CN114900300A

CN114900300A - Cloud service temporary login key authentication method, device, equipment and storage medium

Info

Publication number: CN114900300A
Application number: CN202210698260.5A
Authority: CN
Inventors: 李朝霞
Original assignee: China United Network Communications Group Co Ltd; Unicom Digital Technology Co Ltd; Unicom Cloud Data Co Ltd
Current assignee: China United Network Communications Group Co Ltd; Unicom Digital Technology Co Ltd; Unicom Cloud Data Co Ltd
Priority date: 2022-06-20
Filing date: 2022-06-20
Publication date: 2022-08-12

Abstract

The application provides a method, a device, equipment and a storage medium for authenticating a temporary login key of a cloud service, wherein the method comprises the following steps: responding to an access authentication request initiated by a user node, receiving encrypted information sent by the user node, wherein the encrypted information is obtained by acquiring a user random key, authentication initiation time and a user node identity identification number after the user node initiates the access authentication request to an Internet service provider node, and encrypting the user random key, the authentication initiation time and the user node identity identification number by a preset encryption algorithm; decrypting the encrypted information according to a preset encryption algorithm to obtain a user random key, authentication initiation time and a user node identity identification number; judging whether the user node needs to be authenticated by an authoritative third party node or not according to the user random key and the authentication initiation time; and if the user node is authenticated according to the user random key.

Description

Cloud service temporary login key authentication method, device, equipment and storage medium

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a storage medium for authenticating a temporary login key of a cloud service.

Background

With the development of the internet, more and more scenes requiring network authentication are needed, when a user logs in a certain application server, the application server often needs to perform identity authentication on the user, so as to determine whether the user has the right to access and use certain resources, i.e., whether the user is an authorized user, further, the access policy of the internet can be reliably and effectively executed, an attacker is prevented from impersonating the authorized user to obtain the access right and the use right of the resources, and the data security and the legal benefit of the authorized user are ensured.

In the conventional scheme, identity authentication is generally performed in a mode of 'real name + real certificate', or in a mode of password and the like.

However, in the identity authentication method in the prior art, personal information or passwords of the user are easily lost or leaked, and the authentication security is low.

Disclosure of Invention

The application provides a cloud service temporary login key authentication method, a cloud service temporary login key authentication device, cloud service temporary login key authentication equipment and a storage medium, and aims to solve the technical problems that in an identity authentication method in the prior art, personal information or passwords of a user are easy to lose or leak, and authentication safety is low.

In a first aspect, the present application provides a method for authenticating a temporary login key of a cloud service, which is applied to an internet service provider node, and includes:

responding to an access authentication request initiated by a user node, receiving encrypted information sent by the user node, wherein the encrypted information is obtained by acquiring a user random key, authentication initiation time and a user node identity identification number after the user node initiates the access authentication request to the internet service provider node, and encrypting the user random key, the authentication initiation time and the user node identity identification number through a preset encryption algorithm;

according to a preset encryption algorithm, carrying out decryption processing on the encrypted information to obtain the user random key, the authentication initiation time and the user node identity identification number;

judging whether the user node needs to be authenticated by an authoritative third party node or not according to the user random key and the authentication initiation time;

and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, authenticating the user node according to the user random key.

The application provides a cloud service temporary login key authentication method, an internet service provider node authenticates a user node through a blockchain, the internet service provider node can judge whether the user node needs to authenticate an authoritative third party node according to a user random key sent by the user node after receiving an access authentication request initiated by the user node each time, if the user node is authenticated at the internet service provider node before, the identity of the user node can be directly determined, compared with the identity authentication through a real name and real certificate mode or the identity authentication through a password mode and the like, the method does not need to store user information and does not have the risk of password leakage, the authentication safety is high, and each user can store the temporary user random key approved by the internet service provider node to complete login without changing a terminal, the participation of an authoritative third party node in each authentication is avoided, and the authentication efficiency is improved.

Optionally, the authenticating the user node according to the user random key includes:

matching the user random key with a preset authentication key bank, wherein the preset authentication key bank comprises at least one user random key corresponding to a successfully authenticated user node;

and if the matching is successful, determining that the user node is successfully authenticated.

Here, for a user node that does not need to assist authentication with an authoritative third party node, the internet service provider node directly matches the user random key sent by the user node with the stored user random key that has been authenticated successfully, so as to determine whether the user node is a security node, and multiple times of repeated authentication of the authoritative third party node are not needed, thereby further improving authentication efficiency.

Optionally, the determining, according to the user random key and the authentication initiation time, whether the user node needs to be authenticated by an authoritative third-party node includes:

judging whether the user node is a first authentication node or not according to the user random key;

if the user node is a first authentication node and/or the authentication initiation time is not the current time, the judgment result is that the user node needs the auxiliary authentication of an authoritative third party node.

Here, for a user node performing identity authentication for the first time or a user node performing identity authentication for the first time if the time is historical time, or an internet service provider node wants to confirm the user identity through an authoritative third party node again, in order to ensure security, the authoritative third party node is introduced to perform auxiliary authentication, the internet service provider node only receives an authentication result, and does not receive a private key of the user node, so that the security of identity authentication is further improved.

Optionally, if the determination result is that the user node does not need assisted authentication by an authoritative third party node, after authenticating the user node according to the user random key, the method further includes:

if the judgment result is that the user node needs the auxiliary authentication of the authoritative third party node, randomly generating an authentication serial number;

sending the authentication serial number to the user node, and mapping the user node identification number and the authentication serial number, wherein, the authentication serial number is used for the user node to collect the user biological characteristics according to the authentication serial number, encrypting the user biological characteristics through a third party public key to obtain encrypted characteristics, sending the encrypted characteristics, the node identification of the internet service provider and the authentication serial number to an authoritative third party node, such that after the authoritative third party node receives the cryptographic characteristics, the internet service provider node identification and the authentication sequence number, decrypting the encrypted features according to a third-party private key to obtain user biological features, comparing the features of the user nodes according to the user biological features, and sending comparison results to the internet service provider nodes;

receiving a comparison result sent by the authoritative third party node;

and determining the authentication result of the user node according to the comparison result and the authentication serial number.

Here, if the user node needs to assist authentication by an authoritative third party node, the internet service provider node can generate an authentication serial number at any time and send the authentication serial number to the user node, the user node collects user biological characteristics of the user node according to the authentication serial number and sends the user biological characteristics to the authoritative third party node after encryption, the authoritative third party node stores biological characteristic data in a centralized manner, characteristic comparison and identity authentication services can be provided for the user node, comparison results are sent to the internet service provider node, the internet service provider node can determine the authentication results of the user node under the condition that the internet service provider node does not have a private key of the user node, and the security of identity authentication is further improved.

Optionally, after determining the authentication result of the user node according to the comparison result and the authentication sequence number, the method further includes:

and storing the user random key to a preset authentication key library.

After the authentication is successful, the user random key of the user node which is successfully authenticated is stored in the preset authentication key bank, so that the user random key of the user node which is successfully authenticated can be directly used for authenticating the new authentication user node in the subsequent authentication process.

In a second aspect, the present application provides a method for authenticating a temporary login key of a cloud service, which is applied to a user node, and includes:

initiating an access authentication request to an internet service provider node;

acquiring a user random key, authentication initiation time and a user node identity identification number;

encrypting the user random key, the authentication initiation time and the user node identity identification number through a preset encryption algorithm to obtain encrypted information;

sending the encrypted information to the internet service provider node, so that the internet service provider node decrypts the encrypted information according to a preset encryption algorithm after receiving the encrypted information, and obtains the user random key, the authentication initiation time and the user node identity identification number; judging whether the user node needs to be authenticated by an authoritative third party node or not according to the user random key and the authentication initiation time; and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, authenticating the user node according to the user random key.

Here, the user node of the present application may generate a user random key and store the user random key to the terminal, and may perform identity authentication according to the user random key during identity authentication.

Optionally, the obtaining a user random key, authentication initiation time, and a user node identity number includes:

if the terminal to which the user node belongs stores a user random key, acquiring the user random key;

if the terminal to which the user node belongs does not store the user random key, randomly generating the user random key and storing the user random key;

and acquiring authentication initiation time and a user node identity identification number.

Here, the user node first access authentication of the present application may randomly generate a user random key for subsequent access, and store the user random key locally, thereby facilitating subsequent authentication.

In a third aspect, the present application provides a cloud service temporary login key authentication method, which is applied to a cloud service temporary login key authentication system including an internet service provider node, a user node, and an authoritative third party node, and the method includes:

a user node initiates an access authentication request to an Internet service provider node;

a user node acquires a user random key, authentication initiation time and a user node identity identification number;

the user node encrypts the user random key, the authentication initiation time and the user node identity identification number through a preset encryption algorithm to obtain encrypted information;

the user node sends the encrypted information to the Internet service provider node;

the method comprises the steps that an Internet service provider node responds to an access authentication request initiated by a user node and receives encrypted information sent by the user node;

the Internet service provider node decrypts the encrypted information according to a preset encryption algorithm to obtain the user random key, the authentication initiation time and the user node identity identification number;

the internet service provider node judges whether the user node needs the auxiliary authentication of an authoritative third party node according to the user random key and the authentication initiation time;

and if the judgment result shows that the user node does not need the assistant authentication of an authoritative third party node, the Internet service provider node authenticates the user node according to the user random key.

Here, the cloud service internet unified identity authentication method based on the temporary login key of the biological characteristics, which is provided by the application, adopts an authoritative trusted third party to store the biological characteristics in a centralized way, provides a biological characteristic comparison service for all internet application programs, and a user does not need to memorize any password, does not need to send the original biological characteristics to an internet service provider, but sends the biological characteristics to an authoritative third party node to authenticate the comparison result, therefore, identity authentication is completed under the condition that a user does not need to memorize a password, login can be completed by storing a temporary key authorized by the Internet service provider node based on each user as long as a terminal is not changed, the situation that an authoritative third party node is required to participate in each authentication is avoided, the Internet service provider node can initiate an authentication request based on biological characteristics at any time, and the safety and the authentication efficiency of the identity authentication are improved.

In a fourth aspect, the present application provides a cloud service temporary login key authentication apparatus, which is applied to an internet service provider node, and includes:

the receiving module is used for responding to an access authentication request initiated by a user node and receiving encrypted information sent by the user node, wherein the encrypted information is obtained by acquiring a user random key, authentication initiation time and a user node identity identification number after the user node initiates the access authentication request to the Internet service provider node and encrypting the user random key, the authentication initiation time and the user node identity identification number through a preset encryption algorithm;

the decryption module is used for decrypting the encrypted information according to a preset encryption algorithm to obtain the user random key, the authentication initiation time and the user node identity identification number;

the judging module is used for judging whether the user node needs the auxiliary authentication of an authoritative third party node or not according to the user random key and the authentication initiating time;

and the first authentication module is used for authenticating the user node according to the user random key if the judgment result shows that the user node does not need the auxiliary authentication of an authoritative third party node.

Optionally, the first authentication module is specifically configured to:

Optionally, the determining module is specifically configured to:

Optionally, if the first authentication module determines that the user node does not need assisted authentication by an authoritative third party node, after authenticating the user node according to the user random key, the apparatus further includes a second authentication module configured to:

sending the authentication serial number to the user node, and mapping the user node identification number and the authentication serial number, wherein, the authentication serial number is used for the user node to collect the user biological characteristics according to the authentication serial number, encrypting the user biological characteristics through a third party public key to obtain encrypted characteristics, sending the encrypted characteristics, the node identification of the internet service provider and the authentication serial number to an authoritative third party node, such that upon receipt of said cryptographic characteristics, said internet service provider node identification and said authentication sequence number by said authoritative third party node, decrypting the encrypted features according to a third-party private key to obtain user biological features, comparing the features of the user nodes according to the user biological features, and sending comparison results to the internet service provider nodes;

receiving a comparison result sent by the authoritative third party node;

Optionally, after the second authentication module determines the authentication result of the user node according to the comparison result and the authentication serial number, the apparatus further includes:

and the storage module is used for storing the user random key to a preset authentication key library.

In a fifth aspect, the present application provides an authentication apparatus for a temporary login key of a cloud service, which is applied to a user node, and includes:

the initiating module is used for initiating an access authentication request to an Internet service provider node;

the acquisition module is used for acquiring a user random key, authentication initiation time and a user node identity identification number;

the encryption module is used for encrypting the user random key, the authentication initiation time and the user node identity identification number through a preset encryption algorithm to obtain encrypted information;

the sending module is used for sending the encrypted information to the Internet service provider node so that the Internet service provider node decrypts the encrypted information according to a preset encryption algorithm after receiving the encrypted information to obtain the user random key, the authentication initiation time and the user node identity identification number; judging whether the user node needs to be authenticated by an authoritative third party node or not according to the user random key and the authentication initiation time; and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, authenticating the user node according to the user random key.

Optionally, the obtaining module is specifically configured to:

In a sixth aspect, the present application provides a cloud service temporary login key authentication device, including: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the cloud service temporary login key authentication method as described above in the first aspect and various possible designs of the first aspect.

In a seventh aspect, the present application provides a cloud service temporary login key authentication device, including: at least one processor and memory;

the memory stores computer-executable instructions;

the at least one processor executes the computer-executable instructions stored by the memory to cause the at least one processor to perform the cloud service temporary login key authentication method as set forth in the second aspect above and in various possible designs of the second aspect.

In an eighth aspect, the present application provides a computer-readable storage medium, where computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the method for authenticating a temporary cloud service login key according to the first aspect and various possible designs of the first aspect is implemented.

In a ninth aspect, the present application provides a computer-readable storage medium, which stores computer-executable instructions, and when a processor executes the computer-executable instructions, the method for authenticating a temporary login key of a cloud service according to the second aspect and various possible designs of the second aspect is implemented.

In a tenth aspect, the present application provides a computer program product comprising a computer program that, when executed by a processor, implements the cloud service temporary login key authentication method as described in the first aspect above and in various possible designs of the first aspect.

In an eleventh aspect, the present application provides a computer program product comprising a computer program, which when executed by a processor, implements the cloud service temporary login key authentication method as described in the second aspect and various possible designs of the second aspect.

The method, the device, the server and the storage medium for authenticating the cloud service temporary login key are characterized in that the method comprises the steps that an internet service provider node authenticates a user node through a block chain, the internet service provider node can judge whether the user node needs to authenticate an authoritative third party node according to a user random key sent by the user node after receiving an access authentication request initiated by the user node each time, if the user node is authenticated at the internet service provider node before, the identity of the user node can be directly determined, compared with the identity authentication performed in a real name and real certificate mode or the identity authentication performed in a password mode and other modes, the method does not need to store the information of the user and does not have the risk of password leakage, the authentication safety is high, and each user can complete login by only not replacing the terminal and storing the temporary user random key authorized by the internet service provider node, the participation of an authoritative third party node in each authentication is avoided, and the authentication efficiency is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.

Fig. 1 is a block chain architecture diagram of a cloud service temporary login key authentication system according to an embodiment of the present disclosure;

fig. 2 is a schematic flowchart of a method for authenticating a temporary login key of a cloud service according to an embodiment of the present application;

fig. 3 is a schematic flowchart of another cloud service temporary login key authentication method according to an embodiment of the present application;

fig. 4 is a schematic flowchart of another cloud service temporary login key authentication method according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a cloud service temporary login key authentication apparatus according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a cloud service temporary login key authentication device according to an embodiment of the present application.

With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.

The terms "first," "second," "third," and "fourth," if any, in the description and claims of this application and the above-described figures are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

In the technical scheme of the application, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the related user data and other information all accord with the regulations of related laws and regulations and do not violate the good customs of the public order.

With the development of the internet, more and more occasions need identity authentication, where identity authentication refers to a process in which a service provider performs identity authentication on a user through identity information provided by the user when the user transacts related services or provides other services for the user at the service provider, so as to determine whether the user has a legal citizen or has a right to use some resources. In the conventional scheme, identity authentication is generally performed in a mode of 'real name + real certificate', or in a mode of password and the like. However, in the identity authentication method in the prior art, personal information or passwords of the user are easily lost or leaked, and the authentication security is low.

In order to solve the above technical problems, embodiments of the present application provide a cloud service temporary login key authentication method, apparatus, server, and storage medium, based on a blockchain technique, an authoritative trusted third party is used to store biological features in a centralized manner, so as to provide a biological feature comparison service for all users, and each user can store a temporary user random key authorized by an internet service provider node to complete login as long as a terminal is not replaced, thereby avoiding participation of the authoritative third party node in each authentication, and improving authentication efficiency.

A blockchain is a special kind of distributed database. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm, and is essentially a decentralized database. Firstly, the block chain is mainly used for storing information, and any information needing to be stored can be written into the block chain and also can be read from the block chain, so that the block chain is a database; secondly, anyone can set up a server and join the block chain network to form a node. In the world of the block chain, there is no central node, each node is equal, the whole database is stored, data can be written in/read from any node, and all nodes are synchronous finally, so that the block chain is consistent. The block chain is a series of data blocks which are associated by using a cryptographic method, and each data block contains information of one bitcoin network transaction, so that the validity (anti-counterfeiting) of the information is verified and the next block is generated. In a narrow sense, the blockchain is a distributed account book which is a chain data structure formed by combining data blocks in a sequential connection mode according to a time sequence and is guaranteed in a cryptographic mode and cannot be tampered and forged. Broadly speaking, the blockchain technique is a completely new distributed infrastructure and computing paradigm that utilizes blockchain data structures to verify and store data, utilizes distributed node consensus algorithms to generate and update data, cryptographically secure data transmission and access, and utilizes intelligent contracts composed of automated script code to program and manipulate data. Blockchain design is a protective measure, such as (applied to) highly fault-tolerant distributed computing systems. Block chains enable mixed consistency. This makes the blockchain suitable for recording events, titles, medical records and other activities requiring the inclusion of data, identification management, transaction flow management and provenance management.

Optionally, fig. 1 is a schematic diagram of a block chain architecture of a cloud service temporary login key authentication system according to an embodiment of the present disclosure. As shown in fig. 1, the architecture includes a user node 101, an authoritative third party node 102, and an Internet Service Provider node (ISP) 103.

It is understood that the number of the user nodes 101, the authoritative third party nodes 102 and the internet service provider nodes 103 may be determined according to actual situations, fig. 1 is only an illustration, and the number of the nodes is not particularly limited in the embodiments of the present application.

The user node 101, the authoritative third party node 102, and the internet service provider node 103 are all nodes in a block chain, and communication can be achieved between any two nodes (in the present application, communication connection needs to be achieved between nodes with different properties, for example, the authoritative third party node broadcasts information to the user node and the internet service provider node, and fig. 1 shows communication connection between nodes with different properties only by using connection lines).

The user can realize information interaction with the user node, the authoritative third party node or the Internet service provider node through input/output equipment.

It can be understood that the schematic structure in the embodiment of the present application does not constitute a specific limitation to the block chain architecture of the cloud service temporary login key authentication system. In other possible embodiments of the present application, the foregoing architecture may include more or less components than those shown in the drawings, or combine some components, or split some components, or arrange different components, which may be determined according to practical application scenarios, and is not limited herein. The components shown in fig. 1 may be implemented in hardware, software, or a combination of software and hardware.

In addition, the network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not constitute a limitation to the technical solution provided in the embodiment of the present application, and it can be known by a person skilled in the art that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

The technical solutions of the present application are described below with several embodiments as examples, and the same or similar concepts or processes may not be described in detail in some embodiments.

Fig. 2 is a flowchart illustrating a method for authenticating a cloud service temporary login key according to an embodiment of the present application, where the embodiment of the present application may be applied to the internet service provider node 103 in fig. 1, the internet service provider node 103 may be a server, and a specific execution subject may be determined according to an actual application scenario. As shown in fig. 2, the method comprises the steps of:

s201: and receiving the encrypted information sent by the user node in response to the access authentication request initiated by the user node.

The encryption information is obtained by the steps that after a user node initiates an access authentication request to an internet service provider node, a user random key, authentication initiation time and a user node identity identification number are obtained, and the user random key, the authentication initiation time and the user node identity identification number are encrypted through a preset encryption algorithm.

The random key of the user can be represented by RandomKey in the embodiment of the present application.

S202: and according to a preset encryption algorithm, carrying out decryption processing on the encrypted information to obtain a user random key, authentication initiation time and a user node identity identification number.

S203: and judging whether the user node needs the auxiliary authentication of the authoritative third party node or not according to the user random key and the authentication initiation time.

Optionally, judging whether the user node needs to be authenticated by an authoritative third-party node according to the user random key and the authentication initiation time, including:

if the user node is the first authentication node and/or the authentication initiation time is not the current time, the judgment result is that the user node needs to be authenticated by the authority third party node.

Here, for a user node that performs identity authentication for the first time or a user node that performs identity authentication for the first time if the time is historical time, or an internet service provider node wants to confirm the user identity again through an authoritative third party node, in order to ensure security, the authoritative third party node is introduced to perform auxiliary authentication, and the internet service provider node only receives an authentication result and does not receive a private key of the user node, thereby further improving the security of identity authentication.

S204: and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, authenticating the user node according to the user random key.

Optionally, authenticating the user node according to the user random key includes:

matching the user random key with a preset authentication key base, wherein the preset authentication key base comprises at least one user random key corresponding to a successfully authenticated user node;

If the time is the current time and the random key of the user is not provided for the first time, the identity of the user is directly approved without passing through an authoritative third party node and corresponding service is provided. Therefore, both the user node and the ISP store the RandomKey during the first communication, the user logs in again because the identity of the user is confirmed by the first submission, the user with the RandomKey is the correct user, and other people cannot know the RandomKey.

The application provides a cloud service temporary login key authentication method, an internet service provider node authenticates a user node through a blockchain, the internet service provider node can judge whether the user node needs to authenticate an authoritative third party node according to a user random key sent by the user node after receiving an access authentication request initiated by the user node each time, if the user node is authenticated in the internet service provider node before, the identity of the user node can be directly determined, compared with the identity authentication in a real name and real certificate mode or the identity authentication in a password mode and the like, the method does not need to store the information of the user and does not have the risk of password leakage, the authentication safety is high, and each user can store the temporary user random key approved by the internet service provider node to complete login without changing a terminal, the participation of an authoritative third party node in each authentication is avoided, and the authentication efficiency is improved.

Optionally, if the determination result is that the user node does not need the auxiliary authentication of the authoritative third-party node, after authenticating the user node according to the user random key, the method further includes:

sending the authentication serial number to a user node, and mapping the user node identity identification number and the authentication serial number, wherein the authentication serial number is used for acquiring user biological characteristics according to the authentication serial number by the user node, encrypting the user biological characteristics through a third-party public key to obtain encryption characteristics, sending the encryption characteristics, the internet service provider node identification and the authentication serial number to an authoritative third-party node, so that the authoritative third-party node decrypts the encryption characteristics according to a third-party private key after receiving the encryption characteristics, the internet service provider node identification and the authentication serial number to obtain the user biological characteristics, carrying out characteristic comparison on the user node according to the user biological characteristics, and sending a comparison result to the internet service provider node;

receiving a comparison result sent by an authoritative third party node;

And if the time is historical time or initial random key, or the ISP wants to confirm the user identity through the authoritative third party node again, the identity authentication is realized through the authoritative third party node.

In a possible implementation manner, after the internet service provider node receives a service request of the user node, the internet service provider node randomly generates an authentication Sequence number to send to the user node, and maps the user node identity identification number and the authentication Sequence number. The user node collects the own biological characteristics such as FingerPrintA ', then encrypts FingerPrintA' by adopting a public key of an authoritative third party node according to a pre-agreed algorithm to obtain E (FingerPrintA '), and then sends the E (FingerPrintA'), the node identification of the internet service provider, the authentication Sequence number and the user node identity identification number to the authoritative third party node. The authoritative third party node receives the information of the E (fingerprintA '), the node identification of the Internet service provider, the Sequence and the user node identification number, decrypts the E (fingerprintA') according to a predetermined algorithm through a private key of the authoritative third party node to obtain fingerprintA ', finds the fingerprintA through the user node identification number, and then compares the fingerprintA' with the comparative fingerprintA in the biological characteristic library to obtain a comparison result. And the authoritative third party node sends the comparison result and the Sequence number Sequence to the Internet service provider node through a secure channel between the authoritative third party node and the Internet service provider node. And the Internet service provider node confirms the authentication result of the user node identity identification number through the corresponding relation between the authentication Sequence number Sequence and the user node identity identification number, thereby completing one-time authentication.

Optionally, the user to which each user node belongs registers a correspondence between biometric data (such as a fingerprint and an iris) and identity information of the user at an authoritative third party node. The registration mode can be offline or online. Thus, the authoritative third party node will have all the user's identities and biometric characteristics and their corresponding relationships.

Alternatively, any internet service provider may establish a secure link with an authoritative third party and request authentication services, which may be charged according to the number of services.

and storing the user random key to a preset authentication key library.

Here, in the embodiment of the present application, after the authentication is successful, the user random key of the user node that has been successfully authenticated is stored in the preset authentication key repository, so that the user random key of the user node that has been successfully authenticated is directly used for authenticating a new authentication user node in a subsequent authentication process.

Optionally, fig. 3 is a schematic flowchart of another cloud service temporary login key authentication method provided in the embodiment of the present application. The execution subject of the embodiment of the present application is the user node 101 in fig. 1, and the specific execution subject may be determined according to an actual application scenario. As shown in fig. 3, the method comprises the steps of:

s301: and initiating an access authentication request to an internet service provider node.

S302: and acquiring a user random key, authentication initiation time and a user node identity identification number.

The first access authentication can randomly generate a random key for subsequent access and store the random key locally.

if the terminal to which the user node belongs stores the user random key, acquiring the user random key; if the terminal to which the user node belongs does not store the user random key, randomly generating the user random key and storing the user random key; and acquiring authentication initiation time and a user node identity identification number.

Here, the first access authentication of the user node according to the embodiment of the present application may randomly generate a user random key for subsequent access, and store the user random key locally, thereby facilitating subsequent authentication.

S303: and encrypting the user random key, the authentication initiation time and the user node identity identification number by a preset encryption algorithm to obtain encrypted information.

S304: sending the encrypted information to an Internet service provider node, so that the Internet service provider node decrypts the encrypted information according to a preset encryption algorithm after receiving the encrypted information to obtain a user random key, authentication initiation time and a user node identity identification number; judging whether the user node needs to be authenticated by an authoritative third party node or not according to the user random key and the authentication initiation time; and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, authenticating the user node according to the user random key.

The user node of the embodiment of the application can generate the user random key and store the user random key to the terminal, and during identity authentication, identity authentication can be carried out according to the user random key.

Optionally, fig. 4 is a schematic flowchart of another cloud service temporary login key authentication method provided in an embodiment of the present application. The execution main body in the embodiment of the application is a cloud service temporary login key authentication system comprising an internet service provider node, a user node and an authoritative third party node, and can be a server, and the specific execution main body can be determined according to an actual application scene. As shown in fig. 4, the method includes the steps of:

s401: and the user node initiates an access authentication request to the Internet service provider node.

S402: the user node acquires a user random key, authentication initiation time and a user node identity identification number.

S403: and the user node encrypts the user random key, the authentication initiation time and the user node identity identification number through a preset encryption algorithm to obtain encrypted information.

S404: and the user node sends the encryption information to the Internet service provider node.

S405: the internet service provider node responds to an access authentication request initiated by the user node, receives encrypted information sent by the user node, and decrypts the encrypted information according to a preset encryption algorithm to obtain a user random key, authentication initiation time and a user node identity identification number.

S406: and the Internet service provider node judges whether the user node needs to be assisted by an authoritative third party node or not according to the user random key and the authentication initiation time.

S407: and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, the Internet service provider node authenticates the user node according to the user random key.

Optionally, if the determination result is that the user node does not need to be authenticated by an authoritative third party node, the method further includes, after authenticating the user node according to the user random key:

and if the judgment result is that the user node needs the auxiliary authentication of the authoritative third party node, randomly generating an authentication serial number. And sending the authentication serial number to the user node, and mapping the user node identity identification number and the authentication serial number. The user node collects the biological characteristics of the user according to the authentication serial number, encrypts the biological characteristics of the user through the third party public key to obtain encryption characteristics, and sends the encryption characteristics, the internet service provider node identification and the authentication serial number to the authoritative third party node. After receiving the encryption characteristics, the Internet service provider node identification and the authentication serial number, the authoritative third party node decrypts the encryption characteristics according to the third party private key to obtain the user biological characteristics, compares the characteristics of the user nodes according to the user biological characteristics, and sends the comparison result to the Internet service provider node. And determining the authentication result of the user node according to the comparison result and the authentication serial number.

Optionally, the user to which each user node belongs registers a correspondence between biometric data (such as a fingerprint and an iris) and identity information of the user at an authoritative third party node. The registration mode can be offline or online. Thus, the authoritative third party node will have all the user's identities and biometrics and their correspondences.

and storing the user random key to a preset authentication key library.

The cloud service Internet unified identity authentication method based on the temporary login key of the biological characteristics, which is provided by the embodiment of the application, adopts an authoritative trusted third party to store the biological characteristics in a centralized way, provides biological characteristic comparison service for all Internet application programs, and a user does not need to memorize any password or send the original biological characteristics to an Internet service provider but sends the biological characteristics to an authoritative third party node to authenticate the comparison result, therefore, identity authentication is completed under the condition that a user does not need to memorize a password, login can be completed by storing a temporary key authorized by the Internet service provider node based on each user as long as a terminal is not changed, the situation that an authoritative third party node is required to participate in each authentication is avoided, the Internet service provider node can initiate an authentication request based on biological characteristics at any time, and the safety and the authentication efficiency of the identity authentication are improved.

Fig. 5 is a schematic structural diagram of an authentication apparatus for a cloud service temporary login key according to an embodiment of the present disclosure, which is applied to an internet service provider node, and as shown in fig. 5, the apparatus according to the embodiment of the present disclosure includes: a receiving module 501, a decryption module 502, a judgment module 503 and a first authentication module 504. The cloud service temporary registration key authentication device may be a server of a block chain, or a chip or an integrated circuit that implements a function of the server. Here, the division of the receiving module 501, the decrypting module 502, the determining module 503 and the first authenticating module 504 is only a division of logical functions, and the two may be integrated or independent physically.

The receiving module is used for responding to an access authentication request initiated by a user node and receiving encrypted information sent by the user node, wherein the encrypted information is obtained by acquiring a user random key, authentication initiation time and a user node identity identification number after the user node initiates the access authentication request to an Internet service provider node and encrypting the user random key, the authentication initiation time and the user node identity identification number by a preset encryption algorithm;

the decryption module is used for decrypting the encrypted information according to a preset encryption algorithm to obtain a user random key, authentication initiation time and a user node identity identification number;

the judging module is used for judging whether the user node needs to be authenticated by an authoritative third-party node according to the user random key and the authentication initiating time;

and the first authentication module is used for authenticating the user node according to the user random key if the judgment result shows that the user node does not need the auxiliary authentication of the authoritative third party node.

Optionally, the first authentication module is specifically configured to:

Optionally, the determining module is specifically configured to:

if the user node is the first authentication node and/or the authentication initiation time is not the current time, the judgment result is that the user node needs the auxiliary authentication of the authoritative third party node.

Optionally, if the first authentication module determines that the user node does not need the assisted authentication of the authoritative third-party node, after authenticating the user node according to the user random key, the apparatus further includes a second authentication module configured to:

if the judgment result is that the user node needs to be authenticated by the aid of the authoritative third party node, randomly generating an authentication serial number;

receiving a comparison result sent by an authoritative third party node;

Fig. 6 is a schematic structural diagram of a cloud service temporary login key authentication device according to an embodiment of the present application. The device may be a server, applied to an internet service provider node, the components shown herein, their connections and relationships, and their functions are meant as examples only, and are not limiting implementations of the application described and/or claimed herein.

As shown in fig. 6, the cloud service temporary login key authentication apparatus includes: a processor 601 and a memory 602, the various components being interconnected using different buses, and may be mounted on a common motherboard or in other manners as desired. The processor 601 may process instructions for execution within the terminal, including instructions for graphical information stored in or on a memory for display on an external input/output device (such as a display device coupled to an interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. In fig. 6, one processor 601 is taken as an example.

The memory 602 is used as a non-transitory computer readable storage medium and can be used for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules (for example, the receiving module 501, the decrypting module 502, the judging module 503, and the first authenticating module 504 shown in fig. 5) corresponding to the method of the cloud service temporary login key authentication apparatus in the embodiment of the present application, and the processor 601 executes various functional applications and data processing of the cloud service temporary login key authentication apparatus by executing the non-transitory software programs, instructions, and modules stored in the memory 602, that is, the method of the cloud service temporary login key authentication apparatus in the above-described embodiment of the method is implemented.

The cloud service temporary login key authentication device may further include: an input device 603 and an output device 604. The processor 601, the memory 602, the input device 603 and the output device 604 may be connected by a bus or other means, and fig. 6 illustrates the connection by a bus as an example.

The input device 603 may receive input numeric or character information and generate key signal input related to user setting and function control of the cloud service temporary login key authentication apparatus, such as an input device of a touch screen, a keypad, a mouse, or a plurality of mouse buttons, a trackball, a joystick, or the like. The output device 604 may be an output device such as a display device of the cloud service temporary login key authentication device. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.

The cloud service temporary login key authentication device in the embodiment of the present application may be configured to execute the technical solutions in the method embodiments of the present application, and the implementation principle and the technical effect are similar, which are not described herein again.

An embodiment of the present application further provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, the computer-executable instructions are used to implement any one of the above methods for authenticating a temporary cloud service login key.

An embodiment of the present application further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program is configured to implement any one of the above methods for authenticating a temporary cloud service login key.

Another cloud service temporary login key authentication device provided in an embodiment of the present application is applied to a user node, and the device according to the embodiment of the present application includes: the device comprises an initiating module, an obtaining module, an encrypting module and a sending module. The cloud service temporary registration key authentication device may be a server of a block chain, or a chip or an integrated circuit that implements a function of the server. It should be noted here that the division of the initiating module, the obtaining module, the encrypting module and the sending module is only a division of logical functions, and the two may be integrated or independent physically.

The system comprises an initiating module, a receiving module and a sending module, wherein the initiating module is used for initiating an access authentication request to an Internet service provider node;

the sending module is used for sending the encrypted information to the Internet service provider node so that the Internet service provider node decrypts the encrypted information according to a preset encryption algorithm after receiving the encrypted information to obtain a user random key, authentication initiation time and a user node identity identification number; judging whether the user node needs to be authenticated by an authoritative third party node or not according to the user random key and the authentication initiation time; and if the judgment result is that the user node does not need the auxiliary authentication of the authoritative third party node, authenticating the user node according to the user random key.

Optionally, the obtaining module is specifically configured to:

if the terminal to which the user node belongs stores the user random key, acquiring the user random key;

The cloud service temporary login key authentication device is applied to a user node, and can be a server or a terminal device. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not limiting to the implementations of the present application described and/or claimed herein.

The cloud service temporary login key authentication device includes: a processor and memory, the various components being interconnected using different buses, and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions executed within the cloud service temporary login key authentication device, including instructions for graphical information stored in or on the memory for display on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired.

The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules (e.g., an initiating module, an obtaining module, an encrypting module, and a sending module) corresponding to the method of the cloud service temporary login key authentication apparatus in the embodiments of the present application. The processor executes various functional applications and the cloud service temporary login key authentication method by running the non-transitory software program, the instructions and the modules stored in the memory, that is, the method for implementing the cloud service temporary login key authentication device in the above method embodiment is realized.

The cloud service temporary login key authentication device may further include: an input device and an output device. The processor, memory, input device, and output device may be connected by a bus or other means.

The input means may receive input numeric or character information and generate key signal input related to user setting and function control of the cloud service temporary login key authentication apparatus, such as an input means of a touch screen, a keypad, a mouse, or a plurality of mouse buttons, a trackball, a joystick, and the like. The output device may be an output apparatus such as a display apparatus of the cloud service temporary login key authentication apparatus. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.

An embodiment of the present application further provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and when the computer-executable instructions are executed by a processor, the method for authenticating a cloud service temporary login key is implemented by any one of the above methods.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. A cloud service temporary login key authentication method is applied to an Internet service provider node and comprises the following steps:

2. The method of claim 1, wherein authenticating the user node according to the user random key comprises:

3. The method according to claim 1, wherein said determining whether the user node requires an authoritative third party node for assisting authentication according to the user random key and the authentication initiation time comprises:

4. The method according to any one of claims 1 to 3, wherein if the determination result is that the user node does not need the assistant authentication of an authoritative third party node, after authenticating the user node according to the user random key, further comprising:

receiving a comparison result sent by the authoritative third party node;

5. The method according to claim 4, wherein after determining the authentication result of the user node according to the comparison result and the authentication sequence number, the method further comprises:

and storing the user random key to a preset authentication key library.

6. A cloud service temporary login key authentication method is applied to a user node and comprises the following steps:

7. The method of claim 6, wherein obtaining the user random key, the authentication initiation time, and the user node identification number comprises:

8. A cloud service temporary login key authentication method is applied to a cloud service temporary login key authentication system comprising an Internet service provider node, a user node and an authoritative third party node, and comprises the following steps:

and if the judgment result shows that the user node does not need the auxiliary authentication of an authoritative third party node, the Internet service provider node authenticates the user node according to the user random key.

9. A cloud service temporary login key authentication device, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 5.

10. A cloud service temporary login key authentication device, comprising:

at least one processor; and

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of claim 6 or 7.

11. A computer-readable storage medium having stored therein computer-executable instructions for implementing the cloud service temporary login key authentication method of any one of claims 1 to 5 when executed by a processor.

12. A computer-readable storage medium having stored therein computer-executable instructions for implementing the cloud service temporary login key authentication method of claim 6 or 7 when executed by a processor.

13. A computer program product comprising a computer program, characterized in that the computer program realizes the method of any of claims 1 to 5 when executed by a processor.

14. A computer program product comprising a computer program, characterized in that the computer program realizes the method of claim 6 or 7 when executed by a processor.