CN117579245A - Security authentication method, device and storage medium - Google Patents
Security authentication method, device and storage medium Download PDFInfo
- Publication number
- CN117579245A CN117579245A CN202311349207.5A CN202311349207A CN117579245A CN 117579245 A CN117579245 A CN 117579245A CN 202311349207 A CN202311349207 A CN 202311349207A CN 117579245 A CN117579245 A CN 117579245A
- Authority
- CN
- China
- Prior art keywords
- authentication
- authorization
- party
- blockchain
- operator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 238000013475 authorization Methods 0.000 claims abstract description 171
- 238000012795 verification Methods 0.000 claims abstract description 31
- 238000012545 processing Methods 0.000 claims description 33
- 230000015654 memory Effects 0.000 claims description 22
- 230000004044 response Effects 0.000 claims description 21
- 238000000605 extraction Methods 0.000 claims description 20
- 238000012937 correction Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 description 19
- 238000004891 communication Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000004879 molecular function Effects 0.000 description 3
- 238000013139 quantization Methods 0.000 description 3
- 238000009825 accumulation Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a security authentication method, a security authentication device and a storage medium. The method comprises the following steps: obtaining the number of the local mobile phone through the gateway; checking the number of the local machine; sending an authorization request to an operator authentication server and receiving an authorization credential returned by the operator authentication server; authorizing the related information to carry out blockchain storage; the authorization credential is sent to a third party capable party, the third party capable party sends the authorization credential to the operator authentication server for authentication verification, the operator authentication server returns the authentication result, and the authentication related information is subjected to blockchain certification; and acquiring login authorization of the terminal application based on the authentication result. The method ensures that the logging is tracked, and improves the logging safety and convenience of users.
Description
Technical Field
The present disclosure relates to the field of security authentication technologies, and in particular, to a security authentication method, device, and storage medium.
Background
Some platforms in the current market adopt a related mode of portrait comparison login, and user portrait three-element verification is performed by using user portraits in combination with related user information such as names, identity cards and the like, so that real-name login of the user is ensured. However, the method is high in use mode cost, the process of the user in the login process is complex, the time consumption is long, and the user login experience is poor.
Some platforms win password account login without verification, the password of the user in the verification mode is likely to be leaked, the login of the user has the phenomena of stolen login and the like, and the login history is free from tracking.
Disclosure of Invention
The application provides a security authentication method, a security authentication device and a storage medium, so as to at least improve security and convenience in a user login process. The technical scheme of the application is as follows:
in a first aspect, an embodiment of the present application provides a security authentication method, where the security authentication method is applied to an operator authentication server, and includes:
receiving a number-taking request from a terminal application, and returning the mobile phone number of the corresponding terminal to the terminal application;
receiving an authorization request sent by the terminal application based on the local mobile phone number, sending an authorization credential to the terminal application, and carrying out blockchain certification on authorization related information;
receiving an authentication request carrying an authorization credential sent by the terminal application, returning an authentication result and carrying out blockchain certification on authentication related information; the authentication result is used for indicating whether the terminal application allows the corresponding terminal user to log in the terminal application.
In some implementations, the receiving an authentication request carrying an authorization credential sent by the terminal application, returning an authentication result and performing blockchain certification on authentication related information includes:
receiving an authentication request which is sent by a third party capability party and carries an authorization credential sent by the terminal application;
and checking and authenticating the authorization certificate sent by the terminal application, returning an authentication result to the third party capability party and carrying out blockchain certification on authentication related information.
In some implementations, the verifying and authenticating the authorization credential sent by the terminal application, returning an authentication result to the third party capability party and performing blockchain certification on authentication related information includes:
checking and authenticating authorization certificates sent by a plurality of terminal applications in a multithreading workflow queue mode;
multiple authentication related information is stored in the blockchain in the form of a multithreaded workflow queue.
In some implementations, the storing the plurality of authentication related information in front of the blockchain by way of a multithreaded workflow queue further includes:
acquiring a multithreading working efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to a plurality of authentication related information;
And determining whether to store a plurality of authentication related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold.
In some implementations, the sending the authorization credential to the terminal application and blockchain certification of the authorization-related information includes:
acquiring a multithreading work efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to the authorization related information;
determining whether to store a plurality of authorization related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold;
after the determination, sending authorization credentials to the terminal application in the form of a multithreaded workflow queue and performing blockchain certification on the authorization-related information.
In some implementations, before the performing the blockchain certification, the method further includes:
extracting key pair information from a key data packet sent by a block chain platform to which the block chain belongs through a channel phase response key extraction algorithm;
and verifying the key consistency between the operator authentication server and the blockchain platform based on the extracted key pair information.
In some implementations, the extracting key pair information from the key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm includes:
based on the blockchain, receiving unmatched bits including a correction sequence issued by a trusted third party;
based on the unmatched bits containing the correction sequence issued by the third party, extracting key pair information from a key data packet sent by the blockchain platform through a channel phase response key extraction algorithm; wherein the authorization credential serves as a temporary trust attestation for the entire session between the operator authentication server and the blockchain platform.
In a second aspect, an embodiment of the present application provides a security authentication method, where the security authentication method is applied to a terminal, and includes:
responding to terminal application starting operation, and obtaining a local mobile phone number through a gateway number;
checking the local number based on the local mobile phone number and the mobile phone number input by the user;
after verification is passed, an authorization request is sent to an operator authentication server, and an authorization credential returned by the operator authentication server based on the authorization request is received; the operator authentication server returns the authorization credential and simultaneously carries out blockchain certification on the authorization related information;
Sending the authorization credential to a third party capable party, indicating the third party capable party to send the authorization credential to the operator authentication server for authentication verification, and receiving an authentication result returned by the third party capable party; the operator authentication server returns the authentication result and performs blockchain certification on the authentication related information;
and acquiring login authorization of the terminal application based on the authentication result.
In some implementations, the obtaining the local mobile phone number by the gateway includes:
through the SDK of the operator authentication, a mobile phone number credential application is sent to the operator authentication server;
acquiring a mobile phone number certificate which is returned by the operator authentication server based on the mobile phone number certificate application;
based on the mobile phone number certificate, sending a number taking certificate application to the operator authentication server through the operator authentication SDK;
acquiring a number taking certificate returned by the operator authentication server based on the number taking certificate application;
and acquiring the local mobile phone number from the operator server through the application back-end service corresponding to the terminal application based on the number taking certificate.
In a third aspect, an embodiment of the present application provides a security authentication device, where the device is configured at an operator authentication server, and the device includes:
the number taking processing module is used for receiving a number taking request from a terminal application and returning the local mobile phone number of the corresponding terminal to the terminal application;
the authorization processing module is used for receiving an authorization request sent by the terminal application based on the local mobile phone number, sending an authorization credential to the terminal application and carrying out blockchain certification on the authorization related information;
the authentication processing module is used for receiving an authentication request carrying an authorization credential sent by the terminal application, returning an authentication result and carrying out blockchain certification on authentication related information; the authentication result is used for indicating whether the terminal application allows the corresponding terminal user to log in the terminal application.
In some implementations, the authentication processing module is specifically configured to:
receiving an authentication request which is sent by a third party capability party and carries an authorization credential sent by the terminal application;
and checking and authenticating the authorization certificate sent by the terminal application, returning an authentication result to the third party capability party and carrying out blockchain certification on authentication related information.
In some implementations, the authentication processing module performs verification and authentication on the authorization credential sent by the terminal application, and when an authentication result is returned to the third party capability party and the authentication related information is subjected to blockchain certification, the authentication processing module is specifically used for:
checking and authenticating authorization certificates sent by a plurality of terminal applications in a multithreading workflow queue mode;
multiple authentication related information is stored in the blockchain in the form of a multithreaded workflow queue.
In some implementations, the authentication processing module is further configured to:
acquiring a multithreading working efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to a plurality of authentication related information;
and determining whether to store a plurality of authentication related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold.
In some implementations, the authorization processing module is specifically configured to:
acquiring a multithreading work efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to the authorization related information;
determining whether to store a plurality of authorization related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold;
After the determination, sending authorization credentials to the terminal application in the form of a multithreaded workflow queue and performing blockchain certification on the authorization-related information.
In some implementations, the apparatus further includes a key management module to:
extracting key pair information from a key data packet sent by a block chain platform to which the block chain belongs through a channel phase response key extraction algorithm;
and verifying the key consistency between the operator authentication server and the blockchain platform based on the extracted key pair information.
In some implementations, when the key management module extracts key pair information from the key data packet sent by the blockchain platform to which the blockchain belongs through a channel phase response key extraction algorithm, the key management module is specifically configured to:
based on the blockchain, receiving unmatched bits including a correction sequence issued by a trusted third party;
based on the unmatched bits containing the correction sequence issued by the third party, extracting key pair information from a key data packet sent by the blockchain platform through a channel phase response key extraction algorithm; wherein the authorization credential serves as a temporary trust attestation for the entire session between the operator authentication server and the blockchain platform.
In a fourth aspect, an embodiment of the present application provides a security authentication device, where the device is configured in a terminal, and the device includes:
the number taking module is used for responding to the starting operation of the terminal application and obtaining the number of the mobile phone of the host through the gateway number taking;
the verification module is used for verifying the local mobile phone number based on the local mobile phone number and the mobile phone number input by the user;
the certificate application module is used for sending an authorization request to the operator authentication server after verification is passed, and receiving an authorization certificate returned by the operator authentication server based on the authorization request; the operator authentication server returns the authorization credential and simultaneously carries out blockchain certification on the authorization related information;
the authentication processing module is used for sending the authorization credential to a third party capable party, indicating the third party capable party to send the authorization credential to the operator authentication server for authentication verification, and receiving an authentication result returned by the third party capable party; the operator authentication server returns the authentication result and performs blockchain certification on the authentication related information;
and the authentication processing module is also used for acquiring login authorization of the terminal application based on the authentication result.
In some implementations, the number taking module is specifically configured to:
through the SDK of the operator authentication, a mobile phone number credential application is sent to the operator authentication server;
acquiring a mobile phone number certificate which is returned by the operator authentication server based on the mobile phone number certificate application;
based on the mobile phone number certificate, sending a number taking certificate application to the operator authentication server through the operator authentication SDK;
acquiring a number taking certificate returned by the operator authentication server based on the number taking certificate application;
and acquiring the local mobile phone number from the operator server through the application back-end service corresponding to the terminal application based on the number taking certificate.
In a fifth aspect, embodiments of the present application provide an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the security authentication method according to the embodiments of the first aspect of the present application.
In a sixth aspect, embodiments of the present application provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the security authentication method according to the embodiments of the first aspect of the present application.
In a seventh aspect, embodiments of the present application provide a computer program product comprising computer instructions which, when executed by a processor, implement the steps of the security authentication method described in the embodiments of the first aspect of the present application.
The technical scheme provided by the embodiment of the application at least brings the following beneficial effects:
after the gateway takes the number, the security authentication is realized through the authorization and authentication process, and the related information of the security authentication is stored and discharged through the blockchain when the user logs in the application, so that the non-repudiation of the user operation is ensured, the login trace is ensured to be circulated, the number taking verification based on the mobile phone number of the user is realized, and meanwhile, the security account login mode of the non-repudiation format of the blockchain stored certificate is performed, so that the login security and convenience of the user are improved. The operator authentication service end adopts a multithreading workflow mode to provide authentication service, so that service performance is improved to a certain extent. The operator authentication server and the blockchain platform are used for verifying the key consistency between two communication parties by introducing a key extraction algorithm based on channel phase response, and the secret encryption shared key is extracted by utilizing short-term channel reciprocity and randomness, so that the reliability of security certification is further enhanced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application and do not constitute an undue limitation on the application.
Fig. 1 is a flow chart illustrating a security authentication method according to an exemplary embodiment.
Fig. 2 is an interaction diagram between a business party, a capability party, and an operator authentication server, according to an example.
Fig. 3 is a flow chart illustrating a security authentication method according to another exemplary embodiment.
Fig. 4 is a block diagram illustrating a security authentication device according to an example embodiment.
Fig. 5 is a block diagram illustrating a security authentication device according to another exemplary embodiment.
Fig. 6 is a block diagram of an electronic device, according to an example embodiment.
Detailed Description
In order to enable those skilled in the art to better understand the technical solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like herein are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
In the current society, telecommunication mobile phone fraud is common, and account information of users is stolen, stolen and the like. Related conditions such as password management and the like of a user and related private information management leakage and the like frequently occur, and how to practically protect user accounts and account password information becomes an urgent problem to be solved;
some platforms in the current market adopt a related mode of portrait comparison login, and real-name login of the user is ensured by checking three elements of the portrait of the user by utilizing the head portrait of the user in combination with related user information such as name, identity card and the like. However, the current method has high cost and high time consumption, has complicated login flow for the user in the login process, has poor login experience, and does not store authentication information and the like.
In order to guarantee safety in a user login process and considering convenience, the technical scheme of the application provides a safe account login mode based on number taking verification of a user local number, and meanwhile, a non-repudiation format of block chain verification is carried out to replace a user portrait three-element login mode. For safety, the method for rapidly solving the problem of safe login of the user account is to check the number of the user based on the mobile phone number of the user, ensure that the user can register the mobile phone number of the user to perform relevant login operation on the user, and simultaneously perform the certification and the certification of the blockchain, ensure that the operation is trace and can be followed, and the user can not repudiate the relevant characteristics, thereby greatly improving the safety and convenience of user login to a certain extent.
Fig. 1 is a flow chart of a security authentication method according to one embodiment of the present application. It should be noted that, the security authentication method according to the embodiment of the present application may be applied to the security authentication device according to the embodiment of the present application, and the security authentication device may be configured on an electronic device such as a terminal. As shown in fig. 1, the security authentication method may include the following steps.
Step S101, responding to terminal application starting operation, and obtaining the mobile phone number of the mobile phone through the gateway.
When a user triggers a terminal application (application front end or application APP) to start operation, the terminal application acquires the mobile phone number of the mobile phone by a gateway number acquisition mode.
The terminal application may be an APP installed on a mobile phone terminal or a website requiring login authentication, for example, a take-away APP, a shopping APP, etc.
As an implementation manner, the implementation manner of obtaining the mobile phone number of the terminal application through the gateway number taking includes:
through the SDK of the operator authentication, a mobile phone number credential application is sent to the operator authentication server; acquiring a mobile phone number certificate which is returned by the operator authentication server based on the mobile phone number certificate application; based on the mobile phone number certificate, sending a number taking certificate application to the operator authentication server through the operator authentication SDK; acquiring a number taking certificate returned by the operator authentication server based on the number taking certificate application; and acquiring the local mobile phone number from the operator server through the application back-end service corresponding to the terminal application based on the number taking certificate.
Here, the operator authentication service end may be understood as an operator authentication service provided by the base station, that is, the base station, or may be understood as a security base service of the entire base station, where the operator authentication SDK corresponds to a component for taking a number, and the operator authentication SDK is installed in the terminal.
The mobile phone terminal is provided with an operator authentication SDK, when a mobile phone user starts an application, the application front end performs gateway number taking by using mobile phone traffic through the loaded operator authentication SDK, a mobile phone number mask of the mobile phone card is primarily obtained, the operator authentication SDK sends related information such as the mobile phone number to an operator authentication server, and mobile phone number credential information is issued to the application front end. The application front end receives the mobile phone number credential information and then performs authorization, and the application front end requests the operator authentication server through the mobile phone number credential information, acquires related number taking credential token parameters, and returns the number taking credential token parameters to the operator authentication SDK. The application front end transmits the number taking certificate to the application server, and the application server requests the operator authentication server to acquire the relevant local mobile phone number through the number taking certificate.
Step S102, checking the local phone number based on the local phone number and the phone number input by the user.
After the application front end obtains the local mobile phone number through the gateway number acquisition, the application front end performs local number verification with the mobile phone number input by the local user or the registered mobile phone number to determine whether the operation is the local number operation.
Step S103, after verification is passed, an authorization request is sent to an operator authentication server, and an authorization credential returned by the operator authentication server based on the authorization request is received; and the operator authentication server returns the authorization credential and simultaneously carries out blockchain certification on the authorization related information.
The application front end requests authorization from the operator authentication server and acquires authorization credentials fed back by the operator authentication server.
Step S104, the authorization credential is sent to a third party capable party, the third party capable party is instructed to send the authorization credential to the operator authentication server for authentication verification, and an authentication result returned by the third party capable party is received; and the operator authentication server returns the authentication result and performs blockchain certification on the authentication related information.
In this embodiment, the service sends the authorization credential to a third party capable party (abbreviated as a capable party), and instructs the third party capable party to send the authorization credential to the operator authentication server for authentication verification.
That is, as shown in fig. 2, after the service party acquires the authorization credential, the service party transfers the authorization credential to the capability party, and the capability party provides the authorization credential to the operator authentication service end (service provider) for authentication operation and returns an authentication result.
Here, the service party may be understood as an application, the application front end and the application service may be understood as the front end and the back end of the service party, the service party corresponds to a user of the operator, and the service party may be understood as an intermediate agent, which may recommend a product of the operator to the service party.
Step S105, based on the authentication result, obtaining the login authorization of the terminal application.
After authentication is successful, the user can log in the application through security authentication.
After logging in, the related ticket information can be recorded and pushed to a ticket system through message middleware (kafka/rabaitMQ), and the related information such as ticket, authorization authentication and the like is pushed to a database for storage.
According to the security authentication method, after the gateway obtains the number, security authentication is realized through the authorization and authentication process, and related information of security authentication is stored and discharged through the blockchain when the user logs in the application, so that non-repudiation of the user operation is ensured, the login trace is ensured to be circulated, the number obtaining verification based on the mobile phone number of the user is realized, and meanwhile, the security account login mode of non-repudiation format is performed through the blockchain storage and discharge, so that the login security and convenience of the user are improved.
Fig. 3 is a flow chart of a security authentication method according to one embodiment of the present application. It should be noted that, the security authentication method of the embodiment of the present application may be applied to the security authentication device of the embodiment of the present application, where the security authentication device may be configured on an electronic device such as an operator authentication server. As shown in fig. 3, the security authentication method may include the following steps.
Step S201, a number-taking request from a terminal application is received, and a local mobile phone number of a corresponding terminal is returned to the terminal application.
The gateway number-taking process refers to the specific implementation process of step S101 in the above embodiment, which is not described herein in detail.
Step S202, receiving an authorization request sent by the terminal application based on the local mobile phone number, sending an authorization credential to the terminal application, and carrying out blockchain certification on the authorization related information.
And the operator authentication server receives an authorization request sent by the terminal application based on the local mobile phone number, sends an authorization credential to the terminal application, and performs blockchain certification on the authorization related information. The sending of the authorization credential and the blockchain certification of the authorization-related information are realized through different threads.
In the authorization process, two conventions are made for authorization credentials (authorization token):
1. Persistence: if the authorization token is in a persistent format, the authorization token needs to be stored in a system cache according to the operation configuration cache time, and also needs to be stored in a database, in the storage format, a user and an application server agree on a storage valid time, and if the authorization token is valid in the valid time, the authorization token is judged to be valid, otherwise, the authorization token is invalid. 2. Non-persistence: if the authorization token is specified to be in a non-persistent format, the system cache is only needed according to the cache time. The generation format of the authorization token also needs to be associated with the user app id, and the capability attribute used by the user.
In some implementations, the operator authentication server stores a plurality of authorization-related information from a plurality of terminals in the blockchain in the form of a multi-threaded workflow queue.
Step S203, receiving an authentication request carrying an authorization credential sent by the terminal application, returning an authentication result and carrying out blockchain certification on authentication related information; the authentication result is used for indicating whether the terminal application allows the corresponding terminal user to log in the terminal application.
The operator authentication server receives an authentication request carrying an authorization credential sent by the terminal application, returns an authentication result, and performs blockchain authentication on authentication related information, wherein the authentication related information can include, but is not limited to, authentication process related flow information, related user information, authentication credentials, user operation information and the like.
In some implementations, the operator authenticates the server: receiving an authentication request which is sent by a third party capability party and carries an authorization credential sent by the terminal application; and checking and authenticating the authorization certificate sent by the terminal application, returning an authentication result to the third party capability party and carrying out blockchain certification on authentication related information.
It will be understood that, as shown in fig. 2, the operator authentication server receives the authorization credential sent by the capability party. Namely, the operator authentication server receives the authorization credential forwarded by the terminal application through the capability party; and checking and authenticating the authorization certificate sent by the terminal application, and returning an authentication result to the capability party. The ability party can select a plurality of authorization certificates, and simultaneously sends an operator authentication server to verify and authenticate the authorization certificates. The ability party as the intermediate agent can choose to send a plurality of authorization certificates, apply for authentication service to the operator authentication server, namely apply for token check authentication of the security base.
The operator authentication server can verify and authenticate the authorization certificates sent by a plurality of terminal applications in the form of a multithreaded workflow queue; storing a plurality of authentication related information in a blockchain in the form of a multithreaded workflow queue; multiple authorization-related information is stored in the blockchain in the form of a multithreaded workflow queue. That is, the operator authentication server may process authorization requests and authentication requests from multiple business or capability parties simultaneously in the form of a multi-threaded workflow queue.
In some embodiments, storing the plurality of authentication related information in the blockchain prior to the storing the plurality of authentication related information in the form of a multithreaded workflow queue further comprises: acquiring a multithreading working efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to a plurality of authentication related information; and determining whether to store a plurality of authentication related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold.
Illustratively, the user thread (i.e., the application party) submits authentication parameters from multiple terminals to the multi-threaded workflow of the operator authentication server; a plurality of tasks enter a multithreaded workflow queue; the multithreaded task is dequeued and the uplink operation is performed on the blockchain; ending the multithreading workflow and ending the process life cycle; and then reporting the information of the user to a blockchain platform, storing and discharging the blockchain, and uploading the operation information of the user.
Wherein, the multithreaded work queue work mode refers to the following formula:
wherein f (i) Representing the efficiency factor result of the multithreaded work queue, i representing the multithreaded task number, m representing the utilization rate of a multithreaded pool, beta representing the CPU performance utilization rate of a server machine, delta representing the text quantity of each time of chaining, and h cost Representing the time consuming per time of the uplink evidence.
Wherein,
the working principle of the multithreading pool is referred to, ω (i, m) represents the multithreading utilization rate, P represents the available core number of CPU, when the creation thread i is smaller than P, the thread queue is not created; when the creation thread i is greater than p, the thread queue is created. The meaning expressed here is that the efficiency can reach a maximum when i is smaller than p, and that the efficiency is decreased in the form of a molecular function when i is larger than p.
Wherein,
wherein,the method is characterized by representing the use condition and the utilization rate of the memory, wherein N represents a constant larger than 0, i is the thread number, sigmoid (i) is an activation function (the value of i is between 0.5 and 1 because i is larger than 0), and V represents the memory size set by the java service virtual machine.
Wherein,
wherein in the molecular function
Wherein τ (i, h cost ) Representing the corresponding delays when multiple threads are to be chained: h, h ′ (n) represents the time value spent by the nth blockchain platform, and the average summation is performed after the accumulation method.
Wherein in the molecular function
Where γ (i, δ) represents the text request body size, δ ′ (n) representing the number of texts uploaded to the blockchain platform by the nth secure document storage platform, and carrying out average summation after passing through an accumulation method.
The multithreading arrangement mode is that a work queue mode is provided, wherein the service A side plays a role of a consumer, when each task request is carried out, relevant parameters are packaged and pushed into the work queue, the workflow is first in first out according to a fairness principle, the other service group B plays a role of the consumer, when the work queue has work tasks, the service group is awakened, and the service group performs fragmentation consumption; when the work queue does not have the work task, the service group B goes to sleep until the work queue wakes up.
Wherein the efficiency factor represents a multithreading work efficiency factor, which represents the efficiency of execution of batch authorization token check authentication in a multithreading state, wherein parameters of positive correlation and negative correlation are presented, and the efficiency factor can see in what case a multithreading workflow is used and in what case a non-multithreading workflow is used, compared with batch token check of a non-multithreading workflow. After multiple trials of normal robust service, a threshold can be set according to a weighted averageThreshold->Affected by the relevant parameters such as the service machine memory, the CPU core number, etc., if:
the efficiency factor is valid and the operating mode of the multithreaded workflow may be used, provided that,
The multithreading workflow method is not applicable to the business scenario and the non-multithreading workflow mode should be selected.
The flow information of the business party is mainly emphasized in the authorization related uplink information, and the flow information of the ability party is emphasized more in the authentication related uplink information.
In some embodiments, prior to blockchain certification, further comprising:
extracting key pair information from a key data packet sent by a block chain platform to which the block chain belongs through a channel phase response key extraction algorithm; and verifying the key consistency between the operator authentication server and the blockchain platform based on the extracted key pair information. The secret encryption shared key is extracted by utilizing short-term channel reciprocity and randomness, so that the reliability of the secure storage is further enhanced.
The information response of the key channel undergoes three main stages, namely quantization, information coordination and information extraction. Wherein the quantization stage is a mapping operation that converts the channel components into a bitstream. And the information coordination phase is an error correction phase involving correcting mismatch bits caused by imperfect channel reciprocity. The last stage of information extraction is to use hash operations to maintain confidentiality of the extracted key. And after information conversion and transmission among the information, filtering and denoising the data information, and finally performing inverse conversion to obtain target information.
The following channel phase response key extraction algorithm includes the following:
1. in the interaction process of the operator authentication server and the blockchain platform, the key pair can be quantized into binary codes in the transmission process:
F n (secret)
2. when the operator authentication server side sends a key data packet PV to the blockchain platform 1 At time T 1 The intermediate frequency domain information may be expressed as:
wherein,is a uniformly distributed phase, since the information RV received by the blockchain can be known in the interval [0,2 pi ] 12 The method comprises the following steps:
wherein sigma 1 (t) expressed as Gaussian white noise, alpha 1 And theta 1 Is the forward link channel gain and phase response. The phase of the noise received by the final blockchain platform may be approximated as
3. The same reason is that the blockchain platform sends the information data packet PV to the operator authentication server 2 At time T 2 The intermediate frequency domain information may represent:
wherein,is evenly distributed phase, and can learn the information RV received by the service end of the operator in the interval [0,2 pi ] 21 Is that
Wherein sigma 2 (t) expressed as Gaussian white noise, alpha 2 And theta 2 Is the forward link channel gain and phase response. The phase of the noise received by the final blockchain platform may be approximated as
4. From the above 2 and 3, the final phase components of the operator authentication server and the blockchain platform can be obtained as follows:
Wherein the time interval intervals are all 0,2 pi.
5. Due to RV 12 (t) and RV 21 (t) there is an associated noise information amount, which needs to be data denoised by a filter (curve fitting) as follows:
wherein F is k As a weighting coefficient, a basis functionAs a twiddle factor, in function F k And (5) performing threshold setting, namely performing data denoising fitting.
6. After the data fitting denoising process, the operator authentication server and the blockchain platform perform inverse coding and inverse quantization on the key pair information to obtain a corresponding information value.
In some embodiments, based on the blockchain, unmatched bits including a correction sequence issued by a trusted third party are received; based on the unmatched bits containing the correction sequence issued by the third party, extracting key pair information from a key data packet sent by the blockchain platform through a channel phase response key extraction algorithm; wherein the authorization credential serves as a temporary trust attestation for the entire session between the operator authentication server and the blockchain platform.
It can be appreciated that, in order to further solve the problem that the channel phase method can only coordinate a few mismatch bits, there is a certain risk in terms of security. Also, the low density parity check method and turbo code in encoding have a problem of high computational complexity. In this scenario, a blockchain-based coordination technique may be further devised to address these limitations, which allows a trusted third party to use a blockchain-based technique by issuing unmatched bits containing correction sequences. The issued user number authentication information serves as a temporary trust attestation for the entire session, rather than transmitting certificates every time, thereby saving communication costs and storage capacity.
According to the security authentication method, after the number is fetched through the gateway, security authentication is achieved through authorization and authentication processes, and related information of the security authentication is stored and discharged when a user logs in an application through the blockchain, so that non-repudiation of the user operation is guaranteed, tracking of login is guaranteed, number fetching verification based on the mobile phone number of the user is achieved, meanwhile, a security account login mode in a non-repudiation format is achieved when the blockchain is stored and discharged, and login security and convenience of the user are improved. The operator authentication service end adopts a multithreading workflow mode to provide authentication service, so that service performance is improved to a certain extent. The operator authentication server and the blockchain platform are used for verifying the key consistency between two communication parties by introducing a key extraction algorithm based on channel phase response, and the secret encryption shared key is extracted by utilizing short-term channel reciprocity and randomness, so that the reliability of security certification is further enhanced.
Fig. 4 is a block diagram illustrating a security authentication device configured at an operator authentication server according to an exemplary embodiment. Referring to fig. 4, the security authentication device may include: a number-taking processing module 401, an authorization processing module 402 and an authentication processing module 403.
Specifically, the number-taking processing module 401 is configured to receive a number-taking request from a terminal application, and return a local mobile phone number of a corresponding terminal to the terminal application;
the authorization processing module 402 is configured to receive an authorization request sent by the terminal application based on the local mobile phone number, send an authorization credential to the terminal application, and perform blockchain storage on authorization related information;
the authentication processing module 403 is configured to receive an authentication request carrying an authorization credential sent by the terminal application, return an authentication result, and perform blockchain certification on authentication related information; the authentication result is used for indicating whether the terminal application allows the corresponding terminal user to log in the terminal application.
In some implementations, the authentication processing module 403 is specifically configured to:
receiving an authentication request which is sent by a third party capability party and carries an authorization credential sent by the terminal application;
and checking and authenticating the authorization certificate sent by the terminal application, returning an authentication result to the third party capability party and carrying out blockchain certification on authentication related information.
In some implementations, the authentication processing module 403 performs verification and authentication on the authorization credential sent by the terminal application, and is specifically configured to, when returning an authentication result to the third party capability party and performing blockchain certification on authentication related information:
Checking and authenticating authorization certificates sent by a plurality of terminal applications in a multithreading workflow queue mode;
multiple authentication related information is stored in the blockchain in the form of a multithreaded workflow queue.
In some implementations, the authentication processing module 403 is further configured to:
acquiring a multithreading working efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to a plurality of authentication related information;
and determining whether to store a plurality of authentication related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold.
In some implementations, the authorization processing module 402 is specifically configured to:
acquiring a multithreading work efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to the authorization related information;
determining whether to store a plurality of authorization related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold;
after the determination, sending authorization credentials to the terminal application in the form of a multithreaded workflow queue and performing blockchain certification on the authorization-related information.
In some implementations, the apparatus further includes a key management module 404 to:
extracting key pair information from a key data packet sent by a block chain platform to which the block chain belongs through a channel phase response key extraction algorithm;
and verifying the key consistency between the operator authentication server and the blockchain platform based on the extracted key pair information.
In some implementations, when the key management module 404 extracts the key pair information from the key data packet sent by the blockchain platform to which the blockchain belongs through the channel phase response key extraction algorithm, the key pair information is specifically used for:
based on the blockchain, receiving unmatched bits including a correction sequence issued by a trusted third party;
based on the unmatched bits containing the correction sequence issued by the third party, extracting key pair information from a key data packet sent by the blockchain platform through a channel phase response key extraction algorithm; wherein the authorization credential serves as a temporary trust attestation for the entire session between the operator authentication server and the blockchain platform.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
According to the security authentication device, after the number is fetched through the gateway, security authentication is achieved through the authorization and authentication process, and related information of the security authentication is stored and discharged when the user logs in the application through the blockchain, so that non-repudiation of the user operation is guaranteed, tracking of login is guaranteed, number fetching verification based on the mobile phone number of the user is achieved, meanwhile, a security account login mode in a non-repudiation format is achieved when the blockchain is stored and discharged, and login security and convenience of the user are improved. The operator authentication service end adopts a multithreading workflow mode to provide authentication service, so that service performance is improved to a certain extent. The operator authentication server and the blockchain platform are used for verifying the key consistency between two communication parties by introducing a key extraction algorithm based on channel phase response, and the secret encryption shared key is extracted by utilizing short-term channel reciprocity and randomness, so that the reliability of security certification is further enhanced.
Fig. 5 is a block diagram illustrating a security authentication device configured at a terminal according to an exemplary embodiment. Referring to fig. 5, the security authentication device may include: a number taking module 501, a checking module 502, a credential application module 503 and an authentication processing module 504.
Specifically, the number taking module 501 is configured to respond to a terminal application starting operation, and obtain a local mobile phone number through a gateway number taking;
the verification module 502 is configured to perform local number verification based on the local mobile phone number and a mobile phone number input by a user;
the credential application module 503 is configured to send an authorization request to an operator authentication server after verification is passed, and receive an authorization credential returned by the operator authentication server based on the authorization request; the operator authentication server returns the authorization credential and simultaneously carries out blockchain certification on the authorization related information;
the authentication processing module 504 is configured to send the authorization credential to a third party capable party, instruct the third party capable party to send the authorization credential to the operator authentication server for authentication verification, and receive an authentication result returned by the third party capable party; the operator authentication server returns the authentication result and performs blockchain certification on the authentication related information;
the authentication processing module 505 is further configured to obtain login authorization of the terminal application based on the authentication result.
In some implementations, the number taking module 501 is specifically configured to:
Through the SDK of the operator authentication, a mobile phone number credential application is sent to the operator authentication server;
acquiring a mobile phone number certificate which is returned by the operator authentication server based on the mobile phone number certificate application;
based on the mobile phone number certificate, sending a number taking certificate application to the operator authentication server through the operator authentication SDK;
acquiring a number taking certificate returned by the operator authentication server based on the number taking certificate application;
and acquiring the local mobile phone number from the operator server through the application back-end service corresponding to the terminal application based on the number taking certificate.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
According to the security authentication device, after the gateway obtains the number, security authentication is realized through the authorization and authentication process, and related information of the security authentication is stored and discharged when the user logs in the application through the blockchain, so that non-repudiation of the user operation is ensured, the login trace is ensured to be circulated, the number obtaining verification based on the mobile phone number of the user is realized, the security account login mode of non-repudiation format is simultaneously performed when the blockchain is stored and discharged, and the login security and convenience of the user are improved.
According to embodiments of the present application, an electronic device and a readable storage medium are also provided.
As shown in fig. 6, is a block diagram of an electronic device for implementing a method of security authentication according to an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the application described and/or claimed herein.
As shown in fig. 6, the electronic device includes: one or more processors 601, memory 602, and interfaces for connecting the components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions executing within the electronic device, including instructions stored in or on memory to display graphical information of the GUI on an external input/output device, such as a display device coupled to the interface. In other embodiments, multiple processors and/or multiple buses may be used, if desired, along with multiple memories and multiple memories. Also, multiple electronic devices may be connected, each providing a portion of the necessary operations (e.g., as a server array, a set of blade servers, or a multiprocessor system). One processor 601 is illustrated in fig. 6.
Memory 602 is a non-transitory computer-readable storage medium provided herein. Wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of security authentication provided herein. The non-transitory computer readable storage medium of the present application stores computer instructions for causing a computer to perform the method of security authentication provided by the present application.
The memory 602 is used as a non-transitory computer readable storage medium, and may be used to store a non-transitory software program, a non-transitory computer executable program, and modules, such as program instructions/modules (e.g., the number-taking processing module 401, the authorization processing module 402, and the authentication processing module 403 shown in fig. 4) corresponding to the security authentication method in the embodiment of the present application. The processor 601 executes various functional applications of the server and data processing, i.e., a method of implementing security authentication in the above-described method embodiments, by running non-transitory software programs, instructions, and modules stored in the memory 602.
The memory 602 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the securely authenticated electronic device, etc. In addition, the memory 602 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 602 may optionally include memory remotely located with respect to processor 601, which may be connected to the secure authenticated electronic device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the method of security authentication may further include: an input device 603 and an output device 604. The processor 601, memory 602, input device 603 and output device 604 may be connected by a bus or otherwise, for example in fig. 6.
The input device 603 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the secure authenticated electronic device, such as a touch screen, keypad, mouse, trackpad, touchpad, pointer stick, one or more mouse buttons, trackball, joystick, and like input devices. The output means 604 may include a display device, auxiliary lighting means (e.g., LEDs), tactile feedback means (e.g., vibration motors), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device may be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASIC (application specific integrated circuit), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
These computing programs (also referred to as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
In an exemplary embodiment, a computer program product is also provided, which, when instructions in the computer program product are executed by a processor of an electronic device, enables the electronic device to perform the above-described method.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, or may be performed in a different order from the order in the embodiments, or several steps may be performed simultaneously.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. The specification and examples are to be regarded in an illustrative manner only.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (13)
1. The security authentication method is characterized by being applied to an operator authentication server and comprising the following steps:
Receiving a number-taking request from a terminal application, and returning the mobile phone number of the corresponding terminal to the terminal application;
receiving an authorization request sent by the terminal application based on the local mobile phone number, sending an authorization credential to the terminal application, and carrying out blockchain certification on authorization related information;
receiving an authentication request carrying an authorization credential sent by the terminal application, returning an authentication result and carrying out blockchain certification on authentication related information; the authentication result is used for indicating whether the terminal application allows the corresponding terminal user to log in the terminal application.
2. The method according to claim 1, wherein the receiving the authentication request carrying the authorization credential sent by the terminal application, returning the authentication result and performing blockchain certification on the authentication related information includes:
receiving an authentication request which is sent by a third party capability party and carries an authorization credential sent by the terminal application;
and checking and authenticating the authorization certificate sent by the terminal application, returning an authentication result to the third party capability party and carrying out blockchain certification on authentication related information.
3. The method according to claim 2, wherein verifying and authenticating the authorization ticket sent by the terminal application, returning an authentication result to the third party capable party and performing blockchain certification on authentication related information, includes:
Checking and authenticating authorization certificates sent by a plurality of terminal applications in a multithreading workflow queue mode;
multiple authentication related information is stored in the blockchain in the form of a multithreaded workflow queue.
4. The method of claim 3, wherein storing the plurality of authentication related information in the blockchain by way of a multithreaded workflow queue, further comprises:
acquiring a multithreading working efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to a plurality of authentication related information;
and determining whether to store a plurality of authentication related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold.
5. The method of claim 1, wherein the sending the authorization credential to the terminal application and blockchain certification of the authorization-related information comprises:
acquiring a multithreading work efficiency factor based on the resource utilization rate of the operator authentication server and the uplink task quantity corresponding to the authorization related information;
determining whether to store a plurality of authorization related information in a blockchain in a form of a multithreaded workflow queue based on the multithreaded work efficiency factor and a preset threshold;
After the determination, sending authorization credentials to the terminal application in the form of a multithreaded workflow queue and performing blockchain certification on the authorization-related information.
6. The method of claim 1, wherein prior to performing blockchain certification, further comprising:
extracting key pair information from a key data packet sent by a block chain platform to which the block chain belongs through a channel phase response key extraction algorithm;
and verifying the key consistency between the operator authentication server and the blockchain platform based on the extracted key pair information.
7. The method of claim 6, wherein the extracting key pair information from the key data packet sent by the blockchain platform to which the blockchain belongs by the channel phase response key extraction algorithm comprises:
based on the blockchain, receiving unmatched bits including a correction sequence issued by a trusted third party;
based on the unmatched bits containing the correction sequence issued by the third party, extracting key pair information from a key data packet sent by the blockchain platform through a channel phase response key extraction algorithm; wherein the authorization credential serves as a temporary trust attestation for the entire session between the operator authentication server and the blockchain platform.
8. A security authentication method, wherein the security authentication method is applied to a terminal, and comprises:
responding to terminal application starting operation, and obtaining a local mobile phone number through a gateway number;
checking the local number based on the local mobile phone number and the mobile phone number input by the user;
after verification is passed, an authorization request is sent to an operator authentication server, and an authorization credential returned by the operator authentication server based on the authorization request is received; the operator authentication server returns the authorization credential and simultaneously carries out blockchain certification on the authorization related information;
sending the authorization credential to a third party capable party, indicating the third party capable party to send the authorization credential to the operator authentication server for authentication verification, and receiving an authentication result returned by the third party capable party; the operator authentication server returns the authentication result and performs blockchain certification on the authentication related information;
and acquiring login authorization of the terminal application based on the authentication result.
9. The method of claim 8, wherein the obtaining the local mobile phone number by the gateway number comprises:
Through the SDK of the operator authentication, a mobile phone number credential application is sent to the operator authentication server;
acquiring a mobile phone number certificate which is returned by the operator authentication server based on the mobile phone number certificate application;
based on the mobile phone number certificate, sending a number taking certificate application to the operator authentication server through the operator authentication SDK;
acquiring a number taking certificate returned by the operator authentication server based on the number taking certificate application;
and acquiring the local mobile phone number from the operator server through the application back-end service corresponding to the terminal application based on the number taking certificate.
10. A security authentication device, wherein the device is configured at an operator authentication server, the device comprising:
the number taking processing module is used for receiving a number taking request from a terminal application and returning the local mobile phone number of the corresponding terminal to the terminal application;
the authorization processing module is used for receiving an authorization request sent by the terminal application based on the local mobile phone number, sending an authorization credential to the terminal application and carrying out blockchain certification on the authorization related information;
the authentication processing module is used for receiving an authentication request carrying an authorization credential sent by the terminal application, returning an authentication result and carrying out blockchain certification on authentication related information; the authentication result is used for indicating whether the terminal application allows the corresponding terminal user to log in the terminal application.
11. A security authentication device, the device being configured in a terminal, the device comprising:
the number taking module is used for responding to the starting operation of the terminal application and obtaining the number of the mobile phone of the host through the gateway number taking;
the verification module is used for verifying the local mobile phone number based on the local mobile phone number and the mobile phone number input by the user;
the certificate application module is used for sending an authorization request to the operator authentication server after verification is passed, and receiving an authorization certificate returned by the operator authentication server based on the authorization request; the operator authentication server returns the authorization credential and simultaneously carries out blockchain certification on the authorization related information;
the authentication processing module is used for sending the authorization credential to a third party capable party, indicating the third party capable party to send the authorization credential to the operator authentication server for authentication verification, and receiving an authentication result returned by the third party capable party; the operator authentication server returns the authentication result and performs blockchain certification on the authentication related information;
and the authentication processing module is also used for acquiring login authorization of the terminal application based on the authentication result.
12. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the secure authentication method of any one of claims 1 to 7 or the secure authentication method of claim 8 or 9.
13. A non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the security authentication method of any one of claims 1 to 7, or the security authentication method of claim 8 or 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311349207.5A CN117579245A (en) | 2023-10-17 | 2023-10-17 | Security authentication method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311349207.5A CN117579245A (en) | 2023-10-17 | 2023-10-17 | Security authentication method, device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117579245A true CN117579245A (en) | 2024-02-20 |
Family
ID=89887027
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311349207.5A Pending CN117579245A (en) | 2023-10-17 | 2023-10-17 | Security authentication method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117579245A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988313A (en) * | 2020-08-19 | 2020-11-24 | 工银科技有限公司 | Data processing method, device, system and medium for block chain |
CN114466353A (en) * | 2022-02-09 | 2022-05-10 | 号百信息服务有限公司 | App user ID information protection device and method, electronic equipment and storage medium |
CN115189891A (en) * | 2022-07-07 | 2022-10-14 | Oppo广东移动通信有限公司 | Application program login method and device, terminal and computer readable storage medium |
-
2023
- 2023-10-17 CN CN202311349207.5A patent/CN117579245A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988313A (en) * | 2020-08-19 | 2020-11-24 | 工银科技有限公司 | Data processing method, device, system and medium for block chain |
CN114466353A (en) * | 2022-02-09 | 2022-05-10 | 号百信息服务有限公司 | App user ID information protection device and method, electronic equipment and storage medium |
CN115189891A (en) * | 2022-07-07 | 2022-10-14 | Oppo广东移动通信有限公司 | Application program login method and device, terminal and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10700861B2 (en) | System and method for generating a recovery key and managing credentials using a smart blockchain contract | |
CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
CN111814133A (en) | Unified login method and device for mobile application | |
CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
CN112491776B (en) | Security authentication method and related equipment | |
CN111212075A (en) | Service request processing method and device, electronic equipment and computer storage medium | |
CN114513350B (en) | Identity verification method, system and storage medium | |
CN111565179B (en) | Identity verification method and device, electronic equipment and storage medium | |
CN110908813B (en) | Intelligent contract calling method, device, system, computer equipment and storage medium | |
CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
US11734455B2 (en) | Blockchain-based data processing method and apparatus, device, and storage medium | |
CN109145651B (en) | Data processing method and device | |
CN114363088A (en) | Method and device for requesting data | |
CN114186206A (en) | Login method and device based on small program, electronic equipment and storage medium | |
CN117527400A (en) | Login authentication method and device, electronic equipment and storage medium | |
CN117097472A (en) | Identity authentication method of collaborative signature | |
CN109818915B (en) | Information processing method and device, server and readable storage medium | |
CN115242402B (en) | Signature method, signature verification method and electronic equipment | |
CN117579245A (en) | Security authentication method, device and storage medium | |
CN104301285A (en) | Method for logging in web system | |
CN105847216A (en) | Identity authentication method and device | |
KR20150104667A (en) | Authentication method | |
CN116318769A (en) | Gateway interception method, device, electronic equipment and storage medium | |
CN116980209A (en) | User authentication method, device, electronic equipment and storage medium | |
CN117670341A (en) | Authentication method, device, equipment and storage medium for payment terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |