CN115361234A - Security authentication method and system for supply chain platform - Google Patents

Security authentication method and system for supply chain platform Download PDF

Info

Publication number
CN115361234A
CN115361234A CN202211283274.7A CN202211283274A CN115361234A CN 115361234 A CN115361234 A CN 115361234A CN 202211283274 A CN202211283274 A CN 202211283274A CN 115361234 A CN115361234 A CN 115361234A
Authority
CN
China
Prior art keywords
authentication
information
personal
digital certificate
organization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211283274.7A
Other languages
Chinese (zh)
Inventor
何亘
段国强
杨立寨
汪进
王振宇
杨琨
王凯飞
葛大伟
李健
刘奎阳
何立军
李辰辉
余纪良
苏建新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yuncheng Financial Information Service Co ltd
Original Assignee
Beijing Yuncheng Financial Information Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yuncheng Financial Information Service Co ltd filed Critical Beijing Yuncheng Financial Information Service Co ltd
Priority to CN202211283274.7A priority Critical patent/CN115361234A/en
Publication of CN115361234A publication Critical patent/CN115361234A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Abstract

The invention relates to the technical field of security authentication, in particular to a security authentication method and a system for a supply chain platform, wherein the method comprises the following steps: receiving a personal account application of a client, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account; after the establishment of the personal account is completed, a first authentication request, a second authentication request and a third authentication request of the client are received, the first authentication request is digital verification code authentication, the second authentication request is digital certificate authentication, the third authentication request is organization service personal digital certificate authentication, and if the authentication is passed, the personal account is bound with organization information. According to the invention, the organization information and the personal account are bound by carrying out user identity authentication and identity authentication on organization business personnel, and the account opens the authority data management authority after binding, so that the organization data processing efficiency is improved, and the problem of high difficulty in account management of a supply chain platform is solved.

Description

Security authentication method and system for supply chain platform
Technical Field
The invention relates to the technical field of security authentication, in particular to a security authentication method and system for a supply chain platform.
Background
The supply chain refers to a network chain structure formed by enterprises upstream and downstream of the activity of providing products or services to end users in the production and circulation process, namely, the whole chain is sent from the merchant to the consumer.
The users on the supply chain platform comprise enterprise mechanism users and consumption users of terminals on the upstream and downstream, and in order to ensure the safe operation of the supply chain platform, the users on the supply chain platform need to be subjected to safe authentication, but the safety authentication of the supply chain platform cannot realize the identity authentication of mechanism business personnel at present, so that the inconvenience of mechanism data management is caused.
At the present stage, in the safety certification link, how to certify the identity of a user and how to certify business personnel of an organization are new requirements for safety certification of a supply chain platform, such as improvement of organization data management efficiency and reduction of platform management difficulty.
Disclosure of Invention
In view of this, the invention provides a security authentication method and system for a supply chain platform, which are used for solving the problems that in the prior art, the supply chain platform cannot authenticate the identity of business personnel of an enterprise organization at the same time in a security authentication link, and the platform needs to allocate user permissions by establishing different user accounts, so that the organization user data processing efficiency on the supply chain platform is reduced and the difficulty in managing the accounts of the supply chain platform is high.
In one aspect, the present invention provides a security authentication method for a supply chain platform, including:
receiving a personal account application of a client, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account;
after the personal account is established, receiving a first authentication request of the client, wherein the first authentication request is digital verification code authentication, and performing first authentication based on the first authentication request;
if the first authentication is passed, receiving a second authentication request of the client, wherein the second authentication request is digital certificate authentication, and performing second authentication based on the second authentication request;
if the second authentication passes, receiving a third authentication request of the client, wherein the third authentication request is the authentication of the organization service personal digital certificate, and performing third authentication based on the third authentication request;
and if the third authentication is passed, binding the personal account with the organization information.
In some embodiments of the present application, the personal information includes: personal identity information and personal biometric information;
the personal identity information includes: name, age, gender and identification card number information;
the personal biometric information includes: fingerprint information, iris information, and face information.
In some embodiments of the present application, the first authentication comprises:
and sending a first verification message based on the reserved mobile phone number, wherein the first verification message is a random password sent in a short message form, the random password is a 6-8-bit password, the random password returned by the client is compared with the random password, if the random password is consistent, the authentication is passed, a second authentication stage is entered, if the random password is inconsistent, the authentication is not passed, and the first authentication operation is executed again.
In some embodiments of the present application, the second authentication comprises: digital certificate authentication and sender authentication.
In some embodiments of the present application, the digital certificate authentication comprises:
receiving the digital certificate sent by the client and acquiring a first public key based on the digital certificate, decrypting a digital signature in the digital certificate through the first public key to acquire a first hash value, performing hash calculation on information in the digital certificate to acquire a second hash value, comparing the first hash value and the second hash value, if the results are consistent, the digital certificate passes authentication, and if the results are inconsistent, the digital certificate fails authentication;
the sender authentication includes:
generating a random number P based on the first public key, encrypting the random number by using the first public key to obtain P1, sending the encrypted P1 to the client, receiving P2 obtained by the client through decrypting the P1 based on a private key, comparing the P with the P2, if the results are consistent, the sender passes the authentication, and if the results are not consistent, the sender fails the authentication;
and if the digital certificate authentication and the sender authentication both pass, the second authentication passes, entering a third authentication stage, and if at least one party of the digital certificate authentication and the sender authentication fails, the second authentication fails, and re-executing a second authentication operation.
In some embodiments of the present application, the third authentication comprises:
receiving the organization service personal digital certificate sent by the client, obtaining a second public key based on the organization service personal digital certificate, decrypting a digital signature in the organization service personal digital certificate through the second public key to obtain a third hash value, performing hash calculation on information in the organization service personal digital certificate to obtain a fourth hash value, comparing the third hash value with the fourth hash value, passing the third authentication if the results are consistent, failing the third authentication if the results are inconsistent, and re-executing a third authentication operation.
In some embodiments of the present application, the binding the personal account number and the institution information further includes:
and comparing the organization information in the stored organization information list based on the organization information in the organization service personal digital certificate, if consistent organization information exists, binding the organization information with the personal account for endowing the personal account with organization data management authority, and if the organization information does not exist, failing to bind.
In some embodiments of the present application, the secure authentication further comprises, before the authenticating:
and collecting agency information data in the supply chain and establishing the agency information list.
In some embodiments of the present application, the organization data management authority includes: data uploading, data updating, data deleting and data publishing.
In another aspect, the present invention further provides a security certification system for a supply chain platform, including:
the system comprises a registration module, a client side and a server, wherein the registration module is used for receiving a personal account application of the client side, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account;
the authentication and processing module is used for receiving a first authentication request of the client after the personal account is established, wherein the first authentication request is digital verification code authentication and is used for performing first authentication based on the first authentication request;
if the first authentication passes, receiving a second authentication request of the client, wherein the second authentication request is digital certificate authentication, and performing second authentication based on the second authentication request;
if the second authentication passes, receiving a third authentication request of the client, wherein the third authentication request is the authentication of the organization service personal digital certificate, and performing third authentication based on the third authentication request;
and if the third authentication is passed, binding the personal account with the organization information.
Compared with the prior art, the invention has the beneficial effects that:
according to the safety certification method and system for the supply chain platform, after user identity certification is completed, identity of business personnel of a mechanism is simultaneously certified, mechanism information and a personal account are bound, the bound personal account can open and realize authority data management authority, multi-party processing of mechanism data is realized, mechanism data processing efficiency is improved, and the problem of high platform management difficulty caused by the fact that user authorities are distributed by means of establishing different user accounts in a traditional mode is solved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart of a security authentication method for a supply chain platform according to an embodiment of the present invention;
fig. 2 is a functional block diagram of a security authentication system for a supply chain platform according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In recent years, network security and protection technologies are more and more emphasized by enterprises, security protection is performed by strictly authenticating and controlling the authority of a user for accessing network resources of an enterprise platform, and in a supply chain platform, manufacturers, distributors, retailers and final users are connected into a whole functional energy network chain structure, so that a uniform security authentication mechanism needs to be provided on the supply chain platform, the phenomenon that one person has multiple account numbers in the same system is avoided, meanwhile, the identity authentication steps of employees of an organization are added in the security authentication step, the management difficulty of setting different account numbers for realizing the management authority of different users on the supply chain platform is reduced, the function of multi-party data management is provided for different middlemen in the supply chain platform, and the data management efficiency is improved.
Referring to fig. 1, the present embodiment provides a security authentication method for a supply chain platform, including:
step S101: receiving a personal account application of a client, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account;
step S102: receiving a first authentication request of the client, wherein the first authentication request is digital verification code authentication, and performing first authentication based on the first authentication request;
step S103: if the first authentication passes, receiving a second authentication request of the client, wherein the second authentication request is digital certificate authentication, and performing second authentication based on the second authentication request;
step S104: if the second authentication passes, receiving a third authentication request of the client, wherein the third authentication request is the authentication of the organization service personal digital certificate, and performing third authentication based on the third authentication request;
step S105: and if the third authentication is passed, binding the personal account with the organization information.
It can be seen that in the embodiment, through collecting the personal identity information and authenticating the digital certificate and the organization business personal digital certificate in the personal account authentication link, the authenticity of the user identity of the personal account is effectively ensured, and meanwhile, the identity information of the organization business staff is authenticated, so that the organization business staff can conveniently realize the management of organization data, and the organization data management efficiency is improved.
In one embodiment of the present application, the personal information includes: personal identity information and personal biometric information;
the personal identity information includes: name, age, gender and identification card number information;
the personal biometric information includes: fingerprint information, iris information, and face information.
Specifically, in the embodiment, through an application link of the personal account, personal identity information and biometric information are collected, the comprehensiveness of identity authentication is improved, and meanwhile, the security of the identity authentication is improved.
In a specific embodiment of the present application, the first authentication includes:
and sending a first verification message based on the reserved mobile phone number, wherein the first verification message is a random password sent in a short message form, the random password is a 6-8-bit password, the random password returned by the client is compared with the password, if the passwords are consistent, the authentication is passed, entering a second authentication stage, and if the passwords are not consistent, the authentication is not passed, and executing the first authentication operation again.
In a specific embodiment of the present application, the second authentication includes: digital certificate authentication and sender authentication.
In a specific embodiment of the present application, the digital certificate authentication includes:
receiving a digital certificate sent by a client and acquiring a first public key based on the digital certificate, decrypting a digital signature in the digital certificate through the first public key to acquire a first hash value, performing hash calculation on information in the digital certificate to acquire a second hash value, comparing the first hash value and the second hash value, if the results are consistent, the digital certificate passes authentication, and if the results are inconsistent, the digital certificate fails authentication;
the sender authentication includes:
generating a random number P based on the first public key, encrypting the random number by using the first public key to obtain P1, sending the encrypted P1 to the client, receiving P2 obtained by the client through decrypting the P1 based on the private key, comparing the P with the P2, if the results are consistent, the sender passes the authentication, and if the results are not consistent, the sender fails the authentication;
if the digital certificate authentication and the sender authentication both pass, the second authentication passes, a third authentication stage is entered, if at least one party of the digital certificate authentication and the sender authentication does not pass, the second authentication does not pass, and the second authentication operation is executed again.
In a specific embodiment of the present application, the third authentication includes:
receiving an organization service personal digital certificate sent by a client, obtaining a second public key based on the organization service personal digital certificate, decrypting a digital signature in the organization service personal digital certificate through the second public key to obtain a third hash value, performing hash calculation on information in the organization service personal digital certificate to obtain a fourth hash value, comparing the third hash value with the fourth hash value, passing the third authentication if the results are consistent, failing the third authentication if the results are inconsistent, and re-executing the third authentication operation.
It can be seen that, in the embodiment, when the personal account is applied, the personal identity information and the biometric information are collected, and meanwhile, the three-level authentication of the digital verification code, the digital certificate and the organization business personal digital certificate is adopted, so that the comprehensive authentication of the identity information of the user personal account and the authentication of the organization to which the user belongs are realized, on the basis of guaranteeing the security protection of the user access of the supply chain platform, the identification and the authentication of organization business personnel are realized, the personal account passing the third authentication is bound with the organization information, the authority of the personal account organization data management is given, and the account management difficulty of the supply chain platform is reduced.
In a specific embodiment of the present application, the binding of the personal account and the institution information further includes:
and comparing the organization information in the stored organization information list based on the organization information in the organization business personal digital certificate, if consistent organization information exists, binding the organization information with the personal account for endowing the personal account with organization data management authority, and if the organization information does not exist, failing to bind.
In a specific embodiment of the present application, before the security authentication, the method further includes:
organization information data in the supply chain is collected and organization information lists are built.
In one embodiment of the present application, the authority data management authority includes: data uploading, data updating, data deleting and data publishing.
It can be seen that, before security authentication is performed on a supply chain platform, organization information is collected, organization information related to the supply chain is collected, an organization information list is established and stored, if the third authentication of a personal account passes, the organization information provided in the third authentication of the account is bound with the account, and all accounts bound with the same organization information realize data sharing, so that organization business personnel can upload, update, delete and disclose organization business data on the personal account.
Based on another implementation manner of the foregoing embodiment, referring to fig. 2, the present implementation manner provides a security authentication system for a supply chain platform, where the system includes:
the registration module is used for receiving a personal account application of a client, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account;
the authentication and processing module is used for receiving a first authentication request of the client after the personal account is established, wherein the first authentication request is digital verification code authentication and is used for performing first authentication based on the first authentication request;
if the first authentication passes, receiving a second authentication request of the client, wherein the second authentication request is digital certificate authentication, and performing second authentication based on the second authentication request;
if the second authentication is passed, a third authentication request of the client is received, the third authentication request is the authentication of the organization service personal digital certificate, and third authentication is carried out based on the third authentication request;
and if the third authentication is passed, binding the personal account and the institution information.
Specifically, the registration module, when configured to receive a personal account application from a client, collect personal information uploaded in the personal account application and reserved phone number information, and establish a personal account, further includes:
collecting personal identity information and personal biological characteristic information;
the personal identity information includes: name, age, gender and identification card number information;
the personal biometric information includes: fingerprint information, iris information, and face information.
Specifically, the authentication and processing module is configured to receive a first authentication request from the client after the establishment of the personal account is completed, where the first authentication request is digital verification code authentication, and when performing first authentication based on the first authentication request, the authentication and processing module further includes:
and sending a first verification message based on the reserved mobile phone number, wherein the first verification message is a random password sent in a short message form, the random password is a 6-8-bit password, the random password returned by the client is compared with the random password, if the random password is consistent, the authentication is passed, a second authentication stage is entered, if the random password is inconsistent, the authentication is not passed, and the first authentication operation is executed again.
Specifically, the authentication and processing module, when configured to receive a second authentication request of the client, where the second authentication request is digital certificate authentication, and perform second authentication based on the second authentication request, further includes:
the second authentication includes: digital certificate authentication and sender authentication.
The digital certificate authentication includes:
receiving the digital certificate sent by the client and acquiring a first public key based on the digital certificate, decrypting a digital signature in the digital certificate through the first public key to acquire a first hash value, performing hash calculation on information in the digital certificate to acquire a second hash value, comparing the first hash value and the second hash value, if the results are consistent, the digital certificate passes authentication, and if the results are inconsistent, the digital certificate fails authentication;
the sender authentication includes:
generating a random number P based on the first public key, encrypting the random number by using the first public key to obtain P1, sending the encrypted P1 to the client, receiving P2 obtained by the client through decrypting the P1 based on a private key, comparing the P with the P2, if the results are consistent, the sender passes the authentication, and if the results are not consistent, the sender fails the authentication;
and if the digital certificate authentication and the sender authentication both pass, the second authentication passes, entering a third authentication stage, and if at least one party of the digital certificate authentication and the sender authentication fails, the second authentication fails, and re-executing a second authentication operation.
Specifically, the authentication and processing module is configured to receive a third authentication request from the client, where the third authentication request is an agency service personal digital certificate authentication, and when performing a third authentication based on the third authentication request, the authentication and processing module further includes:
receiving the organization service personal digital certificate sent by the client, obtaining a second public key based on the organization service personal digital certificate, decrypting a digital signature in the organization service personal digital certificate through the second public key to obtain a third hash value, performing hash calculation on information in the organization service personal digital certificate to obtain a fourth hash value, comparing the third hash value with the fourth hash value, passing the third authentication if the results are consistent, failing the third authentication if the results are inconsistent, and re-executing a third authentication operation.
Specifically, the authentication and processing module, when configured to bind the personal account with institution information, further includes:
and comparing the organization information in the stored organization information list based on the organization information in the organization service personal digital certificate, if consistent organization information exists, binding the organization information with the personal account for endowing the personal account with organization data management authority, and if the organization information does not exist, failing to bind.
Before the security authentication, the method further comprises the following steps:
and collecting agency information data in the supply chain and establishing the agency information list.
The organization data management authority comprises: data uploading, data updating, data deleting and data publishing.
It can be understood that, in the above embodiment, the personal information is collected in the security authentication link, and the personal digital certificate is authenticated at the same time, so as to establish the corresponding relationship between the personal identity information and the account number, thereby implementing that one person corresponds to one account number and one account number corresponds to the only person in charge, and simultaneously performing the digital verification code authentication, thereby improving the security of account number login. According to the invention, the user identity information is collected in the security authentication link, and the digital verification code authentication is carried out, so that the user login security of the supply chain platform is ensured, and meanwhile, the personal digital certificate of the user is verified, so that the account numbers correspond to the personal information one by one, and the personal digital certificate of the organization business is verified, thereby realizing the correspondence between the identity of the organization business personnel and the account number, and realizing the binding between the account number and the organization information, thereby endowing the organization business data management authority to the account number, enabling the business personnel in the individual organization platform to conveniently manage the organization data, improving the data management efficiency of the organization, and further reducing the difficulty of the account number management of the supply chain platform.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
The above description is only an embodiment of the present invention, but not intended to limit the scope of the present invention, and any structural changes made according to the present invention should be considered as being limited within the scope of the present invention without departing from the spirit of the present invention. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process and related description of the system described above may refer to the corresponding process in the foregoing method embodiments, and will not be described herein again.
The terms "comprises," "comprising," or any other similar term are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
So far, the technical solutions of the present invention have been described with reference to further embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.

Claims (10)

1. A method of secure authentication for a supply chain platform, the method comprising:
receiving a personal account application of a client, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account;
after the personal account is established, receiving a first authentication request of the client, wherein the first authentication request is digital verification code authentication, and performing first authentication based on the first authentication request;
if the first authentication passes, receiving a second authentication request of the client, wherein the second authentication request is digital certificate authentication, and performing second authentication based on the second authentication request;
if the second authentication passes, receiving a third authentication request of the client, wherein the third authentication request is the authentication of the organization service personal digital certificate, and performing third authentication based on the third authentication request;
and if the third authentication is passed, binding the personal account with the organization information.
2. The method of claim 1, wherein the personal information comprises: personal identity information and personal biometric information;
the personal identity information includes: name, age, gender and identification card number information;
the personal biometric information includes: fingerprint information, iris information, and face information.
3. The method of claim 1, wherein the first authentication comprises:
and sending a first verification message based on the reserved mobile phone number, wherein the first verification message is a random password sent in a short message form, the random password is a 6-8-bit password, the random password returned by the client is compared with the random password, if the random password is consistent, the authentication is passed, a second authentication stage is entered, if the random password is inconsistent, the authentication is not passed, and the first authentication operation is executed again.
4. The method of claim 1, wherein the second authentication comprises: digital certificate authentication and sender authentication.
5. The secure authentication method for the supply chain platform according to claim 4, wherein the digital certificate authentication comprises:
receiving the digital certificate sent by the client and acquiring a first public key based on the digital certificate, decrypting a digital signature in the digital certificate through the first public key to acquire a first hash value, performing hash calculation on information in the digital certificate to acquire a second hash value, comparing the first hash value and the second hash value, if the results are consistent, the digital certificate passes authentication, and if the results are inconsistent, the digital certificate fails authentication;
the sender authentication includes:
generating a random number P based on the first public key, encrypting the random number by using the first public key to obtain P1, sending the encrypted P1 to the client, receiving P2 obtained by the client by decrypting the P1 based on a private key, comparing the P with the P2, if the results are consistent, the sender passes the authentication, and if the results are not consistent, the sender fails the authentication;
and if the digital certificate authentication and the sender authentication both pass, the second authentication passes, entering a third authentication stage, and if at least one party of the digital certificate authentication and the sender authentication fails, the second authentication fails, and re-executing a second authentication operation.
6. The method of claim 1, wherein the third authentication comprises:
receiving the organization service personal digital certificate sent by the client, obtaining a second public key based on the organization service personal digital certificate, decrypting a digital signature in the organization service personal digital certificate through the second public key to obtain a third hash value, performing hash calculation on information in the organization service personal digital certificate to obtain a fourth hash value, comparing the third hash value with the fourth hash value, passing the third authentication if the results are consistent, failing the third authentication if the results are inconsistent, and re-executing a third authentication operation.
7. The method of claim 1, wherein the binding the personal account number with the organization information further comprises:
and comparing the organization information in the stored organization information list based on the organization information in the organization service personal digital certificate, if consistent organization information exists, binding the organization information with the personal account for endowing the personal account with organization data management authority, and if the organization information does not exist, failing to bind.
8. The method of claim 7, wherein the secure authentication is preceded by:
and collecting agency information data in the supply chain and establishing the agency information list.
9. The method of claim 7, wherein the authority data management authority comprises: data uploading, data updating, data deleting and data publishing.
10. A security certification system for a supply chain platform, the system comprising:
the system comprises a registration module, a client side and a server, wherein the registration module is used for receiving a personal account application of the client side, collecting personal information uploaded in the personal account application and reserved mobile phone number information, and establishing a personal account;
the authentication and processing module is used for receiving a first authentication request of the client after the personal account is established, wherein the first authentication request is digital verification code authentication, and first authentication is performed based on the first authentication request;
if the first authentication passes, receiving a second authentication request of the client, wherein the second authentication request is digital certificate authentication, and performing second authentication based on the second authentication request;
if the second authentication is passed, receiving a third authentication request of the client, wherein the third authentication request is the authentication of an organization service personal digital certificate, and performing third authentication based on the third authentication request;
and if the third authentication is passed, binding the personal account with the institution information.
CN202211283274.7A 2022-10-20 2022-10-20 Security authentication method and system for supply chain platform Pending CN115361234A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211283274.7A CN115361234A (en) 2022-10-20 2022-10-20 Security authentication method and system for supply chain platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211283274.7A CN115361234A (en) 2022-10-20 2022-10-20 Security authentication method and system for supply chain platform

Publications (1)

Publication Number Publication Date
CN115361234A true CN115361234A (en) 2022-11-18

Family

ID=84008525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211283274.7A Pending CN115361234A (en) 2022-10-20 2022-10-20 Security authentication method and system for supply chain platform

Country Status (1)

Country Link
CN (1) CN115361234A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051896A (en) * 2006-04-07 2007-10-10 华为技术有限公司 Certifying method and system
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
US20210081950A1 (en) * 2018-08-15 2021-03-18 Advanced New Technologies Co., Ltd. Method and apparatus for identifying identity information
WO2022199414A1 (en) * 2021-03-24 2022-09-29 胡金钱 Authentication management method and authentication management terminal device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051896A (en) * 2006-04-07 2007-10-10 华为技术有限公司 Certifying method and system
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
US20210081950A1 (en) * 2018-08-15 2021-03-18 Advanced New Technologies Co., Ltd. Method and apparatus for identifying identity information
CN110417776A (en) * 2019-07-29 2019-11-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of identity identifying method and device
WO2022199414A1 (en) * 2021-03-24 2022-09-29 胡金钱 Authentication management method and authentication management terminal device

Similar Documents

Publication Publication Date Title
CN107070667B (en) Identity authentication method
CN111552955B (en) Personal identity authentication method and device based on block chain and IPFS
CN102420690B (en) Fusion and authentication method and system of identity and authority in industrial control system
CN112580102A (en) Multi-dimensional digital identity authentication system based on block chain
CN110213246A (en) A kind of wide area multiple-factor identity authorization system
US20080215890A1 (en) System and method for secure remote biometric authentication
CN108684041A (en) The system and method for login authentication
JPH10327147A (en) Electronic authenticating and notarizing method and its system
CN101222333A (en) Data transaction processing method and apparatus
CN110493237A (en) Identity management method, device, computer equipment and storage medium
CN111368340A (en) Block chain-based evidence-based security verification method and device and hardware equipment
CN112330855A (en) Electronic lock safety management method, equipment and system
CN110378152B (en) Contract signing management system and method based on PKICA authentication and block chain technology
CN110545274A (en) Method, device and system for UMA service based on people and evidence integration
CN110998572A (en) Self-verification user authentication method based on time-dependent blockchain
CN111881483A (en) Resource account binding method, device, equipment and medium based on block chain
CN114531277A (en) User identity authentication method based on block chain technology
WO2022240425A1 (en) Delegation method and delegation request managing method
CN103428698B (en) Mobile interchange participant's identity strong authentication method
CN111010279A (en) Remote multi-factor authentication protocol based on zero-knowledge proof
CN114499876A (en) Internet of things data evidence storing method based on block chain and NB-IoT chip
CN110321682A (en) A kind of unified identity authentication method and device based on UAF and IBC
CN111901359B (en) Resource account authorization method, device, system, computer equipment and medium
CN110807854B (en) Unlocking strategy configuration method and equipment
CN108400989A (en) A kind of safety certificate equipment of shared resource authentication, method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20221118

RJ01 Rejection of invention patent application after publication