includes:
collecting the self equipment factors of the terminal;
sending a registration request carrying the equipment factor of the terminal to a server;
and receiving the private identification of the terminal sent by the server and storing the private identification in the local terminal.
An embodiment of the present invention further provides a server, including:
the first receiving module is used for receiving an authentication request sent by a terminal, wherein the authentication request carries an equipment factor and a private identity of the terminal;
the searching module is used for searching the equipment identifier and the private identifier of the terminal stored locally;
the authentication module is used for authenticating the terminal according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculation based on the equipment factor sent by the terminal, and obtaining an authentication result;
and the first sending module is used for sending the authentication result to the terminal.
Optionally, the authentication module is further configured to:
judging whether the private identity stored locally is the same as the private identity sent by the terminal: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; if the terminal identification is the same as the equipment identification, calculating to obtain the equipment identification of the terminal according to the equipment factor of the terminal;
judging whether the locally stored equipment identification is the same as the equipment identification of the terminal obtained by calculation: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; and if the authentication result is the same, obtaining the authentication result that the terminal passes the authentication.
Optionally, the server further includes:
a second receiving module, configured to receive a registration request that is sent by the terminal and carries the device factor of the terminal;
and the registration module is used for calculating to obtain the private identification and the equipment identification of the terminal according to the equipment factor sent by the terminal, sending the generated private identification of the terminal to the terminal, establishing the corresponding relationship between the user identity of the terminal and the private identification and the equipment identification of the terminal, and storing the corresponding relationship locally.
Optionally, the registration module is further configured to:
calculating the equipment factor and a first preset parameter sent by the terminal by using a first encryption algorithm to obtain a private identifier of the terminal;
calculating the equipment factor and a second preset parameter sent by the terminal by using a second encryption algorithm to obtain an equipment identifier of the terminal;
wherein the first encryption algorithm is different from the second encryption algorithm, and/or the first preset parameter is different from the second preset parameter.
An embodiment of the present invention further provides a terminal, which is characterized by including:
the first collection module is used for collecting the device factors of the terminal and the private identification stored locally, wherein the private identification is obtained by the server through calculation based on the device factors sent by the terminal and is sent to the terminal;
the first sending module is used for sending an authentication request carrying the equipment factor and the private identity of the terminal to a server;
and the first receiving module is used for receiving the authentication result returned by the server.
Optionally, the terminal further includes:
the second collection module is used for collecting the self equipment factors of the terminal;
the second sending module is used for sending a registration request carrying the equipment factor of the terminal to a server;
and the second receiving module is used for receiving the private identity of the terminal sent by the server and storing the private identity in the local terminal.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the user authentication method described above are implemented.
Compared with the prior art, the user authentication method and the user authentication equipment provided by the embodiment of the invention realize independent hardware equipment safety authentication at the user terminal, can eliminate the influence on all equipment after the key information of an operator is leaked, and can reduce the risks of user identity leakage and equipment hardware cracking or embezzlement. The embodiment of the invention simultaneously adopts the equipment identification and the private identification to carry out user authentication, the two identifications are different identifications obtained by different calculation modes, the authentication request only carries the private identification, the equipment identification needs to be temporarily generated by the server and then is correspondingly matched with the two identifications local to the server. Because the private identity is generated on line and written into the APP of the terminal, the security risk caused by the leakage of the user identity information can be prevented.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without inventive labor.
Fig. 1 is a schematic diagram of an application system of a user authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a user authentication method according to an embodiment of the present invention;
fig. 3 is another schematic flow chart of a user authentication method according to an embodiment of the present invention;
fig. 4 is an exemplary diagram of a user authentication method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 6 is another schematic structural diagram of a server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 8 is another schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments. In the following description, specific details such as specific configurations and components are provided only to help the full understanding of the embodiments of the present invention. Thus, it will be apparent to those skilled in the art that various changes and modifications may be made to the embodiments described herein without departing from the scope and spirit of the invention. In addition, descriptions of well-known functions and constructions are omitted for clarity and conciseness.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In various embodiments of the present invention, it should be understood that the sequence numbers of the following processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
As described in the background art, some user authentication methods in the prior art have a problem of poor security, and in addition, it is desirable to provide an independent authentication scheme that does not depend on a car key in an application scene such as car rental. In order to solve at least one of the above problems, embodiments of the present invention provide a user authentication method, which can implement an authentication process of a user through a terminal of the user, such as a smart phone and a PAD, so as to get rid of dependence on a car key and improve security of user authentication.
Referring to fig. 1, an embodiment of the present invention provides a user authentication method, which can be applied to a system including a terminal 101, an Application (APP)111, and a server 121. Here, the first and second liquid crystal display panels are,
the terminal 101 may specifically be various mobile devices, such as a mobile device like a smart phone and a tablet computer (PAD). The terminal 101 includes:
device attributes 102, which may be classified as unique attributes or non-unique attributes. Unique attributes refer to attributes that may be used to uniquely identify the terminal, also referred to herein as a device factor 103. The non-unique attribute refers to an attribute shared or identical by a plurality of terminals. Specifically, the device factor 103 may include various factors of each terminal, such as an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), a physical address (i.e., a MAC address), a device serial number, an installation ID of the device, and the like. The non-unique attributes may be attributes of the type, model, operating system type, etc. of the device.
The APP111 is an application installed on the terminal 101, and may be, for example, an application for renting a car. The APP111 includes the following functions:
1) the attribute collection 112 is used for collecting device attributes of the terminal, such as device factors (unique attributes), and may also collect non-unique attributes.
2) A message generation and interaction 113, configured to process and organize device attributes into a message, and further, responsible for sending and receiving messages between the APP and the server 121.
3) A private identity store 114 for storing APP related identities to prevent APP counterfeiting. Specifically, in the embodiment of the present invention, the private identity generated by the server based on the information such as the device factor of the terminal may be stored.
The server 121 then includes the following functions:
and generating 122 an identifier, namely generating a device identifier and a private identifier according to the device factor of the terminal.
Message generation and interaction 123, handling messaging between the terminal's APP (application) and the server.
And receiving the device attribute including the device factor sent by the terminal 124.
And an identifier binding and storing unit 126 for binding and storing the device identifier and the private identifier of the terminal with the user identity information of the terminal. The user identity information of the terminal may specifically be personal information (such as name, user ID, etc.).
The external information acquisition 127 may acquire user identity information of the terminal to be bound from an external source.
Referring to fig. 2, the user authentication method provided in the embodiment of the present invention, when applied to a server side, includes:
Here, the embodiment of the present invention may initiate a user authentication process of the terminal after the terminal logs in the APP, that is, the terminal is required to send an authentication request, and the terminal carries the device factor and the private identity of the terminal. After the user authentication is passed, the terminal can use the functions of the APP; and when the authentication fails, the user operation is refused. Of course, it is also possible to initiate a user authentication procedure for the terminal when some predefined function is used, and allow the terminal to use the function only after the authentication is passed, and to reject the terminal to use the function when the authentication fails.
Specifically, the device factor is a device attribute capable of uniquely identifying the terminal, including but not limited to one or more of an IMEI, an IMSI, a MAC address, a device serial number, and a device installation ID of the terminal. Optionally, the authentication request may also carry non-unique device attributes of the terminal, such as attributes of a device type, a model, an operating system type, and the like. The private identification is obtained by the server based on the equipment factor calculation of the terminal in advance and is sent to the terminal for storage. The private identity sent by the server can be stored locally in the terminal by means of the private identity store 114 function of the terminal.
And step 22, searching the device identification and the private identification of the local storage terminal.
Here, after receiving an authentication request sent by a terminal, the server searches for a device identifier and a private identifier of the terminal, which are locally stored. Specifically, the server may pre-establish a binding relationship between the user identity (such as a user ID, a name, and the like) of each terminal and the identifier (including the device identifier and the private identifier). Generally, a message (such as an authentication request, a registration message, etc.) sent by a terminal carries user identity information of the terminal, such as a name or a user ID. Thus, after receiving the authentication request, the server can locally search the device identifier and the private identifier bound with the user identifier according to the user identifier of the terminal sending the authentication request.
And step 23, authenticating the terminal according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculating based on the equipment factor sent by the terminal, and obtaining an authentication result.
Here, if the locally stored device identifier and private identifier of the terminal are respectively matched with the device identifier sent by the terminal and the private identifier calculated based on the device factor sent by the terminal, an authentication result that the terminal passes authentication is obtained; otherwise, obtaining the authentication result of the terminal authentication failure.
In order to simplify the matching process, the server may first determine whether the private identity stored locally is the same as the private identity sent by the terminal: if the authentication result is different, the authentication result of the terminal authentication failure is obtained; and if the terminal identifier is the same as the equipment identifier of the terminal, calculating according to the equipment factor of the terminal to obtain the equipment identifier of the terminal. Then, whether the locally stored device identifier is the same as the device identifier of the terminal obtained by calculation is judged: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; and if the authentication result is the same, obtaining the authentication result that the terminal passes the authentication.
And step 24, sending the authentication result to the terminal.
Here, the server sends an authentication result indicating authentication failure or authentication passing to the terminal, and the APP of the terminal may refuse the user to use the APP or refuse to use a specific function of the APP when authentication fails after receiving the authentication result; when the authentication is passed, the user may be allowed to use the APP or to use a specific function of the APP.
Through the steps, the embodiment of the invention can realize independent hardware equipment safety certification based on the terminal of the user, can eliminate the influence on all equipment after the key information of the operator is leaked, and can reduce the risks of user identity leakage and equipment hardware cracking or embezzlement. The embodiment of the invention simultaneously adopts the equipment identification and the private identification to carry out user authentication, the two identifications are different identifications obtained by different calculation modes, the authentication request only carries the private identification, the equipment identification needs to be temporarily generated by the server and then is correspondingly matched with the two identifications local to the server. The private identity is generated on line and written into the APP of the terminal, so that the security risk caused by the leakage of the identity information of the user can be prevented.
Before the step 21, the server may also bind the user identity of the terminal with the private identity and the device identity of the terminal in the terminal registration process.
Specifically, the server may receive a registration request carrying the device factor of the terminal sent by the terminal. Then, according to the device factor sent by the terminal, calculating to obtain the private identity and the device identity of the terminal, sending the generated private identity of the terminal to the terminal, and establishing a corresponding relationship between the user identity of the terminal and the private identity and the device identity of the terminal, and storing the corresponding relationship locally.
Since there are multiple device factors, in order to ensure that the server can obtain the device factor for calculating the device identifier or the private identifier, and reduce unnecessary transmission of the device factor by the terminal, and provide information transmission efficiency, the embodiment of the present invention may instruct the terminal to collect and transmit the device factors in the list through a predefined device factor list. Specifically, in the terminal registration process, after receiving a registration request that the terminal does not carry the device factor, the server may send a predefined device factor list to the terminal, where the list is used to indicate the device factors that the terminal needs to collect and upload. The terminal collects relevant equipment factors according to the list, resends the registration request carrying the relevant equipment factors, the subsequent server can calculate the private identification and the equipment identification of the terminal according to the equipment factors sent by the terminal after receiving the registration request carrying the relevant equipment factors sent by the terminal, sends the generated private identification of the terminal to the terminal, establishes the corresponding relationship between the user identity of the terminal and the private identification and the equipment identification of the terminal, and stores the corresponding relationship in the local. Similarly, in step 21, when the terminal sends the authentication request, the terminal may collect the relevant device factors according to the list, and then send the authentication request carrying the device factors and the private identity of the terminal. Table 1 gives an example of a device factor list.
TABLE 1
In the terminal authentication process or the terminal registration process, the server needs to calculate the private identity and the device identity of the terminal according to the device factor sent by the terminal. Specifically, a first encryption algorithm may be used to calculate the device factor and a first preset parameter sent by the terminal, so as to obtain a private identifier of the terminal; and calculating the equipment factor and a second preset parameter sent by the terminal by using a second encryption algorithm to obtain the equipment identifier of the terminal. Here, to ensure that the device identity is different from the private identity, the first encryption algorithm is typically different from the second encryption algorithm, and/or the first preset parameter is typically different from the second preset parameter. For example, the first encryption algorithm may employ a different algorithm or computational step than the second encryption algorithm to encrypt the device factor and associated preset parameters. The specific encryption algorithm may be a hash algorithm or the like. The first preset parameter and the second preset parameter may be information bits that are self-defined by the server.
The user authentication method according to the embodiment of the present invention is described above from the server side. The following further explains the terminal side.
Referring to fig. 3, the user authentication method provided in the embodiment of the present invention, when applied to a terminal side, includes:
and step 31, collecting the device factor of the terminal and a private identity stored locally, wherein the private identity is calculated by the server based on the device factor sent by the terminal and is sent to the terminal.
Here, the terminal may collect the relevant device factors according to a pre-obtained device factor list, and collect the private identity of the terminal stored locally. The private identity locally stored by the terminal is obtained by the server through calculation in advance based on the device factor sent by the terminal and is sent to the terminal, for example, the private identity is obtained through calculation in the terminal registration process and is sent to the terminal.
And step 32, sending an authentication request carrying the equipment factor and the private identity of the terminal to a server.
Here, the terminal transmits an authentication request carrying the collected device factors and private identities of the terminal. The server performs user authentication according to the received device factor and private identity of the terminal, and the specific authentication manner may refer to the description of the relevant steps at the server side above, which is not described herein again.
And step 33, receiving the authentication result returned by the server.
Here, an authentication result indicating whether the authentication is passed or not, which is transmitted by the server, is received. The step 31 may be specifically executed after the user logs in the specific APP, or may be executed when the user uses a specific function of the specific APP. After step 33, if the authentication fails, the user may be denied access to the APP or to certain functions of the APP; and when the authentication is passed, the user can be allowed to use the APP or the specific function of the APP.
Before the step 31, the terminal may obtain the private identity through a registration process. Specifically, the terminal may initiate a registration process and collect a device factor of the terminal itself. And then, sending a registration request carrying the equipment factor of the terminal to a server. And then, receiving the private identification of the terminal sent by the server and storing the private identification in the local terminal. In the registration process, the terminal can collect the relevant device factors according to the device factor list sent by the server, and send the device factors to the server by carrying the device factors in the registration request. And the server calculates the private identification and the equipment identification of the terminal according to the equipment factor sent by the terminal, sends the generated private identification of the terminal to the terminal, establishes the corresponding relationship between the user identity of the terminal and the private identification and the equipment identification of the terminal, and stores the corresponding relationship in the local server. The terminal receives and stores the private identity sent by the server, and may specifically be received and stored by the specific APP, for example, written into an internal space of the APP.
Fig. 4 provides an exemplary interaction flow diagram of an authentication process between a server and a terminal, specifically:
in step 401, the user starts an operation, which may specifically be to start a certain mobile APP on the terminal, or start a certain specific function of the mobile APP.
In steps 402-403, the mobile APP collects the device factor and the private identity of the terminal and sends the device factor and the private identity to the server.
In step 404, the server searches the device identifier and the private identifier bound to the terminal and matches the private identifier sent by the terminal.
In step 405, if the two private identities match, step 407 is entered, otherwise step 406 is entered.
In step 406, an authentication result indicating that the user authentication failed is obtained, and then step 409 is entered.
In steps 407-408, the server calculates the device identifier according to the device factor sent by the terminal, matches the calculated device identifier with the device identifier sent by the terminal, obtains an authentication result indicating whether the user authentication passes according to whether the matching is successful, and then proceeds to step 409.
In step 409, the server returns the authentication result to the mobile APP of the terminal.
In step 410, the mobile APP of the terminal enters step 411 when the authentication result indicates that the authentication is passed, otherwise, the mobile APP enters step 412.
In step 411, the mobile APP runs the current operation of the user.
In step 412, the mobile APP denies the user's operation this time.
In addition, in the embodiment of the present invention, a plurality of weight sets may be obtained, each weight set includes a weight for each device factor in the device factor list, and the weight sets may be provided by a plurality of experts independently. And then, calculating the multiple weight sets according to a preset index weight determination algorithm to obtain a final weight set. And then, according to the equipment factor and the final weight set, calculating by using a first/second encryption algorithm to obtain a private identity/equipment identity. A specific example of calculating the private identity/device identity is provided below, and it should be noted that the following is only one calculation method that can be adopted by the present invention, and is not intended to limit the present invention.
First, a device factor set U ═ U is set1,u2,u3,…,unSimultaneously, assuming that K expert settings exist, giving independent weights { a) corresponding to each equipment factori1,ai2,ai3,…,ainAnd (i ═ 1,2,3, … k). For each expert, the set of settings is as follows:
respectively finding out the maximum weight value M in each setjAnd a minimum weight value mj(j ═ 1,2,3, …, n). Setting a positive integer P as the interval division, using the formula
And dividing the weight values into P spacing groups from small to large. The weight X corresponding to each set can be obtainediSetting the frequency value to NiSimultaneously calculate
Based on the above results, an average weight is obtained
j ═ 1,2,3, …, n. Finally, a weight set a ═ a is obtained1,a2,a3,…,an}。
Assume a Device factor set U ═ { Imei, Mac, Network _ address, Device _ ID }. Assume that there are two experts that give the weight sets {0.5,0.1,0.2,0.2} and {0.4,0.2,0.3,0.1}, while setting P ═ 2 as the pitch division. The results of the calculation to obtain the weight of each factor are shown in table 2:
| device factor | Weight of |
| IMEI | 0.325 |
| MAC Address (MAC) | 0.3 |
| Network address (Network _ address) | 0.2 |
| Device ID (Device _ ID) | 0.175 |
TABLE 2
Furthermore, in combination with the actual situation, the factor weight may be multiplied by the scaling factor according to the actual scale of different devices, so as to obtain various types of factor weights for different devices, as shown in table 3:
| device factor | Weight of | Equipment 1 (75%) | Equipment 2 (25%) |
| Imei | 0.325 | 0.24375 | 0.08125 |
| Mac | 0.3 | 0.225 | 0.075 |
| Network_address | 0.2 | 0.15 | 0.05 |
| Device_ID | 0.175 | 0.13125 | 0.04375 |
TABLE 3
Taking the device factor set u ═ {100, 200, 150, 300} as an example, assume that there are two experts giving the weight set a1={0.5,0.1,0.2,0.2},A20.4,0.2,0.3, 0.1. The corresponding set U ═ {90, 60, 75, 120} is calculated:
wherein A is1Has a maximum value of 0.5 and a minimum value of 0.1, corresponding to the maximum weight value M in each setjAnd a minimum weight value mj(j-1, 2,3, …, n.) setting p-2, using the formula
To obtain A1Corresponding to X1Is {0.125, 0.075, 0.15, 0.15}, correspondingly, A2Corresponding to X2Is {0.2, 0.1, 0.15, 0.05}
Corresponding W1Is {0.25, 0.75, 0.75, 0.75}, corresponding to W2Is {0.5, 0.5, 0.5, 0.5 };
finally coefficient according to average
j=(1,2,3,…,n)。
The obtained product has a 1-21/160, a 2-17/160, a 3-3/16 and a 4-22/160.
The corresponding hardware information character string is: d.2+15.4+1c.2+ 29.4.
The splicing is as follows: d.215.41c.229.4.
The encrypted corresponding ciphertext is then used (MD 532-bit upper case: 40935c33a 5a7e4948d27f 1795958465. the ciphertext may be used as the device identifier, or some predetermined character strings or predetermined ASCII may be concatenated after the ciphertext to obtain a new ciphertext which may be used as the private identifier.
Based on the user authentication method, the embodiment of the invention also provides a device for implementing the method.
Referring to fig. 5, an embodiment of a server 50 includes:
a first receiving module 51, configured to receive an authentication request sent by a terminal, where the authentication request carries an equipment factor and a private identifier of the terminal;
the searching module 52 is configured to search for the device identifier and the private identifier of the terminal stored locally;
the authentication module 53 is configured to authenticate the terminal and obtain an authentication result according to whether the locally stored device identifier and private identifier of the terminal are matched with the device identifier sent by the terminal and the private identifier calculated based on the device factor sent by the terminal;
a first sending module 54, configured to send the authentication result to the terminal.
Through the modules, the server provided by the embodiment of the invention can realize independent hardware equipment safety certification, eliminate the influence on all equipment after the key information of an operator is leaked, and reduce the risks of user identity leakage and equipment hardware cracking or embezzlement.
Optionally, when the locally stored device identifier and private identifier of the terminal are respectively matched with the device identifier sent by the terminal and the private identifier calculated based on the device factor sent by the terminal, an authentication result that the terminal passes authentication is obtained, otherwise, an authentication result that the terminal fails authentication is obtained.
Optionally, the authentication module is further configured to:
judging whether the private identity stored locally is the same as the private identity sent by the terminal: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; if the terminal identification is the same as the equipment identification, calculating to obtain the equipment identification of the terminal according to the equipment factor of the terminal;
judging whether the locally stored equipment identification is the same as the equipment identification of the terminal obtained by calculation: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; and if the authentication result is the same, obtaining the authentication result that the terminal passes the authentication.
Optionally, the server further includes:
a second receiving module, configured to receive a registration request that is sent by the terminal and carries the device factor of the terminal;
and the registration module is used for calculating to obtain the private identification and the equipment identification of the terminal according to the equipment factor sent by the terminal, sending the generated private identification of the terminal to the terminal, establishing the corresponding relationship between the user identity of the terminal and the private identification and the equipment identification of the terminal, and storing the corresponding relationship locally.
Optionally, the registration module is further configured to:
calculating the equipment factor and a first preset parameter sent by the terminal by using a first encryption algorithm to obtain a private identifier of the terminal;
calculating the equipment factor and a second preset parameter sent by the terminal by using a second encryption algorithm to obtain an equipment identifier of the terminal;
wherein the first encryption algorithm is different from the second encryption algorithm, and/or the first preset parameter is different from the second preset parameter.
As shown in fig. 6, the embodiment of the present invention further provides a server 60 with another structure, and the server 60 specifically includes a processor 61, a memory 62, a bus system 63, a receiver 64, and a transmitter 65. Wherein, the processor 61, the memory 62, the receiver 64 and the transmitter 65 are connected by a bus system 63, the memory 62 is used for storing instructions, the processor 61 is used for executing the instructions stored by the memory 62 to control the receiver 64 to receive signals and control the transmitter 65 to transmit signals;
the processor 61 is configured to read a program in the memory, and execute the following processes:
receiving an authentication request sent by a terminal, wherein the authentication request carries a device factor and a private identification of the terminal;
searching for a device identifier and a private identifier of the terminal which are locally stored;
according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculating based on the equipment factor sent by the terminal, authenticating the terminal and obtaining an authentication result;
and sending the authentication result to the terminal.
It should be understood that, in the embodiment of the present invention, the processor 61 may be a Central Processing Unit (CPU), and the processor 61 may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 62 may include a read-only memory and a random access memory, and provides instructions and data to the processor 61. A portion of the memory 62 may also include non-volatile random access memory. For example, the memory 62 may also store device type information.
The bus system 63 may include a power bus, a control bus, a status signal bus, and the like, in addition to the data bus. For clarity of illustration, however, the various buses are labeled as bus system 63 in the figures.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 61. The steps of a method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in the memory 62, and the processor 61 reads the information in the memory 62, and completes the steps of the method in combination with the hardware thereof. To avoid repetition, it is not described in detail here.
When executed by the processor, the program can implement all the implementation manners in the user authentication method shown in fig. 2, and can achieve the same technical effect, and is not described herein again to avoid repetition.
In some embodiments of the invention, there is also provided a computer readable storage medium having a program stored thereon, which when executed by a processor, performs the steps of:
receiving an authentication request sent by a terminal, wherein the authentication request carries a device factor and a private identification of the terminal;
searching for a device identifier and a private identifier of the terminal which are locally stored;
according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculating based on the equipment factor sent by the terminal, authenticating the terminal and obtaining an authentication result;
and sending the authentication result to the terminal.
When executed by the processor, the program can implement all implementation manners in the method applied to the server side, and can achieve the same technical effect, and for avoiding repetition, the detailed description is omitted here.
Referring to fig. 7, an embodiment of the present invention further provides a terminal 70, including:
a first collecting module 71, configured to collect a device factor of a terminal and a private identity stored locally, where the private identity is calculated by a server based on the device factor sent by the terminal and is sent to the terminal;
a first sending module 72, configured to send an authentication request carrying the device factor and the private identifier of the terminal to a server;
a first receiving module 73, configured to receive an authentication result returned by the server.
Optionally, the terminal further includes:
the second collection module is used for collecting the self equipment factors of the terminal;
the second sending module is used for sending a registration request carrying the equipment factor of the terminal to a server;
and the second receiving module is used for receiving the private identification of the terminal sent by the server and storing the private identification in the local terminal.
Referring to fig. 8, a schematic structural diagram of a terminal according to an embodiment of the present invention is shown, where the terminal 800 includes: a processor 801, a transceiver 802, a memory 803, a user interface 804 and a bus interface.
In this embodiment of the present invention, the terminal 800 further includes: programs stored on the memory 803 and executable on the processor 801.
The processor 801, when executing the program, implements the steps of: '
Collecting the device factors of the terminal and a private identification stored locally, wherein the private identification is obtained by a server based on the device factors sent by the terminal and is sent to the terminal;
sending an authentication request carrying the equipment factor and the private identification of the terminal to a server;
and receiving an authentication result returned by the server.
It can be understood that, in the embodiment of the present invention, when being executed by the processor 801, the computer program can implement the processes of the method embodiment shown in fig. 3, and can achieve the same technical effect, and in order to avoid repetition, the description is omitted here.
In FIG. 8, the bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by the processor 801, and various circuits, represented by the memory 803, linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 802 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The user interface 804 may also be an interface capable of interfacing with a desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
The processor 801 is responsible for managing the bus architecture and general processing, and the memory 803 may store data used by the processor 801 in performing operations.
In some embodiments of the invention, there is also provided a computer readable storage medium having a program stored thereon, which when executed by a processor, performs the steps of:
collecting the device factors of the terminal and a private identification stored locally, wherein the private identification is obtained by a server based on the device factors sent by the terminal and is sent to the terminal;
sending an authentication request carrying the equipment factor and the private identification of the terminal to a server;
and receiving an authentication result returned by the server.
When executed by the processor, the program can implement all implementation manners in the method applied to the terminal, and can achieve the same technical effect, and is not described herein again to avoid repetition.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (13)
1. A user authentication method is applied to a server, and is characterized by comprising the following steps:
receiving an authentication request sent by a terminal, wherein the authentication request carries a device factor and a private identification of the terminal;
searching for a device identifier and a private identifier of the terminal which are locally stored;
according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculating based on the equipment factor sent by the terminal, authenticating the terminal and obtaining an authentication result;
and sending the authentication result to the terminal.
2. The method of claim 1,
and when the locally stored equipment identifier and the private identifier of the terminal are respectively matched with the equipment identifier sent by the terminal and the private identifier obtained by calculation based on the equipment factor sent by the terminal, obtaining an authentication result that the terminal passes authentication, otherwise, obtaining an authentication result that the terminal fails authentication.
3. The method of claim 1, wherein the authenticating the terminal according to whether the device identifier and the private identifier of the terminal stored locally match with the device identifier sent by the terminal and the private identifier calculated based on the device factor sent by the terminal comprises:
judging whether the private identity stored locally is the same as the private identity sent by the terminal: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; if the terminal identification is the same as the equipment identification, calculating to obtain the equipment identification of the terminal according to the equipment factor of the terminal;
judging whether the locally stored equipment identification is the same as the equipment identification of the terminal obtained by calculation: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; and if the authentication result is the same, obtaining the authentication result that the terminal passes the authentication.
4. A method according to any of claims 1 to 3, wherein prior to receiving the device factor and the private identity sent by the terminal, the method further comprises:
receiving a registration request which is sent by the terminal and carries the equipment factor of the terminal;
and calculating to obtain the private identification and the equipment identification of the terminal according to the equipment factor sent by the terminal, sending the generated private identification of the terminal to the terminal, establishing a corresponding relation between the user identity of the terminal and the private identification and the equipment identification of the terminal, and storing the corresponding relation locally.
5. The method as claimed in claim 4, wherein said calculating the private identity and the device identity of the terminal according to the device factor sent by the terminal comprises:
calculating the equipment factor and a first preset parameter sent by the terminal by using a first encryption algorithm to obtain a private identifier of the terminal;
calculating the equipment factor and a second preset parameter sent by the terminal by using a second encryption algorithm to obtain an equipment identifier of the terminal;
wherein the first encryption algorithm is different from the second encryption algorithm, and/or the first preset parameter is different from the second preset parameter.
6. A user authentication method is applied to a terminal, and is characterized by comprising the following steps:
collecting the device factors of the terminal and a private identification stored locally, wherein the private identification is obtained by a server based on the device factors sent by the terminal and is sent to the terminal;
sending an authentication request carrying the equipment factor and the private identification of the terminal to a server;
and receiving an authentication result returned by the server.
7. The method of claim 6, wherein prior to collecting the terminal's own device factor and the locally stored private identity, the method further comprises:
collecting the self equipment factors of the terminal;
sending a registration request carrying the equipment factor of the terminal to a server;
and receiving the private identification of the terminal sent by the server and storing the private identification in the local terminal.
8. A server, comprising:
the first receiving module is used for receiving an authentication request sent by a terminal, wherein the authentication request carries an equipment factor and a private identity of the terminal;
the searching module is used for searching the equipment identifier and the private identifier of the terminal stored locally;
the authentication module is used for authenticating the terminal according to whether the locally stored equipment identifier and the private identifier of the terminal are matched with the equipment identifier sent by the terminal and the private identifier obtained by calculation based on the equipment factor sent by the terminal, and obtaining an authentication result;
and the first sending module is used for sending the authentication result to the terminal.
9. The server of claim 8, wherein the authentication module is further to:
judging whether the private identity stored locally is the same as the private identity sent by the terminal: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; if the terminal identification is the same as the equipment identification, calculating to obtain the equipment identification of the terminal according to the equipment factor of the terminal;
judging whether the locally stored equipment identification is the same as the equipment identification of the terminal obtained by calculation: if the terminal authentication fails, obtaining an authentication result of the terminal authentication failure; and if the authentication result is the same, obtaining the authentication result that the terminal passes the authentication.
10. The server according to any one of claims 8 to 9, further comprising:
a second receiving module, configured to receive a registration request that is sent by the terminal and carries the device factor of the terminal;
and the registration module is used for calculating to obtain the private identification and the equipment identification of the terminal according to the equipment factor sent by the terminal, sending the generated private identification of the terminal to the terminal, establishing the corresponding relationship between the user identity of the terminal and the private identification and the equipment identification of the terminal, and storing the corresponding relationship locally.
11. The server of claim 10, wherein the registration module is further to:
calculating the equipment factor and a first preset parameter sent by the terminal by using a first encryption algorithm to obtain a private identifier of the terminal;
calculating the equipment factor and a second preset parameter sent by the terminal by using a second encryption algorithm to obtain an equipment identifier of the terminal;
wherein the first encryption algorithm is different from the second encryption algorithm, and/or the first preset parameter is different from the second preset parameter.
12. A terminal, comprising:
the first collection module is used for collecting the device factors of the terminal and the private identification stored locally, wherein the private identification is obtained by the server through calculation based on the device factors sent by the terminal and is sent to the terminal;
the first sending module is used for sending an authentication request carrying the equipment factor and the private identity of the terminal to a server;
and the first receiving module is used for receiving the authentication result returned by the server.
13. The terminal of claim 12, further comprising:
the second collection module is used for collecting the self equipment factors of the terminal;
the second sending module is used for sending a registration request carrying the equipment factor of the terminal to a server;
and the second receiving module is used for receiving the private identity of the terminal sent by the server and storing the private identity in the local terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011154556.8A CN114501441A (en) | 2020-10-26 | 2020-10-26 | User authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011154556.8A CN114501441A (en) | 2020-10-26 | 2020-10-26 | User authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114501441A true CN114501441A (en) | 2022-05-13 |
Family
ID=81470394
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011154556.8A Pending CN114501441A (en) | 2020-10-26 | 2020-10-26 | User authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114501441A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115859337A (en) * | 2023-02-14 | 2023-03-28 | 杭州大晚成信息科技有限公司 | Kernel-based method, device, server and medium for preventing device cracking |
-
2020
- 2020-10-26 CN CN202011154556.8A patent/CN114501441A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115859337A (en) * | 2023-02-14 | 2023-03-28 | 杭州大晚成信息科技有限公司 | Kernel-based method, device, server and medium for preventing device cracking |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835520B (en) | Method for device authentication, method for service access control, device and storage medium | |
| CN110958118B (en) | Certificate authentication management method, device, equipment and computer readable storage medium | |
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| KR101361161B1 (en) | System and method for reinforcing authentication using context information for mobile cloud | |
| CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
| US20050266798A1 (en) | Linking security association to entries in a contact directory of a wireless device | |
| EP2879421B1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
| US20130339740A1 (en) | Multi-factor certificate authority | |
| CN104767715A (en) | Network access control method and equipment | |
| CN103929748A (en) | Internet of things wireless terminal, configuration method thereof and wireless network access point | |
| CN105099673A (en) | Authorization method, authorization requesting method and devices | |
| CN103441984A (en) | Dynamic authentication in secured wireless networks | |
| CN110266642A (en) | Identity identifying method and server, electronic equipment | |
| CN108900484B (en) | Access right information generation method and device | |
| CN111769939A (en) | Business system access method and device, storage medium and electronic equipment | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN106559213A (en) | Device management method, equipment and system | |
| CN114697963B (en) | Identity authentication method and device of terminal, computer equipment and storage medium | |
| CN112512048A (en) | Mobile network access system, method, storage medium and electronic device | |
| CN109858235B (en) | Portable equipment and password obtaining method and device thereof | |
| CN114501441A (en) | User authentication method and device | |
| CN114362981A (en) | Upgrading method of terminal equipment of Internet of things and related equipment | |
| KR20100053703A (en) | System and method for authenticating a user to public wireless lan service networking of otp client based | |
| CN114238915A (en) | Digital certificate adding method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20220513 |