CN112019493B - Identity authentication method, identity authentication device, computer equipment and medium - Google Patents
Identity authentication method, identity authentication device, computer equipment and medium Download PDFInfo
- Publication number
- CN112019493B CN112019493B CN201910475902.3A CN201910475902A CN112019493B CN 112019493 B CN112019493 B CN 112019493B CN 201910475902 A CN201910475902 A CN 201910475902A CN 112019493 B CN112019493 B CN 112019493B
- Authority
- CN
- China
- Prior art keywords
- client
- identity
- signature
- verification code
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The disclosure provides an identity authentication method, which is applied to a server side and comprises the following steps: receiving a request message sent by a client, wherein the request message comprises: the client obtains a first signature and a request parameter, wherein the first signature is obtained by the client based on the identity, the request parameter and a verification code obtained by the client; acquiring a first verification code which is pre-allocated for the identity by the server side; when a preset condition is met, a second signature is obtained based on the identity, the first verification code and the request parameter; when the second signature is consistent with the first signature, determining that the client identity authentication passes; and returning response parameters for the request parameters to the client when the client identity authentication is determined to pass. The present disclosure also provides an identity authentication apparatus, a computer device, and a computer-readable storage medium.
Description
Technical Field
The present disclosure relates to the field of computer technology, and more particularly, to an identity authentication method, an identity authentication device, a computer apparatus, and a medium.
Background
In the prior art, after receiving a request message sent by a client, a server only carries unique fields such as a version number, a compiling number, a user number and the like in the request message sent by the client to perform identity authentication on the client, and the identity authentication mode has the following problems.
On the one hand, this way it is easy for an attacker to forge the request message. After intercepting several request messages, the attacker can obtain the repeated and fixed unique fields, and the unique fields are added into the forged request messages and then sent to the server side, so that the server side cannot verify the authenticity of the request messages. On the other hand, based on this method, when the server performs identity authentication, the message body of the request message must be parsed to obtain a specific field. In an environment facing a large number of attack requests or falsified requests, the parsing of each request message wastes greatly server-side performance.
Disclosure of Invention
In view of this, the present disclosure provides an improved identity authentication method, identity authentication apparatus, computer device, and medium.
One aspect of the present disclosure provides an identity authentication method. The method is applied to a server side and comprises the following steps: receiving a request message sent by a client, wherein the request message comprises: the client receives an identification, a first signature and a request parameter, wherein the first signature is obtained by the client based on the identification, the request parameter and a verification code obtained by the client. And acquiring a first verification code which is pre-distributed for the identity by the server side. And when a preset condition is met, obtaining a second signature based on the identity, the first verification code and the request parameter. And when the second signature is consistent with the first signature, determining that the client identity authentication passes. And returning response parameters for the request parameters to the client when the client identity authentication is determined to pass.
According to an embodiment of the present disclosure, the above method further includes: before the request message sent by the client is received, the identity mark sent by the client is received; distributing verification codes for any received identity identifiers and sending the verification codes to another client associated with the any identity identifiers; and storing the authentication information of any identity in a database, wherein the authentication information comprises: the identification code comprises any identity identification and a verification code corresponding to the any identity identification.
According to an embodiment of the disclosure, the identification is a mobile phone number. The allocating the verification code for any received identity identifier and sending the verification code to another client associated with the any identity identifier includes: generating a verification code for any received mobile phone number and sending the verification code to an instant messaging client associated with the any mobile phone number.
According to an embodiment of the present disclosure, the authentication information of any one of the identity identifiers further includes: the generation time of the verification code and the effective time of the verification code. The request message also includes a request time. The predetermined condition includes: the time difference between the request time and the generation time of the first verification code does not exceed the effective time of the first verification code.
According to an embodiment of the present disclosure, the obtaining the second signature based on the identity, the first verification code and the request parameter includes: combining part or all of the identity with the first verification code into a first character string according to a first combination rule; encrypting the first character string by using a first encryption algorithm to obtain a first key; combining the first key, the request parameter and the identification information of the server side into a second character string according to a second combination rule; and encrypting the second character string by using a second encryption algorithm to obtain the second signature.
Another aspect of the present disclosure provides an identity authentication method. The method is applied to the client and comprises the following steps: and acquiring the identity, the second verification code and the request parameter. And obtaining a first signature based on the identity, the second verification code and the request parameter. Transmitting a request message to a server side, wherein the request message comprises: the identity, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity, a verification code distributed by the server side for the identity and the request parameter. And receiving response parameters returned by the server side for the request parameters when the first signature is verified to be true.
According to an embodiment of the present disclosure, the obtaining the identity and the second verification code includes: the second verification code is received from another client associated with the identity.
According to an embodiment of the present disclosure, the obtaining the first signature based on the identity, the second verification code, and the request parameter includes: combining part or all of the identity with the second verification code into a third character string according to a first combination rule; encrypting the third character string by using a first encryption algorithm to obtain a second key; combining the second key, the request parameter and the identification information of the server side into a fourth character string according to a second combination rule; and encrypting the fourth character string by using a second encryption algorithm to obtain the first signature.
Another aspect of the present disclosure provides an identity authentication device. The device is applied to a server and comprises a receiving module, an obtaining module, a signature module, a determining module and a response module. The receiving module is used for receiving a request message sent by the client, wherein the request message comprises: the client receives an identification, a first signature and a request parameter, wherein the first signature is obtained by the client based on the identification, the request parameter and a verification code obtained by the client. The acquisition module is used for acquiring a first verification code which is pre-distributed for the identity by the server side. And the signature module is used for obtaining a second signature based on the identity, the first verification code and the request parameter when a preset condition is met. And the determining module is used for determining that the client identity authentication passes when the second signature is consistent with the first signature. And the response module is used for returning response parameters aiming at the request parameters to the client when the client identity authentication is confirmed to pass.
Another aspect of the present disclosure provides an identity authentication device. The device is applied to the client and comprises an acquisition module, a signature module, a sending module and a receiving module. The acquisition module is used for acquiring the identity, the second verification code and the request parameter. The signature module is used for obtaining a first signature based on the identity, the second verification code and the request parameter. The sending module is used for sending a request message to the server side, wherein the request message comprises: the identity, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity, a verification code distributed by the server side for the identity and the request parameter. And the receiving module is used for receiving response parameters which are returned by the server and are specific to the request parameters when the first signature is verified to be true.
Another aspect of the present disclosure provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method as described above when executing the program.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed, are configured to implement a method as described above.
Another aspect of the present disclosure provides a computer program comprising computer executable instructions which when executed are for implementing a method as described above.
According to the embodiment of the disclosure, after receiving a request message sent by a client, a server finds a first verification code pre-allocated to an identity according to the identity in the request message, obtains a second signature based on the identity, the first verification code and a request parameter in the request message, and verifies the correctness of the first signature in the request message by using the second signature. Because the first signature contains the information such as the identity, the request parameters and the verification code obtained by the client, any incorrect information can cause the change of the first signature, and the second signature generated by the server side is used for verifying the first signature, so that the falsification of the request message by an attacker can be prevented. In the identity authentication process, the server side is not required to analyze the first signature, and only the second signature is required to be compared with the first signature, so that the time of the server side for carrying out identity authentication on a single request message can be saved, and the performance of the server side is improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which:
FIG. 1 schematically illustrates an exemplary system architecture to which identity authentication methods and apparatus may be applied, according to embodiments of the present disclosure;
FIG. 2A schematically illustrates a flow chart of an identity authentication method according to an embodiment of the present disclosure;
FIG. 2B schematically illustrates a flow chart of an identity authentication method according to another embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of an identity authentication method according to another embodiment of the present disclosure;
FIG. 4 schematically illustrates a schematic diagram of an identity authentication process according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of an identity authentication device according to an embodiment of the present disclosure;
FIG. 6 schematically illustrates a block diagram of an identity authentication device according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of an identity authentication device according to another embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of an identity authentication device according to another embodiment of the present disclosure; and
fig. 9 schematically illustrates a block diagram of a computer device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides an identity authentication method and device. The method is applied to a server and comprises a request receiving stage, a verification code obtaining stage, a signature stage, an authentication stage and a response stage. In the request receiving stage, a request message which is sent by a client and contains an identity, a first signature and request parameters is received. And then in the verification code acquisition stage, acquiring a first verification code which is recorded at the server side and is pre-distributed for the identity according to the identity in the request message. And entering a signature stage when a preset condition is met, and obtaining a second signature based on the identity, the first verification code and the request parameter. In the authentication stage, when the second signature generated by the server side is consistent with the first signature sent by the client, the identity authentication of the client is determined to pass. And after the identity authentication is passed, entering a response stage, and returning response parameters aiming at the request parameters to the client.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which the identity authentication methods and apparatuses may be applied according to embodiments of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various client applications may be installed on the terminal devices 101, 102, 103, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, and the like (just examples).
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server providing support for various clients in the terminal devices 101, 102, 103. The background management server receives the request message sent by the client, can perform identity authentication on the client first, perform analysis processing and other responses on the received request message after the identity authentication is passed, and feed back the response result (such as a web page, information, or data acquired or generated according to the request message) for the request message to the terminal devices 101, 102 and 103, so that the user browses the corresponding response result through the terminal devices 101, 102 and 103.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks and servers as practical.
Fig. 2A schematically shows a flowchart of an authentication method according to an embodiment of the present disclosure, which is described from the server side.
As shown in fig. 2A, the method includes operations S201 to S205.
In operation S201, a request message transmitted by a client is received.
In this operation, the request message sent by the client includes: identity, first signature and request parameters. The identity identifier is used for identifying the user identity of the client. The first signature is derived by the client based on the identity, the request parameter, and the authentication code obtained by the client. The request parameters include one or more parameter information related to the request message, which may characterize a name, a format, a length, etc. of the service data requested to be obtained by the client, software information of the client, hardware information of a device where the client is located, etc., which are not limited herein. The client sends a request message to the server for the purpose of obtaining the data content it has requested to obtain.
In operation S202, a first verification code pre-allocated for the identity by the server is obtained.
In the operation, a first verification code pre-allocated by the server side for the identity is the unique legal verification code of the identity. Only the legitimate client associated with the identity can obtain the legitimate verification code of the identity. After receiving the request message sent by the client, the server acquires a pre-allocated first verification code according to the identity in the request message so as to determine the correctness of the verification code acquired by the client by using the first verification code later.
In operation S203, when a predetermined condition is satisfied, a second signature is obtained based on the identity, the first verification code, and the request parameter.
In operation S204, when the second signature is consistent with the first signature, it is determined that the client identity authentication passes.
In the present operation S204, when the correctness of the verification code acquired by the client is determined by using the first verification code, the correctness of the first signature in the request message sent by the client is verified based on the second signature generated by the server without directly comparing the first verification code with the verification code acquired by the client. Because the second signature is obtained by the server side based on the identity, the first verification code and the request parameter, the first signature is obtained by the client side based on the identity, the request parameter and the verification code obtained by the client side, and if the second signature is consistent with the first signature, the verification code obtained by the client side is consistent with the first verification code recorded by the server side. At this time, it is determined that the client holds a legal identity and a correct verification code corresponding to the identity, and it is determined that the identity authentication of the client passes. If the second signature is inconsistent with the first signature, the verification code obtained by the client side is inconsistent with the first verification code recorded by the server side. At this time, it is determined that the identity of the client does not correspond to the verification code, and it is determined that the identity of the client fails.
When it is determined that the client authentication passes, a response parameter to the request parameter is returned to the client in operation S205.
It can be seen that, in the method shown in fig. 2A, after receiving the request message sent by the client, the server finds the first verification code pre-allocated to the identity according to the identity in the request message, obtains the second signature based on the identity, the first verification code and the request parameter in the request message, and verifies the correctness of the first signature in the request message by using the second signature. Because the first signature contains the information such as the identity, the request parameters and the verification code obtained by the client, any incorrect information can cause the change of the first signature, and the second signature generated by the server side is used for verifying the first signature, so that the falsification of the request message by an attacker can be prevented. In the identity authentication process, the server side is not required to analyze the first signature, and only the second signature is required to be compared with the first signature, so that the time of the server side for carrying out identity authentication on a single request message can be saved, and the performance of the server side is improved.
Fig. 2B schematically shows a flowchart of an authentication method according to another embodiment of the present disclosure, which is described from the server side.
As shown in fig. 2B, the method includes operations S211 to S213 and operations S201 to S205, wherein operations S201 to S205 are described above, and are not described herein.
In operation S211, an identity sent by the client is received.
In operation S212, a verification code is assigned to any one of the received identity identifiers and is transmitted to another client associated with the any one of the identity identifiers.
In the operation, the verification code allocated to one identity is sent to another client associated with the identity, so that when the client sending the identity is a legal client associated with the identity, the verification code allocated to the identity by the server can be acquired through the other client, namely, the unique legal verification code of the identity can be acquired.
In operation S213, the authentication information of the any one identity is stored in a database, and the authentication information includes: the authentication code allocated to any identity identifier by the server side.
In the operation, for each identity from any client, the server stores the identity and the verification code allocated to the identity in the database correspondingly, and the verification code is used as verification information of the identity.
After operation S213, operations S201 to S205 are performed again.
In a specific embodiment, the identity may be a mobile phone number, the client is a client C, and the server is a server S. In a scenario that a user uses the client C to realize a predetermined function, the client C responds to an operation of inputting the mobile phone number a by the user, the mobile phone number a is sent to the server S, and the server S receives the mobile phone number a sent by the client C and distributes the verification code a for the mobile phone number. On the one hand, the server S stores the mobile phone number a and the verification code a as verification information of the mobile phone number a. On the other hand, the server S sends the authentication code a to another client C ' associated with the mobile phone number a, for example, the client C ' is an instant messaging client C ' associated with the mobile phone number a. Client C and client C' may run on the same or different electronic devices. If the client C is a legal client associated with the mobile phone number a, the verification code a may be obtained from the client C ', for example, the client C obtains the verification code a through direct or indirect communication with the client C ', or the user inputs the verification code a to the client C after knowing the verification code a from the client C '. If the client C is an illegal client or is operated by an illegal user, the client C cannot acquire the verification code or acquire the wrong verification code.
After the verification code is acquired by the client C, a first signature is obtained based on the mobile phone number A, the acquired verification code and the request parameters of the request message, the mobile phone number A, the first signature and the request parameters are placed in the request message, and the request message is sent to the server S. After receiving the request message, the server S extracts the mobile phone number A, the first signature and the request parameter from the request message, searches the verification code a corresponding to the mobile phone number A from the database according to the mobile phone number A, obtains a second signature based on the mobile phone number A, the verification code a and the request parameter, and verifies the correctness of the first signature by using the second signature, thereby verifying whether the client C obtains the correct verification code a.
In another specific embodiment, the identity may be a mailbox address, the client is client C, and the server is server S. In a scenario that a user uses the client C to realize a predetermined function, the client C responds to an operation of inputting a mailbox address B by the user, the mailbox address B is sent to the server S, and the server S receives the mailbox address B sent by the client C and distributes a verification code B for the mobile phone number. On the one hand, the server S correspondingly stores the mailbox address B and the verification code B as verification information of the mailbox address B. On the other hand, the server S sends the authentication code B to another client C ' associated with the mailbox address B, for example, the client C ' is an instant messaging client C ' associated with the mailbox address B. Client C and client C' may run on the same or different electronic devices. If the client C is a legal client associated with the mailbox address B, the verification code B may be obtained from the client C ', for example, the client C obtains the verification code B through direct or indirect communication with the client C ', or the user inputs the verification code B to the client C after learning the verification code B from the client C '. If the client C is an illegal client or is operated by an illegal user, the client C cannot acquire the verification code or acquire the wrong verification code.
According to the embodiment of the disclosure, in order to further improve the reliability of identity authentication, the verification code allocated by the server side for the identity is a randomly generated dynamic verification code, and a certain effective time is provided. The verification information of any identity mark stored in the server side comprises the generation time of the verification code and the effective time of the verification code besides the identity mark and the verification code. The request message sent by the client includes the request time in addition to the identity, the first signature and the request parameters. The predetermined conditions include: the time difference between the request time and the generation time of the first verification code does not exceed the effective time of the first verification code. That is, after receiving the request message, the server side finds the verification information of the identity in the database according to the identity in the request message, and obtains the first verification code allocated to the identity by the server side, the generation time of the first verification code and the effective time of the first verification code. The server side also acquires the request time from the request message, and when the time difference between the request time and the generation time of the first verification code exceeds the effective time of the first verification code, the server side indicates that the first verification code distributed for the identity identifier has been invalid, and at the moment, the request message is necessarily invalid, and the subsequent verification process is not required to be executed. Otherwise, the first verification code which indicates that the server side distributes for the identity mark is not invalid yet, and a subsequent verification process can be performed.
According to an embodiment of the present disclosure, the obtaining, by the server, the second signature based on the identity, the first verification code, and the request parameter includes: and combining part or all of the identity marks and a first verification code distributed for the identity marks by the server side into a first character string according to a first combination rule, and encrypting the first character string by using a first encryption algorithm to obtain a first key. And then, combining the first secret key, the request parameters in the request message and the identification information of the server side into a second character string according to a second combination rule, and encrypting the second character string by using a second encryption algorithm to obtain a second signature. It can be seen that the second signature generated in the above process includes four kinds of information, namely, an identity, a first verification code allocated to the identity by the server, a request message, and identification information of the server, where any kind of information change will result in a change of the second signature, and each information (especially, the first verification code) is protected by double-layer combination and double-layer encryption.
Fig. 3 schematically shows a flowchart of an authentication method according to another embodiment of the present disclosure, which is described from the client side.
As shown in fig. 3, the method includes operations S301 to S304.
In operation S301, an identity, a second verification code and a request parameter are acquired.
The identity mark characterizes the user identity of the client. The second verification code is a verification code corresponding to the identity obtained by the client, when the client is a legal client associated with the identity, the second verification code is consistent with a verification code which is allocated in advance for the identity by the server, otherwise, the second verification code is forged. The request parameters include one or more parameter information related to the request message, which may characterize a name, a format, a length, etc. of the service data requested to be obtained by the client, software information of the client, hardware information of a device where the client is located, etc., which are not limited herein. The client can locally generate request parameters according to actual needs.
In operation S302, a first signature is obtained based on the identity, the second verification code and the request parameter.
The first signature obtained by the operation comprises three kinds of information, namely the identity mark, the second verification code and the request parameter, which are obtained by the client, and the change of any information can lead to the change of the first signature.
In operation S303, a request message is sent to the server, where the request message includes: the identity, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity, a verification code distributed by the server side for the identity and the request parameter.
And in operation S304, when the first signature is verified to be correct, receiving a response parameter for the request parameter returned by the server.
It can be seen that the identity authentication method applied to the client shown in fig. 3 corresponds to the identity authentication method applied to the server shown in fig. 2A-2B, and the interaction between the client and the server can implement a complete identity authentication process, and repeated parts are not repeated.
In an embodiment of the disclosure, the client obtaining the second verification code includes: the second verification code is received from another client associated with the identity.
In an embodiment of the disclosure, the obtaining the first signature based on the identity, the second verification code, and the request parameter includes: and combining part or all of the identity mark with the second verification code into a third character string according to the first combination rule, and encrypting the third character string by using a first encryption algorithm to obtain a second key. And combining the second secret key, the request parameter and the identification information of the server side into a fourth character string according to a second combination rule, and encrypting the fourth character string by using a second encryption algorithm to obtain a first signature. It can be seen that the first signature generated in the above process includes four kinds of information, namely, an identity, a second verification code obtained by the client, a request message and identification information of the server, and any kind of information change can cause the change of the first signature, and each information (especially, the second verification code) is protected through double-layer combination and double-layer encryption, so that an attacker is prevented from analyzing the second verification code when intercepting the request message.
An identity authentication method according to an embodiment of the present disclosure will be described with reference to fig. 4. In this embodiment, the identity of the client is taken as the mobile phone number for illustration, and in other embodiments, the identity of the client may be any unique identity that can characterize the identity of the client, for example, may be a mailbox address, a user name, etc., which are implemented with the same logic, and not repeated here.
Fig. 4 schematically illustrates a schematic diagram of an identity authentication process according to an embodiment of the present disclosure.
As shown in fig. 4, in this example, the client is client C, and the server is server S, which illustrates an identity authentication process performed when the client C initiates a registration request to the server S. And displaying an input control and a verification code acquisition control on the interface of the client C, wherein a user inputs the mobile phone number A through the input control, and the client C acquires the mobile phone number A. And responding to the operation of triggering the verification code acquisition control by the user, and sending the mobile phone number A to the server S by the client C. After receiving the mobile phone number A, the server S allocates a verification code a of 6-bit random number to the mobile phone number A, wherein the verification code a can only be used once, and the effective time is N (N is more than 0) minutes. The server S sends the verification code a to the client C in a direct or indirect mode, and meanwhile, the server A stores the mobile phone number A, the verification code a, the generation time of the verification code a and the effective time of the verification code a into a database as verification information of the mobile phone number A.
Assuming that the client C receives the authentication code a ', it is not known whether the authentication code a' is identical to the authentication code a before authentication is completed. The client C communicates with the server S via Https (Hyper Text Transfer Protocol Secure, hypertext transfer security protocol), encapsulates the request parameters required for the registration request into a json string, and uses the json string as a body of the request message. The client C combines the received verification code a' and the last four bits of the mobile phone number A into a character string 1, and encrypts the character string 1 by using a first encryption algorithm to obtain a first key. The first encryption algorithm may be any reversible or irreversible encryption algorithm, such as SHA256 algorithm, MD5 algorithm, SHA1 algorithm, etc., and is not limited herein. Then, the client C combines the first key, URL information, and the request body into a character string 2, and encrypts the character string 2 using a second encryption algorithm to obtain a first signature (signature). Wherein the second encryption algorithm is typically a reversible encryption algorithm, such as a predetermined shift, reverse order, etc. encryption algorithm. The client C puts the mobile phone number a and the first signature into a header (header), composes the header and the body into a request message of a registration request, and sends the request message to the server S.
After receiving the request message, the server S determines the request time of the client C, obtains the mobile phone number A and the first signature by analyzing the message header, searches the verification information of the mobile phone number A in the database according to the mobile phone number A, and obtains the verification code a, the generation time of the verification code a and the effective time of the verification code a which are pre-distributed to the mobile phone number A by the server S. If the generation time of the request time interval verification code a exceeds N minutes, determining that the request message is invalid, directly determining that the identity authentication of the client C fails, and not allowing registration. If the generation time of the request time interval verification code a does not exceed N minutes, the request message is determined to be valid. The server S combines the found verification code a with the last four digits of the mobile phone number a to form a character string 3, and encrypts the character string 3 by using the first encryption algorithm to obtain a second key. Then, the server S combines the second key, URL information and the request body in the request message into a character string 4, and encrypts the character string 4 by using a second encryption algorithm to obtain a second signature.
And the server S compares the generated second signature with the first signature in the message header, if the second signature and the first signature are consistent, the server S determines that the identity authentication of the client C is successful and allows registration, and the server S returns response parameters for the registration request to the client C so that the client C can register successfully based on the mobile phone number A.
In this embodiment, the registration request from the client to the server is taken as an example to describe, and it should be noted that the identity authentication method according to the embodiment of the present disclosure is applicable to various scenarios where the client initiates a request to the server, such as a login scenario, a service data request scenario, and the like, which are not limited herein.
Further, in the case that the server S has interacted with the client C before, the server S may also pre-store various information related to the client C, such as hardware information of a device where the client C is located, software information of the client C, a mobile phone number associated with the client C, and the like. After receiving the request message sent by the client C, the server S may match various information recorded in the request body with various pre-stored information related to the client C, and send a security warning message to the client C when the matching degree is lower than a predetermined threshold. And then carrying out the identity authentication process.
Fig. 5 schematically shows a block diagram of an identity authentication device 500 according to an embodiment of the present disclosure, which is applied to a server side.
As shown in fig. 5, the identity authentication device 500 includes: a receiving module 510, an obtaining module 520, a signing module 530, a determining module 540, and a responding module 550.
The receiving module 510 is configured to receive a request message sent by a client, where the request message includes: the client receives an identification, a first signature and a request parameter, wherein the first signature is obtained by the client based on the identification, the request parameter and a verification code obtained by the client.
The obtaining module 520 is configured to obtain a first verification code allocated to the identity by the server.
The signature module 530 is configured to obtain a second signature based on the identity, the first verification code, and the request parameter when a predetermined condition is satisfied.
The determining module 540 is configured to determine that the client identity authentication passes when the second signature is consistent with the first signature.
And a response module 550 is configured to return a response parameter for the request parameter to the client when it is determined that the client authentication passes.
Fig. 6 schematically shows a block diagram of an authentication apparatus 600 according to another embodiment of the present disclosure, which is applied to a server side.
As shown in fig. 6, the identity authentication device 600 includes: a receiving module 610, an obtaining module 620, a signing module 630, a determining module 640, and a responding module 650. The receiving module 610, the acquiring module 620, the signing module 630, the determining module 640, and the responding module 650 have the same functions as those of the receiving module 510, the acquiring module 520, the signing module 530, the determining module 540, and the responding module 550, and repeated parts are not repeated.
In one embodiment of the present disclosure, the identity authentication device 600 further includes: an identity receiving module 660, an assigning module 670, and a storage processing module 680.
The identity receiving module 660 is configured to receive the identity sent by the client before the receiving module 610 receives the request message sent by the client. The allocation module 670 is configured to allocate a verification code for any one of the received identity identifiers and send the verification code to another client associated with the any one of the identity identifiers; and a storage processing module 680 is configured to store, in a database, verification information of the any identity, where the verification information includes: the identification code comprises any identity identification and a verification code corresponding to the any identity identification.
In one embodiment of the present disclosure, the identification is a mobile phone number. The allocation module 670 is specifically configured to generate a verification code for any mobile phone number received and send the verification code to an instant messaging client associated with the any mobile phone number.
In one embodiment of the present disclosure, the authentication information of any one identity further includes: the generation time of the verification code and the effective time of the verification code. The request message also includes a request time. The predetermined condition includes: the time difference between the request time and the generation time of the first verification code does not exceed the effective time of the first verification code.
In one embodiment of the present disclosure, the signature module 630 includes: a first combining sub-module 631, a first encryption sub-module 632, a second combining sub-module 633, and a second encryption sub-module 634.
The first combining sub-module 631 is configured to combine part or all of the identity and the first verification code into a first string according to a first combining rule. The first encryption sub-module 632 is configured to encrypt the first string with a first encryption algorithm to obtain a first key. The second combination sub-module 633 is configured to combine the first key, the request parameter, and the identification information of the server side into a second string according to a second combination rule. And a second encryption sub-module 634, configured to encrypt the second string with a second encryption algorithm to obtain the second signature.
Fig. 7 schematically illustrates a block diagram of an authentication apparatus 700 according to another embodiment of the present disclosure, which is applied to a client.
As shown in fig. 7, the identity authentication device 700 includes: acquisition module 710, signature module 720, transmission module 730, and reception module 740.
The obtaining module 710 is configured to obtain the identity, the second verification code, and the request parameter.
The signature module 720 is configured to obtain a first signature based on the identity, the second verification code, and the request parameter.
The sending module 730 is configured to send a request message to a server, where the request message includes: the identity, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity, a verification code distributed by the server side for the identity and the request parameter.
And the receiving module 740 is configured to receive, when the first signature is verified to be true, a response parameter returned by the server for the request parameter.
Fig. 8 schematically illustrates a block diagram of an authentication apparatus 800 according to another embodiment of the present disclosure, which is applied to a client.
As shown in fig. 8, the identity authentication device 800 includes: acquisition module 810, signature module 820, transmission module 830, and reception module 840. The acquiring module 810, the signing module 820, the transmitting module 830, and the receiving module 840 have the same functions as those of the acquiring module 710, the signing module 720, the transmitting module 730, and the receiving module 740, and repeated parts are not repeated.
In one embodiment of the present disclosure, the obtaining module 810 is specifically configured to receive the second verification code from another client associated with the identity.
In one embodiment of the present disclosure, the signature module 820 includes: a first combining sub-module 821, a first encrypting sub-module 822, a second combining sub-module 823, and a second encrypting sub-module 824.
The first combining sub-module 821 is configured to combine part or all of the identity identifier and the second verification code into a third string according to a first combining rule. The first encryption sub-module 822 is configured to encrypt the third string with a first encryption algorithm to obtain a second key. The second combining sub-module 823 is configured to combine the second key, the request parameter, and the identification information of the server side into a fourth string according to a second combining rule. And the second encryption submodule 824 is configured to encrypt the fourth string with a second encryption algorithm to obtain the first signature.
It should be noted that, in the embodiment of the apparatus portion, the implementation manner, the solved technical problem, the realized function, and the achieved technical effect of each module/unit/subunit and the like are the same as or similar to the implementation manner, the solved technical problem, the realized function, and the achieved technical effect of each corresponding step in the embodiment of the method portion, and are not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.
For example, any of the receiving module 610, the obtaining module 620, the signing module 630, the determining module 640, the responding module 650, the identity receiving module 660, the allocating module 670, and the storage processing module 680 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. At least one of the receiving module 610, the obtaining module 620, the signing module 630, the determining module 640, the responding module 650, the identity receiving module 660, the allocating module 670, and the storage processing module 680 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or as any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the receiving module 610, the obtaining module 620, the signing module 630, the determining module 640, the responding module 650, the identity receiving module 660, the allocating module 670, and the storage processing module 680 may be at least partially implemented as a computer program module, which may perform the corresponding functions when being run.
As another example, any of the acquisition module 810, the signature module 820, the transmission module 830, and the reception module 840 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 810, the signature module 820, the transmission module 830, and the reception module 840 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the acquisition module 810, the signature module 820, the transmission module 830, and the reception module 840 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.
Fig. 9 schematically illustrates a block diagram of a computer device adapted to implement the above-described method according to an embodiment of the present disclosure. The computer device illustrated in fig. 9 is merely an example and should not be construed as limiting the functionality and scope of use of the disclosed embodiments.
As shown in fig. 9, a computer device 900 according to an embodiment of the present disclosure includes a processor 901, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. The processor 901 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 901 may also include on-board memory for caching purposes. Processor 901 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the device 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the program may be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the device 900 may also include an input/output (I/O) interface 905, the input/output (I/O) interface 905 also being connected to the bus 904. The device 900 may also include one or more of the following components connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.
According to embodiments of the present disclosure, the method flow according to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 902 and/or RAM 903 and/or one or more memories other than ROM 902 and RAM 903 described above.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (9)
1. An identity authentication method applied to a server side comprises the following steps:
receiving a request message sent by a client, wherein the request message comprises: the client obtains a first signature and a request parameter, wherein the first signature is obtained by the client based on the identity, the request parameter, a second verification code obtained by the client and identification information of the server, and the request parameter comprises a name, a format and a length of service data requested to be obtained by the client;
acquiring a first verification code which is pre-allocated for the identity by the server side;
when a preset condition is met, combining part or all of the identity mark and the first verification code into a first character string according to a first combination rule;
Encrypting the first character string by using a first encryption algorithm to obtain a first key;
combining the first key, the request parameter and the identification information of the server into a second character string according to a second combination rule, wherein the identification information of the server comprises URL information;
encrypting the second character string by using a second encryption algorithm to obtain a second signature;
when the second signature is consistent with the first signature, determining that the client identity authentication passes; and
when the identity authentication of the client passes, returning response parameters aiming at the request parameters to the client;
under the condition that interaction exists between the server side and the client side, after receiving a request message sent by the client side, matching various information recorded in a request body of the request message with various pre-stored information related to the client side, and sending safety warning information to the client side when the matching degree is lower than a preset threshold value;
the various information comprises hardware information of equipment where the client is located, software information of the client and a mobile phone number associated with the client.
2. The method of claim 1, further comprising, prior to the receiving the client-transmitted request message:
receiving an identity mark sent by the client;
distributing verification codes for any received identity identifiers and sending the verification codes to another client associated with the any identity identifiers; and
storing verification information of any identity in a database, wherein the verification information comprises: the identification code comprises any identity identification and a verification code corresponding to the any identity identification.
3. The method according to claim 2, wherein:
the authentication information of any identity further comprises: the generation time of the verification code and the effective time of the verification code;
the request message also includes a request time;
the predetermined condition includes: the time difference between the request time and the generation time of the first verification code does not exceed the effective time of the first verification code.
4. An identity authentication method applied to a client side comprises the following steps:
acquiring an identity, a second verification code and a request parameter, wherein the request parameter comprises the name, format and length of service data requested to be acquired by the client;
Combining part or all of the identity with the second verification code into a third character string according to a first combination rule;
encrypting the third character string by using a first encryption algorithm to obtain a second key;
combining the second secret key, the request parameter and the identification information of the server into a fourth character string according to a second combination rule, wherein the identification information of the server comprises URL information; and
encrypting the fourth character string by using a second encryption algorithm to obtain a first signature;
sending a request message to a server side, wherein the request message comprises: the identity, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity, a first verification code distributed by the server side for the identity, and a second signature generated by the request parameter and the identification information of the server side, wherein the first signature is verified to be correct when the second signature is consistent with the first signature; and
and when the first signature is verified to be correct, receiving response parameters which are returned by the server and are specific to the request parameters.
5. The method of claim 4, wherein the obtaining the identity and the second verification code comprises: the second verification code is received from another client associated with the identity.
6. An identity authentication device is applied to a server side and comprises:
the receiving module is used for receiving a request message sent by the client, wherein the request message comprises: the client obtains a first signature and a request parameter, wherein the first signature is obtained by the client based on the identity, the request parameter, a second verification code obtained by the client and identification information of the server, and the request parameter comprises a name, a format and a length of service data requested to be obtained by the client;
the acquisition module is used for acquiring a first verification code which is pre-allocated to the identity by the server side;
a signature module for, when a predetermined condition is satisfied,
combining part or all of the identity with the first verification code into a first character string according to a first combination rule;
encrypting the first character string by using a first encryption algorithm to obtain a first key;
combining the first key, the request parameter and the identification information of the server into a second character string according to a second combination rule, wherein the identification information of the server comprises URL information;
Encrypting the second character string by using a second encryption algorithm to obtain a second signature;
the determining module is used for determining that the client identity authentication passes when the second signature is consistent with the first signature; and
the response module is used for returning response parameters aiming at the request parameters to the client when the identity authentication of the client is confirmed to pass;
under the condition that interaction exists between the server side and the client side, after receiving a request message sent by the client side, matching various information recorded in a request body of the request message with various pre-stored information related to the client side, and sending safety warning information to the client side when the matching degree is lower than a preset threshold value;
the various information comprises hardware information of equipment where the client is located, software information of the client and a mobile phone number associated with the client.
7. An identity authentication device applied to a client, comprising:
the acquisition module is used for acquiring the identity, the second verification code and the request parameter, wherein the request parameter comprises the name, the format and the length of the service data requested to be acquired by the client;
The signature module is used for combining part or all of the identity mark with the second verification code into a third character string according to a first combination rule;
encrypting the third character string by using a first encryption algorithm to obtain a second key;
combining the second secret key, the request parameter and the identification information of the server into a fourth character string according to a second combination rule, wherein the identification information of the server comprises URL information; and
encrypting the fourth character string by using a second encryption algorithm to obtain a first signature;
the sending module is used for sending a request message to the server side, wherein the request message comprises: the identity, the first signature and the request parameter, so that the server side generates a second signature to verify the correctness of the first signature based on the identity, a first verification code distributed by the server side for the identity, the request parameter and the identification information of the server side, wherein the first signature is verified to be correct when the second signature is consistent with the first signature; and
and the receiving module is used for receiving response parameters which are returned by the server and are specific to the request parameters when the first signature is verified to be correct.
8. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing when executing the program:
the authentication method according to any one of claims 1 to 5.
9. A computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform:
the authentication method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910475902.3A CN112019493B (en) | 2019-05-31 | 2019-05-31 | Identity authentication method, identity authentication device, computer equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910475902.3A CN112019493B (en) | 2019-05-31 | 2019-05-31 | Identity authentication method, identity authentication device, computer equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112019493A CN112019493A (en) | 2020-12-01 |
| CN112019493B true CN112019493B (en) | 2024-04-09 |
Family
ID=73506386
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910475902.3A Active CN112019493B (en) | 2019-05-31 | 2019-05-31 | Identity authentication method, identity authentication device, computer equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019493B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112737790B (en) * | 2020-12-30 | 2023-04-07 | 北京天融信网络安全技术有限公司 | Data transmission method and device, server and client terminal |
| CN112765588B (en) * | 2021-01-21 | 2024-05-10 | 网易宝有限公司 | Identity recognition method and device, electronic equipment and storage medium |
| CN113486372A (en) * | 2021-07-05 | 2021-10-08 | 优车库网络科技发展(深圳)有限公司 | Data backup method, data backup device and server |
| CN113672897B (en) * | 2021-07-22 | 2024-03-08 | 北京奇艺世纪科技有限公司 | Data communication method, device, electronic equipment and storage medium |
| CN113641656A (en) * | 2021-08-19 | 2021-11-12 | 平安普惠企业管理有限公司 | Questionnaire answer management method, device, computer equipment and storage medium |
| CN113691377B (en) * | 2021-08-20 | 2023-04-11 | 珠海格力电器股份有限公司 | Method and device for processing equipment list |
| CN114401110B (en) * | 2021-12-13 | 2024-05-28 | 杭州安恒信息技术股份有限公司 | Request authentication method, system, computer device and readable storage medium |
| CN114338682B (en) * | 2021-12-24 | 2024-07-26 | 北京字节跳动网络技术有限公司 | Flow identity identification transmission method and device, electronic equipment and storage medium |
| CN114285662B (en) * | 2021-12-28 | 2023-11-10 | 北京天融信网络安全技术有限公司 | Authentication method, authentication device, authentication equipment and storage medium |
| CN114117376B (en) * | 2022-01-28 | 2022-04-15 | 蘑菇物联技术(深圳)有限公司 | Identity authentication method, method for distributing dynamic password and corresponding equipment |
| CN114363088B (en) * | 2022-02-18 | 2024-04-16 | 京东科技信息技术有限公司 | Method and device for requesting data |
| CN114785560B (en) * | 2022-03-29 | 2024-02-06 | 中国工商银行股份有限公司 | Information processing method, device, equipment and medium |
| CN114980098A (en) * | 2022-04-28 | 2022-08-30 | 中移互联网有限公司 | Identity verification method and device based on Subscriber Identity Module (SIM) card |
| CN114584328B (en) * | 2022-05-09 | 2022-08-02 | 武汉四通信息服务有限公司 | API interface access method, computer device and computer storage medium |
| CN115442125A (en) * | 2022-09-01 | 2022-12-06 | 中国银行股份有限公司 | An identity authentication method and device, storage medium and electronic equipment |
| CN116916310B (en) * | 2023-07-07 | 2024-07-26 | 中移互联网有限公司 | Verification code generation and verification method, device and electronic device |
| CN119402299A (en) * | 2025-01-02 | 2025-02-07 | 武汉金银湖实验室 | Arm pointer authentication-based semantic gap vulnerability defense method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009175923A (en) * | 2008-01-23 | 2009-08-06 | Dainippon Printing Co Ltd | Platform integrity verification system and method |
| CN102624739A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | An authentication and authorization method and system suitable for a client platform |
| CN106375348A (en) * | 2016-11-17 | 2017-02-01 | 杭州华三通信技术有限公司 | Portal authentication method and Portal authentication device |
| CN106533687A (en) * | 2015-09-14 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
| CN107249004A (en) * | 2017-07-24 | 2017-10-13 | 广州市玄武无线科技股份有限公司 | A kind of identity identifying method, device and client |
-
2019
- 2019-05-31 CN CN201910475902.3A patent/CN112019493B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009175923A (en) * | 2008-01-23 | 2009-08-06 | Dainippon Printing Co Ltd | Platform integrity verification system and method |
| CN102624739A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | An authentication and authorization method and system suitable for a client platform |
| CN106533687A (en) * | 2015-09-14 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
| CN106375348A (en) * | 2016-11-17 | 2017-02-01 | 杭州华三通信技术有限公司 | Portal authentication method and Portal authentication device |
| CN107249004A (en) * | 2017-07-24 | 2017-10-13 | 广州市玄武无线科技股份有限公司 | A kind of identity identifying method, device and client |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112019493A (en) | 2020-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112019493B (en) | Identity authentication method, identity authentication device, computer equipment and medium | |
| CN108200050B (en) | Single sign-on server, method and computer readable storage medium | |
| US11539690B2 (en) | Authentication system, authentication method, and application providing method | |
| CN107135073B (en) | Interface calling method and device | |
| KR101744747B1 (en) | Mobile terminal, terminal and method for authentication using security cookie | |
| US9294479B1 (en) | Client-side authentication | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| CN112491776B (en) | Security authentication method and related equipment | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| US20200196143A1 (en) | Public key-based service authentication method and system | |
| CN105025041A (en) | File upload method, file upload apparatus and system | |
| CN110958119A (en) | Identity verification method and device | |
| US20140259121A1 (en) | System And Method For Providing A One-Time Key For Identification | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN111342964A (en) | Single sign-on method, device and system | |
| CN114553570B (en) | Method, device, electronic equipment and storage medium for generating token | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| CN112819469B (en) | Payment method and system, terminal, server, computer system and medium | |
| CN114640524A (en) | Method, apparatus, device and medium for processing transaction replay attack | |
| CN111406257A (en) | System and method for authenticated parameterized application installation and startup | |
| CN111885006B (en) | Page access and authorized access method and device | |
| CN114124440A (en) | Secure transmission method, device, computer equipment and storage medium | |
| CN110399706B (en) | Authorization authentication method, device and computer system | |
| CN108809927B (en) | Identity authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |