CN117479164A - Identity authentication method and device based on 5G message - Google Patents
Identity authentication method and device based on 5G message Download PDFInfo
- Publication number
- CN117479164A CN117479164A CN202311398811.7A CN202311398811A CN117479164A CN 117479164 A CN117479164 A CN 117479164A CN 202311398811 A CN202311398811 A CN 202311398811A CN 117479164 A CN117479164 A CN 117479164A
- Authority
- CN
- China
- Prior art keywords
- information
- authenticated
- authentication
- identity
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 135
- 238000012795 verification Methods 0.000 claims abstract description 222
- 230000004044 response Effects 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 118
- 230000000977 initiatory effect Effects 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 abstract description 47
- 238000004891 communication Methods 0.000 abstract description 6
- 230000005540 biological transmission Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000003993 interaction Effects 0.000 description 7
- 230000003068 static effect Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 238000013507 mapping Methods 0.000 description 4
- 238000003491 array Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000002427 irreversible effect Effects 0.000 description 3
- NAWXUBYGYWOOIX-SFHVURJKSA-N (2s)-2-[[4-[2-(2,4-diaminoquinazolin-6-yl)ethyl]benzoyl]amino]-4-methylidenepentanedioic acid Chemical compound C1=CC2=NC(N)=NC(N)=C2C=C1CCC1=CC=C(C(=O)N[C@@H](CC(=C)C(O)=O)C(O)=O)C=C1 NAWXUBYGYWOOIX-SFHVURJKSA-N 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application provides an identity authentication method and device based on 5G messages, and relates to the technical field of communication. The method applied to the authentication platform comprises the following steps: in response to receiving the identity authentication request, determining identification information of the object to be authenticated according to the identity authentication request, and determining terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated; generating information to be verified according to the identity authentication request; the information to be verified is sent to the terminal equipment in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment to generate verification instruction information; and acquiring verification instruction information sent by the terminal equipment, and carrying out identity authentication of the object to be authenticated according to the verification instruction information. The scheme can simplify the user operation in the identity authentication process, can avoid information leakage and ensures the operation safety.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an identity authentication method and apparatus based on a 5G message.
Background
With the development of internet technology, various application platforms have appeared to provide convenience for people's life. Typically, when using an application platform, authentication of the user is required in order to avoid the risk of non-personal operation.
In the related art, the identity authentication mode includes a static password, a short message verification code and a single-point authentication mode. However, the three identity authentication methods all have a certain security risk, and the authentication process is relatively complicated.
Disclosure of Invention
In order to solve the above problems, the present application provides an identity authentication method and device based on a 5G message.
According to a first aspect of the present application, there is provided an identity authentication method based on a 5G message, the method being applied to an authentication platform, the method comprising:
in response to receiving an identity authentication request, determining identification information of an object to be authenticated according to the identity authentication request, and determining terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated;
generating information to be verified according to the identity authentication request;
the information to be verified is sent to the terminal equipment in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment so as to generate verification instruction information;
and acquiring verification instruction information sent by the terminal equipment, and carrying out identity authentication of the object to be authenticated according to the verification instruction information.
According to a second aspect of the present application, there is provided an identity authentication method based on a 5G message, the method being applied to a terminal device, the method comprising:
receiving a 5G message;
determining information to be verified according to the 5G message; the information to be verified is generated by the authentication platform according to the received identity authentication request;
encrypting the information to be verified to generate verification instruction information;
sending the verification instruction information to the authentication platform; the authentication instruction information is used for authenticating the identity of the object to be authenticated by the authentication platform.
According to a third aspect of the present application, there is provided an identity authentication system comprising:
an authentication platform for implementing the method described in the first aspect;
and the terminal equipment is used for realizing the method of the second aspect.
According to a fourth aspect of the present application, there is provided an identity authentication device based on 5G messages, the device being applied to an authentication platform, the device comprising:
the first determining module is used for responding to the received identity authentication request, determining the identification information of the object to be authenticated according to the identity authentication request, and determining the terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated;
The first generation module is used for generating information to be verified according to the identity authentication request;
the first sending module is used for sending the information to be verified to the terminal equipment in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment so as to generate verification instruction information;
and the authentication module is used for acquiring the verification instruction information sent by the terminal equipment and carrying out identity authentication of the object to be authenticated according to the verification instruction information.
According to a fifth aspect of the present application, there is provided an identity authentication apparatus based on a 5G message, the apparatus being applied to a terminal device, the apparatus comprising:
the first receiving module is used for receiving the 5G message;
the second determining module is used for determining information to be verified according to the 5G message; the information to be verified is generated by the authentication platform according to the received identity authentication request;
the encryption module is used for carrying out encryption processing on the information to be verified so as to generate verification instruction information;
the second sending module is used for sending the verification instruction information to the authentication platform; the authentication instruction information is used for authenticating the identity of the object to be authenticated by the authentication platform.
According to a sixth aspect of the present application, there is provided an electronic device comprising: a processor; a memory for storing executable instructions of the processor; wherein the processor is configured to execute the instructions to implement the method according to the first aspect and/or to implement the method according to the second aspect.
According to a seventh aspect of the present application, there is provided a computer readable storage medium, which when executed by a processor of an electronic device, causes the electronic device to perform the method of the first aspect and/or to perform the method of the second aspect.
According to the technical scheme, after an identity authentication request is received, identification information of an object to be authenticated is determined according to the identity authentication request, terminal equipment associated with the object to be authenticated is determined according to the identification information of the object to be authenticated, information to be verified is generated according to the identity authentication request, the information to be verified is sent to the terminal equipment in the form of 5G information, verification instruction information obtained by encrypting the information to be verified by the terminal equipment is obtained, and identity authentication is carried out on the object to be authenticated according to the verification instruction information. The scheme can realize authentication of the identity based on the 5G message without complicated operation of the user, thereby not only simplifying the user operation in the authentication process, but also avoiding information leakage. In addition, verification instruction information of data transmission in the authentication process is encrypted, so that the confidentiality of information in the identity authentication interaction process is ensured, and the operation safety can be further improved.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
fig. 1 is a flowchart of an identity authentication method based on a 5G message according to an embodiment of the present application;
FIG. 2 is a flowchart of another authentication method based on 5G messages according to an embodiment of the present application;
FIG. 3 is a flowchart of another authentication method based on a 5G message according to an embodiment of the present application;
FIG. 4 is a flowchart of another authentication method based on a 5G message according to an embodiment of the present application;
FIG. 5 is a flowchart of another authentication method based on a 5G message according to an embodiment of the present application;
FIG. 6 is a flowchart of another authentication method based on a 5G message according to an embodiment of the present application;
FIG. 7 is a flowchart of another authentication method based on a 5G message according to an embodiment of the present application;
FIG. 8 is a schematic diagram of an identity authentication system according to the present application;
Fig. 9 is a block diagram of an identity authentication device based on a 5G message according to an embodiment of the present application;
FIG. 10 is a block diagram illustrating another identity authentication device based on 5G messages according to an embodiment of the present application
Fig. 11 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the drawings are exemplary and intended for the purpose of explaining the present application and are not to be construed as limiting the present application.
It should be noted that, with the development of internet technology, various application platforms have appeared to provide convenience for people's life. Typically, when using an application platform, authentication of the user is required in order to avoid the risk of non-personal operation.
In the related art, the identity authentication mode includes a static password, a short message verification code and a single-point authentication mode. The identity authentication based on the user static password is the most traditional and widely used authentication mode. The application system adopts a static password mode, a user presets a password in the system in advance, the password is filled in when logging in and submitted to the system, and the system confirms the identity of the user by checking the password. However, the conventional static password authentication method has obvious limitations, and the security of the password depends on the strength of the password, the periodic update and the reasonable password management method of users. At present, the problems of weak passwords and long-term non-updating of the passwords widely exist, and meanwhile, if the user passwords are miskept or browser password plug-ins are used, the user identity authentication is brought with great security risks.
Single point authentication based on third party platforms is common on large-scale internet platforms, often accompanied by mutual drainage and content sharing, and is mainly applied to form ecological internet application platforms. The application system generally guides the user to complete identity authentication on the third party platform, and authorizes the authentication result of the third party platform to the application system, thereby indirectly completing the user identity authentication. However, since the single-point authentication completes identity verification by means of the third-party platform, all authentication behaviors are marked on the third-party platform, and leakage of user operation behavior data cannot be avoided.
