CN110266657A - Authentication method and device, resource access method and device, storage medium - Google Patents
Authentication method and device, resource access method and device, storage medium Download PDFInfo
- Publication number
- CN110266657A CN110266657A CN201910464728.2A CN201910464728A CN110266657A CN 110266657 A CN110266657 A CN 110266657A CN 201910464728 A CN201910464728 A CN 201910464728A CN 110266657 A CN110266657 A CN 110266657A
- Authority
- CN
- China
- Prior art keywords
- information
- equipment
- session voucher
- session
- voucher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000012545 processing Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 11
- 210000001503 joint Anatomy 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000002452 interceptive effect Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of authentication method and devices, resource access method and device, storage medium and electronic device, wherein, this method comprises: obtaining the first certification request from the first equipment, wherein, the second identifier information for the second equipment that first identifier information, the first biological information and first device request that first certification request carries first equipment access;The second biological information corresponding with the first identifier information is obtained from database;In the case where determining second biological information and first biometric information matches, the first session voucher information is generated;The first session voucher information is returned into first equipment, and the first session voucher information is sent to by second equipment based on the second identifier information.Through the invention, it solves the problems, such as to may result in the leakage of biological information present in the relevant technologies and authenticated time is long.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of authentication method and device, resource access method and
Device, storage medium and electronic device.
Background technique
In the related art, the resource access registrar mode of used conventional equipment is as follows: being stored with resource
Storage equipment can obtain in advance biological information and be stored, in subsequent progress resource access, the storage equipment
Can acquire the biological information of the requestor requested access to again, and by subsequent acquisition to biological information with obtain in advance
The biological information got is compared, and comparison result is more than that certain threshold value then authenticates success, and requestor is allowed for carry out
Store the access of the resource in equipment.
But above-mentioned authentication mode is confined to the self identity of storage equipment, and every storage equipment is required in advance
The biological information for storing visitor, it is possible to will lead to the leakage of biological information, in addition, using above-mentioned ratio
When authenticating to the mode of biological information, comparison time is longer, and then the problem for causing authenticated time long.
For the above problem present in the relevant technologies, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of authentication method and devices, resource access method and device, storage medium
And electronic device, at least to solve the leakage and the authenticated time that may result in biological information present in the relevant technologies
Long problem.
According to one embodiment of present invention, a kind of authentication method is provided, comprising: obtain from the first equipment
First certification request, wherein it is special that first certification request carries the first identifier information of first equipment, the first biology
The second identifier information of reference breath and the second equipment of first device request access;It is obtained from database and described the
Corresponding second biological information of one identification information, wherein corresponding record has identification information and biology special in the database
Reference breath;In the case where determining second biological information and first biometric information matches, first is generated
Session voucher information;The first session voucher information is returned into first equipment, and is believed based on the second identifier
The first session voucher information is sent to second equipment by breath, to indicate that second equipment is based on first session
Credential information recognizes the access request of the access for requesting the resource stored in progress second equipment received
Card processing.
According to another embodiment of the invention, a kind of resource access method is additionally provided, comprising: receive and set from first
The standby access request for being used to request to carry out resource access, wherein the meeting of first equipment is carried in the access request
Talk about voucher;When being stored with target session voucher corresponding with the session voucher of first equipment in determining the second equipment, permit
Perhaps described first equipment carries out the resource access of the resource in second equipment, wherein the target session voucher is described
Entrained information, first session in the first session voucher information from authentication center that second equipment is previously received
Credential information is that there are be sent to the authentication center with first equipment in determining database for the authentication center
Second equipment is handed down in the case where second biological information of the first biometric information matches.
According to another embodiment of the invention, a kind of authentication apparatus is additionally provided, comprising: first obtains module,
For obtaining the first certification request from the first equipment, wherein first certification request carries first equipment
The second identifier letter of second equipment of first identifier information, the first biological information and first device request access
Breath;Second obtains module, for obtaining the second biological information corresponding with the first identifier information from database,
In, corresponding record has identification information and biological information in the database;Generation module, for determining that described second is raw
In the case where object characteristic information and first biometric information matches, the first session voucher information is generated;Sending module is used
In the first session voucher information is returned to first equipment, and based on the second identifier information by described first
Session voucher information is sent to second equipment, to indicate that second equipment is based on the first session voucher information butt joint
The access request of the access for requesting to carry out the resource stored in second equipment received carries out authentication processing.
According to another embodiment of the invention, a kind of resource access method is additionally provided, comprising: receiving module is used for
Receive the access request for being used to request to carry out resource access from the first equipment, wherein carry in the access request
State the session voucher of the first equipment;Processing module, for being stored with the session with first equipment in determining the second equipment
When the corresponding target session voucher of voucher, the resource for allowing first equipment to carry out the resource in second equipment is accessed,
Wherein, the target session voucher is the first session voucher information from authentication center that second equipment is previously received
In entrained information, the first session voucher information is that there are with described the in determining database for the authentication center
One equipment issues in the case where being sent to the second biological information of the first biometric information matches of the authentication center
To second equipment.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, meter is stored in the storage medium
Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to still another embodiment of the invention, a kind of electronic device, including memory and processor are additionally provided, it is described
Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described
Step in embodiment of the method.
Through the invention, be session voucher information is generated by specific equipment, and send it to access equipment and
Resource storing devices, so that resource storing devices only determine whether access equipment by comparing session voucher information
Resource access is carried out, to be not necessarily to store the biological information of visitor in resource storing devices, and relative to biology
The comparison of characteristic information can reduce the time that session voucher information is compared, therefore can be too long to avoid authenticated time
Problem effectively solves to may result in the leakage of biological information and asking for authenticated time length present in the relevant technologies
Topic.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of authentication method according to an embodiment of the present invention;
Fig. 2 is the storage operation chart of information to be stored according to an embodiment of the present invention;
Fig. 3 is the flow chart of resource access method according to an embodiment of the present invention;
Fig. 4 is resource access registrar process flow diagram according to an embodiment of the present invention;
Fig. 5 is the structural block diagram of authentication apparatus according to an embodiment of the present invention;
Fig. 6 is the structural block diagram of resource access device according to an embodiment of the present invention.
Specific embodiment
Hereinafter, the present invention will be described in detail with reference to the accompanying drawings and in combination with Examples.It should be noted that not conflicting
In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.
A kind of authentication method is provided in the present embodiment, and Fig. 1 is authentication processing side according to an embodiment of the present invention
The flow chart of method, as shown in Figure 1, the process includes the following steps:
S102 obtains the first certification request from the first equipment, wherein first certification request carries described the
The second of the second equipment that first identifier information, the first biological information and first device request of one equipment access
Identification information;
S104 obtains the second biological information corresponding with the first identifier information, wherein described from database
Corresponding record has identification information and biological information in database;
S106 is raw in the case where determining second biological information and first biometric information matches
At the first session voucher information;
The first session voucher information is returned to first equipment, and is believed based on the second identifier by S108
The first session voucher information is sent to second equipment by breath, to indicate that second equipment is based on first session
Credential information recognizes the access request of the access for requesting the resource stored in progress second equipment received
Card processing.
Wherein, execute above steps can be authentication center or similar devices, that is, can by authentication center come
Session voucher information is generated, and then realizes the resource access of equipment both sides according to the session voucher information of generation.In above-mentioned reality
Apply in example, the quantity of the second equipment of the first device request access can be one, it is of course also possible to be it is multiple, set when second
When standby quantity is multiple, multiple second identifier information for corresponding respectively to each second equipment can be carried in the first certification request,
In this case, when generating session voucher information, each second equipment can be corresponded to and generate a session voucher information respectively,
Wherein correspond to that the session voucher information that each second equipment generates respectively may be the same or different or part is identical
Part is different.
In the above-described embodiments, be by specific equipment (for example, above-mentioned mentioned authentication center) Lai Shengcheng session with
Information is demonstrate,proved, and sends it to access equipment and resource storing devices, so that resource storing devices, which only pass through, compares meeting
Credential information is talked about to determine whether that access equipment carries out resource access, thus without storing access in resource storing devices
The biological information of person, and the comparison relative to biological information, the time meeting that session voucher information is compared
It reduces, therefore problem that can be too long to avoid authenticated time, effectively solves to may result in biological spy present in the relevant technologies
The leakage of reference breath and the problem of authenticated time length.
In an alternative embodiment, before obtaining the first certification request from the first equipment, the method is also
It include: to obtain the information to be stored from the first equipment, wherein the information to be stored includes the first identifier information, institute
State the second biological information and authority information corresponding with second biological information;By described wait store in information
Including information correspondence store into the database.It in the present embodiment, can be by authentication center by the band of the first equipment
Information storage is stored into database;Optionally, in practical applications, the first equipment can also be directly by above-mentioned information to be stored
It stores in database.In the above-described embodiments, authority information corresponding with the second biological information, which can be, pre-enters
Into the first equipment, the type for being also possible to the first equipment based on the collector for carrying out collecting biological feature information is determined
, for example, first equipment can connect the collector of multiple types, the biological information of different types of collector acquisition
Corresponding authority information is different, and the first equipment is after having determined the collector for carrying out collecting biological feature information
To obtain corresponding authority information.The first equipment is directly executed with reference to the accompanying drawing and stores information to be stored to data
Operation in library is illustrated:
Fig. 2 is the storage operation chart of information to be stored according to an embodiment of the present invention, as shown in Fig. 2, including as follows
Step:
S202, the collector carried by the first equipment acquire the biological information of legitimate user (corresponding to above-mentioned
Second biological information);
S204, by the first equipment upload collected biological information, the first equipment unique identification and with this
The corresponding authority information of collected biological information is to database.
In an alternative embodiment, second biological information and first biological information are being determined
In matched situation, generating the first session voucher information includes: to determine second biological information and first life
In the matched situation of object characteristic information, session voucher and session voucher age information are generated, wherein the session voucher timeliness
Information is used to indicate the validity period of the session voucher.In the present embodiment, can be set for session voucher certain validity period,
Show that the session voucher has failed later more than the validity period, and then progress resource access can not just be gone to recognize using the session voucher
Card.In the present embodiment, when the first session voucher is sent to the first equipment, session voucher age information can be sent together
To the first equipment, a timing can be arranged in the first equipment after receiving the session voucher age information inside oneself
Device, after duration indicated by session voucher fail message to be achieved, which, which can execute, is deleted in first equipment
The processing of first session voucher of storage similarly can also be executed in the second equipment and be processed similarly.
In an alternative embodiment, the method also includes: from database obtain with second biological characteristic
The corresponding authority information of information, wherein corresponding record has identification information, biological information and permission letter in the database
Breath;Authority information corresponding with second biological information is sent to second equipment, to indicate that described second sets
The standby power for determining request based on authority information corresponding with second biological information and carrying out the visitor of resource access
Limit.In the present embodiment, visitor (that is, the visitor for having above-mentioned second biological information) is when carrying out resource access,
It is to have certain access limitation, that is to say, that visitor may be only capable of the part resource in the second equipment of access, in the situation
Under, the second equipment can limit the access of visitor based on authority information.
In routine operation, using by comparing registration security password and authenticating whether secure password is consistent to be awarded
In the processing of power, the password information of password generated equipment generation need to be stored, user needs user to be situated between in authorization authenticating device
Enter and input password information, and the password information has been stored in equipment and remains unchanged after application for registration and application authentication,
If the password information is revealed, illegal user's still accessible equipment.In view of the above-mentioned problems, in embodiments of the present invention, dividing
What the session voucher matched was randomly generated, and there is certain timeliness, the session voucher furthermore generated every time can be
Inconsistent, thus, it is possible to make attacker that can not guess session voucher, to guarantee secure session.Based on above-mentioned purpose,
In an optional embodiment, the above method further include: obtain the second certification request from the first equipment, wherein described the
Two certification requests carry the first identifier information, first biological information and the second identifier information;From
Second biological information is obtained in database;Determining second biological information and first biological characteristic
In the case where information matches, the second session voucher information is generated, wherein the second session voucher information and first session
Credential information is different;The second session voucher information is returned into first equipment, and is believed based on the second identifier
The second session voucher information is sent to second equipment by breath, to indicate that second equipment is based on second session
Credential information carries out authentication processing to the access request for being used to request to carry out resource access received.
A kind of resource access method is additionally provided in the present embodiment, and Fig. 3 is resource access according to an embodiment of the present invention
The flow chart of method, as shown in figure 3, the process includes the following steps:
S302 receives the access request for being used to request to carry out resource access from the first equipment, wherein the access is asked
The session voucher of first equipment is carried in asking;
S304 is stored with target session voucher corresponding with the session voucher of first equipment in determining the second equipment
When, the resource for allowing first equipment to carry out the resource in second equipment accesses, wherein the target session voucher is
Entrained information in the first session voucher information from authentication center that second equipment is previously received, described first
Session voucher information is that there are be sent in the certification with first equipment in determining database for the authentication center
Second equipment is handed down in the case where second biological information of the first biometric information matches of the heart.
Wherein, execute aforesaid operations can be the second equipment, that is, be stored with the storage equipment of resource.
In the above-described embodiments, be by specific equipment (for example, above-mentioned mentioned authentication center) Lai Shengcheng session with
Information is demonstrate,proved, and sends it to access equipment and resource storing devices, so that resource storing devices, which only pass through, compares meeting
Credential information is talked about to determine whether that access equipment carries out resource access, thus without storing access in resource storing devices
The biological information of person, and the comparison relative to biological information, the time meeting that session voucher information is compared
It reduces, therefore problem that can be too long to avoid authenticated time, effectively solves to may result in biological spy present in the relevant technologies
The leakage of reference breath and the problem of authenticated time length.
In an alternative embodiment, it from the first equipment is used to that the access for carrying out resource access to be requested to be asked in reception
Before asking, the method also includes: the first session voucher information from the authentication center is received in second equipment;
Obtain the target session voucher carried in the first session voucher information.
In an alternative embodiment, in second equipment receive the first session from the authentication center with
After demonstrate,proving information, the method also includes: what is carried in acquisition the first session voucher information is used to indicate the target meeting
Talk about the target session voucher age information of the validity period of voucher;The meeting with first equipment is stored in determining the second equipment
When talking about the corresponding target session voucher of voucher, before allowing first equipment to carry out resource access, the method also includes: according to
Confirm whether the target session voucher is effective according to the target session voucher age information, is confirming the target session voucher
In effective situation, whether it is stored in determining second equipment of triggering execution corresponding with the session voucher of first equipment
Target session voucher processing.
In an alternative embodiment, according to the target session voucher age information confirm the target session with
After whether card is effective, the method also includes: in the case where confirming that the target session voucher is invalid, delete described second
The target session voucher stored in equipment.As being stated in previous embodiment, second equipment is accepted as unavoidable receiving
When the target session voucher at card center and corresponding target session voucher age information, target session voucher age information can be based on
Timer is arranged in the indicated period, after timer then after, delete the target session voucher that stores in the second equipment.
In an alternative embodiment, in second equipment receive the first session from the authentication center with
After demonstrate,proving information, the method also includes: it obtains carrying with second biological characteristic in the first session voucher information
The corresponding authority information of information;Allowing first equipment to carry out resource access includes: to be based on believing with second biological characteristic
Corresponding authority information is ceased to determine the scope of resource for allowing first equipment to access, and control first equipment in institute
It states and carries out resource access in scope of resource.
Combined with specific embodiments below, overall description is carried out to resource access registrar process flow:
Fig. 4 is resource access registrar process flow diagram according to an embodiment of the present invention, as shown in figure 4, including the following steps:
S402: user is carried when carrying out the access of equipment room resource by equipment 1 (corresponding to the first equipment above-mentioned)
Collector acquires user biological characteristic information (corresponding to the first biological information above-mentioned);
S404: equipment 1 uploads collected biological information, equipment unique identification (corresponds to first identifier above-mentioned
Information) and interactive device information (correspond to second identifier information above-mentioned) to authentication center;
S406: authentication center obtains the correspondence biological characteristic stored in database letter as index by equipment unique identification
Breath (corresponds to the second biological information above-mentioned);
S408: the biological information that database return retrieves to authentication center;
S410: authentication center is compared by biological characteristic and is serviced, and is returned to collected biological information, database
Biological information is compared, comparison pass through after then by session voucher generate at random service creation session voucher, session with
The information such as timeliness are demonstrate,proved, and the information such as the session voucher and session voucher timeliness are returned safely by session voucher synchronous service
To equipment 1, and in the session voucher timeliness phase, session voucher is effective, otherwise will be deleted session voucher;
S412: the interactive device information that authentication center uploads according to equipment 1 (includes the necessary mailing address letter of interactive device
Breath), and session voucher, session voucher timeliness, authority information etc. are safely issued to interactive device 2 by session voucher synchronous service
(corresponding to the second equipment above-mentioned), and in the session voucher timeliness phase, session voucher is effective, otherwise deletes session voucher;
S414: equipment 1 safely carries session voucher in subsequent interactive signaling and initiates request to equipment 2 to request access to
2 resource of equipment, session voucher that equipment 2 carries equipment 1 by session voucher authentication service, itself preparatory received session with
Card is compared, and whether has the resource access authority by then further authenticating device 1, passes through then normal response.
In an alternative embodiment, the first above-mentioned equipment may include hard disk video recorder, and hard disk camera is used for
Manage at least one of hard disk video recorder and/or the management platform of video camera;The second above-mentioned equipment also may include hard disk
Video recorder, hard disk camera, for managing at least one of the management platform of hard disk video recorder and/or video camera.First sets
Standby and the second equipment type may be the same or different.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
A kind of authentication apparatus is additionally provided in the present embodiment, and the device is real for realizing above-described embodiment and preferably
Mode is applied, the descriptions that have already been made will not be repeated.As used below, the soft of predetermined function may be implemented in term " module "
The combination of part and/or hardware.Although device described in following embodiment is preferably realized with software, hardware, or
The realization of the combination of software and hardware is also that may and be contemplated.
Fig. 5 is the structural block diagram of authentication apparatus according to an embodiment of the present invention, as shown in figure 5, the device includes:
First obtains module 52, for obtaining the first certification request from the first equipment, wherein first certification is asked
Ask the first identifier information for carrying first equipment, the first biological information and first device request access
The second identifier information of second equipment;Second obtains module 54, for obtaining and the first identifier information pair from database
The second biological information answered, wherein corresponding record has identification information and biological information in the database;Generate mould
Block 56, for determining second biological information and in the case where first biometric information matches, generating the
One session credential information;Sending module 58, for the first session voucher information to be returned to first equipment, Yi Jiji
The first session voucher information is sent to second equipment in the second identifier information, to indicate second equipment
The access for being used to request to carry out the resource stored in second equipment received based on the first session voucher information butt joint
Access request carry out authentication processing.
In an alternative embodiment, the authentication apparatus is also used to obtaining first recognizing from the first equipment
Before card request, the information to be stored from the first equipment is obtained, wherein the information to be stored includes the first identifier letter
Breath, second biological information and authority information corresponding with second biological information;By described wait store
The information correspondence for including in information is stored into the database.
In an alternative embodiment, the generation module 56 can generate the first session voucher letter in the following way
Breath: in the case where determining second biological information and first biometric information matches, session voucher is generated
And session voucher age information, wherein the session voucher age information is used to indicate the validity period of the session voucher.
In an alternative embodiment, the authentication apparatus is also used to: being obtained and described second from database
The corresponding authority information of biological information, wherein in the database corresponding record have identification information, biological information with
And authority information;Authority information corresponding with second biological information is sent to second equipment, to indicate
It states the second equipment and determines that request carries out the visit of resource access based on authority information corresponding with second biological information
The permission for the person of asking.
In an alternative embodiment, the authentication apparatus is also used to: being obtained second from the first equipment and is recognized
Card request, wherein second certification request carries the first identifier information, first biological information and institute
State second identifier information;Second biological information is obtained from database;Determining second biological information
In the case where first biometric information matches, the second session voucher information is generated, wherein second session voucher
Information is different from the first session voucher information;The second session voucher information is returned into first equipment, and
The second session voucher information is sent to second equipment based on the second identifier information, to indicate that described second sets
It is standby that authentication department is carried out based on the access request for being used to request to carry out resource access that the second session voucher information butt joint receives
Reason.
Fig. 6 is the structural block diagram of resource access device according to an embodiment of the present invention, as shown in fig. 6, the device includes:
Receiving module 62, for receiving the access request for being used to request to carry out resource access from the first equipment, wherein
The session voucher of first equipment is carried in the access request;Processing module 64, for being deposited in determining the second equipment
When containing target session voucher corresponding with the session voucher of first equipment, first equipment is allowed to carry out described second
The resource of resource in equipment accesses, wherein the target session voucher is accepting as unavoidable of being previously received of second equipment
Entrained information in the first session voucher information at card center, the first session voucher information is the authentication center true
Determine in database that there are the second of the first biometric information matches that the authentication center is sent to first equipment
Second equipment is handed down in the case where biological information.
In an alternative embodiment, the resource access device is also used to be used to ask from the first equipment in reception
Ask carry out resource access access request before, in second equipment receive the first session from the authentication center with
Demonstrate,prove information;Obtain the target session voucher carried in the first session voucher information.
In an alternative embodiment, the resource access device is also used to receive in second equipment from institute
After the first session voucher information for stating authentication center, being used to indicate for carrying in acquisition the first session voucher information is described
The target session voucher age information of the validity period of target session voucher;And be stored in determining the second equipment with it is described
When the corresponding target session voucher of the session voucher of the first equipment, before allowing first equipment to carry out resource access, foundation
The target session voucher age information confirms whether the target session voucher is effective, has in the confirmation target session voucher
In the case where effect, whether it is stored in determining second equipment of triggering execution corresponding with the session voucher of first equipment
The processing of target session voucher.
In an alternative embodiment, the resource access device is also used to according to the target session voucher timeliness
After whether target session voucher described in validation of information is effective, in the case where confirming that the target session voucher is invalid, delete
The target session voucher stored in second equipment.
In an alternative embodiment, the resource access device is also used to receive in second equipment from institute
After the first session voucher information for stating authentication center, what is carried in acquisition the first session voucher information gives birth to described second
The corresponding authority information of object characteristic information;Optionally, the processing module 64 is used to be based on and second biological information
Corresponding authority information allows the scope of resource of the first equipment access, and control first equipment described to determine
Resource access is carried out in scope of resource.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein
The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read-
Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard
The various media that can store computer program such as disk, magnetic or disk.
The embodiments of the present invention also provide a kind of electronic device, including memory and processor, stored in the memory
There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method
Suddenly.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device
It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Through the foregoing embodiment, following effect may be implemented:
The equipment mutually accessed is without being stored in advance any authentication information, and authentication information (session voucher) is by authentication center
Certification biological characteristic issues authentication information (session voucher) to equipment after passing through;
The authenticated authentication information (session voucher) being centrally generated is random generation every time, and has timeliness, so that
Attacker can not guess session voucher, to guarantee secure session;
By preset biological characteristic authority information, the more permission resources accessing controls of multi-user can be carried out, are guaranteed important
The safety of resource;
Session voucher is automatically generated by authentication center, issues session voucher reduction user's input authentication password behaviour automatically
Make, user authenticates password without memory, to promote user experience.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein
Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or
Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.It is all within principle of the invention, it is made it is any modification, etc.
With replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (14)
1. a kind of authentication method characterized by comprising
Obtain the first certification request from the first equipment, wherein first certification request carries first equipment
The second identifier letter of second equipment of first identifier information, the first biological information and first device request access
Breath;
The second biological information corresponding with the first identifier information is obtained from database, wherein in the database
Corresponding record has identification information and biological information;
In the case where determining second biological information and first biometric information matches, the first session is generated
Credential information;
The first session voucher information is returned into first equipment, and based on the second identifier information by described the
One session credential information is sent to second equipment, to indicate that second equipment is based on the first session voucher information pair
The access request of the access for requesting to carry out the resource stored in second equipment received carries out authentication processing.
2. the method according to claim 1, wherein obtain the first certification request from the first equipment it
Before, the method also includes:
Obtain the information to be stored from the first equipment, wherein the information to be stored includes the first identifier information, described
Second biological information and authority information corresponding with second biological information;
It is stored described wait store the information for including in information correspondence into the database.
3. the method according to claim 1, wherein determining second biological information and described first
In the case where biometric information matches, generating the first session voucher information includes:
In the case where determining second biological information and first biometric information matches, session voucher is generated
And session voucher age information, wherein the session voucher age information is used to indicate the validity period of the session voucher.
4. the method according to claim 1, wherein the method also includes:
Authority information corresponding with second biological information is obtained from database, wherein corresponding in the database
Record has identification information, biological information and authority information;
Authority information corresponding with second biological information is sent to second equipment, to indicate that described second sets
The standby power for determining request based on authority information corresponding with second biological information and carrying out the visitor of resource access
Limit.
5. the method according to claim 1, wherein the method also includes:
Obtain the second certification request from the first equipment, wherein second certification request carries the first identifier letter
Breath, first biological information and the second identifier information;
Second biological information is obtained from database;
In the case where determining second biological information and first biometric information matches, the second session is generated
Credential information, wherein the second session voucher information is different from the first session voucher information;
The second session voucher information is returned into first equipment, and based on the second identifier information by described the
Two session voucher information are sent to second equipment, to indicate that second equipment is based on the second session voucher information pair
The access request for being used to request to carry out resource access received carries out authentication processing.
6. a kind of resource access method characterized by comprising
Receive the access request for being used to request to carry out resource access from the first equipment, wherein carry in the access request
There is the session voucher of first equipment;
When being stored with target session voucher corresponding with the session voucher of first equipment in determining the second equipment, allow institute
State the resource access for the resource that the first equipment carries out in second equipment, wherein the target session voucher is described second
Entrained information, first session voucher in the first session voucher information from authentication center that equipment is previously received
Information is that there are be sent to the first of the authentication center with first equipment in determining database for the authentication center
Second equipment is handed down in the case where second biological information of biometric information matches.
7. according to the method described in claim 6, it is characterized in that, carrying out resource for request from the first equipment receiving
Before the access request of access, the method also includes:
The first session voucher information from the authentication center is received in second equipment;
Obtain the target session voucher carried in the first session voucher information.
8. the method according to the description of claim 7 is characterized in that
After receiving the first session voucher information from the authentication center in second equipment, the method is also wrapped
It includes: obtaining the target session of the validity period for being used to indicate the target session voucher carried in the first session voucher information
Voucher age information;
When being stored with target session voucher corresponding with the session voucher of first equipment in determining the second equipment, allow institute
Before stating the progress resource access of the first equipment, the method also includes: institute is confirmed according to the target session voucher age information
Whether effective state target session voucher, in the case where confirming the effective situation of target session voucher, triggering, which executes, determines described the
Whether the processing of with the session voucher of first equipment corresponding target session voucher is stored in two equipment.
9. according to the method described in claim 8, it is characterized in that, confirming institute according to the target session voucher age information
State target session voucher whether effectively after, the method also includes:
In the case where confirming that the target session voucher is invalid, delete the target session that is stored in second equipment with
Card.
10. the method according to the description of claim 7 is characterized in that
After receiving the first session voucher information from the authentication center in second equipment, the method is also wrapped
It includes: obtaining the authority information corresponding with second biological information carried in the first session voucher information;
Allowing first equipment to carry out resource access includes: based on authority information corresponding with second biological information
To determine that the scope of resource for allowing first equipment to access, and control first equipment carry out in the scope of resource
Resource access.
11. a kind of authentication apparatus characterized by comprising
First obtains module, for obtaining the first certification request from the first equipment, wherein first certification request carries
Have the first identifier information of first equipment, the first biological information and first device request access second sets
Standby second identifier information;
Second obtains module, for obtaining the second biological information corresponding with the first identifier information from database,
Wherein, corresponding record has identification information and biological information in the database;
Generation module, for the case where determining second biological information and first biometric information matches
Under, generate the first session voucher information;
Sending module, for the first session voucher information to be returned to first equipment, and based on second mark
Know information and the first session voucher information is sent to second equipment, to indicate that second equipment is based on described first
The access request for the access for request the resource stored in progress second equipment that session voucher information butt joint receives into
Row authentication processing.
12. a kind of resource access method characterized by comprising
Receiving module, for receiving the access request for being used to request to carry out resource access from the first equipment, wherein the visit
Ask the session voucher that first equipment is carried in request;
Processing module, for being stored with target session corresponding with the session voucher of first equipment in determining the second equipment
When voucher, the resource for allowing first equipment to carry out the resource in second equipment is accessed, wherein the target session with
Entrained information, described in the first session voucher information from authentication center that card is previously received for second equipment
First session voucher information is that there are be sent to described to recognize with first equipment in determining database for the authentication center
Second equipment is handed down in the case where second biological information of first biometric information matches at card center.
13. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program be arranged to execute when operation method described in any one of claim 1 to 5 or perform claim require 6 to
Method described in 10 any one.
14. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to run the computer program to execute side described in any one of claim 1 to 5
Method or perform claim require method described in 6 to 10 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910464728.2A CN110266657A (en) | 2019-05-30 | 2019-05-30 | Authentication method and device, resource access method and device, storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910464728.2A CN110266657A (en) | 2019-05-30 | 2019-05-30 | Authentication method and device, resource access method and device, storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110266657A true CN110266657A (en) | 2019-09-20 |
Family
ID=67916120
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910464728.2A Pending CN110266657A (en) | 2019-05-30 | 2019-05-30 | Authentication method and device, resource access method and device, storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110266657A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115061826A (en) * | 2022-02-28 | 2022-09-16 | 华为技术有限公司 | A component communication method and computing device |
| WO2024156197A1 (en) * | 2023-01-29 | 2024-08-02 | 中国银联股份有限公司 | Privacy computing system, method and apparatus, device, and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008321A (en) * | 2014-05-28 | 2014-08-27 | 惠州Tcl移动通信有限公司 | Judging method and judging system for identifying user right based on fingerprint for mobile terminal |
| CN105357196A (en) * | 2015-11-03 | 2016-02-24 | 北京铭嘉实咨询有限公司 | Network login method and system |
| CN108206821A (en) * | 2016-12-20 | 2018-06-26 | 航天信息股份有限公司 | A kind of identity authentication method and system |
| CN108564688A (en) * | 2018-03-21 | 2018-09-21 | 阿里巴巴集团控股有限公司 | The method and device and electronic equipment of authentication |
-
2019
- 2019-05-30 CN CN201910464728.2A patent/CN110266657A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008321A (en) * | 2014-05-28 | 2014-08-27 | 惠州Tcl移动通信有限公司 | Judging method and judging system for identifying user right based on fingerprint for mobile terminal |
| CN105357196A (en) * | 2015-11-03 | 2016-02-24 | 北京铭嘉实咨询有限公司 | Network login method and system |
| CN108206821A (en) * | 2016-12-20 | 2018-06-26 | 航天信息股份有限公司 | A kind of identity authentication method and system |
| CN108564688A (en) * | 2018-03-21 | 2018-09-21 | 阿里巴巴集团控股有限公司 | The method and device and electronic equipment of authentication |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115061826A (en) * | 2022-02-28 | 2022-09-16 | 华为技术有限公司 | A component communication method and computing device |
| CN115061826B (en) * | 2022-02-28 | 2024-02-13 | 华为技术有限公司 | A component communication method and computing device |
| WO2024156197A1 (en) * | 2023-01-29 | 2024-08-02 | 中国银联股份有限公司 | Privacy computing system, method and apparatus, device, and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3570515B1 (en) | Method, device, and system for invoking network function service | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| US20170289134A1 (en) | Methods and apparatus for assessing authentication risk and implementing single sign on (sso) using a distributed consensus database | |
| US8474017B2 (en) | Identity management and single sign-on in a heterogeneous composite service scenario | |
| US8904480B2 (en) | Social authentication of users | |
| US8209394B2 (en) | Device-specific identity | |
| CN108964885B (en) | Authentication method, device, system and storage medium | |
| CN109089264A (en) | A kind of mobile terminal exempts from the method and system of close login | |
| US20190306148A1 (en) | Method for oauth service through blockchain network, and terminal and server using the same | |
| US8813185B2 (en) | Ad-hoc user account creation | |
| CN112580006A (en) | Access right control method and device of multi-cloud system and authentication server | |
| CN109840591A (en) | Model training systems, method and storage medium | |
| US9332433B1 (en) | Distributing access and identification tokens in a mobile environment | |
| KR101451359B1 (en) | User account recovery | |
| CN109587126A (en) | User anthority identifying method and system | |
| KR102278808B1 (en) | System for single packet authentication using tcp packet and method thereof | |
| CN108768991B (en) | Real person authentication method and system | |
| CN108881218B (en) | Data security enhancement method and system based on cloud storage management platform | |
| CN113747437A (en) | Application authorization authentication method and system for 5G message chatbot | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN111737681A (en) | Resource acquisition method and device, storage medium and electronic device | |
| CN114640472A (en) | Protected resource data acquisition method and device and unified open platform | |
| CN111949959B (en) | Authorization authentication method and device in Oauth protocol | |
| CN110266657A (en) | Authentication method and device, resource access method and device, storage medium | |
| CN113486321B (en) | Authentication and quitting method and platform based on oauth2.0 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190920 |