CN115361683A

CN115361683A - Service access method, SIM card, server and service platform

Info

Publication number: CN115361683A
Application number: CN202210998430.1A
Authority: CN
Inventors: 郝兵兵; 庄严; 杨汉坤; 蒋周良; 熊伟; 余玫佳; 徐晏杰; 吕宁
Original assignee: China Mobile Communications Group Co Ltd; China Mobile Internet Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile Internet Co Ltd
Priority date: 2022-08-19
Filing date: 2022-08-19
Publication date: 2022-11-18
Anticipated expiration: 2042-08-19
Also published as: CN115361683B

Abstract

The invention provides a service access method, an SIM card, a server and a service platform. The method comprises the following steps: and the SIM card acquires authentication information provided by the terminal equipment after the terminal equipment responds to a service request of a target service sent by a service platform, wherein the authentication information comprises user authentication information and/or equipment authentication information. The SIM card generates an electronic pass-through containing the communication number and authentication information stored by the SIM card. The SIM card calls a browser of the terminal equipment to initiate a page access request to a server of the browser based on the URL of the target service stored by the SIM card; the server acquires corresponding legal authentication information from the service platform based on the communication number of the electronic certificate, so as to check the authentication information of the electronic certificate based on the legal authentication information, and creates a page link of the URL for a browser of the terminal equipment after the check is passed, wherein the page access request carries the electronic certificate, and the page link is used for processing the service request.

Description

Service access method, SIM card, server and service platform

Technical Field

The present invention relates to the field of internet interaction technologies, and in particular, to a service access method, an SIM card, a server, and a service platform.

Background

H5 refers to the 5 th generation Internet HyperText Markup Language (HyperText Markup Language, html). Different from the traditional website which is made of a large number of pages, the H5 has only one single page from top to bottom, so that the method is more suitable for popularization on a mobile terminal.

Since the birth of mobile networks, the main purposes of mobile phone terminals were to make phone calls and send short messages, and SIM cards only realized basic functions such as communication and network access authentication. But with the popularization of 5G technology, mobile operators have introduced the concept of super SIM cards. One of the enablers for the super SIM card is to provide authentication services to the user. For a scene that a mobile terminal browses a page such as H5, how to implement safe and convenient page access authentication on a browser based on an SIM card is a technical problem that needs to be solved at present.

Disclosure of Invention

The invention aims to provide a service access method, an SIM card, a server and a service platform, which can realize safe and convenient page access authentication on a browser of terminal equipment based on the SIM card of the terminal equipment.

In order to achieve the above object, an embodiment of the present invention is implemented as follows:

in a first aspect, a service access method is provided, which is applied to an SIM card of a terminal device, and includes:

after the terminal equipment executes response operation on a service request of a target service sent by a service platform, acquiring authentication information provided by the terminal equipment, wherein the authentication information comprises user authentication information and/or equipment authentication information;

generating an electronic pass certificate containing the communication number stored by the SIM card and the authentication information;

based on the URL of the target service stored by the SIM card, calling a browser of the terminal equipment to initiate a page access request to a server corresponding to the URL; the page access request carries the electronic certificate, a communication number of the electronic certificate is used for the server to acquire corresponding legal authentication information from the service platform, so that the authentication information of the electronic certificate is verified based on the legal authentication information, the server creates a page link of the URL for the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.

In a second aspect, a service access method is provided, which is applied to a server of a browser, and includes:

receiving a page access request sent by terminal equipment, wherein the page access request is initiated by an SIM card of the terminal equipment based on a URL (uniform resource locator) of a target service stored by the SIM card after the terminal equipment responds to a service request of the target service sent by a service platform, and the page access request carries an electronic pass certificate which is generated by the SIM card and contains a communication number stored by the SIM card and an authentication information compilation stored by the terminal equipment;

acquiring corresponding legal authentication information from the service platform based on the communication number of the electronic certificate so as to verify the authentication information of the electronic certificate based on the legal authentication information;

after the authentication information passes the verification, establishing a page link of the URL for a browser of the terminal equipment; and the page corresponding to the page link is used for processing the service request.

In a third aspect, a service access method is provided, which is applied to a service platform, and includes:

sending a service request of a target service to terminal equipment; after the terminal equipment responds to a service request of a target service sent by a service platform, an SIM card of the terminal equipment acquires authentication information provided by the terminal equipment and generates an electronic pass-through certificate containing a communication number stored by the SIM card and an authentication information code, so that a browser of the terminal equipment is called to initiate a page access request to a server of the browser based on a URL (uniform resource locator) of the target service stored by the SIM card, wherein the page access request carries the electronic pass-through certificate;

receiving a communication number in the electronic certificate sent by the server based on the service access request, searching corresponding legal authentication information based on the communication number, and sending the legal authentication information to the server; the legal authentication information is used for the server to verify the authentication information of the electronic certificate, the server creates a page link of the URL for a browser of the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.

In a fourth aspect, a SIM card of a terminal device is provided, which includes:

the terminal equipment is used for receiving a service request of a target service sent by a service platform and sending the service request to the authentication information acquisition module;

the electronic certificate generating module is used for generating an electronic certificate containing the communication number stored by the SIM card and the authentication information;

the page access module is used for calling a browser of the terminal equipment to initiate a page access request to a server corresponding to the URL based on the URL of the target service stored by the SIM card; the page access request carries the electronic certificate, a communication number of the electronic certificate is used for the server to acquire corresponding legal authentication information from the service platform, so that the authentication information of the electronic certificate is verified based on the legal authentication information, the server creates a page link of the URL for the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.

In a fifth aspect, a server of a browser is provided, including:

the system comprises a page access receiving module, a page access receiving module and a page access processing module, wherein the page access receiving module is used for receiving a page access request sent by terminal equipment, the page access request is initiated based on a URL (uniform resource locator) of a target service stored by an SIM (subscriber identity module) card after the terminal equipment responds to a service request of the target service sent by a service platform, and the page access request carries an electronic certificate which is generated by the SIM card and contains a communication number stored by the SIM card and an authentication information code stored by the terminal equipment;

the authentication information checking module is used for acquiring corresponding legal authentication information from the service platform based on the communication number of the electronic certificate so as to check the authentication information of the electronic certificate based on the legal authentication information;

the page link creating module is used for creating the page link of the URL for the browser of the terminal equipment after the authentication information passes the verification; and the page corresponding to the page link is used for processing the service request.

In a sixth aspect, a service platform is provided, which includes:

the service request module is used for sending a service request of a target service to the terminal equipment; after the terminal equipment responds to a service request of a target service sent by a service platform, an SIM card of the terminal equipment acquires authentication information provided by the terminal equipment and generates an electronic pass-through certificate containing a communication number stored by the SIM card and an authentication information code, so that a browser of the terminal equipment is called to initiate a page access request to a server of the browser based on a URL (uniform resource locator) of the target service stored by the SIM card, wherein the page access request carries the electronic pass-through certificate;

the authentication information providing module is used for receiving the communication number in the electronic certificate sent by the server based on the service access request, searching corresponding legal authentication information based on the communication number, and sending the legal authentication information to the server; the legal authentication information is used for the server to verify the authentication information of the electronic certificate, the server creates a page link of the URL for a browser of the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.

In the scheme of the embodiment of the invention, when a service platform needs a target user to process a service, a service request is sent in a communication mode according to a communication number (such as a mobile phone number) of the target user, and the service request needs the target user to log in a browser page (such as the H5 page) to process the service. Correspondingly, after receiving the service request, the terminal device inserted with the communication number SIM card can determine whether to respond to the service request according to the user operation. And once the service request responds, the SIM card is triggered to acquire authentication information from the terminal equipment, the SIM card calls a browser of the terminal equipment, and a page access request carrying the authentication information is initiated to a server of the page to be accessed by taking the communication number of the SIM card as an account. After receiving the page access request, the server can check the authentication information in the page access request through the service platform, if the check is successful, the terminal equipment inserted with the SIM card is legal equipment, namely the SIM card is not stolen, and at the moment, a page link taking the communication number of the SIM card as an account number is created for the terminal equipment, so that a user of the terminal equipment can process the service request of the service platform. In the whole process, a user does not need to manually log in an account when accessing a page, and the capability of automatically providing identity authentication by the SIM card is embodied; meanwhile, when the SIM card initiates a page access request, the SIM card can acquire authentication information from the terminal equipment for the server to verify, so that the possibility that the SIM is embezzled to access is avoided, and the safety is ensured.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a first flowchart of a service access method according to an embodiment of the present invention.

Fig. 2 is a second flowchart of a service access method according to an embodiment of the present invention.

Fig. 3 is a schematic structural diagram of a SIM card according to an embodiment of the present invention.

Fig. 4 is a schematic structural diagram of a server according to an embodiment of the present invention.

Fig. 5 is a schematic structural diagram of a service platform provided in the embodiment of the present invention.

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without making any creative effort shall fall within the protection scope of the present specification.

The super SIM card is an SIM upgrading product developed by mobile operators for dealing with 5G networks. One of the enablers for super SIM cards is to provide authentication services to users. For an application scenario (not limited to an H5 page) in which a terminal logs in an H5 page, how to implement quick page access authentication on a browser based on a SIM card is a technical problem that needs to be solved at present.

At present, in the process of realizing page access authentication based on an SIM card, a developer faces the difficult problem that once other people take the SIM card of a user, the developer can impersonate the identity of the user to access a page to perform service operation. Therefore, security is a priority of the scheme. Therefore, the invention aims to provide a technical scheme for realizing page access authentication on a browser based on the SIM card on the premise of ensuring safety.

Specifically, the embodiment of the invention provides a service access method, which relates to three execution entities, namely a service platform, an SIM card of terminal equipment and a server.

Fig. 1 is a schematic flow chart of a service access method applied to an SIM card of a terminal device according to an embodiment of the present invention, including the following steps:

s102, the service platform sends a service request of the target service to the terminal equipment.

In the embodiment of the invention, the service request is initiated by the service platform aiming at the target user. The target user is a registered user of the service platform, and the communication number and the legal authentication information of the target user are locally stored in the service platform.

The legal authentication information comprises user authentication information of a target user and/or equipment authentication information of common terminal equipment. The user authentication information may be, but is not limited to, biometric information such as fingerprint information, face information, iris information, and the like; the device authentication information may be, but is not limited to, a unique identifier of the terminal device, such as an IP address, an International Mobile Equipment Identity (IMEI), and the like.

In this step, the service platform sends the service request in a communication mode according to the communication number of the target user. For example, the service platform may send the service request to a mobile phone number of the target user by using a 5G short message.

S104, after the terminal equipment executes response operation to the service request of the target service sent by the service platform, the SIM card acquires authentication information provided by the terminal equipment, wherein the authentication information comprises user authentication information and/or equipment authentication information.

The SIM card in the step refers to the SIM card of the communication number of the target user. And if the SIM card of the target user is stolen, the terminal equipment inserted with the SIM card is not the common terminal equipment of the target user. In general, if the SIM card is stolen, the authentication information obtained from the terminal device in this step is not the legal authentication information stored by the service platform for the target user, and can be verified by the server side in the subsequent steps.

For some extreme cases, for example, after the SIM card is stolen, the thief steals the user authentication information of the target user, and modifies the IP address of the terminal device to the IP address of the target user, then the SIM card in this step can be prevented by executing the following method:

1) The SIM card carries out validity check on a system of the terminal equipment based on a system check program stored in the SIM card so as to identify whether the system of the terminal equipment has the possibility of tampering equipment authentication information such as IP (Internet protocol), IMEI (International Mobile equipment identity) and the like; for example, if the SIM card verifies that the terminal device does not have a valid system installed, the response to the service request is ignored.

2) The SIM card calls the terminal equipment and initiates the core detection based on the user authentication information acquired from the terminal equipment; taking the fingerprint information as an example, after the SIM card acquires the fingerprint information of the user from the terminal device, the terminal device may be called to initiate core detection based on the fingerprint information, and if the core detection fails, it indicates that the fingerprint information of the user of the terminal device and the fingerprint information provided by the terminal device to the SIM card are not the same, and at this time, the SIM card may ignore the response of the service request.

In addition, the SIM card can also check the service request sent by the service platform to ensure whether the source of the service request is reliable. For example, a service request sent by the service platform needs to carry information for the SIM card to verify, such as a timestamp and a message authentication code. Correspondingly, after the service request is responded, the SIM card can verify the timestamp, the message authentication code and the like in the service request based on an internally stored service request verification program; similarly, if the verification fails, the SIM card ignores the response of the service request.

And S106, the SIM card generates an electronic certificate containing the communication number and the authentication information stored in the SIM card.

In the embodiment of the invention, the electronic evidence is token which is required to be carried in the page access request initiated by the browser. In the Html protocol, a server accessed by a browser needs to determine the identity of a user through a token. Since the invention realizes the identity authentication of the webpage access based on the SIM card, the communication number of the SIM card is required to be used as the user identity to be encapsulated in the electronic certificate.

S108, the SIM card calls a browser of the terminal equipment to initiate a page access request to a server corresponding to the URL based on the URL of the target service stored in the SIM card, wherein the page access request carries the electronic certificate.

In the embodiment of the invention, the SIM card can call the browser of the terminal equipment to initiate the page access request to the server corresponding to the URL based on the URL of the target service legal stored in the SIM card so as to avoid the user operation, thereby simplifying the user operation and simultaneously avoiding the browser from accessing illegal pages.

S110, the server acquires corresponding legal authentication information from the service platform based on the communication number of the electronic certificate to verify the authentication information of the electronic certificate based on the legal authentication information.

In the embodiment of the invention, the service platform opens the authority for inquiring the legal authentication information of the user to the server. And the service platform can send the communication number in the electronic certificate to the service platform after receiving the page access request. Correspondingly, the service platform can search the legal authentication information of the target user from local based on the communication number provided by the server, and send the legal authentication information to the server.

The server checks whether the authentication information in the electronic certificate is matched with the legal authentication information after receiving the legal authentication information; if the authentication information is matched with the verification result, the verification result shows that the authentication information passes the verification, and if the authentication information is not matched with the verification result, the verification result shows that the authentication information does not pass the verification.

S112, after the authentication information passes the verification, the server creates a URL page link for a browser of the terminal equipment; and the page corresponding to the page link is used for processing the service request.

It should be understood that after the creation of the page link is completed, the user of the terminal device may open a web interface of the target service through a browser of the terminal device, so as to process, through the browser platform, the service request issued by the service platform.

In addition, in the embodiment of the present invention, if the authentication information in the electronic certificate is not verified, the server may intercept the page access request, so as to determine that a page link is created for the browser of the terminal device.

Based on the method of the embodiment of the invention, when the service platform needs the target user to process the service, the service platform sends the service request in a communication mode according to the communication number (such as a mobile phone number) of the target user, and the service request needs the target user to log in a browser page (such as the H5 page) to process the service. Correspondingly, after receiving the service request, the terminal device inserted with the communication number SIM card can determine whether to respond to the service request according to the user operation. And once the service request responds, the SIM card is triggered to acquire authentication information from the terminal equipment, the SIM card calls a browser of the terminal equipment, and a page access request carrying the authentication information is initiated to a server of a page to be accessed by taking the communication number of the SIM card as an account. After receiving the page access request, the server can check the authentication information in the page access request through the service platform, if the check is successful, the terminal equipment inserted with the SIM card is legal equipment, namely the SIM card is not stolen, and at the moment, a page link taking the communication number of the SIM card as an account number is created for the terminal equipment, so that a user of the terminal equipment can process the service request of the service platform. In the whole process, a user does not need to manually log in an account when accessing a page, and the capability of automatically providing identity authentication by the SIM card is embodied; meanwhile, when the SIM card initiates a page access request, the SIM card can acquire authentication information from the terminal equipment for the server to verify, so that the possibility that the SIM is embezzled to access is avoided, and the safety is ensured.

Further, the authentication information of the terminal device belongs to high-sensitivity data, and is prevented from being exposed to a third party in the transmission process. Therefore, the embodiment can also introduce a dynamic code to perform salting processing on the authentication information in the electronic certificate, so that the authentication information provided by each batch of page access requests has no fixed encryption logic to be circulated, and the page access requests are prevented from being intercepted and then the authentication information of the terminal equipment is reversely deduced.

A verification scheme for implementing authentication information based on dynamic codes is described below.

Specifically, in the embodiment of the present invention, the service request sent by the service platform each time has a service request identifier, and the dynamic code may be calculated based on the service request identifier. Thus, the page access request initiated based on each batch of service requests provides authentication information of different encryption logics. The dynamic code may be an SIM card provided to the terminal device by the service request after the service platform calculates the dynamic code, or a dynamic code generation algorithm agreed in advance with the service platform may be stored in the SIM card, so that the same dynamic code is calculated and used for each batch of service requests.

In the above S106, the SIM card first preprocesses the communication number, the service request identifier, and the dynamic code stored in the SIM card based on the preprocessing logic agreed in advance with the service platform, so as to obtain dynamic disturbance information; then, the dynamic disturbance information is used as an initial vector of a Cipher-block chaining (CBC) mode, and the dynamic disturbance information is encrypted in a Cipher-block chaining mode based on a secret key agreed with the service platform in advance to obtain a dynamic secret key corresponding to dynamic encryption logic; meanwhile, the SIM card also carries out desensitization processing on the authentication information based on desensitization logic agreed with the service platform in advance to obtain desensitization authentication information, and carries out reverse encryption of a cipher block chain mode on the desensitization authentication information based on a dynamic key by taking the dynamic disturbance information as an initial vector of the cipher block chain mode to obtain ciphertext desensitization authentication information. And finally, the SIM card generates an electronic certificate containing the communication number, the service request identifier and the ciphertext desensitization authentication information.

Correspondingly, in the above S110, the server obtains the corresponding dynamic key and the legal authentication information from the service platform based on the communication number of the electronic certificate and the service request identifier. The legal authentication information is legal desensitization authentication information, and the generation principle of the legal authentication information is the same as that of the desensitization authentication information. After receiving a communication number and a service request identifier in an electronic certificate sent by a server based on a service access request, a service platform searches a corresponding dynamic code based on the service request identifier and searches legal authentication information corresponding to a target user based on the communication number; then, the service platform carries out desensitization processing on the legal authentication information based on desensitization logic preset with the SIM card to obtain legal desensitization authentication information; and sending the legal desensitization authentication information to the server. Correspondingly, after the server receives the legal desensitization authentication information, the server can take the cryptogram desensitization authentication information as an initial vector of the cryptogram packet chain mode, and performs negation decryption on the cryptogram desensitization authentication information in the cryptogram packet chain mode based on the dynamic key to obtain desensitization authentication information; and then, verifying the desensitization authentication information based on the legal desensitization authentication information.

It can be seen from the foregoing S106 and S110 that the authentication information acquired by the server from both sides of the terminal device and the service platform are both desensitized, thereby avoiding the authentication information from being exposed to the server, and further suppressing the possibility that the authentication information is used by the server or is leaked by the server.

The service method of the present embodiment is described in detail below with reference to an actual application scenario.

The application scene controls the mobile phone terminal of the user to open the service request issued by the browser H5 page processing service platform through the signaling channel of the SIM card.

1. Preparation phase

And after the target user opens the target service provided by the service platform through the SIM card, writing a secret key appointed in advance by the service platform, the service identifier of the target service and a legal URL corresponding to the target service into the SIM card.

By way of example introduction, the information that the SIM card needs to store is as follows:

SM4 Key: 11111111111111111111111111111111111111111;

service identification of the target service: 01;

URL of target service: https:// test.

In addition, after the target user opens the target service through the SIM card, the SIM card can also call the mobile phone terminal of the target user to acquire the fingerprint information and the mobile phone terminal IP of the target user, and calculate the hash value of the fingerprint information and the ascll code of the mobile phone terminal IP. And then, the SIM card uploads the hash value of the fingerprint information of the target user and the ascll code value of the mobile phone terminal IP to a service platform for storage. The ascll code value of the mobile phone terminal IP reserved by the service platform aiming at the target user is defined as the ascll code value of the commonly used mobile phone terminal IP of the target user.

2. Application phase

And when the target user is required to process the target service, the service platform sends a service request to the mobile phone number of the target user through the short message. The service request carries a service identifier of a target service, a service request identifier and a dynamic code.

As an example, the service request carries information as follows:

service identification: 01;

dynamic code: 22222222222222222222222222222222222222222;

service request identification: a734058C7653DEF0.

After receiving the short message of the service request, the mobile phone terminal inserted into the SIM card of the target user may respond to the service request based on the operation of the current user, for example: and clicking an option for processing the service request in the short message.

After the SIM card responds to the service request, the SIM card firstly verifies the service request, and when the verification is passed, the mobile phone terminal acquires the fingerprint information of the current user and the IP of the mobile phone terminal. Here, to improve the security level, the fingerprint information may be acquired by calling the mobile phone terminal by the SIM card.

And then, the SIM card encapsulates the mobile phone number of the SIM card, the service request identifier of the service request and the ciphertext result of the Hash value of the fingerprint information of the current user and the code of the mobile phone terminal ip to obtain the electronic certificate token.

The process of obtaining the ciphertext result is as follows:

and the SIM card performs hash calculation on the acquired fingerprint information of the current user to obtain a hash value of the fingerprint information of the current user, and compiles the acquired ip of the mobile phone terminal to obtain an ascll code of the ip of the mobile phone terminal.

Specifically, the application scenario sets a 16-byte dynamic code, and encrypts the hash value of the fingerprint information and the ascll code of the mobile phone terminal ip into a ciphertext result. And if the hash value of the fingerprint information and the ascll code of the mobile phone terminal ip are less than 16 bytes, filling by using special characters respectively.

The SIM card firstly converts the 16-byte dynamic code into 16-byte dynamic disturbance information. The conversion principle is that the information of the byte with the first preset digit in the dynamic code is replaced by the coding result of the mobile phone number based on the pre-processing logic agreed with the service platform in advance, and the information of the byte with the second preset digit in the dynamic code is replaced by the coding result of the service request identifier. Such as: replacing 3 th to 4 th bytes in the dynamic code with the BCD code of the last 4 digits of the mobile phone number, and replacing 11 th to 12 th bytes with the leftmost 2 bytes of the service request identifier; and the dynamic disturbance information is used as an initial vector of the CBC, and the dynamic disturbance information obtained by conversion is subjected to CBC encryption based on an internal key to obtain a dynamic key.

Then, the SIM card uses the dynamic key to perform CBC reverse encryption on the ascll code of the filled terminal ip and the hash value of the fingerprint information, and a ciphertext result of the hash value of the fingerprint information of the current user plus the code of the mobile phone terminal ip can be obtained.

As an example:

the mobile phone number of the SIM card: 1361351221;

service request identification in the service request: a734058C7653DEF0;

the converted dynamic code is: 22221222222222222a734 22222;

dynamic secret key: D9E66AD8C1B369D3BA1AFF8629454EAC;

and (3) mobile phone terminal ip:223.104.67.42;

ascll coding of the mobile phone terminal ip: 3232332E3130342E36372E3432;

ascll coding of the filled terminal ip: 3232332E3130342E36372E3432000000;

fingerprint information: 023EFA00043EB2000B2E09003465346523343030620E2E050000000101000F2E2000B0A 04982010000000000000000000000000060A 0626B010000000A2E200053 DEFAAEDA 9410204F779E04F36F11D9B8008081AE9CC1FFB008D2EF199D0C944102E0000092E2000816BBB062D0D7DB119E5E072E3870FFDEEECCF11A057CB5800DD2133C4FF10990D2E04004E000000040120000FB0E2521AF57DB2A6F7E8BD9ECDE78DDAC48730F12878F3B54911CFE951E697062E40008344B397CA5112334A950259BC080A 605B9FC2C6548645489306007181E45CD71D FAA8534 DDC 8652B99CF459063523068FDB9D6A86516D4EFAC1607E9;

the hash value of the fingerprint information is DBCB4FEB;

hash value of the fingerprint information after padding: DBCB4FEB000000000000000000000000;

and (3) ciphertext results before negation: 5B3444B8D4B9428F875DDD297917DB863B612E5B7AC311A8E6773466D4A3C650.

And (3) obtaining a ciphertext result after negation: a4CBBB472B46BD7078A222D686E82479C49ED1A4853CEE571988CB992B5C39AF.

The finally generated Token:1361351221A734058C7653DEF0A4CBBB472B46BD7078A222D686E82479C49ED1A4853CEE571988CB992B5C39AF.

After the SIM card generates the electronic certificate token, based on the URL stored aiming at the target service, the mobile phone terminal is called to pull up the H5 page by using a browser.

In the application scenario, when the mobile phone terminal opens the browser, the mobile phone terminal can pop up a frame to prompt whether to access the H5 page or not to the current user, and if the user determines to access, the browser sends a page access request to the corresponding server based on the URL provided by the SIM card.

Alternatively, token may be embedded in the URL of the target service to be provided to the server.

As an example:

URL of target service: https:// test.cmcccim.com/cmp;

URL of implanted Token: https:// test. Cmcccsim. Com/cmp/? t =1361351221a734058C7653DEF0A4CBBB472B46BD7078a222D686E82479C49ED1a4853CEE571988CB992B5C39AF.

After receiving a page access request, the server queries a dynamic code, a hash value of fingerprint information of a target user and a common mobile phone terminal IP from a service platform according to a mobile phone number and a service request identifier in the token, so that the dynamic code is converted into a dynamic key according to the manner introduced above, and a ciphertext result in the token is subjected to negation decryption based on the dynamic key to obtain the hash value of the current user fingerprint information of a plaintext and the mobile phone terminal IP;

and then, the server verifies the hash value of the fingerprint information and the mobile phone terminal IP acquired from the token based on the hash value of the fingerprint information of the target user and the common mobile phone terminal IP.

And if the verification is passed, the server establishes a URL page link for the mobile phone terminal based on the service request. And if the verification is not passed, the server intercepts the page access request.

It can be seen that, in the application scenario, the mobile phone terminal encrypts the mobile phone terminal IP and the fingerprint information of the current user by using different dynamic keys for the service request issued by the service platform each time, so that the encryption result of each time has different encryption logics, and even if the page access request is intercepted for a long time, the page access request cannot be decrypted by touching the search rule. In addition, the mobile phone terminal IP and the fingerprint information sent by the terminal equipment and the service platform are desensitized through a Hash algorithm and an ascll code respectively before being out of the domain, and if an interceptor successfully breaks the token in the page access request, the mobile phone terminal IP and the fingerprint information in the plaintext cannot be obtained, so that privacy protection is provided for the user.

Corresponding to the method shown in fig. 1, an embodiment of the present invention further provides an SIM card of a terminal device. Fig. 3 is a schematic structural diagram of a SIM card 300 according to an embodiment of the present invention, including:

the authentication information obtaining module 310 is configured to obtain authentication information provided by the terminal device after the terminal device performs a response operation on a service request of a target service sent by a service platform, where the authentication information includes user authentication information and/or device authentication information.

And an electronic certificate generating module 320, configured to generate an electronic certificate including the communication number stored in the SIM card and the authentication information.

A page access module 330, configured to invoke, based on the URL of the target service stored in the SIM card, a browser of the terminal device to initiate a page access request to a server corresponding to the URL; the page access request carries the electronic certificate, a communication number of the electronic certificate is used for the server to acquire corresponding legal authentication information from the service platform, so that the authentication information of the electronic certificate is verified based on the legal authentication information, the server creates a page link of the URL for the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.

Optionally, the service request further carries a service request identifier and a dynamic code generated by the service platform for the service request identifier; the electronic certificate generating module 320 is specifically configured to: preprocessing the communication number stored by the SIM card, the service request identifier and the dynamic code based on a preprocessing logic agreed with the service platform in advance to obtain dynamic disturbance information; taking the dynamic disturbance information as an initial vector of a cipher block chain mode, and encrypting the dynamic disturbance information in the cipher block chain mode based on a cipher key agreed in advance with the service platform to obtain a dynamic cipher key; desensitizing the authentication information based on desensitization logic agreed with the service platform in advance to obtain desensitization authentication information; taking the dynamic disturbance information as an initial vector of a cipher block chain mode, and performing reverse encryption of the desensitization authentication information in the cipher block chain mode based on the dynamic secret key to obtain cipher text desensitization authentication information; generating an electronic certificate containing the communication number, the service request identifier and the ciphertext desensitization authentication information; the server acquires the dynamic key and the legal authentication information from the service platform based on a communication number of an electronic certificate and the service request identifier, wherein the legal authentication information is specifically legal desensitization authentication information, and the legal desensitization authentication information is obtained by desensitizing the locally stored legal authentication information of the communication number by the service platform based on the desensitization logic; the server checks the authentication information of the electronic certificate based on the legal authentication information, namely: the server takes the ciphertext desensitization authentication information as an initial vector of a cipher code packet chain mode, performs negation decryption of the cipher code packet chain mode on the ciphertext desensitization authentication information based on the dynamic key to obtain the desensitization authentication information, and performs verification on the desensitization authentication information based on the legal desensitization authentication information.

Optionally, the electronic certificate generating module 320 preprocesses the communication number stored in the SIM card, the service request identifier, and the dynamic code based on a preprocessing logic agreed in advance with the service platform, so as to obtain dynamic disturbance information, including: and replacing the information of the byte with the first preset digit in the dynamic code with the coding result of the communication number and replacing the information of the byte with the second preset digit in the dynamic code with the coding result of the service request identifier based on the preprocessing logic agreed with the service platform in advance, so as to obtain the dynamic disturbance information.

Obviously, the SIM card according to the embodiment of the present invention may be used as an execution subject of the corresponding steps of the SIM card in the method shown in fig. 1, so that the steps and corresponding functions of the method shown in fig. 1 may be implemented. Since the principle is the same, detailed description is omitted herein.

Corresponding to the method shown in fig. 1, an embodiment of the present invention further provides a server. Fig. 4 is a schematic structural diagram of a server 400 according to an embodiment of the present invention, including:

the page access receiving module 410 is configured to receive a page access request sent by a terminal device, where the page access request is initiated based on a URL of a target service stored in a SIM card after the terminal device responds to a service request of the target service sent by a service platform, and the page access request carries an electronic certificate, where the electronic certificate is generated by the SIM card and includes a communication number stored in the SIM card and an authentication information compilation stored in the terminal device.

An authentication information checking module 420, configured to obtain, based on the communication number of the electronic certificate, corresponding legal authentication information from the service platform, so as to check the authentication information of the electronic certificate based on the legal authentication information.

A page link creating module 430, configured to create a page link of the URL for a browser of the terminal device after the authentication information passes verification; and the page corresponding to the page link is used for processing the service request.

Optionally, the electronic certificate includes the communication number, the service request identifier, and an electronic certificate of ciphertext desensitization authentication information, where the ciphertext desensitization authentication information is obtained by using dynamic perturbation information as an initial vector of a cipher block chaining mode, and performing encryption in the cipher block chaining mode on the desensitization authentication information based on a dynamic key; the desensitization authentication information is obtained by desensitizing the authentication information by the SIM card based on desensitization logic agreed with the service platform in advance; the dynamic secret key is obtained by encrypting the dynamic disturbance information in a cipher block chain mode by the SIM card by taking the dynamic disturbance information as an initial vector of the cipher block chain mode based on a secret key agreed with a service platform in advance; the dynamic disturbance information is obtained by preprocessing the communication number, the service request identifier and the dynamic code stored in the SIM card by the SIM card based on a preprocessing logic agreed with the service platform in advance; the authentication information checking module 420 is specifically configured to: acquiring the dynamic key and the legal authentication information from the service platform based on the communication number of the electronic certificate and the service request identifier; the service platform sends the legal authentication information to the service platform, wherein the legal authentication information is specifically legal desensitization authentication information which is obtained by desensitizing the legal authentication information of the communication number stored locally based on the desensitization logic; taking the ciphertext desensitization authentication information as an initial vector of a cipher code packet chain mode, and performing negation decryption of the cipher code packet chain mode on the ciphertext desensitization authentication information based on the dynamic key to obtain the desensitization authentication information; and checking the desensitization authentication information based on the legal desensitization authentication information.

Obviously, the server according to the embodiment of the present invention may be used as an execution subject of corresponding steps of the server in the method shown in fig. 1, and thus, the steps and corresponding functions of the method shown in fig. 1 may be implemented. Since the principle is the same, detailed description is omitted herein.

Corresponding to the method shown in fig. 1, an embodiment of the present invention further provides a service platform. Fig. 5 is a schematic structural diagram of a service platform 500 according to an embodiment of the present invention, including:

a service request module 510, configured to send a service request of a target service to a terminal device; the method comprises the steps that after the terminal equipment responds to a service request of a target service sent by a service platform, an SIM card of the terminal equipment acquires authentication information provided by the terminal equipment and generates an electronic certificate containing a communication number stored by the SIM card and an authentication information code, and a browser of the terminal equipment is called to initiate a page access request to a server of the browser based on a URL (uniform resource locator) of the target service stored by the SIM card, wherein the page access request carries the electronic certificate.

An authentication information providing module 520, configured to receive a communication number in the electronic certificate sent by the server based on the service access request, to search for corresponding valid authentication information based on the communication number, and send the valid authentication information to the server; the legal authentication information is used for the server to verify the authentication information of the electronic certificate, the server creates a page link of the URL for a browser of the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.

Optionally, the service request further carries a service request identifier and a dynamic code generated by the service platform for the service request identifier; the dynamic code is obtained by the service platform encrypting the dynamic disturbance information in a code grouping chain mode based on the initial vector taking the dynamic disturbance information as the code grouping chain mode and based on a secret key pre-agreed with the IM card; the dynamic disturbance information is obtained by preprocessing the communication number, the service request identifier and the dynamic code by the service platform based on a preprocessing logic agreed in advance with the SIM card; the electronic notification comprises the communication number, the service request identifier and electronic certificate of cryptograph desensitization authentication information; the cryptograph desensitization authentication information is obtained by the SIM card by using dynamic disturbance information as an initial vector of a cipher block chain mode and encrypting the desensitization authentication information in the cipher block chain mode based on a dynamic key; the desensitization authentication information is obtained by desensitizing the authentication information by the SIM card based on a desensitization logic agreed in advance with the service platform; the dynamic secret key is obtained by encrypting the dynamic disturbance information in a cipher grouping chain mode by the SIM card by taking the dynamic disturbance information as an initial vector of the cipher grouping chain mode based on a secret key agreed in advance with a service platform; the dynamic disturbance information is obtained by preprocessing the communication number, the service request identifier and the dynamic code stored in the SIM card by the SIM card based on a preprocessing logic agreed with the service platform in advance; the authentication information providing module 520 is specifically configured to: receiving a communication number and a service request identifier in the electronic certificate sent by the server based on the service access request, so as to find the corresponding dynamic code based on the service request identifier and find the corresponding legal authentication information based on the communication number; desensitizing the legal authentication information based on desensitization logic preset with the SIM card to obtain desensitized legal authentication information; taking the desensitization legal authentication information as an initial vector of a cipher block chain mode, and encrypting the desensitization legal authentication information in the cipher block chain mode based on the dynamic key to obtain cipher text desensitization legal authentication information; and sending the ciphertext desensitization legal authentication information to the server.

Obviously, the service platform in the embodiment of the present invention may be used as an execution subject of the corresponding step of the service platform in the method shown in fig. 1, so that the steps and corresponding functions of the method shown in fig. 1 may be implemented. Since the principle is the same, detailed description is omitted herein.

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present specification. Referring to fig. 6, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.

The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 6, but that does not indicate only one bus or one type of bus.

And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.

The processor reads a corresponding computer program from the non-volatile memory into the memory and then runs the computer program, and the SIM card is formed in a logic level. Correspondingly, the processor executes the program stored in the memory, and is specifically configured to perform the following operations:

and after the terminal equipment executes response operation on a service request of a target service sent by a service platform, acquiring authentication information provided by the terminal equipment, wherein the authentication information comprises user authentication information and/or equipment authentication information.

And generating an electronic certificate containing the communication number stored by the SIM card and the authentication information.

Alternatively, the processor reads the corresponding computer program from the non-volatile memory into the memory and then runs the computer program, thereby forming the server described above on the logic level. Correspondingly, the processor executes the program stored in the memory, and is specifically configured to perform the following operations:

receiving a page access request sent by a terminal device, wherein the page access request is initiated based on a URL (uniform resource locator) of a target service stored by an SIM (subscriber identity module) card after the terminal device responds to a service request of the target service sent by a service platform, the page access request carries an electronic certificate, and the electronic certificate is generated by the SIM card and contains a communication number stored by the SIM card and an authentication information compilation stored by the terminal device.

And acquiring corresponding legal authentication information from the service platform based on the communication number of the electronic certificate so as to verify the authentication information of the electronic certificate based on the legal authentication information.

Or, the processor reads the corresponding computer program from the non-volatile memory into the memory and runs the computer program, so as to form the service platform on the logic level. Correspondingly, the processor executes the program stored in the memory, and is specifically configured to perform the following operations:

The method disclosed in the embodiment shown in fig. 1 of the present specification may be applied to a processor, and implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and combines hardware thereof to complete the steps of the method.

Of course, besides the software implementation, the electronic device in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.

Furthermore, an embodiment of the present invention also provides a computer-readable storage medium storing one or more programs, the one or more programs including instructions.

When executed by a portable electronic device including a plurality of application programs, the instructions enable the portable electronic device to perform the steps performed by the SIM card in the method shown in fig. 1, including:

Based on the URL of the target service stored by the SIM card, calling a browser of the terminal equipment to initiate a page access request to a server corresponding to the URL; the page access request carries the electronic pass-through, a communication number of the electronic pass-through is used for the server to obtain corresponding legal authentication information from the service platform so as to check the authentication information of the electronic pass-through based on the legal authentication information, the server creates a page link of the URL for the terminal equipment after the check is passed, and a page corresponding to the page link is used for processing the service request.

Alternatively, the above instructions, when executed by a portable electronic device comprising a plurality of application programs, can cause the portable electronic device to perform the steps performed by the server in the method shown in fig. 1, including:

receiving a page access request sent by a terminal device, wherein the page access request is initiated by a Subscriber Identity Module (SIM) card of the terminal device based on a Uniform Resource Locator (URL) of a target service stored in the SIM card after the terminal device responds to a service request of the target service sent by a service platform, and the page access request carries an electronic certificate which is generated by the SIM card and contains a communication number stored in the SIM card and an authentication information compilation stored in the terminal device.

Still alternatively, the above instructions, when executed by a portable electronic device including a plurality of application programs, can cause the portable electronic device to perform the steps performed by the service platform in the method shown in fig. 1, including:

As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification. Moreover, all other embodiments obtained by a person skilled in the art without making any inventive step shall fall within the scope of protection of this document.

Claims

1. A service access method is applied to an SIM card of a terminal device, and is characterized by comprising the following steps:

generating an electronic certificate containing the communication number stored by the SIM card and the authentication information;

2. The method of claim 1,

the service request also carries a service request identifier and a dynamic code generated by the service platform aiming at the service request identifier;

generating an electronic pass certificate containing the communication number stored by the SIM card and the authentication information, comprising:

preprocessing the communication number stored by the SIM card, the service request identifier and the dynamic code based on a preprocessing logic agreed in advance with the service platform to obtain dynamic disturbance information;

taking the dynamic disturbance information as an initial vector of a cipher block chain mode, and encrypting the dynamic disturbance information in the cipher block chain mode based on a cipher key agreed in advance with the service platform to obtain a dynamic cipher key;

desensitizing the authentication information based on desensitization logic agreed in advance with the service platform to obtain desensitization authentication information;

taking the dynamic disturbance information as an initial vector of a cipher block chain mode, and performing reverse encryption of the desensitization authentication information in the cipher block chain mode based on the dynamic secret key to obtain cipher text desensitization authentication information;

generating an electronic certificate containing the communication number, the service request identifier and the ciphertext desensitization authentication information; the server acquires the dynamic key and the legal authentication information from the service platform based on a communication number of an electronic certificate and the service request identifier, wherein the legal authentication information is specifically legal desensitization authentication information, and the legal desensitization authentication information is obtained by desensitizing the locally stored legal authentication information of the communication number by the service platform based on the desensitization logic; the server checks the authentication information of the electronic certificate based on the legal authentication information, namely: the server takes the cryptograph desensitization authentication information as an initial vector of a crypto packet chain mode, performs negation decryption of the crypto packet chain mode on the cryptograph desensitization authentication information based on the dynamic secret key to obtain the desensitization authentication information, and performs verification on the desensitization authentication information based on the legal desensitization authentication information.

3. The method of claim 1,

based on the preprocessing logic agreed with the service platform in advance, preprocessing is performed on the communication number stored in the SIM card, the service request identifier and the dynamic code, so as to obtain dynamic disturbance information, which includes:

and replacing the information of the byte with the first preset digit in the dynamic code with the coding result of the communication number and replacing the information of the byte with the second preset digit in the dynamic code with the coding result of the service request identifier based on the preprocessing logic agreed with the service platform in advance, so as to obtain the dynamic disturbance information.

4. A service access method is applied to a server and is characterized by comprising the following steps:

5. The method of claim 4,

the electronic certificate contains the communication number, the service request identifier and ciphertext desensitization authentication information, wherein the ciphertext desensitization authentication information is obtained by encrypting the desensitization authentication information in a cipher grouping chain mode based on a dynamic key by using the SIM card and taking dynamic disturbance information as an initial vector of the cipher grouping chain mode; the desensitization authentication information is obtained by desensitizing the authentication information by the SIM card based on a desensitization logic agreed in advance with the service platform; the dynamic secret key is obtained by encrypting the dynamic disturbance information in a cipher grouping chain mode by the SIM card by taking the dynamic disturbance information as an initial vector of the cipher grouping chain mode based on a secret key agreed in advance with a service platform; the dynamic disturbance information is obtained by preprocessing the communication number, the service request identifier and the dynamic code stored in the SIM card by the SIM card based on a preprocessing logic agreed with the service platform in advance;

acquiring corresponding legal authentication information from the service platform based on the communication number of the electronic certificate to verify the authentication information of the electronic certificate based on the legal authentication information, wherein the verification comprises the following steps:

acquiring the dynamic key and the legal authentication information from the service platform based on the communication number of the electronic certificate and the service request identifier; the service platform sends a local authentication request to the service platform, wherein the local authentication request is sent to the service platform, and the local authentication request is sent to the service platform;

taking the ciphertext desensitization authentication information as an initial vector of a cipher block chaining mode, and performing negation decryption on the ciphertext desensitization authentication information in the cipher block chaining mode based on the dynamic key to obtain the desensitization authentication information;

and verifying the desensitization authentication information based on the legal desensitization authentication information.

6. A service access method is applied to a service platform and is characterized by comprising the following steps:

7. The method of claim 6,

the service request also carries a service request identifier and a dynamic code generated by the service platform aiming at the service request identifier; the dynamic code is obtained by the service platform encrypting the dynamic disturbance information in a code grouping chain mode based on the initial vector taking the dynamic disturbance information as the code grouping chain mode and based on a secret key pre-agreed with the IM card; the dynamic disturbance information is obtained by preprocessing the communication number, the service request identifier and the dynamic code by the service platform based on a preprocessing logic agreed with the SIM card in advance;

the electronic notification comprises the electronic certificate of the communication number, the service request identification and the ciphertext desensitization authentication information; the cryptograph desensitization authentication information is obtained by the SIM card by using dynamic disturbance information as an initial vector of a cipher block chain mode and encrypting the desensitization authentication information in the cipher block chain mode based on a dynamic key; the desensitization authentication information is obtained by desensitizing the authentication information by the SIM card based on desensitization logic agreed with the service platform in advance; the dynamic secret key is obtained by encrypting the dynamic disturbance information in a cipher block chain mode by the SIM card by taking the dynamic disturbance information as an initial vector of the cipher block chain mode based on a secret key agreed with a service platform in advance; the dynamic disturbance information is obtained by preprocessing the communication number, the service request identifier and the dynamic code stored in the SIM card by the SIM card based on a preprocessing logic agreed with the service platform in advance;

receiving a communication number in the electronic certificate sent by the server based on the service access request, searching for corresponding legal authentication information based on the communication number, and sending the legal authentication information to the server, wherein the method comprises the following steps:

receiving a communication number and a service request identifier in the electronic certificate sent by the server based on the service access request, so as to find the corresponding dynamic code based on the service request identifier and find the corresponding legal authentication information based on the communication number;

desensitizing the legal authentication information based on desensitization logic preset with the SIM card to obtain desensitized legal authentication information;

taking the desensitized legal authentication information as an initial vector of a cipher block chain mode, and encrypting the desensitized legal authentication information in the cipher block chain mode based on the dynamic key to obtain ciphertext desensitized legal authentication information;

and sending the ciphertext desensitization legal authentication information to the server.

8. A SIM card for a terminal device, comprising:

the page access module is used for calling a browser of the terminal equipment to initiate a page access request to a server corresponding to the URL based on the URL of the target service stored by the SIM card; the page access request carries the electronic pass-through, a communication number of the electronic pass-through is used for the server to obtain corresponding legal authentication information from the service platform so as to check the authentication information of the electronic pass-through based on the legal authentication information, the server creates a page link of the URL for the terminal equipment after the check is passed, and a page corresponding to the page link is used for processing the service request.

9. A server, comprising:

10. A service platform, comprising:

the service request module is used for sending a service request of a target service to the terminal equipment; after the terminal equipment responds to a service request of a target service sent by a service platform, an SIM card of the terminal equipment acquires authentication information provided by the terminal equipment and generates an electronic certificate containing a communication number stored by the SIM card and an authentication information code, and a browser of the terminal equipment is called to initiate a page access request to a server of the browser based on a URL (uniform resource locator) of the target service stored by the SIM card, wherein the page access request carries the electronic certificate;

the authentication information providing module is used for receiving a communication number in the electronic certificate sent by the server based on the service access request, searching corresponding legal authentication information based on the communication number, and sending the legal authentication information to the server; the legal authentication information is used for the server to verify the authentication information of the electronic certificate, the server creates a page link of the URL for a browser of the terminal equipment after the verification is passed, and a page corresponding to the page link is used for processing the service request.