CN114666786B - Identity authentication method and system based on telecom smart card - Google Patents

Abstract

The application provides an identity authentication method and system based on a telecom smart card. According to the technical scheme, the SIM card is used for encrypting the identification information of the user, so that the risk that the privacy information of the user such as an identity card number, a name and the like is revealed in the general identity authentication process is avoided; in addition, the identity authentication method is realized by the user through the SIM card, and the SIM card is borne in the handheld terminal of the user, so that the problem that the intelligent card for identity authentication is required to be additionally carried is solved.

Description

Identity authentication method and system based on telecom smart card

Technical Field

The present application relates to the field of communications technologies, and in particular, to an identity authentication method and system based on a telecom smart card.

Background

With the wide range of applications of mobile internet going deep into the aspects of society, more and more enterprises and individuals engage in various businesses and transaction activities on the internet, and the development of these electronic businesses depends on secure user identity authentication.

The prior identity authentication method mainly includes inputting fingerprint information, ID card number information or other information of a user into an authentication system, and carrying corresponding authentication objects for authentication when the user authenticates. For example, when the airport passes security check, the identification card number of the user is generally input when buying a ticket, and then the user is authenticated by using the corresponding identification card object when passing the security check.

However, existing identity authentication methods are prone to leakage risk and require carrying a dedicated authentication card. For example, when a user uses an identification card number to perform authentication, because the network adopted by a general authentication system is a common network based on wireless fidelity (WIRELESS FIDELITY, wiFi), the network is easily intercepted by technologies such as network interception. In addition, the existing identity authentication method requires the user to input different authentication information for many times and additionally carry corresponding authentication cards. For example, when a user transacts a financial service, the user needs to input a reserved identification card number, then when transacting the service for the second time, the user carries a corresponding financial smart card to perform identity authentication, when transacting other services, the user may need to input a reserved name, and then when transacting the service for the second time, the user carries a smart card capable of proving to be a name to perform authentication.

Disclosure of Invention

The application provides an identity authentication method and system based on a telecom smart card, which reduce the risk of revealing user privacy information such as an identity card number, name information and the like in the general identity authentication process, and further solve the problem that a user needs to enter different reserved information and carry the information additionally for multiple times.

In a first aspect, the present application provides an identity authentication method based on a telecom smart card, the identity authentication method comprising: a Subscriber Identity Module (SIM) card receives an identity authentication request message input by a user, wherein the identity authentication request message carries identification information of the user; the SIM card encrypts the identification information of the user based on the key information to obtain encrypted information; the SIM card sends the encryption information to an authentication server, and the encryption information is used for the authentication server to carry out identity authentication on the user; the authentication server receives the encrypted information; the authentication server decrypts the encrypted information to obtain decrypted user identification information; the authentication server authenticates the decrypted user identification information to obtain an authentication result; the authentication server sends the authentication result to the SIM card; the SIM card receives the authentication result; and the SIM card displays the authentication result to the user.

The identity authentication method of the telecom smart card provided by the application has the advantages that the identification information of the user for identity authentication is encrypted through the SIM card and sent to the authentication server, and compared with the method for sending encrypted user information through the WiFi and other networks in the prior art, the risk of revealing the user information can be avoided.

In addition, since the identity authentication method is realized by the user through the SIM card and the authentication server corresponding to the SIM, and at least one piece of information for authenticating the user is reserved at the operator when the user handles the SIM card, the user can directly use the reserved information at the operator to perform authentication without re-entering authentication information when the user realizes the identity authentication by using the method.

In addition, the user needing identity authentication usually carries the terminal equipment containing the SIM, so that the user does not need to carry other identity authentication devices additionally.

With reference to the first aspect, in a possible implementation manner, before the encrypting, by the SIM card, the identification information of the user based on the key information, the method further includes: the SIM card sends an identity authentication function request message to the authentication server; the authentication server receives the identity authentication function request message; responding to the identity authentication function request message, and judging whether the SIM card is a reachable card by the authentication server; when the SIM card is a reachable card, the authentication server sends an information architecture IA module to the SIM card, wherein the IA module comprises the key information; the SIM card receives the IA module.

According to the identity authentication method based on the telecom smart card, the authentication server sends the IA module to the SIM card under the condition that the SIM card is verified to be a reachable card, so that the SIM has the identity authentication function, and the safety of the SIM for realizing the identity authentication can be improved.

With reference to the first aspect or the foregoing possible implementation manner, in one possible implementation manner, the authentication server sends a log storage request message to the database server, where the log storage request message carries the authentication result.

The identity authentication method based on the telecom smart card can realize the storage of authentication results and provide data for the authentication results of subsequent inquiry or statistics users.

With reference to the first aspect or any one of the foregoing possible implementation manners, in one possible implementation manner, the identification information of the user includes: the name information of the user, the ID card number information of the user, the agreed password information between the user and the authentication server and/or the biological characteristic information of the user are/is realized.

The user biometric information includes a fingerprint feature, a voiceprint feature, a facial feature, or the like of the user.

With reference to the first aspect or any one of the foregoing possible implementation manners, in one possible implementation manner, the encrypting, by the SIM card, identification information of the user based on key information includes: and the SIM card encrypts the identification information of the user based on the key information by using a triple data encryption algorithm 3DES-CBC encryption mode.

In a second aspect, the present application provides an identity authentication system based on a telecommunications smart card, comprising an authentication server and a subscriber identity module SIM card.

The SIM card is used for receiving an identity authentication request message input by a user, wherein the identity authentication request message carries the identification information of the user; the SIM card is also used for encrypting the identification information of the user based on the key information to obtain encryption information; the SIM card is also used for sending the encryption information to an authentication server, and the encryption information is used for authenticating the identity of the user by the authentication server; the authentication server is used for receiving the encryption information; the authentication server is also used for decrypting the encrypted information to obtain decrypted user identification information; the authentication server is also used for authenticating the decrypted user identification information to obtain an authentication result; the authentication server is also used for sending the authentication result to the SIM card; the SIM card is also used for receiving the authentication result and displaying the authentication result to the user.

With reference to the first aspect, in a possible implementation manner, before the SIM card encrypts the identification information of the user based on key information, the SIM card is further configured to send an identity authentication function request message to the authentication server; the authentication server is further configured to receive the identity authentication function request message; the authentication server is further configured to determine whether the SIM card is a reachable card in response to the identity authentication function request message; when the SIM card is a reachable card, the authentication server is further used for sending an information architecture IA module to the SIM card, wherein the IA module comprises the key information; the SIM card is also used for receiving the IA module.

With reference to the first aspect or the foregoing possible implementation manner, in one possible implementation manner, the authentication server is further configured to send a log storage request message to a database server, where the log storage request message carries the authentication result.

With reference to the first aspect or any one of the foregoing possible implementation manners, in one possible implementation manner, the identification information of the user includes: the name information of the user, the ID card number information of the user, the agreed password information between the user and the authentication server and/or the biological characteristic information of the user are/is realized.

The user biometric information includes a fingerprint feature, a voiceprint feature, a facial feature, or the like of the user.

With reference to the second aspect or any one of the foregoing possible implementation manners, in one possible implementation manner, the SIM card is specifically configured to encrypt the identification information of the user based on key information using a triple data encryption algorithm 3DES-CBC encryption manner.

In a third aspect, the application provides a computer readable medium storing program code for execution by a device, the program code comprising instructions for performing the identity authentication method of the first aspect or any one of the possible implementations thereof.

In a fourth aspect, the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the identity authentication method according to the first aspect or any one of the possible implementations thereof.

Drawings

FIG. 1 is a schematic diagram of an identity authentication system according to an embodiment of the present application;

FIG. 2 is a schematic diagram of an authentication system according to another embodiment of the present application;

FIG. 3 is a schematic flow chart of an identity authentication method according to one embodiment of the present application;

FIG. 4 is a schematic diagram of an encryption process according to an embodiment of the present application;

FIG. 5 is a schematic diagram of an identity authentication system according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of an identity authentication system according to another embodiment of the present application.

Detailed Description

For the purpose of understanding, the relevant terms to which the present application relates will be first described.

1. Smart card

A generic term for a plastic card with a microchip embedded in the smart card. Some smart cards contain a microelectronic chip and the smart card needs to interact with data via a reader. The integrated circuit in the smart card comprises a central processing unit (central processing unit, CPU), a random access memory (random access memory, RAM) and an operating system in the card solidified in the read-only memory, wherein the data in the card is divided into an external reading part and an internal processing part, and can automatically process a large amount of data. Currently, smart cards are mainly divided into two categories, one being an operator smart card and the other being a financial smart card.

For an operator smart card, for example, a subscriber identity module (subscriber identity module, abbreviated as SIM) is an authentication card held by a mobile subscriber of the global system for mobile communications (global system for mobile communications, GSM), the GSM system identifies the GSM subscriber through the SIM.

The SIM card is a key for a GSM handset to connect to a GSM network, and once the SIM card is pulled from the handset, the handset will not be able to enjoy the various services provided by the network operator, except for emergency calls. The SIM card can be used as a key, and provides many convenience for the user. The user can realize communication only by inserting or embedding the SIM card into any one GSM terminal.

2. Over-the-air technology

An Over The Air (OTA) technology is a technology for implementing remote management of mobile terminal devices and subscriber identity module SIM data through an air interface of mobile communication. Through application and development of public networks for many years, network operators are mature, realize SIM card remote management through OTA technology, and can also provide a mobile new service downloading function.

3. Push technology

PUSH (PUSH) technology is a technology that is based on a client server mechanism, and the server actively transmits information to the client. In a PUSH application, there is no explicit client request before the server sends the content to the client, that is, PUSH is initiated by the server. The essence of PUSH technology is that information is actively searched for users, so that the PUSH technology has the advantages of initiative and timeliness of information, and by using the PUSH technology, information can be pushed to users as soon as possible. For example, the operator directly reaches the SIM card of the user through the dedicated network, which is called PUSH method, and is also called PUSH.

Fig. 1 is a schematic diagram of an application scenario of an identity authentication system according to an embodiment of the present application. As shown in fig. 1, the application scenario may include a user 110 and an authentication system 120.

As an example, when the user 110 is transacting a banking business, the banking generally considers that the identification card number of the user is important, so that the banking requires the user to input identification card number information first when the user transacts the business for the first time, and when the user transacts the business for the second time, the identity authentication system 120 of the banking first determines whether the user is the same, and at this time, the user 110 can input the identification card number information input by the user to enable the identity authentication system 120 to perform authentication.

As another example, the user 110 typically uses a corporate access card for authentication, in which case the user 110 typically enters a face image or employee number, or fingerprint, at the first transaction. When the user 110 needs to perform the authentication function, the user 110 typically uses information such as a face image or an employee number, or a fingerprint to make the authentication system 120 perform authentication.

The existing identity authentication method mainly comprises the steps of firstly inputting acquired identity card information, iris images, face images or other information of a user into a system for identity authentication, then inputting corresponding identification information again by the user when the user performs identity authentication again, and comparing the information input in the system with the information input by the user when the user performs identity authentication again by the system for identity authentication, so as to judge whether authentication is successful.

However, in the existing identity authentication method, the information of the user is likely to cause a risk of being leaked, for example, the information of the user is captured by a network monitoring technology or the like. In addition, the existing identity authentication method requires the user to input different identification information for many times and additionally carries a corresponding authentication card. For example, when a user transacts a financial service, the user needs to input a reserved identification card number, then when transacting the service for the second time, the user carries a corresponding financial smart card to perform identity authentication, when transacting other services, the user may need to input a reserved name, and then when transacting the service for the second time, the user carries a smart card capable of proving to be a name to perform authentication.

Aiming at the problems, the application provides an identity authentication method and system based on a telecom smart card. In the technical scheme provided by the application, the identification information of the user is encrypted through the SIM card, and the encrypted user information is sent to the authentication server of the operator through the SIM, so that the authentication server authenticates the identity of the user based on the encrypted user information and sends an authentication result to the SIM, and the risk that the privacy information of the user such as an identity card number, a name and the like is revealed in the general identity authentication process can be avoided. In addition, the identity authentication method is realized by the user through the SIM card, and the SIM card is carried in the handheld terminal of the user, so that the problem of carrying additionally is solved.

Fig. 2 is a schematic diagram of an identity authentication system according to an embodiment of the present application. As shown in fig. 2, the identity authentication system of the present application may include a terminal device 220 including a SIM card 240 and an authentication server 230. An example of a terminal device 220 that includes a SIM card 240 is a cell phone.

For the identity authentication system shown in fig. 2, the user 210 may input identification information of the user to the terminal device 220, for example, the user 210 inputs identification information of the user requesting authentication of identity through client software in the terminal device 220; the client software then sends the user's identification information to the SIM card 240; the SIM card 240 encrypts the identification information of the user and then sends the encrypted identification information to the authentication server 230 through the dedicated network; after authenticating the identity authentication request information, the authentication server 230 sends an authentication result to the SIM card 240 through the proprietary network; the SIM card 240 transmits the authentication result to the client software; the client software displays the authentication result.

Fig. 3 is a schematic flow chart of an identity authentication method according to an embodiment of the present application. The method shown in fig. 3 may be performed by a corresponding device in the system shown in fig. 2. As shown in fig. 3, the method of the present embodiment may include S301 to S310. Optionally, the method may further include S311.

S301, the SIM card sends an identity authentication function request message to an authentication server. Correspondingly, the authentication server receives an identity authentication function request message sent by the SIM card.

As an example, the identity authentication function request message may carry identification information of the SIM.

As an example, the SIM card may send an identity authentication function request message to the authentication server upon receiving a request from the user.

S302, in response to the identity authentication function request message, the authentication server judges whether the SIM card is a reachable card, and when the SIM card is the reachable card, the authentication server generates an IA module, wherein the IA module comprises key information. Accordingly, the SIM receives the IA module.

The authentication server may compare the information of the SIM card with the information of the SIM card reserved at the operator server to determine whether the SIM card is a reachable card. For example, the information of the SIM card at the operator server is found by the identification information of the SIM card, so as to know whether the SIM card is a reachable card.

When the authentication server judges that the SIM card is reachable, the authentication server composes an information architecture (information architecture, IA) module which is responsible for interaction with the user in the identity authentication process and can comprise information such as a secret key.

S303, the authentication server sends the IA module to the SIM card. Accordingly, the SIM card receives the IA module.

As an example, the authentication server may update the IA module to the OTA application on the SIM card in a PUSH manner of sending a short message, but not to the inbox of the terminal device, so that the IA module is not easy to be intercepted, and the security of the identity authentication method of the embodiment may be improved.

S304, the SIM card receives the identity authentication request message input by the user.

For example, an application for identity authentication may be deployed on a terminal device to which the SIM card belongs. When the user needs to perform identity authentication, the application can be started, and identification information of the user is input to a user interface provided by the application.

The identification information of the user may include: the name information of the user, the identity card number information of the user, the password information agreed between the user and the authentication server and/or the biological characteristic information of the user, and the like. The biometric information of the user may include fingerprint features, voiceprint features, facial features, or the like of the user.

After receiving the identification information input by the user, the application sends an identity authentication request message to the SIM, wherein the identity authentication request message can carry the identification information of the user.

S305, the SIM card encrypts the identification information of the user based on the key information by using the IA module to obtain encrypted information.

Fig. 4 is a schematic diagram of an encryption process according to an embodiment of the present application. As shown in fig. 4, key information written by the authentication server by PUSH is stored in the index 1, and identification information input by the user is stored in the index 2. The IA module in the OTA of the SIM card encrypts the identification information in the index 2 by using the key in the index 1, obtains the encrypted information, and stores the encrypted information in the variable index 3.

In this embodiment, the encryption mode of the SIM for the identification information of the user may be a triple data encryption algorithm (TRIPLE DATA encryption algorithm,3 DES-CBC) encryption mode, or may be other encryption modes, for example, an elliptic curve public key cryptography algorithm (SM 2 algorithm for short) or an asymmetric encryption algorithm (RSA algorithm, RSA), which is not limited in the present application.

It will be appreciated that, in the embodiment of the present application, index 1, index 2 and index 3 merely represent three different positions, and may also be index 5, index 6 or index 7, which is not limited in the embodiment of the present application.

As an example, the identification information input by the user is "234", the key information used by the SIM card is 2 pieces of 0 and "123", the encryption mode is to add 2 pieces of 0 before and "123" after the input identification information, and the encrypted identification information, i.e., the encrypted information, is "00234123".

S306, the SIM sends the encryption information to the authentication server. Accordingly, the authentication server receives the encrypted information.

S307, the authentication server decrypts the encrypted information to obtain decrypted user identification information.

Decryption is the reverse operation of encryption, and is the operation of removing a key to obtain the original information. In this embodiment, after receiving the encrypted information, the authentication server may decrypt the encrypted information to obtain the decrypted user identification information.

As an example, the encrypted information of the SIM card received by the authentication server is "00234123", and the authentication server then decrypts the "00234123", for example, the decryption method is to remove two bits before the encrypted information and the last three bits of the encrypted information, and the decrypted information is "234".

The decryption operation in this embodiment may be described in related art, and will not be described in detail here.

And S308, the authentication server authenticates the decrypted user identification information to obtain an authentication result.

After the authentication server decrypts the encrypted information, the decrypted user identification information can be compared with the user identification information locally stored in the authentication server so as to complete identity authentication of the user and obtain an authentication result.

In one implementation manner of this embodiment, when the user identification information locally stored in the authentication server includes decrypted user identification information, the authentication result is that authentication is successful; otherwise, the authentication result is authentication failure.

As an example, the identification information stored locally at the authentication server by the user is "567", and when the identification information "567" is input by the user, the authentication server decrypts the encrypted information of the SIM card received by the authentication server as "00567123", and the decrypted user identification information is "567". If the identification information locally stored by the authentication server contains user identification information 567, the authentication result is authentication success, otherwise, authentication failure occurs.

S309, the authentication server sends an authentication result to the SIM card. Accordingly, the SIM card receives the authentication result.

In this embodiment, after the authentication server obtains the authentication result, the authentication result may be sent to the SIM card, for example, the authentication server returns the authentication result to the OTA application of the SIM card.

S310, the SIM displays the authentication result to the user.

For example, the SIM sends the authentication result to the application, which displays the authentication result to the user through the display interface.

According to the identity authentication method based on the telecom smart card, the authentication server decrypts the encrypted identification information of the user, so that the risk that the privacy information of the user such as an identity card number, fingerprint information and the like is revealed in the general identity authentication process is avoided; in addition, since the identity authentication method is realized by the SIM card of the user, and when the user transacts the SIM card, a lot of information for authenticating the user is reserved at the operator, when the user transacts other identity authentications, the information reserved at the operator can be directly used for authentication without inputting authentication information for a plurality of times.

According to the identity authentication method based on the telecom smart card, the authentication server judges whether the SIM card is the reachable card or not, and the authentication server sends the IA module comprising the secret key to the SIM card, so that the security of identity authentication is improved.

S311, the authentication server sends a log storage request message to the database server, wherein the log storage request message carries an authentication result.

For example, the database server may be an integrated acquisition database (INTEGRATED ACQUISITION DATABASE, IAD) module that may store reservation data for the user, request logs for the user, etc., in order to query the user for authentication records and authentication results.

In the above embodiment, the IA module sends the authentication server to the SIM after sending the request to the authentication server for the SIM. But this is only one example. In the authentication method of the present application, the IA module may be preset on the SIM card. The IA module may be pre-stored in the SIM, for example, before the SIM is deployed in the terminal device.

It will be appreciated that in this embodiment, the interaction between the SIM card and the authentication server may be implemented by an OTA application in the SIM. The OTA application is preset in the SIM card, is managed by the China Unicom OTA platform and belongs to the exclusive network. Therefore, the problem that the common network is easy to leak can be reduced by using the OTA application for identity authentication. For example, wiFi networks are prone to revealing information during storage or transmission.

Fig. 5 is a schematic structural diagram of an identity authentication system based on a telecom smart card according to an embodiment of the present application. The authentication system shown in fig. 5 may be used to perform the authentication method described in fig. 3.

As shown in fig. 5, the identity authentication system 500 based on a telecom smart card of the present embodiment includes a SIM card 501 and an authentication server 502. The SIM card 501 is used to implement the function implemented by the SIM card in the method shown in fig. 3, and the authentication server 502 is used to implement the method implemented by the authentication server in the method shown in fig. 3.

Optionally, the identity authentication system 500 may further include a terminal device to which the SIM card belongs.

Fig. 6 is a schematic structural diagram of an identity authentication system according to an embodiment of the present application. The system shown in fig. 6 may be used to perform the authentication method described in fig. 3.

As shown in fig. 6, the system 800 of the present embodiment includes: a memory 801, a processor 802, a communication interface 803, and a bus 804. Wherein the memory 801, the processor 802, and the communication interface 803 are communicatively connected to each other through a bus 804.

The memory 801 may be a Read Only Memory (ROM), a static storage device, a dynamic storage device, or a random access memory (random access memory, RAM). The memory 801 may store a program, and the processor 802 is configured to perform the steps of the method shown in fig. 3 when the program stored in the memory 801 is executed by the processor 802.

The processor 802 may employ a general-purpose central processing unit (central processing unit, CPU), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits for executing associated programs to implement the method of the present application illustrated in fig. 3.

The processor 802 may also be an integrated circuit chip with signal processing capabilities. In implementation, various steps of a method of planning an autonomous vehicle according to an embodiment of the present application may be performed by instructions in the form of integrated logic circuits or software of hardware in the processor 802.

The processor 802 may also be a general purpose processor, a digital signal processor (DIGITAL SIGNAL processing unit, DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (field programmable GATE ARRAY, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory 801, and the processor 802 reads the information in the memory 801, and in combination with its hardware, performs the functions that the unit comprised by the temperature measuring device of the present application needs to perform, for example, the steps/functions of the embodiment shown in fig. 3 can be performed.

Communication interface 803 may enable communication between system 800 and other devices or communication networks using, but is not limited to, a transceiver or the like.

Bus 804 may include a path for transferring information between various components of system 800 (e.g., memory 801, processor 802, communication interface 803).

It should be understood that the system 800 shown in the embodiments of the present application may be an electronic device, or may be a chip configured in an electronic device.

It should be appreciated that the processor in embodiments of the present application may be a central processing unit (central processing unit, CPU), which may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application Specific Integrated Circuits (ASICs), off-the-shelf programmable gate arrays (field programmable GATE ARRAY, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It should also be appreciated that the memory in embodiments of the present application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an erasable programmable ROM (erasable PROM), an electrically erasable programmable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as external cache memory. By way of example, and not limitation, many forms of random access memory (random access memory, RAM) are available, such as static random access memory (STATIC RAM, SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (double DATA RATE SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (ENHANCED SDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCHLINK DRAM, SLDRAM), and direct memory bus random access memory (direct rambus RAM, DR RAM).

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.

It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.

In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.

It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.

In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a read-only memory, a random access memory, a magnetic disk or an optical disk.

The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. An identity authentication method based on a telecom smart card, which is characterized by comprising the following steps:

A Subscriber Identity Module (SIM) card receives an identity authentication request message input by a user, wherein the identity authentication request message carries identification information of the user;

The SIM card encrypts the identification information of the user based on the key information to obtain encrypted information;

the SIM card sends the encryption information to an authentication server, and the encryption information is used for the authentication server to carry out identity authentication on the user;

the authentication server receives the encrypted information;

the authentication server decrypts the encrypted information to obtain decrypted user identification information;

the authentication server authenticates the decrypted user identification information to obtain an authentication result;

the authentication server sends the authentication result to the SIM card;

The SIM card receives the authentication result;

The SIM card displays the authentication result to the user;

before the SIM card encrypts the identification information of the user based on the key information, the method further includes:

the SIM card sends an identity authentication function request message to the authentication server;

the authentication server receives the identity authentication function request message;

Responding to the identity authentication function request message, and judging whether the SIM card is a reachable card by the authentication server;

when the SIM card is a reachable card, the authentication server updates an information architecture IA module to an over-the-air OTA application on the SIM card in a short message pushing mode, wherein the IA module comprises the key information;

The SIM card receives the IA module.

2. The method according to claim 1, wherein the method further comprises:

The authentication server sends a log storage request message to a database server, wherein the log storage request message carries the authentication result.

3. The method according to claim 1 or 2, wherein the identification information of the user comprises: the method comprises the steps of enabling name information of a user, identification card number information of the user, agreed password information between the user and an authentication server and/or biometric information of the user.

4. Method according to claim 1 or 2, characterized in that the SIM card encrypts the identification information of the user based on key information:

and the SIM encrypts the identification information of the user based on the key information by using a triple data encryption algorithm 3DES-CBC encryption mode.

5. An identity authentication system based on a telecom smart card is characterized by comprising an authentication server and a Subscriber Identity Module (SIM) card;

The SIM card is used for receiving an identity authentication request message input by a user, wherein the identity authentication request message carries the identification information of the user;

The SIM card is also used for encrypting the identification information of the user based on the key information to obtain encryption information;

The SIM card is also used for sending the encryption information to an authentication server, and the encryption information is used for authenticating the identity of the user by the authentication server;

The authentication server is used for receiving the encryption information;

The authentication server is also used for decrypting the encrypted information to obtain decrypted user identification information;

The authentication server is also used for authenticating the decrypted user identification information to obtain an authentication result;

the authentication server is also used for sending the authentication result to the SIM card;

the SIM card is also used for receiving the authentication result and displaying the authentication result to the user;

before the SIM card encrypts the identification information of the user based on the key information, the SIM card is also used for sending an identity authentication function request message to the authentication server;

The authentication server is further configured to receive the identity authentication function request message;

The authentication server is further configured to determine whether the SIM card is a reachable card in response to the identity authentication function request message;

When the SIM card is a reachable card, the authentication server is also used for updating an information architecture IA module to an over-the-air OTA application on the SIM card in a short message pushing mode, wherein the IA module comprises the key information;

the SIM card is also used for receiving the IA module.

6. The system of claim 5, wherein the authentication server is further configured to send a log storage request message to a database server, the log storage request message carrying the authentication result.

7. The system according to any one of claims 5 or 6, wherein the identification information of the user comprises: the method comprises the steps of enabling name information of a user, identification card number information of the user, agreed password information between the user and an authentication server and/or biometric information of the user.

8. A computer readable medium, characterized in that the computer readable medium stores a program code for computer execution, the program code comprising instructions for performing the method of any of claims 1 to 4.