Identity authentication based on dynamic short message verification codes is widely used for various internet applications and shows a continuously growing trend. When the user logs in, the application system directly or indirectly transmits a one-time verification code password to the user through the short message of the operator, the user backfills the password and submits the password to the system, and the system confirms the user identity through checking the verification code password backfilled by the user. Usually, the short message verification code is presented as a plaintext at the terminal, so that the risk of being stolen exists, and the user is required to manually backfill, so that the steps are relatively complicated.
In order to solve the above problems, the present application provides an identity authentication method and device based on a 5G message.
Fig. 1 is a flowchart of an identity authentication method based on a 5G message according to an embodiment of the present application. It should be noted that, the identity authentication method based on the 5G message in the embodiments of the present application is applied to an authentication platform, for example, the authentication platform may be a server for implementing identity authentication. As shown in fig. 1, the identity authentication method based on the 5G message according to the embodiment of the present application may include the following steps:
step 101, in response to receiving the identity authentication request, determining identification information of the object to be authenticated according to the identity authentication request, and determining terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated.
The identity authentication request received by the authentication platform may be sent by an application platform, where the application platform may refer to a server of an internet application. As an example of a scenario, if an application a is installed in a terminal device, when a user logs in to the application a through the terminal device, the terminal device sends a request for logging in to the application a server, and the application a server generates an identity authentication request and sends the identity authentication request to an authentication platform.
As an example, the identity authentication request may carry identification information of the object to be authenticated, identification information of the application platform, and the like. The object to be authenticated can be a user to be authenticated, and the identification information of the object to be authenticated can be a mobile phone number of the object to be authenticated or a unique identification for distinguishing the object to be authenticated.
In some embodiments of the present application, the terminal device associated with the object to be authenticated may be a terminal device held by the object to be authenticated, for example, a mobile terminal device such as a mobile phone, a tablet computer, or the like of the object to be authenticated.
As a possible implementation manner, according to the identification information of the object to be authenticated, the implementation manner of determining the terminal device associated with the object to be authenticated may include: the authentication platform stores the correspondence between the identification information of the object to be authenticated and the terminal equipment associated with the object to be authenticated in advance, for example, the authentication platform stores the correspondence between the identification information of the object to be authenticated and the mobile phone number of the associated terminal equipment in advance, and according to the identification information of the object to be authenticated, the mobile phone number of the terminal equipment associated with the object to be authenticated can be determined, so that the terminal equipment associated with the object to be authenticated can be determined.
Step 102, generating information to be verified according to the identity authentication request.
In some embodiments of the present application, the information to be verified and the authentication request are in a one-to-one relationship, that is, only one information to be verified may be generated according to one authentication request. The information to be verified may be information including at least identification information of the application platform, a request time, and identification information of the object to be authenticated. According to the identity authentication request, the implementation manner of generating the information to be verified can include: according to the identity authentication request, determining identification information and request time of an application platform; and generating information to be verified according to the identification information of the application platform, the request time and the identification information of the object to be authenticated.
Step 103, sending the information to be verified to the terminal equipment in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment to generate verification instruction information.
That is, the authentication platform may encapsulate the information to be authenticated into a 5G message, and send the encapsulated 5G message to the 5G message platform, so that the 5G message platform sends the 5G message to the terminal device, so that the object to be authenticated may receive the 5G message through the terminal device, and implement the operation of identity authentication by triggering the 5G message.
As one possible implementation manner, the authentication platform may construct 5G message data according to a request format of the 5G message platform, for example, according to the rcc.07 standard, using a rich media card, where the content includes information to be verified, and the card includes two suggested reply objects, and names of the two suggested reply objects guide the user to click to confirm identity authentication and cancel identity authentication, respectively; the authentication platform encapsulates the constructed 5G message card data and the identification information of the terminal equipment into a 5G message request, and sends the 5G message request to the 5G message platform so that the 5G message platform sends the 5G message to the corresponding terminal equipment.
In some embodiments of the present application, after receiving the 5G message, the terminal device determines information to be verified according to the 5G message, and encrypts the information to be verified to generate verification instruction information.
Step 104, obtaining verification instruction information sent by the terminal equipment, and carrying out identity authentication of the object to be authenticated according to the verification instruction information.
As an example, the verification instruction information may be sent directly to the authentication platform by the terminal device based on the terminal device being in communication with the authentication platform. As another example, the authentication instruction information may be sent by the terminal device to the authentication platform in the form of a 5G message, i.e. the terminal device sends the authentication instruction information to the 5G message platform and the 5G message platform sends the corresponding 5G message to the authentication platform.
In some embodiments of the present application, performing identity authentication of an object to be authenticated according to verification instruction information may include: checking whether the verification instruction information is obtained by directly encrypting the information to be verified by the corresponding terminal equipment, and is not tampered.
In other embodiments of the present application, the verification instruction information may further include a verification initiation time, and performing the identity authentication of the object to be authenticated according to the verification instruction information may include checking whether the identity authentication is overtime.
As a possible implementation manner, the terminal device stores a private key corresponding to the object to be authenticated, the authentication platform stores a corresponding public key, and the terminal device encrypts the information to be authenticated through the private key corresponding to the object to be authenticated to obtain authentication instruction information; the authentication platform decrypts the verification instruction information through the corresponding public key so as to judge whether the obtained decryption result is the information to be verified; if the obtained decryption processing result is the information to be verified, the identity authentication result of the object to be authenticated is determined to be successful authentication, otherwise, the authentication is failed.
As another possible implementation manner, before initiating an identity authentication request, the terminal device associated with the object to be authenticated needs to register in an authentication platform, in the registration stage, the registration information of the object to be authenticated, the identification information of the object to be authenticated and the information of the terminal device are stored in the authentication platform, and the terminal device is communicated with the terminal device storage, so that the terminal device generates a private key of the object to be authenticated based on the communication content; the authentication platform is provided with an authentication platform public key and an authentication platform private key; the terminal equipment encrypts the information to be verified in a preset mode based on the authentication platform public key and the object private key to be verified to obtain verification instruction information; the authentication platform encrypts the information to be authenticated in another preset mode based on the public key of the authentication platform and the private key of the authentication platform, and judges whether the authentication instruction information can be obtained or not so as to realize the identity authentication of the object to be authenticated.
In some embodiments of the present application, the authentication platform may send an identity authentication result of the object to be authenticated to a corresponding identity authentication request initiator, for example, the identity authentication request is sent to the authentication platform by the application platform, and the authentication platform sends the identity authentication result to the application platform after the identity authentication.
It should be noted that, if the information to be verified includes information such as application platform identification information, identification information of an object to be verified, an authentication request initiation time, etc., the information to be verified corresponding to different identity authentication requests is different, that is, the information to be verified is unique, so that the verification instruction information is also unique, and the verification instruction information cannot be analyzed in the transmission process, so that the security of the information in the identity authentication process can be greatly improved.
It can be understood that the identity authentication method based on the 5G message in the embodiment of the application uses the 5G message to interact with the terminal equipment, so that the user directly triggers the 5G message to realize the operation of the identity authentication process, the operation of the identity authentication process is simplified, and a huge and complicated password management system of static password authentication is avoided. Meanwhile, the method does not introduce a third party authentication system, so that the problem of information leakage can be avoided. Interaction between the terminal equipment and the authentication platform can be displayed through the 5G message, so that the content can be hidden, the risk of leakage of the verification code in the short message authentication mode is compensated, and the safety is improved. In addition, the verification instruction information is the information after encryption processing, so that the security in the information transmission process can be further improved.
According to the identity authentication method based on the 5G message, after an identity authentication request is received, identification information of an object to be authenticated is determined according to the identity authentication request, terminal equipment associated with the object to be authenticated is determined according to the identification information of the object to be authenticated, information to be verified is generated according to the identity authentication request, the information to be verified is sent to the terminal equipment in the form of the 5G message, verification instruction information obtained by encrypting the information to be verified by the terminal equipment is obtained, and identity authentication is carried out on the object to be authenticated according to the verification instruction information. The scheme can realize authentication of the identity based on the 5G message without complicated operation of the user, thereby not only simplifying the user operation in the authentication process, but also avoiding information leakage. In addition, verification instruction information of data transmission in the authentication process is encrypted, so that the confidentiality of information in the identity authentication interaction process is ensured, and the operation safety can be further improved.
Next, description will be made with respect to a specific implementation manner of identity authentication of an object to be authenticated according to authentication instruction information.
Fig. 2 is a flowchart of another identity authentication method based on a 5G message according to an embodiment of the present application. As shown in fig. 2, based on the above embodiment, the implementation manner of performing the identity authentication of the object to be authenticated according to the authentication instruction information in step 104 in fig. 1 may include the following steps:
Step 201, determining a first verification value according to verification instruction information; the first verification value is obtained by encrypting information to be verified by the terminal equipment based on a base point of a preset elliptic curve, a preset authentication platform public key, a preset first hash function, a preset second hash function, identification information of an object to be authenticated and a preset object private key to be verified.
In some embodiments of the present application, the verification instruction information may be obtained by splicing the first verification value with the verification initiation time, so the first verification value may be determined directly according to the verification instruction information. The specific implementation process of the terminal device generating the first verification value can be referred to the following embodiment of the identity authentication method based on the 5G message applied to the terminal device side.
Step 202, verifying the first verification value based on the base point of the elliptic curve, the public key of the authentication platform, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified.
The base point of the elliptic curve, the public key of the authentication platform, the first hash function and the second hash function are all preset in the initialization process before identity authentication.
In some embodiments of the present application, an authentication platform needs to be initialized to determine a parameter configuration prior to identity authentication. For example, a non-singular elliptic curve G having a base point P and an order q of the elliptic curve may be selected; randomly selecting an authentication platform private key, and generating an authentication platform public key according to the base point of the elliptic curve and the authentication platform private key; based on the non-singular elliptic curve G, 3 one-way hash functions are selected as follows (18). Meanwhile, before identity authentication, the terminal equipment associated with the object to be authenticated also needs to be initialized, and the purpose of the initialization is to preset a set of parameters consistent with the initialized parameters of the authentication platform.
H1:
H2:
Wherein H1 is a first hash function; h2 is a second hash function; h3 is a third hash function; g is the multiplication cycle group where all used elliptic curves are located; {0,1} * A string of binary bits of arbitrary length;is an integer multiplication loop group. That is, the first hash function represents mapping the input binary data and the elements on the two elliptic curves into one integer, and the mapping is irreversible; the second hash function represents that binary data, one elliptic curve element, a plurality of integers and another elliptic curve element which are sequentially input are mapped into one integer, and the mapping is irreversible; the third hash function represents an irreversible mapping of an elliptic curve element to an integer.
That is, the process of verifying the first verification value based on the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the identification information of the object to be authenticated, and the information to be verified is equivalent to determining whether the first verification value is obtained by encrypting the information to be verified by the terminal device based on the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the identification information of the object to be authenticated, and the private key of the object to be authenticated.
As a possible implementation manner, the first check value and the second check value may be generated according to the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the information to be verified and the identification information of the user to be authenticated; checking the first verification value is achieved by judging whether the first verification value is consistent with the second verification value; if the first verification value is consistent with the second verification value, determining that the verification result of the first verification value is successful, otherwise, determining that the verification result of the first verification value is failed.
In some embodiments of the present application, the implementation procedure of step 202 further includes: determining verification initiation time according to the verification instruction information; determining whether the identity authentication is overtime according to the authentication initiation time; and if the identity authentication is not overtime, checking the first verification value based on the base point of the elliptic curve, the public key of the authentication platform, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified.
That is, before checking the first verification value, it may be first determined whether the identity authentication is overtime, so as to ensure that the first verification value is valid for a period of time, thereby further improving the security of the identity authentication process.
The process of judging whether the identity authentication is overtime may include: comparing the verification initiation time with the time when the verification instruction information is acquired, and acquiring a first time difference value; comparing the verification initiation time with the initiation time of the identity authentication request to obtain a second time difference value; comparing the first time difference value with a first time threshold value, and comparing the second time difference value with a second time threshold value; if the first time difference value is smaller than the first time threshold value and the second time difference value is smaller than the second time threshold value, the identity authentication is determined not to be overtime, otherwise, the identity authentication is determined to be overtime.
Step 203, determining the identity authentication result of the object to be authenticated according to the verification result of the first verification value.
That is, if the verification result of the first verification value is that verification is successful, the identity authentication result of the object to be authenticated is that authentication is successful, otherwise, the identity authentication result of the object to be authenticated is that authentication is failed.
According to the identity authentication method based on the 5G message, the first verification value is verified according to the base point of the elliptic curve, the public key of the authentication platform, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified, and the identity authentication result of the object to be verified is determined according to the verification result of the first verification value, so that the identity authentication of the object to be verified is realized. According to the scheme, identity authentication is performed based on the first verification value determined by the verification instruction information, so that the safety of the information can be further ensured.
Next, step 202 in fig. 2 will be described in detail.
Fig. 3 is a flowchart of another identity authentication method based on a 5G message according to an embodiment of the present application. As shown in fig. 3, based on the above embodiment, the implementation procedure of step 202 in fig. 2 may include the following steps:
step 301, determining hidden identity information corresponding to the identification information of the object to be authenticated.
In some embodiments of the present application, during the registration phase of the terminal device, corresponding suppressed identity information may be generated according to the identification information of the object to be authenticated. The hidden identity information refers to a result of encrypting registration information of an object to be authenticated. That is, the authentication platform stores the correspondence between the identification information of the object to be authenticated and the hidden identification information, so that the corresponding hidden identification information can be determined directly according to the identification information of the object to be authenticated. For a specific calculation of the suppressed identification information, reference is made to the description in the following examples.
Step 302, based on the first hash function, the identification information, the hidden identification information and the public key of the authentication platform of the object to be authenticated are encrypted to obtain a first authentication intermediate value.
The expression of the first authentication intermediate value is as follows (1):
A=H1(ID,IC,Pu) (1)
wherein A is a first authentication intermediate value; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the authentication platform public key.
Step 303, generating first hidden information and second hidden information according to the information to be verified, the first hash function, the base point of the elliptic curve, the public key of the authentication platform, the hidden identity information and the identification information of the object to be authenticated.
The first hidden information and the second hidden information are information after the information to be verified is encrypted respectively.
As one possible implementation, the implementation procedure of step 303 may include: generating first hidden information according to the information to be verified and the base point of the elliptic curve; and generating second hidden information according to the information to be verified, the first hash function, the public key of the authentication platform, the hidden identity information and the identification information of the object to be authenticated.
As an example, the calculation process for generating the first suppressed information according to the information to be verified and the base point of the elliptic curve is as follows:
L=l·P (2)
Wherein L is first hidden information; l is information to be verified; p is the base point of the elliptic curve.
As an example, the calculation process for generating the second hidden information according to the information to be verified, the first hash function, the public key of the authentication platform, the hidden identification information and the identification information of the object to be authenticated is as follows formula (3):
M=l·(IC+H1(ID,IC,Pu)·Pu) (3)
wherein M is second hidden information; l is information to be verified; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the authentication platform public key.
Step 304, based on the second hash function, the identification information, the hidden identification information, the first hidden information and the second hidden information of the object to be authenticated are encrypted, so as to obtain a second authentication intermediate value.
The expression of the second authentication intermediate value is as follows (4):
B=H2(ID,IC,L,M) (4)
wherein B is a second authentication intermediate value; h2 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; l is first hidden information; m is the second suppressed information.
Step 305, verifying the first verification value according to the first authentication intermediate value, the second authentication intermediate value, the base point of the elliptic curve, the hidden identity information, the authentication platform public key and the first hidden information.
In some embodiments of the present application, the implementation process for verifying the first verification value according to the first authentication intermediate value, the second authentication intermediate value, the base point of the elliptic curve, the hidden identity information, the authentication platform public key and the first hidden information may include: determining a first verification value according to the first verification value and a base point of the elliptic curve; determining a second check value according to the first hidden information, the first authentication intermediate value, the second authentication intermediate value, the hidden identity information and the authentication platform public key; judging whether the first check value is consistent with the second check value; if the first verification value is consistent with the second verification value, determining that the first verification value is successfully verified.
As an example, the process of determining the first verification value may be as follows (5) according to the first verification value and the base point of the elliptic curve:
m=D·P (5)
wherein m is a first check value; d is a first verification value; p is the base point of the elliptic curve.
As an example, the process of determining the second check value from the first suppressed information, the first authentication intermediate, the second authentication intermediate, the suppressed identity information, and the authentication platform public key may be of formula (6):
n=L+B·IC+AB·Pu (6)
wherein n is a second check value; l is first hidden information; a is a first authentication intermediate value; b is a second authentication intermediate value; the IC is hidden identity information; pu is the authentication platform public key.
Regarding the fact that the first verification value coincides with the second verification value, the principle that the verification result of the first verification value can be determined to be verification success will be described in the following embodiments.
Next, an introduction will be made with respect to the registration phase.
Fig. 4 is a flowchart of another identity authentication method based on a 5G message according to an embodiment of the present application. As shown in fig. 4, based on the above embodiment, the following steps may be further included before step 101 in fig. 1:
step 401, receiving registration information of an object to be authenticated and identification information of the object to be authenticated, which are sent by a terminal device; the registration information of the object to be authenticated is generated by the terminal equipment based on the base point of the elliptic curve.
In some embodiments of the present application, the terminal device may generate a random number in the registration stage, obtain registration information of the object to be authenticated according to the random number and a base point of the elliptic curve, and send the registration information of the object to be authenticated and identification information of the object to be authenticated to the authentication platform.
As an example, the expression of registration information of an object to be authenticated is as follows (7):
W=V·P (7)
wherein W is registration information of an object to be authenticated; v is a random number generated by the terminal equipment; p is the base point of the elliptic curve.
Step 402, generating hidden identity identification information and a shared private key according to registration information of an object to be authenticated, a base point of an elliptic curve, an authentication platform public key, identification information of the object to be authenticated, a preset authentication platform private key, a preset third hash function and a first hash function.
As one possible implementation, the implementation of step 402 may include: generating hidden identity information according to registration information of an object to be authenticated and a base point of an elliptic curve; and generating a shared private key according to the registration information of the object to be authenticated, the first hash function, the third hash function, the identification information of the object to be authenticated, the hidden identity information, the authentication platform private key and the authentication platform public key.
As an example, the calculation process for generating the hidden identity information according to the registration information of the object to be authenticated and the base point of the elliptic curve is as follows (8):
IC=W+R·P=V·P+R·P (8)
wherein the IC is hidden identity information; w is registration information of an object to be authenticated; v is a random number generated by the terminal equipment; p is the base point of the elliptic curve; r is a random number generated by the authentication platform.
As an example, according to the registration information of the object to be authenticated, the first hash function, the third hash function, the identification information of the object to be authenticated, the hidden identity information, the authentication platform private key, and the authentication platform public key, the process of generating the shared private key is as follows formula (9):
E=H3(S·W)+R+S·H1(ID,IC,Pu) (9)
Wherein E is a shared private key; h3 is a third hash function; s is an authentication platform private key; w is registration information of an object to be authenticated; r is a random number generated by an authentication platform; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the authentication platform public key.
Step 403, sending the hidden identity information and the shared private key to the terminal device; the shared private key is used for generating the private key of the object to be authenticated by the terminal equipment.
That is, through the registration stage, the authentication platform obtains the correspondence between the terminal device associated with the object to be authenticated and the identification information of the object to be authenticated, and simultaneously obtains the correspondence between the identification information of the object to be authenticated and the hidden identification information, and also obtains the shared private key with the terminal device.
Next, in the above embodiment, the principle that the first verification value may be determined to be successful if the first verification value is consistent with the second verification value in step 305 of fig. 3 will be described:
the expression of the first verification value generated by the terminal device is as follows (10):
D=l+sk·H2(ID,IC,L,M) (10)
wherein D is a first verification value; sk is a private key of the object to be verified; h2 is a second hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; l is first hidden information; m is the second suppressed information.
Decomposing the first check value based on the formula (4), the formula (5), and the formula (10) as follows:
m=D·P=(l+sk·H2(ID,IC,L,M))·P
=l·P+sk·H2(ID,IC,L,M)·P
=L+sk·B·P (11)
wherein m is a first check value; d is a first verification value; p is the base point of the elliptic curve; l is information to be verified; sk is a private key of the object to be verified; h2 is a second hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; l is first hidden information; m is second hidden information; b is a second authentication intermediate.
The authentication platform public key may be determined from the authentication platform private key and the base point of the elliptic curve, as follows (12):
Pu=S·P (12)
wherein Pu is the authentication platform public key; s is an authentication platform private key; p is the base point of the elliptic curve.
The following formula (13) is obtained based on the formula (6) and the formula (12):
n=L+B·IC+AB·Pu=L+B·IC+A·B·S·P (13)
wherein n is a second check value; l is first hidden information; a is a first authentication intermediate value; b is a second authentication intermediate value; the IC is hidden identity information; pu is the public key of the authentication platform; s is an authentication platform private key; p is the base point of the elliptic curve.
Based on the formulas (11) and (13), it is determined whether the first check value and the second check value match, and this corresponds to determining whether sk·b·p and b·ic+a·b·s·p are equal.
If the private key of the object to be authenticated can be calculated by the following formula (14):
sk=E-H3(V·Pu)+V (14)
Wherein sk is a private key of the object to be authenticated; e is a shared private key; h3 is a third hash function; v is a random number generated by the terminal equipment; pu is the authentication platform public key.
The following formula (15) is derived based on formula (9), formula (7), formula (12) and formula (14):
sk=H3(S·W)+R+S·H1(ID,IC,Pu)-H3(V·Pu)+V
=H3(S·V·P)+R+S·H1(ID,IC,Pu)-H3(V·S·P)+V
=R+S·H1(ID,IC,Pu)+V (15)
wherein H3 is a third hash function; s is an authentication platform private key; w is registration information of an object to be authenticated; r is a random number generated by an authentication platform; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the public key of the authentication platform; p is the base point of the elliptic curve; v is a random number generated by the terminal equipment; sk is the private key of the object to be authenticated.
The following formula (16) is obtained based on the formula (15) and the formula (1):
sk·B·P=[R+S·H1(ID,IC,Pu)+V]·B·P=[R+S·A+V]·B·P
=R·B·P+S·A·B·P+V·B·P (16)
the following formula (17) is derived based on formula (8):
B·IC+A·B·S·P=B[V·P+R·P]+A·B·S·P
=B·V·P+B·R·P+A·B·S·P (17)
based on the formulas (16) and (17), it can be determined that sk·b·p is equal to b·ic+a·b·s·p if the first verification value is correct. That is, if the first verification value is correct, the first verification value is consistent with the second verification value, that is, if the first verification value is consistent with the second verification value, it is indicated that the first verification value is generated by the terminal device through the private key of the object to be authenticated and is not tampered.
Fig. 5 is a flowchart of another identity authentication method based on a 5G message according to an embodiment of the present application. It should be noted that, the identity authentication method based on the 5G message in the embodiments of the present application is applied to a terminal device, where the terminal device may be a mobile terminal device such as a mobile phone, a notebook computer, and the like. As shown in fig. 5, the method may include the steps of:
Step 501, a 5G message is received.
In some embodiments of the present application, the 5G message is generated by the authentication platform upon receipt of the identity authentication request and issued by the 5G message platform. The 5G message may be in the form of a card, and the 5G message carries information to be verified.
Step 502, determining information to be verified according to the 5G message; the information to be verified is generated by the authentication platform according to the received identity authentication request.
The 5G message may be encapsulated based on the information to be verified, so the information to be verified may be directly determined based on the 5G message.
As a possible implementation manner, the step of determining the information to be verified according to the 5G message may be performed after the user triggers the 5G message.
As another implementation manner, the 5G message is in the form of a card, and after being parsed, includes two clickable components, each clickable component corresponds to a guide description, one of which is used for confirming to verify, the other is used for canceling the verification, and the user selects the corresponding component to click on based on own requirements; and responding to the verification triggering operation of the 5G message, and determining the information to be verified according to the 5G message.
In step 503, the information to be verified is encrypted to generate verification instruction information.
As a possible implementation manner, the terminal device stores a private key corresponding to the object to be authenticated, and encrypts the information to be verified through the private key corresponding to the object to be authenticated to obtain verification instruction information.
Step 504, sending the verification instruction information to an authentication platform; the authentication instruction information is used for authenticating the identity of the object to be authenticated by the authentication platform.
As one possible implementation, the verification instruction information is sent to the 5G message platform, so that the verification execution information is sent to the authentication platform by the 5G message platform in the form of a 5G message.
As another possible implementation manner, a communication connection is established between the terminal device and the authentication platform, the terminal device directly communicates with the authentication platform, and verification instruction information is sent to the authentication platform.
According to the identity authentication method based on the 5G message, the terminal equipment receives the 5G message, determines information to be authenticated according to the 5G message, encrypts the information to be authenticated to generate authentication instruction information, sends the authentication instruction information to the authentication platform, and authenticates the identity of the object to be authenticated according to the authentication instruction information by the authentication platform. The scheme can realize authentication of the identity based on the 5G message without complicated operation of the user, thereby not only simplifying the user operation in the authentication process, but also avoiding information leakage. In addition, verification instruction information of data transmission in the authentication process is encrypted, so that the confidentiality of information in the identity authentication interaction process is ensured, and the operation safety can be further improved.
Next, a process for generating the authentication instruction information will be described in detail.
Fig. 6 is a flowchart of another identity authentication method based on a 5G message according to an embodiment of the present application. As shown in fig. 6, based on the above embodiment, the implementation procedure of step 503 in fig. 5 may include the following steps:
step 601, performing encryption processing on information to be verified based on a base point of a preset elliptic curve, a preset authentication platform public key, a preset first hash function, a preset second hash function, identification information of a preset object to be authenticated and a preset object private key to be authenticated so as to generate a first verification value.
As an example, before identity authentication, the authentication platform needs to perform an initialization process to set relevant parameters, including: selecting a non-singular elliptic curve G with a generator point P and a step q, randomly setting an authentication platform private key and setting an authentication platform public key, and simultaneously selecting three one-way hash functions based on the non-singular elliptic curve G, namely a first hash function, a second hash function and a third hash function, as shown in the above formula (18). Meanwhile, the terminal equipment also needs to be initialized, and the initialization process is equivalent to configuring the corresponding parameters initialized by the authentication platform into the terminal equipment.
In some embodiments of the present application, the implementation of step 601 may include: generating first hidden information according to the base point of the elliptic curve and the information to be verified; determining hidden identity information corresponding to the identification information of the object to be authenticated; generating second hidden information according to the information to be verified, the hidden identity information, the first hash function, the identification information of the object to be authenticated and the authentication platform public key; and generating a first verification value according to the information to be verified, the private key of the object to be authenticated, the second hash function, the identification information of the object to be authenticated, the hidden identity information, the first hidden information and the second hidden information.
As an example, the process of generating the first suppressed information from the base point of the elliptic curve and the information to be verified may be as shown in the above formula (2).
As another example, the process of generating the second hidden information according to the information to be verified, the hidden identity information, the first hash function, the identification information of the object to be authenticated, and the authentication platform public key may be as shown in the above formula (3).
As yet another example, the process of generating the first verification value according to the information to be verified, the private key of the object to be authenticated, the second hash function, the identification information of the object to be authenticated, the suppressed identity information, the first suppressed information, and the second suppressed information is as shown in the above formula (10).
Step 602, generating verification instruction information according to the first verification value.
In some embodiments of the present application, the implementation process of generating the verification instruction information according to the first verification value may include: determining verification initiation time; and splicing the first verification value and the verification initiating time to obtain verification instruction information. The verification initiation time may be the time of generating the verification instruction information, or may be the time of triggering the 5G message by the user.
The registration phase of the terminal device will be described next.
Fig. 7 is a flowchart of another identity authentication method based on a 5G message according to an embodiment of the present application. Based on the above embodiment, the following steps are further included before step 501 in fig. 5:
in step 701, in response to a registration triggering operation of an object to be authenticated, identification information of the object to be authenticated is obtained.
As an example, the registration triggering operation of the object to be verified may be an operation of inserting a phone card, an operation of starting up for the first time, or may be determined based on actual requirements, which is not limited in this application.
The identification information of the object to be authenticated can be input by a user through the terminal equipment, or can be directly obtained based on a telephone card in the terminal equipment, and the like.
Step 702, generating registration information of the object to be authenticated according to the base point of the elliptic curve and the first random number.
As a possible implementation manner, the terminal device randomly generates a first random number, and calculates according to the first random number and a base point of an elliptic curve of the nonsingular elliptic curve to obtain registration information of the object to be authenticated, as shown in the above formula (7).
Step 703, sending the identification information of the object to be authenticated and the registration information of the object to be authenticated to an authentication platform; the identification information of the object to be authenticated and the registration information of the object to be authenticated are used for generating hidden identification information and a shared private key by the authentication platform.
That is, the identification information of the object to be authenticated and the registration information of the object to be authenticated are transmitted to the authentication platform to be identity-registered by the authentication platform.
Step 704, receiving the hidden identity information and the shared private key sent by the authentication platform, and storing the corresponding relationship between the hidden identity and the identity of the object to be authenticated.
Step 705, generating the private key of the object to be authenticated according to the shared private key, the third hash function, the first random number and the public key of the authentication platform.
As one possible implementation manner, the calculation process for generating the private key of the object to be authenticated according to the shared private key, the third hash function and the first random number is as shown in the above formula (14).
In other embodiments of the present application, to ensure that the received shared private key is not tampered with, after step 705, further includes:
step 706, verifying the shared private key according to the first hash function, the hidden identity information, the identification information of the object to be authenticated, the base point of the preset elliptic curve and the preset public key of the authentication platform.
As a possible implementation manner, the third check value may be determined according to the private key of the object to be authenticated and the base point of the elliptic curve; determining a fourth check value according to the first hash function, the hidden identity information, the identification information of the object to be authenticated and the authentication platform public key; and determining a verification result of the private key of the object to be authenticated by judging whether the third verification value is consistent with the fourth verification value.
Wherein the process of determining the third check value is as follows (19):
a=sk·P (19)
wherein a is a third check value; p is the base point of the elliptic curve; sk is the private key of the object to be authenticated.
According to the first hash function, the hidden identity information, the identification information of the object to be authenticated and the authentication platform public key, determining a fourth check value according to the following formula (20):
b=IC+H1(ID,IC,Pu)Pu (20)
wherein b is a fourth check value; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the authentication platform public key.
Substituting the above formula (15) into the formula (19) yields the following formula (21):
a=(R+S·H1(ID,IC,Pu)+V)·P
=R·P+S·H1(ID,IC,Pu)·P+V·P (21)
wherein a is a third check value; s is an authentication platform private key; r is a random number generated by an authentication platform; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the public key of the authentication platform; p is the base point of the elliptic curve; v is a random number generated by the terminal equipment; sk is the private key of the object to be authenticated.
Substituting the above formula (12) and the above formula (8) into the above formula (20) yields the following formula (22):
b=V·P+R·P+H1(ID,IC,Pu)·S·P (22)
wherein b is a fourth check value; h1 is a first hash function; the ID is identification information of an object to be authenticated; the IC is hidden identity information; pu is the public key of the authentication platform; s is an authentication platform private key; p is the base point of the elliptic curve; w is registration information of an object to be authenticated; v is a random number generated by the terminal equipment; r is a random number generated by the authentication platform.
Based on the above equation (21) and the above equation (22), it can be determined that if the third check value and the fourth check value are equal, it is explained that the shared private key is generated using the true authentication platform private key, and the shared private key check is successful without tampering.
Step 707, discarding the private key of the object to be authenticated if the verification result of the shared private key is that the verification fails.
In order to implement the above embodiment, the present application provides an identity authentication system.
Fig. 8 is a schematic structural diagram of an identity authentication system provided in the present application. As shown in fig. 8, the system includes an authentication platform 801, a terminal device 802, and in some embodiments of the present application, an application platform 803. The identity authentication based on the system comprises the following steps:
(1) The application platform 803 generates an identity authentication request and sends the identity authentication request to the authentication platform 801;
(2) The authentication platform 801 receives the identity authentication request, determines identification information of the object to be authenticated according to the identity authentication request, and determines terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated; generating information to be verified according to the identity authentication request; the information to be verified is sent to the terminal device 802 in the form of a 5G message.
(3) The terminal device 802 receives the 5G message, determines information to be verified according to the 5G message, encrypts the information to be verified, generates verification instruction information, and sends the verification instruction information to the authentication platform 801;
(4) The authentication platform 801 acquires authentication instruction information, performs identity authentication on the object to be authenticated according to the authentication instruction information, and returns an identity authentication result to the application platform 803.
It should be noted that the foregoing explanation of the embodiment of the authentication method based on the 5G message is also applicable to the authentication system of this embodiment, and will not be repeated herein.
According to the identity authentication system of the embodiment of the application, after receiving an identity authentication request, an authentication platform determines identification information of an object to be authenticated according to the identity authentication request, determines terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated, generates information to be authenticated according to the identity authentication request, sends the information to be authenticated to the terminal equipment in the form of a 5G message, and performs identity authentication on the object to be authenticated by acquiring authentication instruction information obtained by encrypting the information to be authenticated by the terminal equipment. The scheme can realize authentication of the identity based on the 5G message without complicated operation of the user, thereby not only simplifying the user operation in the authentication process, but also avoiding information leakage. In addition, verification instruction information of data transmission in the authentication process is encrypted, so that the confidentiality of information in the identity authentication interaction process is ensured, and the operation safety can be further improved.
In order to achieve the above embodiments, the present application provides an identity authentication device based on a 5G message.
Fig. 9 is a block diagram of an identity authentication device based on a 5G message according to an embodiment of the present application. The device is applied to an authentication platform. As shown in fig. 9, the apparatus may include:
the first determining module 910 is configured to determine, in response to receiving the identity authentication request, identification information of an object to be authenticated according to the identity authentication request, and determine, according to the identification information of the object to be authenticated, a terminal device associated with the object to be authenticated;
the first generating module 920 is configured to generate information to be verified according to the identity authentication request;
a first sending module 930, configured to send the information to be verified to the terminal device in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment to generate verification instruction information;
and the authentication module 940 is used for acquiring the verification instruction information sent by the terminal equipment and carrying out identity authentication of the object to be authenticated according to the verification instruction information.
In some embodiments of the present application, the first generating module 920 is specifically configured to:
according to the identity authentication request, determining identification information and request time of an application platform;
And generating information to be verified according to the identification information of the application platform, the request time and the identification information of the object to be authenticated.
In some embodiments of the present application, the authentication module 940 includes:
a first determining unit 941, configured to determine a first verification value according to the verification instruction information; the first verification value is obtained by encrypting information to be verified by the terminal equipment based on a base point of a preset elliptic curve, a preset authentication platform public key, a preset first hash function, a preset second hash function, identification information of an object to be authenticated and a preset object private key to be verified;
the verification unit 942 is configured to verify the first verification value based on a base point of the elliptic curve, an authentication platform public key, a first hash function, a second hash function, identification information of an object to be authenticated, and information to be verified;
the second determining unit 943 is configured to determine an identity authentication result of the object to be authenticated according to the verification result of the first verification value.
As a possible implementation, the verification unit 942 is specifically configured to:
determining hidden identity information corresponding to the identification information of the object to be authenticated;
based on a first hash function, carrying out encryption processing on identification information, hidden identification information and an authentication platform public key of an object to be authenticated to obtain a first authentication intermediate value;
Generating first hidden information and second hidden information according to the information to be verified, the first hash function, the base point of the elliptic curve, the public key of the authentication platform, the hidden identity information and the identification information of the object to be authenticated;
based on a second hash function, carrying out encryption processing on identification information, hidden identification information and first hidden information of an object to be authenticated to obtain a second authentication intermediate value;
and verifying the first verification value according to the first authentication intermediate value, the second authentication intermediate value, the base point of the elliptic curve, the hidden identity information, the authentication platform public key and the first hidden information.
As an example, the verification unit 942 is further configured to:
generating first hidden information according to the information to be verified and the base point of the elliptic curve;
and generating second hidden information according to the information to be verified, the first hash function, the public key of the authentication platform, the hidden identity information and the identification information of the object to be authenticated.
As another example, the verification unit 942 is further configured to:
determining a first verification value according to the first verification value and a base point of the elliptic curve;
determining a second check value according to the first hidden information, the first authentication intermediate value, the second authentication intermediate value, the hidden identity information and the authentication platform public key;
Judging whether the first check value is consistent with the second check value;
if the first verification value is consistent with the second verification value, determining that the first verification value is successfully verified.
As yet another example, the verification unit 942 is further configured to:
determining verification initiation time according to the verification instruction information;
determining whether the identity authentication is overtime according to the authentication initiation time;
and if the identity authentication is not overtime, checking the first verification value based on the base point of the elliptic curve, the public key of the authentication platform, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified.
In some embodiments of the present application, the apparatus further comprises a first registration module 950, the first registration module 950 being configured to:
before receiving an identity authentication request, receiving registration information of an object to be authenticated and identification information of the object to be authenticated, which are sent by a terminal device; the registration information of the object to be authenticated is generated by the terminal equipment based on the base point of the elliptic curve;
generating hidden identity identification information and a shared private key according to registration information of an object to be authenticated, a base point of an elliptic curve, an authentication platform public key, identification information of the object to be authenticated, a preset authentication platform private key, a preset third hash function and a first hash function;
Sending the hidden identity information and the shared private key to the terminal equipment; the shared private key is used for generating the private key of the object to be authenticated by the terminal equipment.
As a possible implementation, the first registration module 950 is further configured to:
generating hidden identity information according to registration information of an object to be authenticated and a base point of an elliptic curve;
and generating a shared private key according to the registration information of the object to be authenticated, the first hash function, the third hash function, the identification information of the object to be authenticated, the hidden identity information, the authentication platform private key and the authentication platform public key.
It should be noted that the explanation in the embodiment of the authentication method based on the 5G message is also applicable to the embodiment of the authentication device based on the 5G message in this embodiment, and will not be repeated here.
According to the identity authentication device based on the 5G message, after an identity authentication request is received, identification information of an object to be authenticated is determined according to the identity authentication request, terminal equipment associated with the object to be authenticated is determined according to the identification information of the object to be authenticated, information to be verified is generated according to the identity authentication request, the information to be verified is sent to the terminal equipment in the form of the 5G message, verification instruction information obtained by encrypting the information to be verified by the terminal equipment is obtained, and identity authentication is carried out on the object to be authenticated according to the verification instruction information. The scheme can realize authentication of the identity based on the 5G message without complicated operation of the user, thereby not only simplifying the user operation in the authentication process, but also avoiding information leakage. In addition, verification instruction information of data transmission in the authentication process is encrypted, so that the confidentiality of information in the identity authentication interaction process is ensured, and the operation safety can be further improved.
Fig. 10 is a block diagram of another identity authentication device based on a 5G message according to an embodiment of the present application. It should be noted that, the identity authentication device based on the 5G message in the embodiment of the present application is applied to a terminal device. As shown in fig. 10, the apparatus includes:
a first receiving module 1010, configured to receive a 5G message;
a second determining module 1020, configured to determine information to be verified according to the 5G message; the information to be verified is generated by the authentication platform according to the received identity authentication request;
an encryption module 1030, configured to encrypt information to be verified to generate verification instruction information;
the second sending module 1040 is configured to send verification instruction information to the authentication platform; the authentication instruction information is used for authenticating the identity of the object to be authenticated by the authentication platform.
In some embodiments of the present application, the second determining module 1020 is specifically configured to:
and responding to the verification triggering operation of the 5G message, and determining the information to be verified according to the 5G message.
As one possible implementation, the encryption module 1030 includes:
the encryption unit 1031 is configured to encrypt the information to be verified based on a base point of a preset elliptic curve, a preset authentication platform public key, a preset first hash function, a preset second hash function, identification information of a preset object to be authenticated and a preset object private key to be authenticated, so as to generate a first verification value;
And a generating unit 1032 for generating the verification instruction information according to the first verification value.
As an example, the encryption unit 1031 is specifically configured to:
generating first hidden information according to the base point of the elliptic curve and the information to be verified;
determining hidden identity information corresponding to the identification information of the object to be authenticated;
generating second hidden information according to the information to be verified, the hidden identity information, the first hash function, the identification information of the object to be authenticated and the authentication platform public key;
and generating a first verification value according to the information to be verified, the private key of the object to be authenticated, the second hash function, the identification information of the object to be authenticated, the hidden identity information, the first hidden information and the second hidden information.
As another example, the generating unit 1032 specifically is configured to:
determining verification initiation time;
and splicing the first verification value and the verification initiating time to obtain verification instruction information.
In some embodiments of the present application, the apparatus further comprises a second registration module 1050, the second registration module 1050 being specifically configured to:
responding to the registration triggering operation of the object to be authenticated, and acquiring the identification information of the object to be authenticated;
generating registration information of an object to be authenticated according to the base point of the elliptic curve and the first random number;
The identification information of the object to be authenticated and the registration information of the object to be authenticated are sent to an authentication platform; the authentication platform is used for generating hidden identity information and a shared private key;
receiving hidden identity information and a shared private key sent by an authentication platform, and storing the corresponding relation between the hidden identity and the identity of the object to be authenticated;
and generating the private key of the object to be authenticated according to the shared private key, the third hash function, the first random number and the public key of the authentication platform.
In other embodiments of the present application, the second registration module 1050 is further configured to:
verifying the shared private key according to the first hash function, the hidden identity information, the identification information of the object to be authenticated, the base point of the preset elliptic curve and the preset authentication platform public key;
and if the verification result of the shared private key is that the verification fails, discarding the private key of the object to be authenticated.
It should be noted that the explanation in the embodiment of the authentication method based on the 5G message is also applicable to the embodiment of the authentication device based on the 5G message in this embodiment, and will not be repeated here.
According to the identity authentication device based on the 5G message, the terminal equipment receives the 5G message, determines information to be authenticated according to the 5G message, encrypts the information to be authenticated to generate authentication instruction information, sends the authentication instruction information to the authentication platform, and performs identity authentication on the object to be authenticated according to the authentication instruction information by the authentication platform. The scheme can realize authentication of the identity based on the 5G message without complicated operation of the user, thereby not only simplifying the user operation in the authentication process, but also avoiding information leakage. In addition, verification instruction information of data transmission in the authentication process is encrypted, so that the confidentiality of information in the identity authentication interaction process is ensured, and the operation safety can be further improved.
In order to implement the above embodiments, the present application provides an electronic device.
Fig. 11 is a block diagram of an electronic device according to an embodiment of the present application. The electronic device may be a server, a computer, or the like. As shown in fig. 11, the electronic device includes:
a memory 1110 and a processor 1120, a bus 1130 connecting the different components (including the memory 1110 and the processor 1120), the memory 1110 storing processor 1120 executable instructions; wherein the processor 1120 is configured to execute the instructions to implement the 5G message-based authentication method according to the embodiments of the present application.
Bus 1130 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
The electronic device 1100 typically includes a variety of electronic device readable media. Such media can be any available media that can be accessed by the electronic device 1100 and includes both volatile and nonvolatile media, removable and non-removable media. Memory 1110 may also include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 1140 and/or cache memory 1150. The electronic device 1100 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 1160 may be used to read and write non-removable, non-volatile magnetic media (not shown in FIG. 11, commonly referred to as a "hard disk drive"). Although not shown in fig. 11, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 1130 through one or more data medium interfaces. Memory 1110 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of the embodiments of the present application.
A program/utility 1180 having a set (at least one) of program modules 1170 may be stored in, for example, memory 1110, such program modules 1170 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 1170 generally perform the functions and/or methods in the embodiments described herein.
The electronic device 1100 may also communicate with one or more external devices 1190 (e.g., keyboard, pointing device, display 1191, etc.), one or more devices that enable a user to interact with the electronic device 1100, and/or any device (e.g., network card, modem, etc.) that enables the electronic device 1100 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1192. Also, the electronic device 1100 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through a network adapter 1193. As shown, the network adapter 1193 communicates with other modules of the electronic device 1100 via the bus 1130. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 1100, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processor 1120 executes various functional applications and data processing by running programs stored in the memory 1110.
It should be noted that, the implementation process and the technical principle of the electronic device in this embodiment refer to the foregoing explanation of the identity authentication method based on the 5G message in this embodiment, and are not repeated herein.
In order to implement the above embodiment, the present application also proposes a computer storage medium.
Wherein the instructions in the storage medium, when executed by the processor of the server, enable the server to perform the 5G message based authentication method as described above. Alternatively, the computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "plurality" is at least two, such as two, three, etc., unless explicitly defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and additional implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. As with the other embodiments, if implemented in hardware, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (21)
1. An identity authentication method based on 5G messages, wherein the method is applied to an authentication platform, and the method comprises:
in response to receiving an identity authentication request, determining identification information of an object to be authenticated according to the identity authentication request, and determining terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated;
generating information to be verified according to the identity authentication request;
the information to be verified is sent to the terminal equipment in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment so as to generate verification instruction information;
and acquiring verification instruction information sent by the terminal equipment, and carrying out identity authentication of the object to be authenticated according to the verification instruction information.
2. The method of claim 1, wherein generating information to be verified from the identity authentication request comprises:
Determining identification information and request time of an application platform according to the identity authentication request;
and generating the information to be verified according to the identification information of the application platform, the request time and the identification information of the object to be authenticated.
3. The method according to claim 1, wherein the authenticating the identity of the object to be authenticated according to the verification instruction information includes:
determining a first verification value according to the verification instruction information; the first verification value is obtained by encrypting the information to be verified by the terminal equipment based on a base point of a preset elliptic curve, a preset authentication platform public key, a preset first hash function, a preset second hash function, identification information of the object to be authenticated and a preset object private key to be verified;
verifying the first verification value based on the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified;
and determining an identity authentication result of the object to be authenticated according to the verification result of the first verification value.
4. A method according to claim 3, wherein said verifying the first verification value based on the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified comprises:
determining hidden identity information corresponding to the identification information of the object to be authenticated;
based on the first hash function, carrying out encryption processing on the identification information of the object to be authenticated, the hidden identity identification information and the public key of the authentication platform to obtain a first authentication intermediate value;
generating first hidden information and second hidden information according to the information to be verified, the first hash function, the base point of the elliptic curve, the public key of the authentication platform, the hidden identity information and the identification information of the object to be authenticated;
based on the second hash function, carrying out encryption processing on the identification information of the object to be authenticated, the hidden identity identification information, the first hidden information and the second hidden information to obtain a second authentication intermediate value;
and verifying the first verification value according to the first authentication intermediate value, the second authentication intermediate value, the base point of the elliptic curve, the hidden identity information, the authentication platform public key and the first hidden information.
5. The method of claim 4, wherein the generating the first and second suppressed information based on the information to be verified, the first hash function, the base point of the elliptic curve, the authentication platform public key, the suppressed identity information, and the identification information of the object to be authenticated comprises:
generating the first hidden information according to the information to be verified and the base point of the elliptic curve;
and generating the second hidden information according to the information to be verified, the first hash function, the public key of the authentication platform, the hidden identity information and the identification information of the object to be authenticated.
6. The method of claim 4, wherein verifying the first verification value based on the first authentication intermediate, the second authentication intermediate, the base point of the elliptic curve, the suppressed identity information, the authentication platform public key, and the first suppressed information comprises:
determining a first verification value according to the first verification value and a base point of the elliptic curve;
determining a second check value according to the first suppressed information, the first authentication intermediate value, the second authentication intermediate value, the suppressed identity information and the authentication platform public key;
Judging whether the first check value is consistent with the second check value or not;
and if the first verification value is consistent with the second verification value, determining that the first verification value is successfully verified.
7. A method according to claim 3, wherein said verifying the first verification value based on the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified comprises:
determining verification initiation time according to the verification instruction information;
determining whether the identity authentication is overtime according to the authentication initiation time;
and if the identity authentication is not overtime, verifying the first verification value based on the base point of the elliptic curve, the authentication platform public key, the first hash function, the second hash function, the identification information of the object to be authenticated and the information to be verified.
8. The method of claim 1, wherein prior to the receiving an authentication request, the method further comprises:
receiving registration information of the object to be authenticated and identification information of the object to be authenticated, which are sent by the terminal equipment; the registration information of the object to be authenticated is generated by the terminal equipment based on the base point of the elliptic curve;
Generating hidden identity identification information and a shared private key according to the registration information of the object to be authenticated, the base point of the elliptic curve, the public key of the authentication platform, the identification information of the object to be authenticated, the preset private key of the authentication platform, the preset third hash function and the first hash function;
sending the hidden identity information and the shared private key to the terminal equipment; the shared private key is used for the terminal equipment to generate the private key of the object to be authenticated.
9. The method of claim 8, wherein the generating the hidden identity information and the shared private key based on the registration information of the object to be authenticated, the base point of the elliptic curve, the authentication platform public key, the identification information of the object to be authenticated, the preset authentication platform private key, the preset third hash function, and the first hash function comprises:
generating the hidden identity information according to the registration information of the object to be authenticated and the base point of the elliptic curve;
and generating the shared private key according to the registration information of the object to be authenticated, the first hash function, the third hash function, the identification information of the object to be authenticated, the hidden identity information, the authentication platform private key and the authentication platform public key.
10. An identity authentication method based on a 5G message, wherein the method is applied to a terminal device, and the method comprises:
receiving a 5G message;
determining information to be verified according to the 5G message; the information to be verified is generated by the authentication platform according to the received identity authentication request;
encrypting the information to be verified to generate verification instruction information;
sending the verification instruction information to the authentication platform; the authentication instruction information is used for authenticating the identity of the object to be authenticated by the authentication platform.
11. The method of claim 10, wherein the determining information to be verified from the 5G message comprises:
and responding to the verification triggering operation of the 5G message, and determining the information to be verified according to the 5G message.
12. The method according to claim 10, wherein the encrypting the information to be authenticated to generate authentication instruction information includes:
encrypting the information to be verified based on a base point of a preset elliptic curve, a preset authentication platform public key, a preset first hash function, a preset second hash function, identification information of a preset object to be authenticated and a preset object private key to be authenticated so as to generate a first verification value;
And generating verification instruction information according to the first verification value.
13. The method according to claim 12, wherein encrypting the information to be verified based on the base point of the preset elliptic curve, the preset authentication platform public key, the preset first hash function, the preset second hash function, the identification information of the preset object to be authenticated, and the preset object private key to be authenticated to generate the first verification value includes:
generating first hidden information according to the base point of the elliptic curve and the information to be verified;
determining hidden identity information corresponding to the identification information of the object to be authenticated;
generating second hidden information according to the information to be verified, the hidden identity information, the first hash function, the identification information of the object to be authenticated and the authentication platform public key;
and generating the first verification value according to the information to be verified, the private key of the object to be authenticated, the second hash function, the identification information of the object to be authenticated, the hidden identity information, the first hidden information and the second hidden information.
14. The method of claim 12, wherein generating verification instruction information based on the first verification value comprises:
Determining verification initiation time;
and splicing the first verification value and the verification initiation time to obtain the verification instruction information.
15. The method as recited in claim 10, further comprising:
responding to the registration triggering operation of the object to be authenticated, and acquiring the identification information of the object to be authenticated;
generating registration information of the object to be authenticated according to the base point of the elliptic curve and the first random number;
the identification information of the object to be authenticated and the registration information of the object to be authenticated are sent to the authentication platform; the identification information of the object to be authenticated and the registration information of the object to be authenticated are used for generating hidden identity information and a shared private key by the authentication platform;
receiving the hidden identity information and the shared private key sent by the authentication platform, and storing the corresponding relation between the hidden identity and the identity of the object to be authenticated;
and generating the private key of the object to be authenticated according to the shared private key, the third hash function, the first random number and the public key of the authentication platform.
16. The method as recited in claim 15, further comprising:
Verifying the shared private key according to a first hash function, the hidden identity information, the identification information of the object to be authenticated, a preset base point of an elliptic curve and a preset authentication platform public key;
and discarding the private key of the object to be authenticated if the verification result of the shared private key is that the verification fails.
17. An identity authentication system, comprising:
an authentication platform for performing the 5G message based identity authentication method of claims 1-10;
terminal device for performing the 5G message based identity authentication method according to claims 11-16.
18. An identity authentication device based on 5G messages, the device being applied to an authentication platform, the device comprising:
the first determining module is used for responding to the received identity authentication request, determining the identification information of the object to be authenticated according to the identity authentication request, and determining the terminal equipment associated with the object to be authenticated according to the identification information of the object to be authenticated;
the first generation module is used for generating information to be verified according to the identity authentication request;
the first sending module is used for sending the information to be verified to the terminal equipment in the form of a 5G message; the 5G message is used for encrypting the information to be verified by the terminal equipment so as to generate verification instruction information;
And the authentication module is used for acquiring the verification instruction information sent by the terminal equipment and carrying out identity authentication of the object to be authenticated according to the verification instruction information.
19. An identity authentication device based on 5G messages, wherein the device is applied to a terminal device, the device comprising:
the first receiving module is used for receiving the 5G message;
the second determining module is used for determining information to be verified according to the 5G message; the information to be verified is generated by the authentication platform according to the received identity authentication request;
the encryption module is used for carrying out encryption processing on the information to be verified so as to generate verification instruction information;
the second sending module is used for sending the verification instruction information to the authentication platform; the authentication instruction information is used for authenticating the identity of the object to be authenticated by the authentication platform.
20. An electronic device, comprising:
a processor;
a memory for storing executable instructions of the processor;
wherein the processor is configured to execute the instructions to implement the method of any one of claims 1-9 and/or to implement the method of any one of claims 10-16.
21. A computer readable storage medium, characterized in that instructions in the computer readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of any one of claims 1-9 and/or to implement the method of any one of claims 10-16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311398811.7A CN117479164A (en) | 2023-10-25 | 2023-10-25 | Identity authentication method and device based on 5G message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311398811.7A CN117479164A (en) | 2023-10-25 | 2023-10-25 | Identity authentication method and device based on 5G message |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117479164A true CN117479164A (en) | 2024-01-30 |
Family
ID=89635668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311398811.7A Pending CN117479164A (en) | 2023-10-25 | 2023-10-25 | Identity authentication method and device based on 5G message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117479164A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN113423107A (en) * | 2021-05-26 | 2021-09-21 | 动信(上海)互联网络有限公司 | System and method for carrying out mobile phone number identity authentication based on 5G message |
| CN116600293A (en) * | 2023-06-15 | 2023-08-15 | 中国银行股份有限公司 | Identity verification method, device, system and medium based on 5G message |
-
2023
- 2023-10-25 CN CN202311398811.7A patent/CN117479164A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN113423107A (en) * | 2021-05-26 | 2021-09-21 | 动信(上海)互联网络有限公司 | System and method for carrying out mobile phone number identity authentication based on 5G message |
| CN116600293A (en) * | 2023-06-15 | 2023-08-15 | 中国银行股份有限公司 | Identity verification method, device, system and medium based on 5G message |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220209951A1 (en) | Authentication method, apparatus and device, and computer-readable storage medium | |
| CN108023874B (en) | Single sign-on verification device and method and computer readable storage medium | |
| CN101291224B (en) | Method and system for processing data in communication system | |
| US10797868B2 (en) | Shared secret establishment | |
| CN101939754B (en) | Finger sensing apparatus using hybrid matching and associated methods | |
| US8412938B2 (en) | Zero-knowledge based authentication method, system, and apparatus | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| CN101971182B (en) | Finger sensing apparatus with credential release and associated methods | |
| CN111131278A (en) | Data processing method and device, computer storage medium and electronic equipment | |
| EP4024311A1 (en) | Method and apparatus for authenticating biometric payment device, computer device and storage medium | |
| KR102013983B1 (en) | Method and server for authenticating an application integrity | |
| CN105101169A (en) | Method and apparatus of information processing by trusted execution environment, terminal and SIM card | |
| KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
| WO2018166163A1 (en) | Pos terminal control method, pos terminal, server and storage medium | |
| CN110572396A (en) | method and system for controlling function use authorization | |
| JPH1131105A (en) | Device and method for producing data capsule | |
| CN114448605A (en) | Encrypted ciphertext verification method, system, equipment and computer readable storage medium | |
| CN115664655A (en) | TEE credibility authentication method, device, equipment and medium | |
| CN106953731B (en) | Authentication method and system for terminal administrator | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN107135074B (en) | Advanced security method and device | |
| CN116684104A (en) | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium | |
| CN107113316A (en) | A kind of system and method for APP certifications | |
| CN114297597B (en) | Account management method, system, equipment and computer readable storage medium | |
| CN117479164A (en) | Identity authentication method and device based on 5G message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |