CN117792697A - Access authentication method and device - Google Patents
Access authentication method and device Download PDFInfo
- Publication number
- CN117792697A CN117792697A CN202311671374.1A CN202311671374A CN117792697A CN 117792697 A CN117792697 A CN 117792697A CN 202311671374 A CN202311671374 A CN 202311671374A CN 117792697 A CN117792697 A CN 117792697A
- Authority
- CN
- China
- Prior art keywords
- authentication
- admission
- server
- biological characteristics
- random value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 230000001815 facial effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000000605 extraction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000000586 desensitisation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Collating Specific Patterns (AREA)
Abstract
The specification provides an admission authentication method and device. The method comprises the following steps: sending an admission authentication request to a server, wherein the admission authentication request comprises a user identifier; receiving a random value sent by a server; collecting target biological characteristics; comparing the target biological characteristics with registered biological characteristics in a local database through an authenticator, and encrypting the random value by the authenticator according to a private key to obtain an encrypted value if the target biological characteristics are consistent with the registered biological characteristics; the encrypted value is sent to the server.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an admission authentication method and apparatus.
Background
In the prior art, when authentication is performed by using the biological characteristics, the authentication terminal collects the biological characteristics of the user and sends the biological characteristics to the server, and then the server matches the biological characteristics of the user with the biological characteristics stored in advance. If the two are consistent, the user is determined to pass the authentication. However, the biometric stored in the server is at risk of data leakage. In addition, the biometric also risks leakage during network transmission. Once the biometric features leak, not only will the security of the authentication process be compromised, but the privacy of the individual will be exposed.
Disclosure of Invention
In order to overcome the problems in the related art, the present specification provides an admission authentication method and apparatus.
According to a first aspect of embodiments of the present specification, there is provided an admission authentication method applied to an authentication terminal including an authenticator, the method comprising: sending an admission authentication request to a server, wherein the admission authentication request comprises a user identification; receiving a random value sent by a server; collecting target biological characteristics; comparing the target biological characteristics with registered biological characteristics in a local database through an authenticator, and encrypting the random value by the authenticator according to a private key to obtain an encrypted value if the target biological characteristics are consistent with the registered biological characteristics; and sending the encrypted value to a server.
According to a second aspect of embodiments of the present specification, there is provided an admission authentication method applied to a server, the method comprising: receiving an admission authentication request sent by an authentication terminal, wherein the admission authentication request comprises a user identifier; generating a random value according to the admission authentication request; transmitting the random value to the authentication terminal; receiving an encryption value sent by the authentication terminal; decrypting the encrypted value according to the public key corresponding to the user identifier to obtain a decrypted value; and if the decryption value is consistent with the random value, allowing the authentication terminal to access a target network.
According to a third aspect of embodiments of the present specification, there is provided an admission authentication apparatus, the apparatus comprising an authenticator, the apparatus comprising: the system comprises a first sending module, a second sending module and a second sending module, wherein the first sending module is used for sending an admission authentication request to a server, and the admission authentication request comprises a user identifier; the first receiving module is used for receiving the random value sent by the server; the acquisition module is used for acquiring target biological characteristics; the comparison module is used for comparing the target biological characteristics with the registered biological characteristics in the local database through the authenticator, and if the target biological characteristics are consistent with the registered biological characteristics, the authenticator encrypts the random value according to the private key to obtain an encrypted value; and the second sending module is used for sending the encrypted value to the server.
According to a fourth aspect of embodiments of the present specification, there is provided an admission authentication apparatus, the apparatus comprising: the second receiving module is used for receiving an admission authentication request sent by the authentication terminal, wherein the admission authentication request comprises a user identifier; the generation module is used for generating a random value according to the admission authentication request; a third transmitting module, configured to transmit the random value to the authentication terminal; the third receiving module is used for receiving the encryption value sent by the authentication terminal; the decryption module is used for decrypting the encrypted value according to the public key corresponding to the user identifier to obtain a decrypted value; and the admission module is used for allowing the authentication terminal to access the target network if the decryption value is consistent with the random value.
According to a fifth aspect of embodiments of the present specification, there is provided an admission authentication apparatus comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to: sending an admission authentication request to a server, wherein the admission authentication request comprises a user identification; receiving a random value sent by a server; collecting target biological characteristics; comparing the target biological characteristics with registered biological characteristics in a local database through an authenticator, and encrypting the random value by the authenticator according to a private key to obtain an encrypted value if the target biological characteristics are consistent with the registered biological characteristics; and sending the encrypted value to a server.
According to a sixth aspect of embodiments of the present specification, there is provided an admission authentication apparatus comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to: receiving an admission authentication request sent by an authentication terminal, wherein the admission authentication request comprises a user identifier; generating a random value according to the admission authentication request; transmitting the random value to the authentication terminal; receiving an encryption value sent by the authentication terminal; decrypting the encrypted value according to the public key corresponding to the user identifier to obtain a decrypted value; and if the decryption value is consistent with the random value, allowing the authentication terminal to access a target network.
The technical scheme provided by the embodiment of the specification can comprise the following beneficial effects:
in the embodiment of the specification, the biological characteristics of the user are acquired and verified locally at the authentication terminal, are not stored in the server, and are not required to be transmitted in the network, so that the possibility of leakage is reduced, the security of authentication is improved, the effect of desensitizing information can be realized, and the privacy is protected.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a schematic diagram of a system architecture shown in the present specification according to an exemplary embodiment.
Fig. 2 is a flow chart of an admission authentication method according to an exemplary embodiment of the present description.
Fig. 3 is a flow chart of an admission authentication method according to another exemplary embodiment of the present description.
Fig. 4 is a flow chart illustrating another method of admission authentication according to an example embodiment.
Fig. 5 is a flow chart illustrating another method of admission authentication according to an example embodiment.
Fig. 6 is a hardware configuration diagram of a computer device where the admission authentication apparatus is shown in accordance with an exemplary embodiment of the present specification.
Fig. 7 is a block diagram of an admission authentication device according to an exemplary embodiment of the present specification.
Fig. 8 is a block diagram of another admission authentication device according to an exemplary embodiment of the present specification.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present description as detailed in the accompanying claims.
The terminology used in the description presented herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in this specification to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
Next, embodiments of the present specification will be described in detail.
A system architecture to which the admission authentication method and apparatus of the embodiments of the present specification may be applied is described below with reference to fig. 1. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
Fig. 1 is a schematic diagram of a system architecture shown in the present specification according to an exemplary embodiment.
As shown in fig. 1, the system architecture may include, for example, an authentication terminal and a server. The user may interact with the server using an authentication terminal to receive or send messages, etc. The authentication terminal may have various communication client applications installed thereon, such as a business access client, a web browser application, a search class application, an instant messaging tool, a mailbox client and/or social platform software, etc.
The authentication terminal may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server may be a server providing an admission authentication service. The server may authenticate the request based on the received admission, such as an AAA (Authentication, authorization, accounting, authentication, authorization, and accounting) server. The AAA server may be used to process user access requests, provide authentication authorization, and account services.
Optionally, the system architecture may further comprise an access device. An access device may be used to connect an authentication terminal into a network. The access device may be used to forward data such as a request sent by the authentication terminal to the server, or may be used to forward data such as a response sent by the server to the authentication terminal. After the access device authenticates the authentication terminal, the access device may instruct the access device to open a corresponding network port for the authentication terminal, so that the authentication terminal may access the corresponding network.
The admission authentication method provided in the embodiment of the present specification is described in detail below. Fig. 2 is a flowchart of an admission authentication method according to an exemplary embodiment of the present disclosure, and as shown in fig. 2, the admission authentication method provided in the embodiment of the present disclosure may include the following steps.
In step 210, the authentication terminal sends an admission authentication request to the server, the admission authentication request including a user identification.
According to embodiments of the present description, an admission authentication request may be used to request that rights to access a target network be acquired. The target network may be an external network or an internal network. The user identification may be used to identify the user, which may include, for example, a user name, an identification code, etc.
It will be appreciated that the authentication terminal may send the admission authentication request directly to the server or may be forwarded to the server via the access device.
In step 220, the server generates a random value according to the admission authentication request.
According to embodiments of the present description, the server may generate a random value, for example, from a random number algorithm. Illustratively, the server may seed the random number algorithm with the time at which the admission authentication request was received to generate the random value.
The server transmits the random value to the authentication terminal in step 230.
It will be appreciated that the server may send the random value directly to the authentication terminal or may forward it to the authentication terminal via the access device.
In step 240, the authentication terminal collects the target biometric.
According to embodiments of the present description, the target biometric may be a biometric of the target user. The biometric features may include, for example, at least one of facial features, fingerprint features, voiceprint features, iris features. In this embodiment, the authentication terminal may collect a face image of the target user through the camera, and then perform feature extraction on the face image to obtain a face feature as the target biometric feature.
Alternatively, the authentication terminal may include an authenticator. The authenticator can call the biological characteristic collection function to collect the biological characteristics of the user, thereby improving the safety. The authenticator may include, for example, a Fido (Fast Identity Online, online quick identity verification service) authenticator.
In step 250, the authentication terminal compares the target biometric feature with the registered biometric feature in the local database through the authenticator, and if the target biometric feature is consistent with the registered biometric feature, the authenticator encrypts the random value according to the private key to obtain an encrypted value.
According to embodiments of the present description, the registered biometric may be a biometric of the registered user. In this embodiment, the authenticator may register the registered user in advance, generate a private key and a public key for the registered user, store the private key and the biometric feature of the registered user in the local database, and send the public key to the server.
The authentication terminal transmits the encrypted value to the server in step 260.
It will be appreciated that the authentication terminal may send the encrypted value directly to the server or may be forwarded to the server via the access device.
In step 270, the server decrypts the encrypted value according to the public key corresponding to the user identifier, and obtains a decrypted value. If the decrypted value is consistent with the random value, the authentication terminal is allowed to access the target network.
According to the embodiment of the specification, if the decryption value is consistent with the random value, the authentication is allowed to access the target network according to the authority corresponding to the user through the admission authentication. In addition, the server may also send a notification of authentication success to the authentication terminal. If the decrypted value is consistent with the random value, the user does not admit authentication, and the server can send a notification of authentication failure to the authentication terminal.
It will be appreciated that the server may send a notification of authentication success or authentication failure directly to the authentication terminal, or may be forwarded to the authentication terminal via the access device.
According to the admission authentication method of the embodiment of the specification, the authentication terminal unlocks the private key by locally verifying the biological characteristics, encrypts the random value issued by the server by using the private key, and returns the obtained encrypted value to the server for verification. Therefore, the biological characteristics of the user are acquired and verified locally at the authentication terminal and are not stored in the server or transmitted in the network, so that the possibility of leakage is reduced, the security of authentication is improved, the effect of information desensitization can be realized, and the privacy is protected.
Alternatively, the authentication terminal may collect the target biometric first and compare the target biometric with the registered biometric in the local database through the authenticator. If the target biometric matches the registered biometric, then an admission authentication request is sent to the server. If the target biometric does not agree with the registered biometric, no admission authentication request is sent to the server.
Fig. 3 is a flowchart of an admission authentication method according to another exemplary embodiment of the present disclosure, and as shown in fig. 3, the admission authentication method provided in the embodiment of the present disclosure may further include the following steps 310 to 340 on the basis of the foregoing embodiment. Steps 310-340 may be performed, for example, prior to step 210 described above.
In step 310, the authentication terminal collects registered biological characteristics and stores the registered biological characteristics in a local database;
according to embodiments of the present description, the registered biometric may be a biometric of the registered user. The biometric features may include, for example, at least one of facial features, fingerprint features, voiceprint features, iris features. The authentication terminal can collect a face image of the target user through a camera, and then perform feature extraction on the face image to obtain a face feature serving as a target biological feature.
In this embodiment, the authentication terminal may collect a face image of the registered user through the camera, and then perform feature extraction on the face image to obtain a face feature as the registered biometric feature.
Optionally, the authenticator in the authentication terminal may invoke a biometric acquisition function to acquire the biometric of the registered user and store it in a local database, thereby improving security. The authenticator may include, for example, a Fido (Fast Identity Online, online quick identity verification service) authenticator.
In step 320, the authentication terminal generates a public key and a private key through the authenticator and stores the private key to the local database.
According to embodiments of the present description, an authenticator may generate a corresponding public key and private key for each registered user. The data encrypted by the private key may be decrypted by the public key. The private key may be stored in a local database and the public key may be sent to the server.
In step 330, the authentication terminal sends a registration request to the server, the registration request including a user identification and a public key.
According to embodiments of the present description, a registration request may be used to register user information in a server. The server can thereby authorize the user to access the corresponding network based on the user information.
In step 340, the server receives the registration request sent by the authentication terminal, and binds the user identifier and the public key.
According to embodiments of the present description, for each registered user, the server may bind the user identification of the registered user with the public key for use in subsequent admission authentication.
Alternatively, after the registration is successful, the server may send a notification of the registration success to the authentication terminal.
Optionally, after generating the public key and the private key, the authentication terminal may also update the public key and the private key. For example, the authentication terminal generates a new public key and a new private key at predetermined intervals by the authenticator, and replaces the new private key with the private key in the local database. The predetermined time may be set according to actual needs, and may be a fixed value or a random value. The authentication terminal may then send an information update request to the server, the information update request including the user identification and the new public key. After receiving the information update request sent by the authentication terminal, the server may delete the public key bound to the user identifier and bind the user identifier to the new public key.
According to the embodiment of the specification, the public key and the private key are updated by the authenticator regularly, so that the probability of leakage of the public key and the private key can be reduced, and the authentication security is improved.
Optionally, the server can also perform double authentication of the password and the secret key on the user, so that the security is further improved. Based on this, the authentication terminal may include a registration password in addition to the user identification and the public key when transmitting a registration request to the server. After receiving the registration request, the server may bind the user identification, the password, and the public key.
Correspondingly, when the authentication terminal initiates the admission authentication to the server, the admission authentication request may further include a target password. The server may compare the registration password corresponding to the user identification with the target password, and generate a random value if the registration password is consistent with the target password. If the registered password is inconsistent with the target password, a random value is not generated, and the subsequent authentication flow is terminated.
Another admission authentication method of the embodiments of the present specification is described below with reference to fig. 4, 5 and the specific embodiments.
Illustratively, in this embodiment, the server may be an AAA server, and the authenticator may be a Fido authenticator. The biometric feature may be a facial feature.
Fig. 4 is a flow chart illustrating another method of admission authentication according to an example embodiment.
As shown in fig. 4, according to an embodiment of the present specification, when a user registers for the first time, a user identification and a password may be input through an authentication terminal, and a registration procedure is triggered. The Fido authenticator can call the camera to collect the face features of the user and store the face features to the local database. Additionally, the authenticator may generate a public key and a private key, storing the private key to the local database. The authentication terminal sends a registration request to the access device, the registration request including a user identification and a public key. The access device initiates Radius authentication to the AAA server according to the registration request.
The AAA server binds the user identification, the password and the public key and generates a registration success notification. And sending a registration success notification to the access device. The access device forwards the registration success notification to the authentication terminal.
Fig. 5 is a flow chart illustrating another method of admission authentication according to an example embodiment.
As shown in fig. 5, when performing admission authentication, the authentication terminal may send an admission authentication request to the access device, where the admission authentication request includes a user identifier. The access device forwards the admission authentication request to the AAA server.
The AAA server generates a random number challenge according to the authentication request. The challenge is then sent to the access device. The access device forwards the challenge to the authentication terminal.
The Fido authenticator in the authentication terminal invokes the camera to collect the facial features of the user. And then the Fido authenticator compares the face information with the face information in the local database, if the face information and the face information are consistent, the private key is unlocked, and the challenge value is encrypted by the Fido authenticator by using the private key to obtain an encrypted value. The encrypted value is sent to the access device.
The access device forwards the encrypted value to the AAA server. The AAA server decrypts the encrypted value by using the public key to obtain a decrypted value. And comparing the decrypted value with the random value, and if the decrypted value and the random value are consistent, sending an authentication success notification to the access equipment so as to authorize the authentication terminal to access the target network.
The access device sends an authentication success notice to the authentication terminal and opens a network port for the authentication terminal so that the authentication terminal can access the target network.
Corresponding to the embodiments of the foregoing method, the present specification also provides embodiments of the admission authentication device and the terminal to which it is applied.
The embodiments of the admission authentication device of the present specification may be applied to a computer device, such as a server or a terminal device. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. Taking software implementation as an example, the device in a logic sense is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory through a processor of the file processing where the device is located. In terms of hardware, as shown in fig. 6, a hardware structure diagram of a computer device where the authentication device is located in the embodiment of the present disclosure is shown in fig. 6, and in addition to the processor 610, the memory 630, the network interface 620, and the nonvolatile memory 640, a server or an electronic device where the device 631 is located in the embodiment of the present disclosure may further include other hardware according to an actual function of the computer device, which is not described herein.
As shown in fig. 7, fig. 7 is a block diagram of an admission authentication apparatus according to an exemplary embodiment of the present specification, the apparatus comprising:
a first sending module 710, configured to send an admission authentication request to a server, where the admission authentication request includes a user identifier;
a first receiving module 720, configured to receive a random value sent by the server;
an acquisition module 730 for acquiring a target biological feature;
the comparison module 740 is configured to compare, by using the authenticator, the target biometric characteristic with the registered biometric characteristic in the local database, and if the target biometric characteristic is consistent with the registered biometric characteristic, the authenticator encrypts the random value according to the private key to obtain an encrypted value;
the second sending module 750 is configured to send the encrypted value to the server.
Optionally, the apparatus may further include:
the registration acquisition module is used for acquiring registration biological characteristics and storing the registration biological characteristics into the local database;
the storage module is used for generating a public key and a private key through the authenticator and storing the private key to the local database;
and the registration request module is used for sending a registration request to the server, wherein the registration request comprises the user identification and the public key.
Optionally, the apparatus may further include:
the key updating module is used for generating a new public key and a new private key at intervals of preset time through the authenticator and replacing the new private key with the private key in the local database;
and the updating request module is used for sending an information updating request to the server, wherein the information updating request comprises the user identification and the new public key.
Optionally, the registration request may further include a registration password, and the admission authentication request further includes a target password.
As shown in fig. 8, fig. 8 is a block diagram of another admission authentication apparatus shown in the present specification according to an exemplary embodiment, the apparatus including:
a second receiving module 810, configured to receive an admission authentication request sent by an authentication terminal, where the admission authentication request includes a user identifier;
a generating module 820, configured to generate a random value according to the admission authentication request;
a third transmitting module 830, configured to transmit the random value to the authentication terminal;
a third receiving module 840, configured to receive the encrypted value sent by the authentication terminal;
a decryption module 850, configured to decrypt the encrypted value according to the public key corresponding to the user identifier, to obtain a decrypted value;
an admission module 860 for allowing the authentication terminal to access the target network if the decrypted value coincides with the random value.
Optionally, the apparatus may further include:
a fourth receiving module, configured to receive a registration request sent by the authentication terminal, where the registration request includes a user identifier and a public key;
and the first binding module is used for binding the user identification and the public key.
Optionally, the apparatus may further include:
a fifth receiving module, configured to receive an information update request sent by the authentication terminal, where the information update request includes a user identifier and a new public key;
and the updating module is used for deleting the public key bound with the user identifier and binding the user identifier with the new public key.
Optionally, the registration request may further include a registration password, and the apparatus may further include:
and the second binding module is used for binding the user identifier and the password.
Correspondingly, the admission authentication request may further include a target password, and the generating module may include:
and the generation sub-module is used for comparing the registered password corresponding to the user identifier with the target password, and generating a random value if the registered password is consistent with the target password.
According to the admission authentication device of the embodiment of the specification, the authentication terminal unlocks the private key by locally verifying the biological characteristics, encrypts the random value issued by the server by using the private key, and returns the obtained encrypted value to the server for verification. Therefore, the biological characteristics of the user are acquired and verified locally at the authentication terminal and are not stored in the server or transmitted in the network, so that the possibility of leakage is reduced, the security of authentication is improved, the effect of information desensitization can be realized, and the privacy is protected.
Correspondingly, the specification also provides an admission authentication device, which comprises a processor; a memory for storing processor-executable instructions; wherein the processor is configured to: sending an admission authentication request to a server, wherein the admission authentication request comprises a user identifier; receiving a random value sent by a server; collecting target biological characteristics; comparing the target biological characteristics with registered biological characteristics in a local database through an authenticator, and encrypting the random value by the authenticator according to a private key to obtain an encrypted value if the target biological characteristics are consistent with the registered biological characteristics; the encrypted value is sent to the server.
The specification also provides another admission authentication device, which comprises a processor; a memory for storing processor-executable instructions; wherein the processor is configured to: receiving an admission authentication request sent by an authentication terminal, wherein the admission authentication request comprises a user identifier; generating a random value according to the admission authentication request; transmitting the random value to the authentication terminal; receiving an encrypted value sent by an authentication terminal; decrypting the encrypted value according to the public key corresponding to the user identifier to obtain a decrypted value; if the decrypted value is consistent with the random value, the authentication terminal is allowed to access the target network.
The implementation process of the functions and roles of each module in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present description. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It is to be understood that the present description is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The foregoing description of the preferred embodiments is provided for the purpose of illustration only, and is not intended to limit the scope of the disclosure, since any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the disclosure are intended to be included within the scope of the disclosure.
Claims (10)
1. An admission authentication method, applied to an authentication terminal, the authentication terminal including an authenticator, the method comprising:
sending an admission authentication request to a server, wherein the admission authentication request comprises a user identification;
receiving a random value sent by a server;
collecting target biological characteristics;
comparing the target biological characteristics with registered biological characteristics in a local database through an authenticator, and encrypting the random value by the authenticator according to a private key to obtain an encrypted value if the target biological characteristics are consistent with the registered biological characteristics;
and sending the encrypted value to a server.
2. The method according to claim 1, wherein the method further comprises:
collecting registered biological characteristics and storing the registered biological characteristics into a local database;
generating a public key and a private key through an authenticator, and storing the private key to a local database;
a registration request is sent to a server, the registration request including a user identification and a public key.
3. The method according to claim 2, wherein the method further comprises:
generating a new public key and a new private key at intervals of preset time by an authenticator, and replacing the new private key with the private key in a local database;
and sending an information update request to the server, wherein the information update request comprises the user identification and the new public key.
4. The method of claim 2, wherein the registration request further comprises a registration password and the admission authentication request further comprises a target password.
5. An admission authentication method, applied to a server, comprising:
receiving an admission authentication request sent by an authentication terminal, wherein the admission authentication request comprises a user identifier;
generating a random value according to the admission authentication request;
transmitting the random value to the authentication terminal;
receiving an encryption value sent by the authentication terminal;
decrypting the encrypted value according to the public key corresponding to the user identifier to obtain a decrypted value;
and if the decryption value is consistent with the random value, allowing the authentication terminal to access a target network.
6. The method of claim 5, wherein the method further comprises:
receiving a registration request sent by an authentication terminal, wherein the registration request comprises a user identifier and a public key;
binding the user identification and the public key.
7. The method of claim 5, wherein the method further comprises:
receiving an information updating request sent by the authentication terminal, wherein the information updating request comprises a user identifier and a new public key;
deleting the public key bound with the user identifier and binding the user identifier with the new public key.
8. The method of claim 6, wherein the registration request further comprises a registration password, the method further comprising:
binding the user identifier and the password;
the admission authentication request further includes a target password, and the generating a random value according to the admission authentication request includes:
and comparing the registration password corresponding to the user identifier with the target password, and generating a random value if the registration password is consistent with the target password.
9. An admission authentication apparatus, the apparatus comprising an authenticator, the apparatus comprising:
the system comprises a first sending module, a second sending module and a second sending module, wherein the first sending module is used for sending an admission authentication request to a server, and the admission authentication request comprises a user identifier;
the first receiving module is used for receiving the random value sent by the server;
the acquisition module is used for acquiring target biological characteristics;
the comparison module is used for comparing the target biological characteristics with the registered biological characteristics in the local database through the authenticator, and if the target biological characteristics are consistent with the registered biological characteristics, the authenticator encrypts the random value according to the private key to obtain an encrypted value;
and the second sending module is used for sending the encrypted value to the server.
10. An admission authentication apparatus, the apparatus comprising:
the second receiving module is used for receiving an admission authentication request sent by the authentication terminal, wherein the admission authentication request comprises a user identifier;
the generation module is used for generating a random value according to the admission authentication request;
a third transmitting module, configured to transmit the random value to the authentication terminal;
the third receiving module is used for receiving the encryption value sent by the authentication terminal;
the decryption module is used for decrypting the encrypted value according to the public key corresponding to the user identifier to obtain a decrypted value;
and the admission module is used for allowing the authentication terminal to access the target network if the decryption value is consistent with the random value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311671374.1A CN117792697A (en) | 2023-12-07 | 2023-12-07 | Access authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311671374.1A CN117792697A (en) | 2023-12-07 | 2023-12-07 | Access authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117792697A true CN117792697A (en) | 2024-03-29 |
Family
ID=90389814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311671374.1A Pending CN117792697A (en) | 2023-12-07 | 2023-12-07 | Access authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117792697A (en) |
-
2023
- 2023-12-07 CN CN202311671374.1A patent/CN117792697A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3343831B1 (en) | Identity authentication method and apparatus | |
| CN109325342B (en) | Identity information management method, device, computer equipment and storage medium | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| US5864667A (en) | Method for safe communications | |
| CN1224213C (en) | Method for issuing an electronic identity | |
| US8335925B2 (en) | Method and arrangement for secure authentication | |
| CN110706379B (en) | Access control method and device based on block chain | |
| EP2893484B1 (en) | Method and system for verifying an access request | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN109688133B (en) | Communication method based on account login free | |
| US20040266395A1 (en) | Process for securing a mobile terminal and applications of the process for executing applications requiring a high degree of security | |
| US20020062452A1 (en) | Countering credentials copying | |
| JPH11507451A (en) | System for detecting unauthorized account access | |
| CN106789024B (en) | A kind of remote de-locking method, device and system | |
| CN113886771A (en) | Software authorization authentication method | |
| US10348496B2 (en) | Method for leveraging a secure telecommunication session | |
| US10333707B1 (en) | Systems and methods for user authentication | |
| US20140052992A1 (en) | Response to Queries by Means of the Communication Terminal of a User | |
| US11653207B2 (en) | Automatic authentication of wireless devices | |
| CN111917711B (en) | Data access method and device, computer equipment and storage medium | |
| CN114006700A (en) | Client login method and device, computer equipment and storage medium | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application | |
| US11671475B2 (en) | Verification of data recipient | |
| CN117792697A (en) | Access authentication method and device | |
| JP2003518283A (en) | Hardware token self-registration process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |