CN116662957A - Identity authentication method, identity authentication device, computer readable storage medium and computer equipment - Google Patents
Identity authentication method, identity authentication device, computer readable storage medium and computer equipment Download PDFInfo
- Publication number
- CN116662957A CN116662957A CN202310679095.3A CN202310679095A CN116662957A CN 116662957 A CN116662957 A CN 116662957A CN 202310679095 A CN202310679095 A CN 202310679095A CN 116662957 A CN116662957 A CN 116662957A
- Authority
- CN
- China
- Prior art keywords
- identity authentication
- target
- service information
- service
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000012544 monitoring process Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 9
- 238000013475 authorization Methods 0.000 abstract description 20
- 238000007726 management method Methods 0.000 description 43
- 238000012423 maintenance Methods 0.000 description 36
- 230000008569 process Effects 0.000 description 9
- 238000012795 verification Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an identity authentication method, an identity authentication device, a computer readable storage medium and computer equipment. Wherein the method comprises the following steps: reading a service information encryption file and an identity authentication file corresponding to a target service through an intelligent password key; decrypting the service information encryption file to obtain service information; generating a target dynamic key based on the service information; decrypting the identity authentication file by using the target dynamic key to obtain a target identity authentication password; based on the target identity password, the identity authentication of the target service is completed. The application solves the technical problems that the operation content and operators cannot be effectively monitored and the operation duration cannot be controlled when the intelligent password key is used for identity authentication and authorization management.
Description
Technical Field
The present application relates to the field of identity authentication, and in particular, to an identity authentication method, an identity authentication device, a computer readable storage medium, and a computer apparatus.
Background
In the field of operation maintenance business of a transformer substation, an intelligent password key (UKey) is generally used for carrying out identity authentication authorization management, but in the existing method, as the UKey is distributed in a large number and is stored in a scattered manner by a plurality of staff, real host operators cannot be effectively monitored in the use process of a transformer substation monitoring host, the daily maintenance work of the transformer substation is numerous, the operation condition of the monitoring host cannot be effectively monitored in the use process of the transformer substation monitoring host, the operation content of schedule maintenance cannot be effectively monitored, in addition, the operation use of the transformer substation monitoring host cannot be effectively associated with a maintenance work ticket, and the operation content and the use duration cannot be effectively controlled.
Therefore, in the related art, there is a technical problem that the operation content and the operator cannot be effectively monitored and the operation duration cannot be controlled when the intelligent password key is used for identity authentication and authorization management.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides an identity authentication method, an identity authentication device, a computer readable storage medium and computer equipment, which at least solve the technical problems that operation contents and operators cannot be effectively monitored and operation duration cannot be controlled when an intelligent cipher key is used for identity authentication authorization management.
According to an aspect of an embodiment of the present application, there is provided an identity authentication method including: reading a service information encryption file and an identity authentication file corresponding to a target service through an intelligent password key; decrypting the service information encryption file to obtain service information; generating a target dynamic key based on the service information; decrypting the identity authentication file by using the target dynamic key to obtain a target identity authentication password; based on the target identity password, the identity authentication of the target service is completed.
Optionally, before the service information encryption file and the identity authentication file corresponding to the target service are read by the intelligent password key, the following operations are executed by adopting the management end: encrypting service information of the target service to obtain a service information encryption file; and storing the service information encryption file and the identity authentication file in the intelligent password key.
Optionally, generating the target dynamic key based on the service information includes: receiving an identity authentication result of a management end; and generating a target dynamic key based on the service information under the condition that the identity authentication result of the management end is authentication passing.
Optionally, before receiving the identity authentication result of the management end, the management end is adopted to execute the following operations: generating a management end dynamic key based on the service information; decrypting the identity authentication file by adopting the dynamic key of the management end to obtain the identity authentication password of the management end; and carrying out identity authentication on the target service by adopting the management end identity authentication password to obtain a management end identity authentication result.
Optionally, before generating the management side dynamic key based on the service information, the method further includes: searching service information in a service information base to obtain a search result; based on the search results, the target business's executability is determined.
Optionally, the method further comprises: determining an allowable operation time based on the service information; real-time monitoring of actual operation time for a target service; in the case where the actual operation time exceeds the allowable operation time, the operation for the target service is interrupted.
Optionally, the method further comprises: and generating an operation log based on the operation record aiming at the target service, wherein the operation log is used for verification and storage of the server.
According to another aspect of the embodiment of the present application, there is also provided an identity authentication device, including: the reading module is used for reading the service information encryption file and the identity authentication file corresponding to the target service through the intelligent password key; the first decryption module is used for decrypting the service information encryption file to obtain service information; the generation module is used for generating a target dynamic key based on the service information; the second decryption module is used for decrypting the identity authentication file by adopting the target dynamic key to obtain a target identity authentication password; and the authentication module is used for completing the identity authentication of the target service based on the target identity password.
According to another aspect of the embodiment of the present application, there is also provided a computer readable storage medium, where the computer readable storage medium includes a stored program, and when the program runs, the device in which the computer readable storage medium is controlled to execute the identity authentication method of any one of the above items.
According to another aspect of an embodiment of the present application, there is also provided a computer apparatus including: a memory and a processor, the memory storing a computer program; and a processor for executing a computer program stored in the memory, the computer program, when run, causing the processor to perform the identity authentication method of any one of the above.
In the embodiment of the application, a dynamic key for decrypting the identity authentication file is generated based on service information, the service information encryption file and the identity authentication file of the target service stored in the intelligent password key are read, the service information file is decrypted by adopting a key of a terminal side to obtain the service information, the dynamic key is generated based on the service information to realize the tight connection between the key and the service information, the identity authentication file stored in the intelligent password key is decrypted by adopting the dynamic key to obtain the target identity authentication password, the target identity authentication password can be used for completing the identity authentication of the terminal side for the target service, a series of operations related to the target service can be performed after the terminal side passes the identity authentication of the target service, meanwhile, the terminal side can also determine the allowable operation time of the target service based on the service information, and control the operation time of the terminal side according to the allowable operation time, thereby achieving the purposes of improving the authorization security, and combining the monitoring host with daily operation and maintenance work, thereby realizing the technical effects of effectively monitoring the use time and the use process of the terminal side, further solving the problem that the authorization operation time cannot be controlled by the intelligent password management of the identity authentication key.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a flow chart of an identity authentication method provided according to an embodiment of the present application;
fig. 2 is a block diagram of an identity authentication device according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The UKey and the intelligent password key are small-sized storage equipment which is directly connected with a computer through a USB (universal serial bus interface) and has a password verification function and is reliable and high in speed.
The monitoring host of the transformer substation is an important infrastructure in the transformer substation, and the monitoring host is required to be used for maintenance activities such as daily monitoring, operation and maintenance operation of the transformer substation. Because the power system has higher requirements on reliability and safety, the substation monitoring host has higher requirements on safety protection compared with the conventional terminal host. Identity authentication is a method and mechanism for confirming whether an entity has access rights to a certain resource or service in an information system through a cryptographic means. With the progress of technology, the number of monitoring hosts of a transformer substation is increasing, and the demand for identity authentication is also becoming urgent.
Since the first time it was proposed in the 70 s of the last century, public key cryptography has evolved rapidly, and various identity authentication schemes and protocol layers based thereon have emerged. In the field of operation maintenance business of a transformer substation, identity authentication authorization management by using a UKey is a mainstream authorization solution, but problems exist in the aspects of user identity confirmation, use time limit of a monitoring host of the transformer substation and the like.
Defects and deficiencies of the prior art:
the UKey is distributed in a large quantity, and is stored in a scattered manner by a plurality of staff, so that supervision is not in place in the storage process, and real host operators cannot be effectively monitored in the use process of a substation monitoring host.
2. The daily maintenance work of the transformer substation is numerous, and the operation condition of the monitoring host can not be effectively monitored in the use process of the monitoring host of the transformer substation, and the operation content of schedule maintenance can not be effectively monitored.
3. The operation and use of the substation monitoring host cannot be effectively associated with maintenance work tickets, and the operation content and the use time cannot be effectively controlled.
In view of the foregoing, embodiments of the present application provide a method embodiment for identity authentication, it should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
Fig. 1 is a flowchart of an identity authentication method according to an embodiment of the present application, as shown in fig. 1, the method includes the following steps:
step S102, reading a service information encryption file and an identity authentication file corresponding to a target service through an intelligent password key;
step S104, decrypting the service information encryption file to obtain service information;
step S106, generating a target dynamic key based on the service information;
step S108, decrypting the identity authentication file by using the target dynamic key to obtain a target identity authentication password;
step S110, based on the target identity password, the identity authentication of the target service is completed.
Through the steps, the service information encryption file and the identity authentication file of the target service stored in the intelligent password key are read by adopting a mode of generating a dynamic key for decrypting the identity authentication file based on the service information, the service information file is decrypted by adopting a key of the terminal side to obtain the service information, the dynamic key is generated based on the service information to realize the tight connection between the key and the service information, and then the dynamic key is adopted to decrypt the identity authentication file stored in the intelligent password key to obtain the target identity authentication password.
It should be noted that, the service information in this embodiment includes at least one of the following: UKey equipment number, operation and maintenance task code, operation and maintenance task name, operation and maintenance staff information, work starting time, work ending time, operation and maintenance asset unique number, operation and maintenance asset name and operation and maintenance content information.
As an alternative embodiment, before the service information encryption file and the identity authentication file corresponding to the target service are read by the smart key, the following operations are performed by using the management end: encrypting service information of the target service to obtain a service information encryption file; copying the business information encryption file and the identity authentication file to the intelligent password key.
In this embodiment, the management end plays a role of a bridge between the terminal and the service end, firstly, the management end encrypts the service information of the target service of the service end to obtain a service information encryption file, copies the service information encryption file and the identity authentication file to the intelligent password key, and when the user needs to perform identity authentication, the user can read the service information encryption file and the identity authentication file stored in the intelligent password key only by inserting the intelligent password key into the terminal side.
It should be noted that, in this embodiment, the key used when the management end encrypts the service information to obtain the service information encryption file and the key used when the terminal encrypts the service information encryption file to obtain the service information should be a pair of public key private keys with corresponding relationships, for example, the management end encrypts the service information to obtain the service information encryption file by using the public key, and the terminal decrypts the service information encryption file by using the private key corresponding to the public key to obtain the service information, or vice versa, so as to ensure that the terminal side can successfully decrypt and obtain the service information.
As an alternative embodiment, generating the target dynamic key based on the traffic information includes: receiving an identity authentication result of a management end; and generating a target dynamic key based on the service information under the condition that the identity authentication result of the management end is authentication passing. By means of the identity authentication in advance by the management end, whether the target service exists and whether the target service is effective or not can be verified, and whether the terminal can operate aiming at the target service or not can be verified.
As an alternative embodiment, before receiving the identity authentication result of the management end, the management end is adopted to perform the following operations: generating a management end dynamic key based on the service information; decrypting the identity authentication file by adopting the dynamic key of the management end to obtain the identity authentication password of the management end; and carrying out identity authentication on the target service by adopting the management end identity authentication password to obtain a management end identity authentication result. When the management end performs identity authentication, a management end dynamic key is required to be generated firstly based on service information, the management end dynamic key is adopted to decrypt the identity authentication file, a management end identity authentication password is obtained, and then the identity authentication of the target service can be completed according to the management end identity authentication password.
As an alternative embodiment, before generating the management side dynamic key based on the service information, the method further includes: searching service information in a service information base to obtain a search result; based on the search results, the target business's executability is determined.
When verifying whether the target service exists and is valid, other methods may be adopted, for example, the management end may search in the service information base based on the service information of the target service, if the service information corresponding to the service information can be searched, the existence and the validity of the target service may be verified, that is, the service may be executed, if the service information corresponding to the service information is not searched, that is, the target service may not exist or has been invalid is verified, at this time, a reminder may be sent to an operator at the terminal side or the management end by the management end, the operation for the target service may be terminated, and a manual verification may be performed for the service information or the operation condition of the target service.
As an alternative embodiment, the method further comprises: determining an allowable operation time based on the service information; real-time monitoring of actual operation time for a target service; in the case where the actual operation time exceeds the allowable operation time, the operation for the target service is interrupted.
In order to increase the control of the operation time of the operator in the target service on the basis of completing the identity authentication, in this embodiment, after the terminal completes the identity authentication of the target service, the terminal side may determine the allowable operation time based on the service information obtained by decryption before, monitor the actual operation time of the user on the terminal side, and interrupt the operation of the target service if the actual operation time exceeds the allowable operation time.
Note that the allowable operation time in this embodiment may be an allowable operation time period, an allowable operation time range, or the like. If the operation duration is allowed, whenever the user starts to operate the target service at the terminal side, the operation on the target service can be continued as long as the actual operation duration does not exceed the allowed operation duration, otherwise, the operation on the target service is interrupted, for example, the user can operate the target service within 1 hour, and the like. If the operation time range is allowed, the user can only operate the target service within the preset time range, otherwise, the operation on the target service is interrupted, for example, the user can only operate the target service at 9 to 10 am, and the like.
It should be noted that, in this embodiment, the operation of the terminal for the target service may be implemented by stopping the target service from receiving the operation instruction, or may be implemented by shielding the operation interface of the terminal, and preferably, when the operation interface of the terminal needs to be shielded, shielding software may be implemented at the terminal side.
As an alternative embodiment, the method further comprises: and generating an operation log based on the operation record aiming at the target service, wherein the operation log is used for verification and storage of the server.
In order to monitor the specific operation content of the operator at the terminal, the embodiment also generates an operation log for storage based on the operation record of the operator for operating the target service, so as to be convenient for operation tracing.
Based on the foregoing embodiment and the optional embodiments, an optional embodiment of the present application is set forth, and is described below.
The application provides an SM2 encryption method for substation monitoring host by using personnel identity authentication.
The identity authentication and authorization software is installed on the management server, and the equipment number of each UKey and the authorized user are recorded. Binding the UKey with authorized users. And defining an authorization host and an authorization time limit of the UKey according to the working content, wherein the authorization time limit takes the date, the hour and the minute as units.
The authorization software has flexible authorization to the UKey. The UKey may be authorized to unblock the functionality of a different site monitor host. The serial number of the substation monitoring host is consistent with the serial number recorded by the management server. And different substation monitoring hosts of the same substation can be authorized separately according to the needs. The UKey can simultaneously authorize (one-to-many) multiple stations for different hosts.
The authorization software takes a cryptographic algorithm SM2 as a core, combines UKey equipment number, operation and maintenance task code, operation and maintenance task name, operation and maintenance staff information, work starting time, work ending time, operation and maintenance asset unique number, operation and maintenance asset name and operation and maintenance content information, generates an authorization encrypted file after authorization, and can be locally and directly generated and copied into a corresponding UKey; or the encrypted file can be transmitted to authorized users through an internal secure network, and the users copy the authorized encrypted file into the corresponding UKey.
The substation monitoring host installs host shielding software, a super user password decryption algorithm is arranged in the software, and the super user password generated by the authorization software can be decrypted to obtain the authorization time limit and matched with the host shielding software. The host computer shields the software password column from displaying characters and adopts silent input. In the supervisor state, if the keyboard or the mouse is not operated after waiting for 10 minutes (settable), the screen is automatically shielded, and the supervisor password is waited for to be input next time or the UKey is inserted.
Identity authentication is divided into two steps, key generation and information processing. The system adopts a national encryption algorithm SM2 encryption algorithm, and the same secret key is used for encryption and decryption. The encryption process uses a secret key and UKey equipment number, operation and maintenance task codes, operation and maintenance task names, operation and maintenance staff information, work starting time, work ending time, operation and maintenance asset unique numbers, operation and maintenance asset names and operation and maintenance content information as secret key generation parameters, an authorization encryption file is generated after encryption and authorization, and the file can be locally and directly generated and copied into a corresponding UKey; or the encrypted file can be transmitted to authorized users through an internal secure network, and the users copy the authorized encrypted file into the corresponding UKey.
On one hand, the encryption authorization information has business significance, and the identification efficiency of the authentication information is improved. On the other hand, the key information and the data verification form are more flexible, the key can be generated at any time, and the security of the system is ensured. In the key generation section, the validity period of the file is used as a part of the input parameters in consideration of the timeliness of authentication. Once the information exceeds the expiration date, the key will also fail, the data cannot be decrypted correctly, and verification will fail. Meanwhile, the UKey equipment number and the work task code of the user are used as one of key parameters, so that the key data cannot be calculated by a third party. The automatic generation of the secret key reduces the risk and enhances the security of the system. The system calculates the file characteristic information, the identity information and the number of the cardholder through encryption, and the uniqueness of the uniqueness and the collision resistance of the system ensures that the data information is difficult to forge and steal.
Based on the above description of the scheme, the following description is made on the execution flow of the scheme.
Step 1: the user inputs service information at the encryption generation interface of the management end and executes key encryption. And the shielding system of the substation terminal reads the encryption information through the UKey.
Step 2: the terminal shielding system is communicated with the server through an internal network, decrypts the encrypted information, and decodes the UKey equipment number, the operation and maintenance task code, the operation and maintenance task name, the operation and maintenance staff information, the work starting time, the work ending time, the operation and maintenance asset unique number, the operation and maintenance asset name and the operation and maintenance content information.
Step 3: the service end uses the service data in the service database as a search condition, and the dynamic key obtained in the last step can be used for decrypting to obtain the password.
Step 4: if the password obtained in the last step is correct, the terminal has a fixed-length information address, service information and password, and the execution algorithm can generate a corresponding dynamic key, otherwise, authentication fails.
Step 5: the dynamic key generated by the terminal is used for analyzing the access content of the user and decrypting the stored encrypted file at the terminal.
Step 6: the terminal shielding software checks whether the allowable operation time is exceeded or not at regular time, if the allowable operation time is exceeded, the terminal shielding software automatically shields an operation interface of the terminal equipment and simultaneously sends the operation record to a server for recording an operation log.
Step 7: the server will verify the received operation log and save the record.
Compared with the traditional authorization mode, the optional implementation mode of the application can better combine the use of the monitoring host of the transformer substation with the daily operation and maintenance work on the basis of improving the authorization safety of personnel, effectively control the user and the use time of the monitoring host of the transformer substation and record the operation log of the monitoring host of the transformer substation in real time so as to better ensure the safe and stable operation of power production.
According to an embodiment of the present application, there is further provided an identity authentication device, and fig. 2 is a block diagram of the identity authentication device according to the embodiment of the present application, as shown in fig. 2, where the device includes: the reading module 21, the first decryption module 22, the generation module 23, the second decryption module 24 and the authentication module 25, the device will be described below.
A reading module 21, configured to read, by using an intelligent cryptographic key, a service information encryption file and an identity authentication file corresponding to a target service; a first decryption module 22, connected to the reading module 21, for decrypting the service information encrypted file to obtain service information; a generating module 23 connected to the first decryption module 22, for generating a target dynamic key based on the service information; the second decryption module 24 is connected to the generation module 23, and is configured to decrypt the identity authentication file by using the target dynamic key to obtain a target identity authentication password; the authentication module 25 is connected to the second decryption module 24, and is configured to complete identity authentication of the target service based on the target identity password.
According to an embodiment of the present application, there is further provided a computer readable storage medium, where the computer readable storage medium includes a stored program, and when the program runs, the device in which the computer readable storage medium is controlled to execute the identity authentication method of any one of the above items.
According to an embodiment of the present application, there is also provided a computer apparatus including: a memory and a processor, the memory storing a computer program; and a processor for executing a computer program stored in the memory, the computer program, when run, causing the processor to perform the identity authentication method of any one of the above.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: u disk, read-Only memory (ROM, etc.) and various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.
Claims (10)
1. An identity authentication method, comprising:
reading a service information encryption file and an identity authentication file corresponding to a target service through an intelligent password key;
decrypting the service information encryption file to obtain service information;
generating a target dynamic key based on the service information;
decrypting the identity authentication file by adopting the target dynamic key to obtain a target identity authentication password;
based on the target identity password, the identity authentication of the target service is completed.
2. The method according to claim 1, wherein before the service information encryption file and the identity authentication file corresponding to the target service are read by the smart key, the following operations are performed by using a management end:
encrypting the service information of the target service to obtain the service information encryption file;
copying the business information encryption file and the identity authentication file to the intelligent password key.
3. The method of claim 1, wherein the generating a target dynamic key based on the traffic information comprises:
receiving an identity authentication result of a management end;
and generating the target dynamic key based on the service information under the condition that the identity authentication result of the management end is authentication passing.
4. A method according to claim 3, characterized in that before the receiving of the identity authentication result of the managing end, the following operations are performed with the managing end:
generating a management end dynamic key based on the service information;
decrypting the identity authentication file by adopting the dynamic key of the management end to obtain an identity authentication password of the management end;
and carrying out identity authentication on the target service by adopting the management end identity authentication password to obtain the management end identity authentication result.
5. The method of claim 4, further comprising, prior to said generating a management side dynamic key based on said traffic information:
searching the service information in a service information base to obtain a search result;
and determining the executable performance of the target service based on the search result.
6. The method according to claim 1, wherein the method further comprises:
determining an allowable operation time based on the service information;
real-time monitoring the actual operation time aiming at the target service;
and if the actual operation time exceeds the allowed operation time, interrupting the operation for the target service.
7. The method according to any one of claims 1 to 6, further comprising:
and generating an operation log based on the operation record aiming at the target service, wherein the operation log is used for verifying and storing by a server.
8. An identity authentication device, comprising:
the reading module is used for reading the service information encryption file and the identity authentication file corresponding to the target service through the intelligent password key;
the first decryption module is used for decrypting the service information encryption file to obtain service information;
the generation module is used for generating a target dynamic key based on the service information;
the second decryption module is used for decrypting the identity authentication file by adopting the target dynamic key to obtain a target identity authentication password;
and the authentication module is used for completing the identity authentication of the target service based on the target identity password.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored program, wherein the program, when run, controls a device in which the computer-readable storage medium is located to perform the authentication method of any one of claims 1 to 7.
10. A computer device, comprising: a memory and a processor, wherein the memory is configured to store,
the memory stores a computer program;
the processor configured to execute a computer program stored in the memory, the computer program when executed causing the processor to perform the identity authentication method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310679095.3A CN116662957A (en) | 2023-06-08 | 2023-06-08 | Identity authentication method, identity authentication device, computer readable storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310679095.3A CN116662957A (en) | 2023-06-08 | 2023-06-08 | Identity authentication method, identity authentication device, computer readable storage medium and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116662957A true CN116662957A (en) | 2023-08-29 |
Family
ID=87724009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310679095.3A Pending CN116662957A (en) | 2023-06-08 | 2023-06-08 | Identity authentication method, identity authentication device, computer readable storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116662957A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117852004A (en) * | 2024-03-07 | 2024-04-09 | 中建三局集团华南有限公司 | Modeling method, device and equipment for building curtain wall and storage medium |
-
2023
- 2023-06-08 CN CN202310679095.3A patent/CN116662957A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117852004A (en) * | 2024-03-07 | 2024-04-09 | 中建三局集团华南有限公司 | Modeling method, device and equipment for building curtain wall and storage medium |
| CN117852004B (en) * | 2024-03-07 | 2024-05-28 | 中建三局集团华南有限公司 | Modeling method, device and equipment for building curtain wall and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103729942B (en) | Transmission security key is transferred to the method and system of key server from terminal server | |
| CN101593389B (en) | Key management method and key management system for POS terminal | |
| CN100365641C (en) | Method for protecting computer login using disposable password | |
| CN105871558B (en) | A kind of digital control system right management method based on USB flash disk physical serial numbers | |
| CN102427449A (en) | Trusted mobile storage method based on security chips | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| CN107871081A (en) | A kind of computer information safe system | |
| CN112565265A (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| CN116662957A (en) | Identity authentication method, identity authentication device, computer readable storage medium and computer equipment | |
| CN112699352B (en) | Trusted data acquisition terminal identity verification method, computer storage medium and electronic equipment | |
| CN101119255A (en) | Dotnet LAN software encrypting service terminal activation method | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| CN105989482A (en) | Data encryption method | |
| CN107733936A (en) | A kind of encryption method of mobile data | |
| CN111600701A (en) | Private key storage method and device based on block chain and storage medium | |
| CN202276360U (en) | Trusted mobile storage system based on security chips | |
| CN112436937B (en) | Radio frequency tag initialization key distribution system and method | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| CN111815821B (en) | IC card security algorithm applied to intelligent door lock | |
| CN102970288A (en) | Network transaction system with dynamic password generator | |
| JP4319804B2 (en) | IC card application program, IC card and license management system | |
| CN112231651A (en) | Method for preventing decompiling and tampering copyright authorization | |
| CN105989489B (en) | A kind of method and payment terminal of IC card networking certification | |
| CN115859389B (en) | Software serial number authorization method and system based on privately-distributed deployment | |
| CN111698080B (en) | Program file export and import method and device and multimedia playing box |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |