CN117579245A - Security authentication method, device and storage medium - Google Patents

Abstract

This application provides a security authentication method, device and storage medium. The method includes: obtaining the local mobile phone number through the gateway; performing local number verification; sending an authorization request to the operator authentication server, and receiving the authorization certificate returned by the operator authentication server; and authorizing related information. Blockchain storage certificate; send the authorization certificate to the third-party capable party, the third-party capable party sends the authorization voucher to the operator authentication server for authentication verification, and the operator authentication server returns the authentication certificate Based on the authentication result, the authentication-related information is stored in the blockchain; based on the authentication result, the login authorization of the terminal application is obtained. Ensure that login is traceable and improve user login security and convenience.

Description

Security authentication method, device and storage medium

Technical field

This application relates to the technical field of security authentication, and in particular to a security authentication method, device and storage medium.

Background technique

At present, some platforms in the market adopt the method of portrait comparison login, using the user's avatar together with the name, ID card and other relevant user information to perform three-factor verification of the user's portrait to ensure that the person logs in with his real name. However, the cost of using this method is high, and the user login process is cumbersome and time-consuming, and the user login experience is poor.

There are also some platforms that only use password account login without verification. User passwords in this way may be leaked. At the same time, user logins may be stolen and other related phenomena, and the login history cannot be traced.

Contents of the invention

This application provides a security authentication method, device and storage medium to at least improve the security and convenience during user login. The technical solution of this application is as follows:

In the first aspect, embodiments of this application provide a security authentication method. The security authentication method is applied to the operator authentication server, including:

Receive a number request from the terminal application, and return the local mobile phone number of the corresponding terminal to the terminal application;

Receive the authorization request sent by the terminal application based on the local mobile phone number, send an authorization certificate to the terminal application and store the authorization-related information in the blockchain;

Receive an authentication request carrying the authorization certificate sent by the terminal application, return the authentication result and store the authentication-related information in the blockchain; wherein the authentication result is used to indicate whether the terminal application allows the corresponding The terminal user logs in to the terminal application.

In some implementations, receiving an authentication request carrying an authorization certificate sent by the terminal application, returning the authentication result and storing the authentication-related information on the blockchain includes:

Receive an authentication request sent by a third-party capable party carrying the authorization certificate sent by the terminal application;

The authorization certificate sent by the terminal application is verified and authenticated, the authentication result is returned to the third-party capable party, and the authentication-related information is stored in the blockchain.

In some implementations, the verification and authentication of the authorization certificate sent by the terminal application, returning the authentication result to the third-party capable party and storing the authentication-related information in the blockchain include:

Verify and authenticate authorization credentials sent by multiple terminal applications in the form of multi-threaded workflow queues;

Multiple authentication-related information is stored in the blockchain in the form of a multi-threaded workflow queue.

In some implementations, storing multiple authentication-related information before the blockchain in the form of a multi-threaded workflow queue also includes:

Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authentication-related information;

Based on the multi-thread work efficiency factor and the preset threshold, it is determined whether to store multiple authentication-related information in the blockchain in the form of a multi-thread workflow queue.

In some implementations, sending an authorization voucher to the terminal application and storing the authorization-related information on the blockchain includes:

Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authorization-related information;

Based on the multi-thread work efficiency factor and the preset threshold, determine whether to store multiple authorization-related information in the blockchain in the form of a multi-thread workflow queue;

After the determination, the authorization certificate is sent to the terminal application in the form of a multi-threaded workflow queue and the authorization-related information is stored in the blockchain.

In some implementations, before performing blockchain certification, the process also includes:

Extract the secret key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm;

Based on the extracted key pair information, the key consistency between the operator authentication server and the blockchain platform is verified.

In some implementations, the channel phase response key extraction algorithm extracts key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs, including:

Based on the blockchain, receive mismatched bits containing correction sequences published by a trusted third party;

Based on the mismatched bits containing the correction sequence issued by the third party, the secret key pair information is extracted from the secret key data packet sent by the blockchain platform through the channel phase response key extraction algorithm; wherein, the authorization certificate As a temporary credibility certificate for the entire session between the operator authentication server and the blockchain platform.

In the second aspect, embodiments of the present application provide a security authentication method, which is applied to a terminal and includes:

In response to the terminal application startup operation, obtain the local mobile phone number through the gateway;

Based on the local mobile phone number and the mobile phone number input by the user, perform local number verification;

After the verification is passed, an authorization request is sent to the operator authentication server, and the authorization voucher returned by the operator authentication server based on the authorization request is received; wherein, the operator authentication server returns the authorization voucher at the same time Store authorization-related information on the blockchain;

Send the authorization certificate to the third-party capable party, instruct the third-party capable party to send the authorization voucher to the operator authentication server for authentication verification, and receive the authentication returned by the third-party capable party Result; wherein, the operator authentication server returns the authentication result and at the same time stores the authentication-related information in the blockchain;

Based on the authentication result, the login authorization of the terminal application is obtained.

In some implementations, obtaining the local mobile phone number through a gateway includes:

Send a mobile phone number voucher application to the operator authentication server through the operator authentication SDK;

Obtain the mobile phone number certificate returned by the operator authentication server based on the mobile phone number certificate application;

Based on the mobile phone number certificate, send a number certificate application to the operator authentication server through the operator authentication SDK;

Obtain the number-taking certificate returned by the operator authentication server based on the number-taking certificate application;

Based on the number retrieval certificate, the local mobile phone number is obtained from the operator server through the application backend service corresponding to the terminal application.

In a third aspect, embodiments of the present application provide a security authentication device, which is configured on an operator authentication server. The device includes:

A number retrieval processing module, configured to receive a number retrieval request from a terminal application and return the local mobile phone number of the corresponding terminal to the terminal application;

An authorization processing module, configured to receive an authorization request sent by the terminal application based on the local mobile phone number, send an authorization certificate to the terminal application, and store the authorization-related information in the blockchain;

An authentication processing module, configured to receive an authentication request carrying an authorization certificate sent by the terminal application, return the authentication result, and store the authentication-related information on the blockchain; wherein the authentication result is used to indicate the Whether the terminal application allows the corresponding terminal user to log in to the terminal application.

In some implementations, the authentication processing module is specifically used for:

Receive an authentication request sent by a third-party capable party carrying the authorization certificate sent by the terminal application;

The authorization certificate sent by the terminal application is verified and authenticated, the authentication result is returned to the third-party capable party, and the authentication-related information is stored in the blockchain.

In some implementations, when the authentication processing module verifies and authenticates the authorization certificate sent by the terminal application, returns the authentication result to the third-party capable party and stores the authentication-related information in the blockchain, Specifically used for:

Verify and authenticate authorization credentials sent by multiple terminal applications in the form of multi-threaded workflow queues;

Multiple authentication-related information is stored in the blockchain in the form of a multi-threaded workflow queue.

In some implementations, the authentication processing module is also used to:

Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authentication-related information;

Based on the multi-thread work efficiency factor and the preset threshold, it is determined whether to store multiple authentication-related information in the blockchain in the form of a multi-thread workflow queue.

In some implementations, the authorization processing module is specifically used to:

Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authorization-related information;

Based on the multi-thread work efficiency factor and the preset threshold, determine whether to store multiple authorization-related information in the blockchain in the form of a multi-thread workflow queue;

After the determination, the authorization certificate is sent to the terminal application in the form of a multi-threaded workflow queue and the authorization-related information is stored in the blockchain.

In some implementations, the device also includes a key management module for:

Extract the secret key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm;

Based on the extracted key pair information, the key consistency between the operator authentication server and the blockchain platform is verified.

In some implementations, the secret key management module uses the channel phase response key extraction algorithm to extract key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs, specifically for:

Based on the blockchain, receive mismatched bits containing correction sequences published by a trusted third party;

Based on the mismatched bits containing the correction sequence issued by the third party, the secret key pair information is extracted from the secret key data packet sent by the blockchain platform through the channel phase response key extraction algorithm; wherein, the authorization certificate As a temporary credibility certificate for the entire session between the operator authentication server and the blockchain platform.

In the fourth aspect, embodiments of the present application provide a security authentication device, which is configured on a terminal and includes:

The number retrieval module is used to obtain the local mobile phone number through the gateway in response to the terminal application startup operation;

A verification module, configured to perform local number verification based on the local mobile phone number and the mobile phone number input by the user;

The certificate application module is used to send an authorization request to the operator authentication server after passing the verification, and receive the authorization certificate returned by the operator authentication server based on the authorization request; wherein, the operator authentication server returns Along with the authorization certificate, authorization-related information will be stored in the blockchain;

Authentication processing module, used to send the authorization voucher to the third party capable party, instruct the third party capable party to send the authorization voucher to the operator authentication server for authentication verification, and receive the third party capable party The authentication result returned by the capable party; wherein, the operator authentication server returns the authentication result and at the same time stores the authentication-related information in the blockchain;

The authentication processing module is also configured to obtain the login authorization of the terminal application based on the authentication result.

In some implementations, the number-taking module is specifically used for:

Send a mobile phone number voucher application to the operator authentication server through the operator authentication SDK;

Obtain the mobile phone number certificate returned by the operator authentication server based on the mobile phone number certificate application;

Based on the mobile phone number certificate, send a number certificate application to the operator authentication server through the operator authentication SDK;

Obtain the number-taking certificate returned by the operator authentication server based on the number-taking certificate application;

Based on the number retrieval certificate, the local mobile phone number is obtained from the operator server through the application backend service corresponding to the terminal application.

In a fifth aspect, embodiments of the present application provide an electronic device, including: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores information that can be used by the at least one processor. Execution instructions, the instructions are executed by the at least one processor, so that the at least one processor can execute the security authentication method described in the embodiment of the first aspect of this application.

In a sixth aspect, embodiments of the present application provide a non-transient computer-readable storage medium storing computer instructions, the computer instructions being used to cause the computer to execute the security authentication method described in the embodiment of the first aspect of the application.

In a seventh aspect, embodiments of the present application provide a computer program product, which includes computer instructions that, when executed by a processor, implement the steps of the security authentication method described in the embodiment of the first aspect of the application.

The technical solutions provided by the embodiments of this application at least bring the following beneficial effects:

After the gateway obtains the number, security authentication is implemented through the authorization and authentication process, and relevant information for security authentication when the user logs in to the application is stored and certified through the blockchain to ensure the non-repudiation of user operations and the validity of the login. Traceable, a secure account login method is implemented based on the user's local mobile phone number for verification, and at the same time, the blockchain certificate is deposited and issued in a non-repudiation format, which improves the user's login security and convenience. The operator authentication server uses a multi-threaded workflow to provide authentication services, which improves service performance to a certain extent. The operator authentication server and blockchain platform introduce a key extraction algorithm based on channel phase response to verify the key consistency between the communicating parties and use short-term channel reciprocity and randomness to extract the secret encryption shared key. key to further enhance the reliability of secure certificate storage.

It should be understood that the above general description and the following detailed description are only exemplary and explanatory, and do not limit the present application.

Description of the drawings

The drawings herein are incorporated into the specification and constitute a part of the specification, illustrate embodiments consistent with the present application, and are used together with the description to explain the principles of the present application, and do not constitute undue limitations on the present application.

Figure 1 is a flow chart of a security authentication method according to an exemplary embodiment.

Figure 2 is an interaction diagram between the business party, the capability party and the operator authentication server according to an example.

Figure 3 is a flow chart of a security authentication method according to another exemplary embodiment.

Figure 4 is a block diagram of a security authentication device according to an exemplary embodiment.

Figure 5 is a block diagram of a security authentication device according to another exemplary embodiment.

FIG. 6 is a block diagram of an electronic device according to an exemplary embodiment.

Detailed ways

In order to enable ordinary people in the art to better understand the technical solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings.

It should be noted that the terms "first", "second", etc. in this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the application described herein can be practiced in sequences other than those illustrated or described herein. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the appended claims.

In today's society, telecommunications and mobile phone fraud are common. User account information has been stolen, account information has been stolen, and other related situations. Situations such as leakage of users' password management and other related private information management also often occur. How to effectively protect user accounts and account password information has become an urgent problem to solve;

At present, some platforms in the market adopt the method of portrait comparison login, using the user's avatar together with the name, ID card and other relevant user information to perform three-factor verification of the user's portrait to ensure that the person logs in with his real name. However, the current use of this method is costly and time-consuming. During the login process, the user login process is cumbersome, the login experience is poor, and the authentication information is not stored.

In order to ensure the security and convenience of the user login process, the technical solution of this application provides a secure account login method based on the user's local number for verification, and at the same time performs blockchain certificate storage and non-repudiation format to replace User portrait three-factor and other login methods. In order to provide a safe and fast solution to the secure login method of user accounts, local number verification is performed based on the user's own mobile phone number to ensure that the user's registered mobile phone number can perform relevant login operations on the local machine, and at the same time, the blockchain certificate is deposited and issued. Certificate ensures that the operation is traceable and the user cannot deny it, which greatly improves the security and convenience of user login to a certain extent.

Figure 1 is a flow chart of a security authentication method according to an embodiment of the present application. It should be noted that the security authentication method of the embodiment of the present application can be applied to the security authentication device of the embodiment of the present application, and the security authentication device can be configured on an electronic device such as a terminal. As shown in Figure 1, the security authentication method may include the following steps.

Step S101: In response to the terminal application startup operation, obtain the number through the gateway to obtain the local mobile phone number.

When the user triggers the terminal application (application front-end or application APP) to start the operation, the terminal application obtains the local mobile phone number through the gateway number retrieval method.

For example, the terminal application may be an application APP installed on a mobile phone terminal or a website that requires login authentication, such as a takeout APP, a shopping APP, etc.

As an implementation method, the terminal application obtains the local mobile phone number through the gateway, including:

Send a mobile phone number voucher application to the operator authentication server through the operator authentication SDK; obtain the mobile phone number voucher returned by the operator authentication server based on the mobile phone number voucher application; based on the mobile phone number voucher, through the mobile phone number voucher The operator authentication SDK sends a number-taking voucher application to the operator authentication server; obtains the number-taking voucher returned by the operator authentication server based on the number-taking voucher application; based on the number-taking voucher, through the The application backend service corresponding to the terminal application obtains the local mobile phone number from the operator server.

What needs to be explained here is that the operator authentication server can be understood as the base station, that is, the operator authentication service provided by the base station, or the security base service of the entire base station. The operator authentication SDK is equivalent to a component of number acquisition, operation Business certification SDK is installed on the terminal.

For example, the mobile phone terminal is loaded with the operator authentication SDK. When the mobile phone user starts the application, the application front-end uses the mobile phone traffic to obtain the gateway number through the loaded operator authentication SDK, and initially obtains the mobile phone number mask of the mobile phone card, and the operator authentication SDK Send the mobile phone number and other relevant information to the operator authentication server, and issue the mobile phone number voucher information to the application front-end. After obtaining the mobile phone number voucher information, the application front-end performs authorization. The application front-end requests the operator authentication server through the mobile phone number voucher information, obtains the relevant number voucher token parameters, and returns the number voucher token parameters to the operator authentication SDK. The application front-end passes the number retrieval certificate to the application server, and the application server uses the number retrieval certificate to request the operator authentication server to obtain the relevant local mobile phone number.

Step S102: Perform local number verification based on the local mobile phone number and the mobile phone number input by the user.

After the application front-end obtains the local mobile phone number through the gateway, it then performs local number verification with the mobile phone number entered by the local user or the registered mobile phone number to determine whether the operation is a local number.

Step S103: After passing the verification, send an authorization request to the operator authentication server, and receive the authorization certificate returned by the operator authentication server based on the authorization request; wherein, the operator authentication server returns the authorization Along with the certificate, authorization-related information will be stored in the blockchain.

The application front-end requests authorization from the operator authentication server and obtains the authorization credentials fed back by the operator authentication server.

Step S104: Send the authorization voucher to the third-party capable party, instruct the third-party capable party to send the authorization voucher to the operator authentication server for authentication verification, and receive the return from the third-party capable party. The authentication result; wherein, the operator authentication server returns the authentication result and at the same time stores the authentication-related information in the blockchain.

In this embodiment, the business party sends the authorization voucher to a third-party capable party (capable party for short), and instructs the third-party capable party to send the authorization voucher to the operator authentication server for authentication verification.

That is to say, as shown in Figure 2, after the business party obtains the authorization voucher, it passes the authorization voucher to the capable party, and the capable party provides the authorization voucher to the operator authentication server (service provider) for authentication operation and returns the authentication Right result.

What needs to be explained here is that the business side can be understood as the application, and the application front-end and application service can be understood as the front-end and back-end of the business side. The business side is equivalent to the user of the operator, and Nenglifang can be understood as an intermediate agent. This intermediate agent Can recommend operators' products to business parties.

Step S105: Obtain the login authorization of the terminal application based on the authentication result.

After successful authentication, the user passes the security authentication and can log in to the application.

After logging in, you can also record relevant bill information and push it to the bill system through message middleware (kafka/rabbaitMQ). Related information such as bill and authorization authentication is pushed into the database for storage.

In the security authentication method of the embodiment of this application, after the gateway obtains the number, security authentication is implemented through the authorization and authentication process, and relevant information for security authentication when the user logs in to the application is stored and issued through the blockchain to ensure user operations. The non-repudiation ensures that the login is traceable. It implements a secure account login method based on the user's local mobile phone number and a non-repudiation format for blockchain certificate storage and issuance, which improves the user's login security. sex and convenience.

Figure 3 is a flow chart of a security authentication method according to an embodiment of the present application. It should be noted that the security authentication method of the embodiment of the present application can be applied to the security authentication device of the embodiment of the present application, and the security authentication device can be configured on electronic equipment such as an operator authentication server. As shown in Figure 3, the security authentication method may include the following steps.

Step S201: Receive a number request from the terminal application, and return the local mobile phone number of the corresponding terminal to the terminal application.

For the process of gateway number retrieval, please refer to the specific implementation process of step S101 in the above embodiment, which will not be described again here.

Step S202: Receive the authorization request sent by the terminal application based on the local mobile phone number, send an authorization certificate to the terminal application and store the authorization-related information in the blockchain.

The operator authentication server receives the authorization request sent by the terminal application based on the local mobile phone number, sends an authorization certificate to the terminal application, and stores the authorization-related information in the blockchain. Sending authorization credentials and storing authorization-related information on the blockchain are implemented through different threads.

During the authorization process, two agreements are made for the authorization credentials (authorization token):

1. Persistence: If the authorization token is specified to be in a persistent format, the authorization token needs to be stored in the system cache according to the cache time configured by the operation and management, and the authorization token also needs to be stored in the database. In the storage format, users and applications The service party agrees on the storage validity time. When it is within the validity time, the authorization token is judged to be valid. Otherwise, the token is invalid. 2. Non-persistent: If the authorization token is in a non-persistent format, it only needs to be cached by the system according to the cache time. Among them, the generation format of the authorization token also needs to be associated with the user appid and the ability attributes used by the user.

In some implementations, the operator authentication server stores multiple authorization-related information from multiple terminals in the blockchain through a multi-threaded workflow queue.

Step S203: Receive the authentication request carrying the authorization certificate sent by the terminal application, return the authentication result, and store the authentication-related information in the blockchain; where the authentication result is used to indicate whether the terminal application Allow the corresponding terminal user to log in to the terminal application.

The operator authentication server receives the authentication request carrying the authorization certificate sent by the terminal application, returns the authentication result, and stores the authentication-related information in the blockchain. The authentication-related information may include but is not limited to the authentication process. Related process information, related user information, authentication credentials, user operation information, etc.

In some implementations, the operator authentication server: receives an authentication request carrying the authorization certificate sent by the terminal application sent by a third-party capable party; performs verification and authentication on the authorization certificate sent by the terminal application, and sends the authorization certificate to the terminal application. The third-party capable party returns the authentication result and stores the authentication-related information on the blockchain.

It can be understood that, as shown in Figure 2, the operator authentication server receives the authorization certificate sent by the capable party. That is, the operator authentication server receives the authorization voucher forwarded by the terminal application through the capable party; verifies and authenticates the authorization voucher sent by the terminal application, and returns the authentication result to the capable party. The capable party can select multiple authorization credentials and simultaneously send the operator authentication server for verification and authentication of the authorization credentials. That is, the capable party acting as an intermediary agent can choose to send multiple authorization credentials and apply for authentication services from the operator's authentication server, that is, apply for token verification and authentication of the security base.

The operator authentication server can verify and authenticate authorization certificates sent by multiple terminal applications in the form of multi-threaded workflow queues; store multiple authentication-related information in blocks through multi-threaded workflow queues Chain; multiple authorization-related information is stored in the blockchain in the form of a multi-threaded workflow queue. In other words, the operator authentication server can process authorization requests and authentication requests from multiple business parties or capability parties at the same time through a multi-threaded workflow queue.

In some embodiments, storing multiple authentication-related information in front of the blockchain in the form of a multi-threaded workflow queue also includes: based on the resource utilization of the operator authentication server and multiple authentication The amount of on-chain tasks corresponding to the relevant information is obtained to obtain the multi-thread work efficiency factor; based on the multi-thread work efficiency factor and the preset threshold, it is determined whether to store multiple authentication-related information in the area in the form of a multi-thread workflow queue. Blockchain.

For example, the user thread (i.e. the application side) submits authentication parameters from multiple terminals to the multi-threaded workflow of the operator authentication server; multiple tasks enter the multi-threaded workflow queue; the multi-threaded tasks are dequeued and The blockchain performs on-chain operations; the multi-threaded workflow ends, and the process life cycle ends; then the user's information is reported to the blockchain platform, the blockchain performs certificate storage and issuance, and the user operation information is uploaded to the chain.

Among them, the multi-threaded work queue working method refers to the following formula:

Among them, f _(i) represents the efficiency factor result of the multi-threaded work queue, i represents the number of multi-threaded tasks, m represents the usage of the multi-thread pool, β represents the server machine CPU performance utilization, and δ represents the text uploaded each time. The amount, h _cost represents the time it takes to upload the certificate each time.

in,

What is involved here is the working principle of the multi-thread pool. ω(i,m) represents the multi-thread usage rate, and P represents the number of available cores of the CPU. When the created thread i is less than p, the thread queue is not created; when the thread i is created Greater than p, a thread queue is created. The meaning expressed here is that when i is less than p, the efficiency can reach the maximum value, and when i is greater than p, the efficiency decreases in the form of a molecular function.

in,

in, Indicates memory usage and utilization, where N represents a constant greater than 0, i is the number of threads, sigmoid(i) is the activation function (since i is greater than 0, its value is between 0.5 and 1), and V represents the java service The memory size set by the virtual machine.

in,

Among them, in the numerator function

Among them, τ(i,h _cost ) represents the corresponding delay when multiple threads are uploaded to the chain: h ^′ (n) represents the time value consumed by the n-th blockchain platform, which is averaged and summed through the accumulation method.

Among them, in the numerator function

Among them, γ (i, δ) represents the size of the text request body, and δ ^′ (n) represents the number of texts uploaded by the secure certificate platform to the blockchain platform for the nth time, and is averaged and summed through the accumulation method.

Among them, the multi-threaded orchestration method implements a work queue mode, in which the service A side plays the role of consumer. When each task request is made, the relevant parameters are encapsulated and pushed into the work queue. According to the principle of fairness, the workflow is "First in, first out", another service group B plays the role of a consumer. When there are work tasks in the work queue, it wakes up and the service group consumes in slices; when there are no work tasks in the work queue, service group B goes to sleep. , wait until the work queue wakes up.

Among them, the efficiency factor represents the multi-threaded work efficiency factor, which represents the efficiency of the execution of batch authorization token verification and authentication in the multi-threaded state. There are positive and negative correlation parameters, which are different from the batch token verification of non-multi-threaded workflows. Compared with the experiment, the efficiency factor can tell under what circumstances a multi-threaded workflow is used and under what circumstances a non-multi-threaded workflow is used. After many experiments with a normally robust service, a threshold can be set based on a weighted average Threshold/> Affected by related parameters such as service machine memory, CPU core number, etc., if:

Then the efficiency factor is valid and the multi-threaded workflow working mode can be used. If,

Then the multi-threaded workflow mode is not suitable for this business scenario, and the non-multi-threaded workflow mode should be selected.

Among them, the authorization-related uplink information mainly emphasizes the process information of the business side, while the authentication-related uplink information emphasizes the process information of the capable party.

In some embodiments, before performing blockchain certification, it also includes:

Extract the secret key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm; verify the operator authentication service based on the extracted secret key pair information Key consistency between the client and the blockchain platform. The short-term channel reciprocity and randomness are used to extract the secret encryption shared key to further enhance the reliability of secure certificates.

Among them, the information response of the key channel channel has gone through three main stages, namely quantification, information coordination and information extraction. The quantization stage is a mapping operation that converts channel components into bit streams. The information coordination phase is an error correction phase that involves correcting mismatched bits caused by imperfect channel reciprocity. The final stage of information extraction uses hashing operations to maintain the confidentiality of the extraction key. After the information is converted and transmitted, the data information is filtered and denoised, and finally reverse transformation is performed to obtain the target information.

The following channel phase response key extraction algorithm includes the following contents:

1. During the interaction between the operator authentication server and the blockchain platform, the key pair can be quantified in binary encoding during transmission as:

F _n (secret)

2. When the operator authentication server sends the key data packet PV ₁ to the blockchain platform, the frequency domain information at time T ₁ can be expressed as:

in, is a uniformly distributed phase. Since in the interval [0, 2π), it can be known that the information RV ₁₂ received by the blockchain is:

Among them, σ ₁ (t) represents Gaussian white noise, α ₁ and θ ₁ are the forward link channel gain and phase response. Finally, the noise phase received by the blockchain platform can be approximated as

3. In the same way, the information packet PV ₂ sent by the blockchain platform to the operator authentication server at time T ₂ can be represented by the frequency domain information:

in, is a uniformly distributed phase. Since in the interval [0, 2π), it can be known that the information RV ₂₁ received by the operator's server is

Among them, σ ₂ (t) represents Gaussian white noise, α ₂ and θ ₂ are the forward link channel gain and phase response. Finally, the noise phase received by the blockchain platform can be approximated as

4. From the above 2 and 3, the final stage components of the operator authentication server and blockchain platform can be obtained:

Among them, the time intervals are all [0, 2π).

5. Since both RV ₁₂ (t) and RV ₂₁ (t) have relevant noise information, it is necessary to use a filter to denoise the data. The data denoising filter (curve fitting) is as follows:

Among them, F _k is the weighting coefficient, and the basis function is the rotation factor, and the threshold is set in the function F _k to perform data denoising and fitting.

6. After the data fitting and denoising process, the operator authentication server and the blockchain platform decode and inverse the key pair information to obtain the corresponding information value.

In some embodiments, based on the blockchain, receiving mismatched bits containing a correction sequence published by a trusted third party; based on the mismatched bits containing a correction sequence published by the third party, responding to a key through a channel phase Extraction algorithm: extract key pair information from the secret key data packet sent by the blockchain platform; wherein the authorization certificate serves as the key to the entire session between the operator authentication server and the blockchain platform. Provisional Certificate of Credibility.

It can be understood that, in order to further solve the problem that the channel phase method can only coordinate a few mismatched bits, there is a certain risk in security. In addition, the low-density parity check method and turbo code in encoding also have the problem of high computational complexity. In this scenario, a blockchain-based coordination technology can be further designed to address these limitations, which allows a trusted third party to use smart contract-based blockchain technology by publishing mismatched bits containing correction sequences. The published user number authentication information serves as a temporary proof of trustworthiness for the entire session, rather than transmitting the certificate each time, thus saving communication costs and storage capacity.

The security authentication method in the embodiment of this application implements security authentication through the authorization and authentication process after obtaining the number through the gateway, and uses the blockchain to store and issue relevant information for security authentication when the user logs in to the application, ensuring that The non-repudiation of user operations ensures that the login is traceable. It implements a secure account login method based on the user's local mobile phone number and a non-repudiation format for blockchain certificate storage and issuance, which improves the user's security. Login security and convenience. The operator authentication server uses a multi-threaded workflow to provide authentication services, which improves service performance to a certain extent. The operator authentication server and blockchain platform introduce a key extraction algorithm based on channel phase response to verify the key consistency between communicating parties, and use short-term channel reciprocity and randomness to extract secret encryption shared keys. key to further enhance the reliability of secure certificate storage.

Figure 4 is a block diagram of a security authentication device according to an exemplary embodiment. The device is configured at an operator authentication server. Referring to FIG. 4 , the security authentication device may include: a number processing module 401 , an authorization processing module 402 and an authentication processing module 403 .

Specifically, the number retrieval processing module 401 is used to receive a number retrieval request from a terminal application, and return the local mobile phone number of the corresponding terminal to the terminal application;

The authorization processing module 402 is used to receive the authorization request sent by the terminal application based on the local mobile phone number, send an authorization certificate to the terminal application and store the authorization-related information in the blockchain;

The authentication processing module 403 is configured to receive an authentication request carrying an authorization certificate sent by the terminal application, return the authentication result, and store the authentication-related information in the blockchain; wherein the authentication result is used to indicate Whether the terminal application allows the corresponding terminal user to log in to the terminal application.

In some implementations, the authentication processing module 403 is specifically used to:

Receive an authentication request sent by a third-party capable party carrying the authorization certificate sent by the terminal application;

The authorization certificate sent by the terminal application is verified and authenticated, the authentication result is returned to the third-party capable party, and the authentication-related information is stored in the blockchain.

In some implementations, the authentication processing module 403 verifies and authenticates the authorization certificate sent by the terminal application, returns the authentication result to the third-party capable party, and stores the authentication-related information in the blockchain. , specifically used for:

Verify and authenticate authorization credentials sent by multiple terminal applications in the form of multi-threaded workflow queues;

Multiple authentication-related information is stored in the blockchain in the form of a multi-threaded workflow queue.

In some implementations, the authentication processing module 403 is also used to:

Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authentication-related information;

Based on the multi-thread work efficiency factor and the preset threshold, it is determined whether to store multiple authentication-related information in the blockchain in the form of a multi-thread workflow queue.

In some implementations, the authorization processing module 402 is specifically used to:

Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authorization-related information;

Based on the multi-thread work efficiency factor and the preset threshold, determine whether to store multiple authorization-related information in the blockchain in the form of a multi-thread workflow queue;

After the determination, the authorization certificate is sent to the terminal application in the form of a multi-threaded workflow queue and the authorization-related information is stored in the blockchain.

In some implementations, the device also includes a key management module 404 for:

Extract the secret key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm;

Based on the extracted key pair information, the key consistency between the operator authentication server and the blockchain platform is verified.

In some implementations, the key management module 404 uses the channel phase response key extraction algorithm to extract key pair information from the key data packet sent by the blockchain platform to which the blockchain belongs, specifically for:

Based on the blockchain, receive mismatched bits containing correction sequences published by a trusted third party;

Based on the mismatched bits containing the correction sequence issued by the third party, the secret key pair information is extracted from the secret key data packet sent by the blockchain platform through the channel phase response key extraction algorithm; wherein, the authorization certificate As a temporary credibility certificate for the entire session between the operator authentication server and the blockchain platform.

Regarding the devices in the above embodiments, the specific manner in which each module performs operations has been described in detail in the embodiments related to the method, and will not be described in detail here.

The security authentication device in the embodiment of this application implements security authentication through the authorization and authentication process after obtaining the number through the gateway, and stores and issues relevant information for security authentication when the user logs in to the application through the blockchain, ensuring that The non-repudiation of user operations ensures that the login is traceable. It implements a secure account login method based on the user's local mobile phone number and a non-repudiation format for blockchain certificate storage and issuance, which improves the user's security. Login security and convenience. The operator authentication server uses a multi-threaded workflow to provide authentication services, which improves service performance to a certain extent. The operator authentication server and blockchain platform introduce a key extraction algorithm based on channel phase response to verify the key consistency between the communicating parties and use short-term channel reciprocity and randomness to extract the secret encryption shared key. key to further enhance the reliability of secure certificate storage.

Figure 5 is a block diagram of a security authentication device according to an exemplary embodiment. The device is configured on a terminal. Referring to FIG. 5 , the security authentication device may include: a number taking module 501 , a verification module 502 , a certificate application module 503 and an authentication processing module 504 .

Specifically, the number retrieval module 501 is used to obtain the local mobile phone number through the gateway in response to the terminal application startup operation;

The verification module 502 is used to perform local number verification based on the local mobile phone number and the mobile phone number input by the user;

The certificate application module 503 is used to send an authorization request to the operator authentication server after passing the verification, and receive the authorization certificate returned by the operator authentication server based on the authorization request; wherein, the operator authentication server While returning the authorization certificate, the authorization-related information will be stored in the blockchain;

The authentication processing module 504 is configured to send the authorization voucher to the third-party capable party, instruct the third-party capable party to send the authorization voucher to the operator authentication server for authentication verification, and receive the third party. The authentication result returned by the third-party capable party; wherein, the operator authentication server returns the authentication result and at the same time stores the authentication-related information in the blockchain;

The authentication processing module 505 is also configured to obtain the login authorization of the terminal application based on the authentication result.

In some implementations, the number taking module 501 is specifically used for:

Send a mobile phone number voucher application to the operator authentication server through the operator authentication SDK;

Obtain the mobile phone number certificate returned by the operator authentication server based on the mobile phone number certificate application;

Based on the mobile phone number certificate, send a number certificate application to the operator authentication server through the operator authentication SDK;

Obtain the number-taking certificate returned by the operator authentication server based on the number-taking certificate application;

Based on the number retrieval certificate, the local mobile phone number is obtained from the operator server through the application backend service corresponding to the terminal application.

Regarding the devices in the above embodiments, the specific manner in which each module performs operations has been described in detail in the embodiments related to the method, and will not be described in detail here.

In the security authentication device of the embodiment of this application, after the gateway obtains the number, security authentication is implemented through the authorization and authentication process, and the relevant information for security authentication when the user logs in to the application is stored and issued through the blockchain to ensure user operations. The non-repudiation ensures that the login is traceable. It implements a secure account login method based on the user's local mobile phone number and a non-repudiation format for blockchain certificate storage and issuance, which improves the user's login security. sex and convenience.

According to embodiments of the present application, the present application also provides an electronic device and a readable storage medium.

As shown in Figure 6, it is a block diagram of an electronic device used to implement a security authentication method according to an embodiment of the present application. Electronic devices are intended to refer to various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. Electronic devices may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions are examples only and are not intended to limit the implementation of the present application as described and/or claimed herein.

As shown in Figure 6, the electronic device includes: one or more processors 601, memory 602, and interfaces for connecting various components, including high-speed interfaces and low-speed interfaces. The various components are connected to each other using different buses and can be mounted on a common motherboard or otherwise mounted as desired. The processor may process instructions executed within the electronic device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In other embodiments, multiple processors and/or multiple buses may be used with multiple memories and multiple memories, if desired. Likewise, multiple electronic devices can be connected, each device providing part of the necessary operation (eg, as a server array, a set of blade servers, or a multi-processor system). In Figure 6, a processor 601 is taken as an example.

The memory 602 is the non-transitory computer-readable storage medium provided by this application. The memory stores instructions executable by at least one processor, so that the at least one processor executes the security authentication method provided by this application. The non-transitory computer-readable storage medium of this application stores computer instructions, which are used to cause the computer to execute the security authentication method provided by this application.

As a non-transitory computer-readable storage medium, the memory 602 can be used to store non-transitory software programs, non-transitory computer executable programs and modules, such as program instructions/modules corresponding to the security authentication method in the embodiment of the present application (for example, The number processing module 401, authorization processing module 402 and authentication processing module 403 shown in Figure 4). The processor 601 executes various functional applications and data processing of the server by running non-transient software programs, instructions and modules stored in the memory 602, that is, the method of implementing the security authentication in the above method embodiment.

The memory 602 may include a stored program area and a stored data area, where the stored program area may store an operating system and an application program required for at least one function; the stored data area may store data created according to the use of a security-certified electronic device, etc. In addition, memory 602 may include high-speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 602 optionally includes memory located remotely relative to processor 601, and these remote memories may be connected to securely authenticated electronic devices through a network. Examples of the above-mentioned networks include but are not limited to the Internet, intranets, local area networks, mobile communication networks and combinations thereof.

The electronic device of the security authentication method may also include: an input device 603 and an output device 604. The processor 601, the memory 602, the input device 603 and the output device 604 can be connected through a bus or other means. In Figure 6, connection through a bus is taken as an example.

The input device 603 can receive input numeric or character information, and generate key signal input related to user settings and function control of a security-certified electronic device, such as a touch screen, a keypad, a mouse, a trackpad, a touch pad, a pointing stick, a Or multiple mouse buttons, trackballs, joysticks and other input devices. Output devices 604 may include display devices, auxiliary lighting devices (eg, LEDs), tactile feedback devices (eg, vibration motors), and the like. The display device may include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display, and a plasma display. In some implementations, the display device may be a touch screen.

Various implementations of the systems and techniques described herein may be implemented in digital electronic circuitry, integrated circuit systems, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include implementation in one or more computer programs executable and/or interpreted on a programmable system including at least one programmable processor, the programmable processor The processor, which may be a special purpose or general purpose programmable processor, may receive data and instructions from a storage system, at least one input device, and at least one output device, and transmit data and instructions to the storage system, the at least one input device, and the at least one output device. An output device.

These computing programs (also referred to as programs, software, software applications, or code) include machine instructions for programmable processors, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine language Calculation program. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or means for providing machine instructions and/or data to a programmable processor ( For example, magnetic disks, optical disks, memories, programmable logic devices (PLD)), including machine-readable media that receive machine instructions as machine-readable signals. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide interaction with a user, the systems and techniques described herein may be implemented on a computer having a display device (eg, a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user ); and a keyboard and pointing device (eg, a mouse or a trackball) through which a user can provide input to the computer. Other kinds of devices may also be used to provide interaction with the user; for example, the feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and may be provided in any form, including Acoustic input, voice input or tactile input) to receive input from the user.

The systems and techniques described herein may be implemented in a computing system that includes back-end components (e.g., as a data server), or a computing system that includes middleware components (e.g., an application server), or a computing system that includes front-end components (e.g., A user's computer having a graphical user interface or web browser through which the user can interact with implementations of the systems and technologies described herein), or including such backend components, middleware components, or any combination of front-end components in a computing system. The components of the system may be interconnected by any form or medium of digital data communication (eg, a communications network). Examples of communication networks include: local area network (LAN), wide area network (WAN), and the Internet.

Computer systems may include clients and servers. Clients and servers are generally remote from each other and typically interact over a communications network. A client and server relationship is created by computer programs running on corresponding computers and having a client-server relationship with each other.

In an exemplary embodiment, a computer program product is also provided. When instructions in the computer program product are executed by a processor of the electronic device, the electronic device can perform the above method.

It should also be noted that the exemplary embodiments mentioned in the present invention describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above steps. That is to say, the steps may be performed in the order mentioned in the embodiments, or may be different from the order in the embodiments, or several steps may be performed simultaneously.

Other embodiments of the present application will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of this application that follow the general principles of this application and include common knowledge or customary technical means in the technical field that are not disclosed in this application. . The specification and examples are to be considered as illustrative only.

It is to be understood that the present application is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (13)

1. A security authentication method, characterized in that the security authentication method is applied to the operator authentication server, including: Receive a number request from the terminal application, and return the local mobile phone number of the corresponding terminal to the terminal application; Receive the authorization request sent by the terminal application based on the local mobile phone number, send an authorization certificate to the terminal application and store the authorization-related information in the blockchain; Receive an authentication request carrying the authorization certificate sent by the terminal application, return the authentication result and store the authentication-related information in the blockchain; wherein the authentication result is used to indicate whether the terminal application allows the corresponding The terminal user logs in to the terminal application. 2. The method according to claim 1, characterized in that receiving an authentication request carrying an authorization certificate sent by the terminal application, returning the authentication result and storing the authentication-related information in the blockchain includes: : Receive an authentication request sent by a third-party capable party carrying the authorization certificate sent by the terminal application; The authorization certificate sent by the terminal application is verified and authenticated, the authentication result is returned to the third-party capable party, and the authentication-related information is stored in the blockchain. 3. The method according to claim 2, characterized in that the authorization certificate sent by the terminal application is verified and authenticated, the authentication result is returned to the third party capable party and the authentication-related information is Blockchain certificates include: Verify and authenticate authorization credentials sent by multiple terminal applications in the form of multi-threaded workflow queues; Multiple authentication-related information is stored in the blockchain in the form of a multi-threaded workflow queue. 4. The method according to claim 3, characterized in that storing multiple authentication-related information before the blockchain in the form of a multi-threaded workflow queue also includes: Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authentication-related information; Based on the multi-thread work efficiency factor and the preset threshold, it is determined whether to store multiple authentication-related information in the blockchain in the form of a multi-thread workflow queue. 5. The method according to claim 1, characterized in that said sending an authorization certificate to the terminal application and storing the authorization-related information on a blockchain includes: Obtain a multi-thread work efficiency factor based on the resource utilization of the operator authentication server and the amount of uplink tasks corresponding to multiple authorization-related information; Based on the multi-thread work efficiency factor and the preset threshold, determine whether to store multiple authorization-related information in the blockchain in the form of a multi-thread workflow queue; After the determination, the authorization certificate is sent to the terminal application in the form of a multi-threaded workflow queue and the authorization-related information is stored in the blockchain. 6. The method according to claim 1, characterized in that before performing blockchain certification, it further includes: Extract the secret key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm; Based on the extracted key pair information, the key consistency between the operator authentication server and the blockchain platform is verified. 7. The method according to claim 6, characterized in that the channel phase response key extraction algorithm extracts key pair information from the secret key data packet sent by the blockchain platform to which the blockchain belongs, include: Based on the blockchain, receive mismatched bits containing correction sequences published by a trusted third party; Based on the mismatched bits containing the correction sequence issued by the third party, the secret key pair information is extracted from the secret key data packet sent by the blockchain platform through the channel phase response key extraction algorithm; wherein, the authorization certificate As a temporary credibility certificate for the entire session between the operator authentication server and the blockchain platform. 8. A security authentication method, characterized in that the security authentication method is applied to a terminal, including: In response to the terminal application startup operation, obtain the local mobile phone number through the gateway; Based on the local mobile phone number and the mobile phone number input by the user, perform local number verification; After the verification is passed, an authorization request is sent to the operator authentication server, and the authorization voucher returned by the operator authentication server based on the authorization request is received; wherein, the operator authentication server returns the authorization voucher at the same time Store authorization-related information on the blockchain; Send the authorization certificate to the third-party capable party, instruct the third-party capable party to send the authorization voucher to the operator authentication server for authentication verification, and receive the authentication returned by the third-party capable party Result; wherein, the operator authentication server returns the authentication result and at the same time stores the authentication-related information in the blockchain; Based on the authentication result, the login authorization of the terminal application is obtained. 9. The method according to claim 8, characterized in that obtaining the local mobile phone number through a gateway includes: Send a mobile phone number voucher application to the operator authentication server through the operator authentication SDK; Obtain the mobile phone number certificate returned by the operator authentication server based on the mobile phone number certificate application; Based on the mobile phone number certificate, send a number certificate application to the operator authentication server through the operator authentication SDK; Obtain the number-taking certificate returned by the operator authentication server based on the number-taking certificate application; Based on the number retrieval certificate, the local mobile phone number is obtained from the operator server through the application backend service corresponding to the terminal application. 10. A security authentication device, characterized in that the device is configured at an operator authentication server, and the device includes: A number retrieval processing module, configured to receive a number retrieval request from a terminal application and return the local mobile phone number of the corresponding terminal to the terminal application; An authorization processing module, configured to receive an authorization request sent by the terminal application based on the local mobile phone number, send an authorization certificate to the terminal application, and store the authorization-related information in the blockchain; An authentication processing module, configured to receive an authentication request carrying an authorization certificate sent by the terminal application, return the authentication result, and store the authentication-related information on the blockchain; wherein the authentication result is used to indicate the Whether the terminal application allows the corresponding terminal user to log in to the terminal application. 11. A security authentication device, characterized in that the device is configured on a terminal, and the device includes: The number retrieval module is used to obtain the local mobile phone number through the gateway in response to the terminal application startup operation; A verification module, configured to perform local number verification based on the local mobile phone number and the mobile phone number input by the user; The certificate application module is used to send an authorization request to the operator authentication server after passing the verification, and receive the authorization certificate returned by the operator authentication server based on the authorization request; wherein, the operator authentication server returns Along with the authorization certificate, authorization-related information will be stored in the blockchain; Authentication processing module, used to send the authorization voucher to the third party capable party, instruct the third party capable party to send the authorization voucher to the operator authentication server for authentication verification, and receive the third party capable party The authentication result returned by the capable party; wherein, the operator authentication server returns the authentication result and at the same time stores the authentication-related information in the blockchain; The authentication processing module is also configured to obtain the login authorization of the terminal application based on the authentication result. 12. An electronic device, characterized in that it includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein, The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can perform any one of claims 1 to 7 The security authentication method, or the security authentication method described in claim 8 or 9. 13. A non-transient computer-readable storage medium storing computer instructions, characterized in that the computer instructions are used to cause the computer to execute the security authentication method according to any one of claims 1 to 7, or, The security authentication method according to claim 8 or 9.