CN114727284A - Identity authentication method and system - Google Patents
Identity authentication method and system Download PDFInfo
- Publication number
- CN114727284A CN114727284A CN202210547306.3A CN202210547306A CN114727284A CN 114727284 A CN114727284 A CN 114727284A CN 202210547306 A CN202210547306 A CN 202210547306A CN 114727284 A CN114727284 A CN 114727284A
- Authority
- CN
- China
- Prior art keywords
- application
- authentication
- information
- qualification
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012797 qualification Methods 0.000 claims abstract description 166
- 238000004891 communication Methods 0.000 claims description 18
- 230000002265 prevention Effects 0.000 abstract description 4
- 238000012795 verification Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides an identity authentication method and an identity authentication system, wherein the method is applied to an operator server and used for receiving an authentication qualification acquisition request sent by an application terminal; determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal; receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server. The application side initiates authentication qualification of the application side before identity authentication, prevents illegal application from calling relevant services of an operator in an impersonation manner, and the application side server and the operator server communicate based on a Public Key Infrastructure (PKI), so that the safety of the identity authentication is enhanced, and the identity authentication is provided with the repudiation prevention performance.
Description
Technical Field
The present invention relates to the field of mobile communications, and in particular, to an identity authentication method and system.
Background
In order to improve the safety and the customer experience of the mobile financial application, the user needs to verify the identity when logging in the application for the first time at the application end, and the user is allowed to log in the application after the user identity is verified.
At present, a mobile phone operator provides a mobile phone number real-time authentication service, related services are respectively called through a mobile phone application SDK (Software Development Kit) and a mobile phone application server, a real mobile phone number of a user is obtained by using mobile phone data traffic, the mobile phone application Software Development tool SDK calls an operator server through https, the mobile phone application server calls the authentication server through a white list mechanism, identity authentication is carried out accordingly, the identity authentication mode has certain safety risks, when a private key of the mobile phone application SDK is intercepted, the mobile phone application related service risks called by the operator exist in a counterfeit mode, identity authentication is carried out only through the white list mechanism, information interception risks exist, and after a safety event occurs, one party does not acknowledge data sent by the mobile phone application SDK, namely, a repudiation behavior exists.
Disclosure of Invention
In view of this, the present application provides an identity authentication method and system, which avoid counterfeiting and information interception to improve the security of the identity authentication process.
The technical scheme is as follows:
an aspect of the present application further provides an identity authentication method, where the method is applied to an operator server, and the method includes:
receiving an authentication qualification acquisition request sent by an application terminal;
determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal;
receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user;
and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server.
Preferably, the pre-stored user credential information includes:
receiving application information sent by the application terminal, wherein the application information comprises an APP packet name and further comprises APP packet signature information or Bundle ID information;
distributing application registration information to the application terminal, wherein the application registration information comprises application unique identification (APPID) information and application public key (APPKEY) information;
binding the application information with the application registration information and generating the user credential information;
storing the user credential information.
Preferably, the authentication qualification acquiring request includes application information and application registration information of the application terminal, and the application registration information is allocated to the application terminal by the operator server;
the determining whether the application terminal has the authentication qualification or not according to the authentication qualification obtaining request and the pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal includes:
judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to APP packet signature information or not according to the user certificate information, or judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to Bundle ID information or not according to the user certificate information; if so, determining that the application terminal has the authentication qualification, generating an authentication qualification code, and sending the authentication qualification code to the application terminal.
Preferably, the receiving an authentication request sent by an application server, where the authentication request includes a mobile phone number and the authentication qualification code input by a user, includes:
and receiving an authentication request sent by the application server, wherein the authentication request is sent to the application server by the application terminal through the mobile phone number input by the user and the received authentication qualification code.
Preferably, the method comprises:
obtaining a communication key through a digital certificate of a Public Key Infrastructure (PKI);
and exchanging a communication key with the application server through an asymmetric key encryption algorithm, and communicating with the application server through a symmetric key encryption algorithm.
Another aspect of the present application further provides an identity authentication system, including: the system comprises an operator server, an application end and an application end server;
the operator server is used for receiving an authentication qualification obtaining request sent by an application end; determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal; receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server.
Preferably, the pre-stored user credential information includes:
receiving application information sent by the application terminal, wherein the application information comprises an APP packet name and also comprises APP packet signature information or Bundle ID information;
distributing application registration information to the application terminal, wherein the application registration information comprises application unique identification (APPID) information and application public key (APPKEY) information;
binding the application information with the application registration information and generating the user credential information;
storing the user credential information.
Preferably, the authentication qualification acquiring request includes application information and application registration information of the application terminal, and the application registration information is allocated to the application terminal by the operator server;
the determining whether the application terminal has the authentication qualification or not according to the authentication qualification obtaining request and the pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal includes:
judging whether the application unique identification APPID information in the authentication qualification acquisition request corresponds to APP package signature information or not according to the user certificate information, or judging whether the application unique identification APPID information in the authentication qualification acquisition request corresponds to Bundle ID information or not according to the user certificate information; if so, determining that the application terminal has the authentication qualification, generating an authentication qualification code, and sending the authentication qualification code to the application terminal.
Preferably, the receiving an authentication request sent by an application server, where the authentication request includes a mobile phone number and the authentication qualification code input by a user, includes:
and receiving an authentication request sent by the application server, wherein the authentication request is sent to the application server by the application terminal through the mobile phone number input by the user and the received authentication qualification code.
Preferably, the operator server obtains the communication key through a digital certificate of a Public Key Infrastructure (PKI);
and exchanging a communication key with the application server through an asymmetric key encryption algorithm, and communicating with the application server through a symmetric key encryption algorithm.
The technical scheme has the following beneficial effects:
the method is applied to an operator server and used for receiving an authentication qualification obtaining request sent by an application end; determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal; receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server. Before the application end initiates identity authentication, the authentication qualification of the application end is verified, illegal application is prevented from impersonating and calling related services of an operator, and the application end server and the operator server communicate on the basis of a Public Key Infrastructure (PKI), so that the security of the identity authentication is enhanced, and the identity authentication has the property of repudiation prevention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flow chart of an identity authentication method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an interaction flow of an identity authentication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an identity authentication system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to implement, an embodiment of the present application provides an identity authentication method, and fig. 1 is a schematic flow chart of the identity authentication method, where the method is applied to an operator server, and the method may include:
step S100: receiving an authentication qualification acquisition request sent by an application terminal;
the method comprises the steps that an application end sends an authentication qualification obtaining request used for verifying whether the application end has the authentication qualification or not to an operator server, wherein the authentication qualification obtaining request can comprise application information and application registration information of the application end, the application registration information is pre-distributed to the application end by the operator server and comprises application unique identification APPID information and application public key APPKEY information.
Step S200: determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and the pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal;
it can be understood that the operator server determines whether the application terminal has the authentication qualification according to the authentication qualification acquisition request sent by the application terminal, only the application terminal having the authentication qualification can initiate subsequent identity authentication, and when the application terminal has the authentication qualification, generates an authentication qualification code accesscode, and sends the authentication qualification code to the application terminal.
Specifically, the step S200 pre-stores the user credential information in the operator server, which may include steps S201 to S204 as follows:
step S201: receiving application information sent by an application terminal, wherein the application information comprises an APP packet name and also comprises APP packet signature information or Bundle ID information;
before the mobile phone application terminal uses the operator service terminal to carry out authentication service, the mobile phone application terminal submits related application information to an operator, the application information provided by the android device user comprises an APP package name and APP package signature information, and the application information provided by the IOS device user comprises the APP package name and Bundle ID information.
It is understood that step S201 may send the relevant information to the operator in advance before the new edition package is online by interfacing with the operator business and technician.
Step S202: distributing application registration information to an application terminal, wherein the application registration information comprises application unique identification (APPID) information and application public key (APPKEY) information;
the operator distributes the application unique identification APPID information and the application public key APPKEY information for the application terminal.
Step S203: binding the application information with the application registration information and generating user credential information;
the operator server binds the application information sent by the application terminal and the application registration information distributed for the application to form a unique corresponding relation, namely, user certificate information is generated.
Step S204: storing the user credential information.
And storing the generated user credential information in an operator server.
It can be understood that, the operator server obtains the user credential information in advance, so as to facilitate the subsequent verification of whether the application terminal has the authentication qualification, and only the application terminal having the authentication qualification can access the operator server to initiate the identity authentication request.
Specifically, step S200 specifically includes step S2001 and step S2002:
step S2001: judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to the APP packet signature information or not according to the user certificate information, or judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to the Bundle ID information or not according to the user certificate information;
step S2002: if yes, the application end is determined to have the authentication qualification, an authentication qualification code is generated, and the authentication qualification code is sent to the application end.
Therefore, the authentication qualification of the application end is verified, the application unique identifier APPID is bound with the application packet signatures prestored by the operator service end one by one, when the corresponding relation cannot pass the verification, the request response cannot be directly passed, only the application end with the authentication qualification can access the operator server to initiate the identity authentication request, and the operator service is prevented from being invoked by being impersonated. Even if the authentication service bypasses the packet signature verification link, the operator service end cannot return user information to the client which does not pass the qualification verification, so that the user information is not leaked.
Step S300: receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and an authentication qualification code input by a user;
specifically, a user inputs a mobile phone number at an application end, the application end sends the mobile phone number input by the user and the received authentication qualification code to an application end server, and then the application end server sends an authentication request to an operator service end.
Step S400: and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server.
The communication key exchange between the application server and the operator server is realized through an asymmetric encryption algorithm, before communication is carried out by utilizing the asymmetric key algorithm, a sender needs to acquire a public key of a receiver and ensure that the public key really belongs to the receiver, otherwise, the secret key can be stolen by an illegal user. In particular, the communication key may be obtained through a digital certificate of the public key infrastructure PKI, providing a mechanism to verify the authenticity of the public key.
Before the application server and the operator server encrypt the communication key to the other side, the application server and the operator server need to send a public key certificate, the receiver deduces the authenticity of the certificate through a PKI certificate chain, and if the certificate is legal (namely, the certificate is confirmed to be the public key of the other side), the public key encryption key in the certificate is utilized to send the certificate to the other side. The exchange of communication keys is realized through the interaction, the symmetric key negotiation is completed, and the subsequent mobile phone application service end and the operator service end complete the data information encryption and decryption through the symmetric key.
Optionally, the digital certificate may be issued by an authority CA, and the authenticity of the digital certificate is ensured by the CA, or the mobile phone application and the operator self-issue the certificate and trust each other.
Optionally, when the application server communicates with the operator server, the data sent by the sending end may be hashed by MD5, and then encrypted by using a private key stored by the sending end, and then the data (the data plaintext and the encrypted data ciphertext) is sent to the opposite end, and then the opposite end decrypts by using the authenticated public key sent in advance, and if the decrypted data is successfully signed by verification (after the data plaintext is subjected to MD5 hash algorithm to obtain a hash value, the hash value is matched with the decrypted hash value, and if the hash value is consistent with the decrypted hash value, the verification is successful), it indicates that the data is not tampered, and because the encryption is performed by using the private key owned by the opposite end, the data can be sent by the opposite end, so that the repudiation behavior of the data by both parties can be prevented.
The embodiment further describes the identity authentication method with reference to an interaction flow diagram shown in fig. 2, where the interaction flow includes:
step 1, an application end sends authentication qualification acquisition;
software Development Kit (SDK) refers to a collection of Development tools used by some Software engineers to build application Software for a particular Software package, Software framework, hardware platform, operating system, etc.
It can be understood that, in this embodiment, the application SDK is integrated in the application client, in this embodiment, the application includes the application client and the application SDK, which are collectively referred to as an application server.
Step 2, the application end carries out data interaction with the operator service end;
it is understood that the data that is interacted with is used to verify the authentication qualification of the application, and the embodiments of the present application do not specifically limit the kind of the data, and as an example, the data may be app registration information (app, app key, etc.), user device information, network parameters, including an operator type, a network type, terminal information (terminal brand, operating system), request related information (timestamp, request signature, interface version, etc.), a user number (non-client-side transfer) that is obtained by requesting through a gateway, and the like.
Optionally, the operator server returns data to the application end, such as: temporary voucher, mobile phone number mask (four bits in the middle hidden).
Step 3, the application end SDK requests a response from the application client end;
and the application terminal SDK requests the application client terminal to confirm whether to carry out authentication qualification verification.
Step 4, the application client side authorizes the request to the application side SDK;
step 5, the operation server determines whether the application terminal has the authentication qualification;
step 6, when the application terminal is determined to have the authentication qualification, sending an authentication qualification code to the application client;
step 7, the user initiates identity authentication on the application client;
8, popping up an authentication interaction interface by the client;
step 9, the user inputs the number of the mobile phone on an authentication interactive interface of the client;
step 10, the client sends the mobile phone number input by the user and the received authentication qualification code to an application server;
step 11, the application server requests identity authentication from an operator server;
and 12, returning the identity authentication result to the application server by the operator server.
The detailed implementation of the above steps 1-12 can refer to the descriptions of the step S100 to the step S400 in the previous embodiment, which are not repeated herein.
In summary, the embodiment of the present application provides an identity authentication method, which is applied to an operator server and receives an authentication qualification obtaining request sent by an application terminal; determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal; receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server. Before the application end initiates identity authentication, the authentication qualification of the application end is verified, illegal application is prevented from impersonating and calling related services of an operator, and the application end server and the operator server communicate on the basis of a Public Key Infrastructure (PKI), so that the security of the identity authentication is enhanced, and the identity authentication has the property of repudiation prevention.
Corresponding to the above method, an embodiment of the present invention further provides an identity authentication system, please refer to fig. 3, which shows a schematic structural diagram of the system, and may include: an operator server 303, an application 301 and an application server 302;
the operator server 303 is configured to receive the authentication qualification obtaining request sent by the application 301; determining whether the application terminal 301 has the authentication qualification or not according to the authentication qualification acquisition request and the pre-stored user credential information, generating an authentication qualification code when the application terminal 301 has the authentication qualification, and sending the authentication qualification code to the application terminal 301; receiving an authentication request sent by an application server 302, wherein the authentication request comprises a mobile phone number and an authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server 302.
Specifically, the user credential information pre-stored by the operator server 303 includes: receiving application information sent by an application terminal, wherein the application information comprises an APP packet name and also comprises APP packet signature information or Bundle ID information; distributing application registration information to an application terminal, wherein the application registration information comprises application unique identification (APPID) information and application public key (APPKEY) information; binding the application information with the application registration information and generating user credential information; user credential information is stored.
Specifically, the authentication qualification acquisition request includes application information and application registration information of the application terminal, and the application registration information is distributed to the application terminal by the operator server;
determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and the pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal, specifically comprising: judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to the APP packet signature information or not according to the user certificate information, or judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to the Bundle ID information or not according to the user certificate information; if so, determining that the application terminal has the authentication qualification, generating an authentication qualification code, and sending the authentication qualification code to the application terminal.
Receiving an authentication request sent by the application server 302, where the authentication request includes a mobile phone number and an authentication qualification code input by a user, and specifically includes: and receiving an authentication request sent by the application server 302, wherein the authentication request is that the application 301 sends the mobile phone number input by the user and the received authentication qualification code to the application server 302.
Specifically, the operator server 303 obtains the communication key by using a digital certificate of the public key infrastructure PKI;
the operator server 303 exchanges a communication key with the application server through an asymmetric key encryption algorithm, and communicates with the application server through a symmetric key encryption algorithm.
It should be noted that, steps executed by each part in the identity authentication system and related technical features provided in the embodiment of the present application correspond to the identity authentication method provided in the foregoing embodiment, and the description of the system side may specifically refer to the embodiments of the foregoing method part, which is not described herein again.
An identity authentication system provided by an embodiment of the present application, the system includes: the system comprises an operator server, an application end and an application end server; the operator server is used for receiving an authentication qualification acquisition request sent by the application terminal; determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal; receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server. The authentication qualification of the application end is verified before the application end initiates the identity authentication, illegal application is prevented from falsely calling the relevant service of the operator, and the application end server and the operator server communicate on the basis of a Public Key Infrastructure (PKI), so that the security of the identity authentication is enhanced, and the identity authentication has the property of repudiation prevention.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
Those skilled in the art will appreciate that the flowchart shown in the figure is only one example in which the embodiments of the present application can be implemented, and the application scope of the embodiments of the present application is not limited in any way by the flowchart.
In the several embodiments provided in the present application, it should be understood that the disclosed method, apparatus, and device may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment. In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An identity authentication method, wherein the method is applied to an operator server, and the method comprises the following steps:
receiving an authentication qualification acquisition request sent by an application terminal;
determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal;
receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user;
and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server.
2. The method of claim 1, wherein the pre-stored user credential information comprises:
receiving application information sent by the application terminal, wherein the application information comprises an APP packet name and also comprises APP packet signature information or Bundle ID information;
distributing application registration information to the application terminal, wherein the application registration information comprises application unique identification (APPID) information and application public key (APPKEY) information;
binding the application information with the application registration information and generating the user credential information;
storing the user credential information.
3. The method according to claim 2, wherein the authentication qualification acquisition request includes application information of the application side and application registration information assigned to the application side by the operator server;
the determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and the pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal includes:
judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to APP packet signature information or not according to the user certificate information, or judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to Bundle ID information or not according to the user certificate information; if so, determining that the application terminal has the authentication qualification, generating an authentication qualification code, and sending the authentication qualification code to the application terminal.
4. The method according to claim 1, wherein the receiving an authentication request sent by an application server, the authentication request including a mobile phone number and the authentication qualification code input by a user, comprises:
and receiving an authentication request sent by the application server, wherein the authentication request is sent to the application server by the application terminal through the mobile phone number input by the user and the received authentication qualification code.
5. The method according to claim 1, characterized in that it comprises:
obtaining a communication key through a digital certificate of a Public Key Infrastructure (PKI);
and exchanging a communication key with the application server through an asymmetric key encryption algorithm, and communicating with the application server through a symmetric key encryption algorithm.
6. An identity authentication system, the system comprising: the system comprises an operator server, an application end and an application end server;
the operator server is used for receiving an authentication qualification obtaining request sent by an application end; determining whether the application terminal has the authentication qualification or not according to the authentication qualification acquisition request and pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal; receiving an authentication request sent by an application server, wherein the authentication request comprises a mobile phone number and the authentication qualification code input by a user; and determining an identity authentication result according to the authentication request, and returning the identity authentication result to the application server.
7. The system of claim 6, wherein the pre-stored user credential information comprises:
receiving application information sent by the application terminal, wherein the application information comprises an APP packet name and further comprises APP packet signature information or Bundle ID information;
distributing application registration information to the application terminal, wherein the application registration information comprises application unique identification (APPID) information and application public key (APPKEY) information;
binding the application information with the application registration information and generating the user credential information;
storing the user credential information.
8. The system of claim 7, comprising:
the authentication qualification acquiring request comprises application information and application registration information of the application terminal, wherein the application registration information is distributed to the application terminal by the operator server;
the determining whether the application terminal has the authentication qualification or not according to the authentication qualification obtaining request and the pre-stored user credential information, generating an authentication qualification code when the application terminal has the authentication qualification, and sending the authentication qualification code to the application terminal includes:
judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to APP packet signature information or not according to the user certificate information, or judging whether the application unique identification (APPID) information in the authentication qualification acquisition request corresponds to Bundle ID information or not according to the user certificate information; if so, determining that the application terminal has the authentication qualification, generating an authentication qualification code, and sending the authentication qualification code to the application terminal.
9. The system according to claim 6, wherein the receiving of the authentication request sent by the application server, the authentication request including the mobile phone number and the authentication qualification code input by the user, comprises:
and receiving an authentication request sent by the application server, wherein the authentication request is sent to the application server by the application terminal through the mobile phone number input by the user and the received authentication qualification code.
10. The system of claim 6, comprising:
obtaining a communication key through a digital certificate of a Public Key Infrastructure (PKI);
and exchanging a communication key with the application server through an asymmetric key encryption algorithm, and communicating with the application server through a symmetric key encryption algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210547306.3A CN114727284B (en) | 2022-05-19 | 2022-05-19 | Identity authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210547306.3A CN114727284B (en) | 2022-05-19 | 2022-05-19 | Identity authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114727284A true CN114727284A (en) | 2022-07-08 |
| CN114727284B CN114727284B (en) | 2024-04-12 |
Family
ID=82231682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210547306.3A Active CN114727284B (en) | 2022-05-19 | 2022-05-19 | Identity authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114727284B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101765108A (en) * | 2009-07-01 | 2010-06-30 | 北京华胜天成科技股份有限公司 | Safety certification service platform system, device and method based on mobile terminal |
| CN105678530A (en) * | 2016-02-17 | 2016-06-15 | 中国建设银行股份有限公司 | Data processing method and system |
| CN109660346A (en) * | 2019-01-16 | 2019-04-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Information trustship method, apparatus, equipment and computer storage medium |
-
2022
- 2022-05-19 CN CN202210547306.3A patent/CN114727284B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101765108A (en) * | 2009-07-01 | 2010-06-30 | 北京华胜天成科技股份有限公司 | Safety certification service platform system, device and method based on mobile terminal |
| CN105678530A (en) * | 2016-02-17 | 2016-06-15 | 中国建设银行股份有限公司 | Data processing method and system |
| CN109660346A (en) * | 2019-01-16 | 2019-04-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Information trustship method, apparatus, equipment and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114727284B (en) | 2024-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112039872B (en) | Cross-domain anonymous authentication method and system based on block chain | |
| CN104618120B (en) | A kind of mobile terminal key escrow digital signature method | |
| CN108834144B (en) | Method and system for managing association of operator number and account | |
| EP1277301B1 (en) | Method for transmitting payment information between a terminal and a third equipement | |
| JP4546240B2 (en) | User authentication method and system using challenge / response method | |
| AU777383B2 (en) | Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor | |
| US20050262355A1 (en) | Method of providing a signing key for digitally signing verifying or encrypting data and mobile terminal | |
| CA2518032A1 (en) | Methods and software program product for mutual authentication in a communications network | |
| CN106412862A (en) | Short message reinforcement method, apparatus and system | |
| CN108599925A (en) | A kind of modified AKA identity authorization systems and method based on quantum communication network | |
| JP2000083018A (en) | Method for transmitting information needing secrecy by first using communication that is not kept secret | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN111756529A (en) | Quantum session key distribution method and system | |
| CN113204760B (en) | Method and system for establishing secure channel for software cryptographic module | |
| WO2000039958A1 (en) | Method and system for implementing a digital signature | |
| CN111756528A (en) | Quantum session key distribution method and device and communication architecture | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN114331456A (en) | Communication method, device, system and readable storage medium | |
| CN102208980A (en) | Communication method and system | |
| JP7209518B2 (en) | Communication device, communication method, and communication program | |
| CN114727284B (en) | Identity authentication method and system | |
| CN113905359B (en) | Bluetooth safety communication method, device, equipment and medium for bank peripheral equipment | |
| CN110011791A (en) | Electronics authority secure flows shifting method and system, electronics voucher system based on D2D | |
| CN111539032B (en) | Electronic signature application system resistant to quantum computing disruption and implementation method thereof | |
| JP3634279B2 (en) | Application linkage method between multiple IC cards and within the same IC card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |