Nothing Special   »   [go: up one dir, main page]

CN112019493A - Identity authentication method, identity authentication device, computer device, and medium - Google Patents

Identity authentication method, identity authentication device, computer device, and medium Download PDF

Info

Publication number
CN112019493A
CN112019493A CN201910475902.3A CN201910475902A CN112019493A CN 112019493 A CN112019493 A CN 112019493A CN 201910475902 A CN201910475902 A CN 201910475902A CN 112019493 A CN112019493 A CN 112019493A
Authority
CN
China
Prior art keywords
identity
client
verification code
signature
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910475902.3A
Other languages
Chinese (zh)
Other versions
CN112019493B (en
Inventor
柏玉鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201910475902.3A priority Critical patent/CN112019493B/en
Publication of CN112019493A publication Critical patent/CN112019493A/en
Application granted granted Critical
Publication of CN112019493B publication Critical patent/CN112019493B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present disclosure provides an identity authentication method, applied to a server, including: receiving a request message sent by a client, wherein the request message comprises: the client side sends a request parameter to the client side, wherein the request parameter is obtained by the client side according to the identity identifier, the request parameter and a verification code obtained by the client side; acquiring a first verification code pre-allocated to the identity by the server; when a preset condition is met, obtaining a second signature based on the identity, the first verification code and the request parameter; when the second signature is consistent with the first signature, determining that the client identity authentication is passed; and when the client identity authentication is determined to pass, returning a response parameter aiming at the request parameter to the client. The present disclosure also provides an identity authentication apparatus, a computer device and a computer readable storage medium.

Description

Identity authentication method, identity authentication device, computer device, and medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an identity authentication method, an identity authentication apparatus, a computer device, and a medium.
Background
In the prior art, after receiving a request message sent by a client, a server performs identity authentication on the client only by using a unique field such as a version number, a compilation number, a user number and the like carried in the request message sent by the client, and the identity authentication method has the following problems.
On the one hand, this approach makes it easy for an attacker to forge the request message. After an attacker intercepts several request messages, the repeated and fixed unique fields can be obtained, the unique fields are added into forged request messages and then are sent to the server side, and the server side cannot verify the authenticity of the request messages. On the other hand, based on this method, when performing identity authentication, the server must first parse the message body of the request message to obtain the specific field. In the environment facing a large number of attack requests or forged requests, the analysis of each request message greatly wastes the performance of the server side.
Disclosure of Invention
In view of the above, the present disclosure provides an improved identity authentication method, identity authentication apparatus, computer device and medium.
One aspect of the present disclosure provides an identity authentication method. The method is applied to a server side and comprises the following steps: receiving a request message sent by a client, wherein the request message comprises: the client side sends a request parameter to the client side, wherein the request parameter is obtained by the client side according to the client side, the identity identification, the request parameter and a verification code obtained by the client side. And acquiring a first verification code pre-allocated to the identity by the server side. And when a preset condition is met, obtaining a second signature based on the identity, the first verification code and the request parameter. And when the second signature is consistent with the first signature, determining that the client identity authentication is passed. And when the client identity authentication is determined to pass, returning a response parameter aiming at the request parameter to the client.
According to an embodiment of the present disclosure, the method further includes: before the request message sent by the client is received, receiving the identity identifier sent by the client; allocating a verification code for any received identity and sending the verification code to another client side associated with the identity; and storing verification information of any identity in a database, wherein the verification information comprises: the system comprises any identity identification and a verification code corresponding to the identity identification.
According to the embodiment of the disclosure, the identity is a mobile phone number. The allocating a verification code to any received identity and sending the verification code to another client associated with the identity includes: and generating a verification code for any received mobile phone number and sending the verification code to an instant messaging client associated with the mobile phone number.
According to an embodiment of the present disclosure, the verification information of any one of the above-mentioned identifiers further includes: the generation time of the verification code and the validity time of the verification code. The request message further includes a request time. The predetermined conditions include: the time difference between the request time and the generation time of the first verification code does not exceed the validity time of the first verification code.
According to an embodiment of the present disclosure, obtaining the second signature based on the identity, the first verification code, and the request parameter includes: combining part or all of the identity identification and the first verification code into a first character string according to a first combination rule; encrypting the first character string by using a first encryption algorithm to obtain a first key; combining the first key, the request parameter and the identification information of the server end into a second character string according to a second combination rule; and encrypting the second character string by using a second encryption algorithm to obtain the second signature.
Another aspect of the present disclosure provides an identity authentication method. The method is applied to the client and comprises the following steps: and acquiring the identity, the second verification code and the request parameter. And obtaining a first signature based on the identity, the second verification code and the request parameter. Sending a request message to a server, wherein the request message comprises: the identity identification, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity identification, the verification code allocated to the identity identification by the server side and the request parameter. And when the first signature is verified to be true, receiving response parameters which are returned by the server and aim at the request parameters.
According to an embodiment of the present disclosure, the obtaining the identity and the second verification code includes: receiving the second verification code from another client associated with the identity.
According to an embodiment of the present disclosure, obtaining the first signature based on the identity, the second verification code, and the request parameter includes: combining part or all of the identity identification and the second verification code into a third character string according to a first combination rule; encrypting the third character string by using a first encryption algorithm to obtain a second key; combining the second key, the request parameter and the identification information of the server end into a fourth character string according to a second combination rule; and encrypting the fourth character string by using a second encryption algorithm to obtain the first signature.
Another aspect of the present disclosure provides an identity authentication apparatus. The device is applied to a server side and comprises a receiving module, an obtaining module, a signature module, a determining module and a response module. The receiving module is used for receiving a request message sent by a client, wherein the request message comprises: the client side sends a request parameter to the client side, wherein the request parameter is obtained by the client side according to the client side, the identity identification, the request parameter and a verification code obtained by the client side. The acquisition module is used for acquiring a first verification code pre-allocated to the identity by the server side. And the signature module is used for obtaining a second signature based on the identity, the first verification code and the request parameter when a preset condition is met. The determining module is used for determining that the client identity authentication is passed when the second signature is consistent with the first signature. And the response module is used for returning response parameters aiming at the request parameters to the client when the client identity authentication is determined to pass.
Another aspect of the present disclosure provides an identity authentication apparatus. The device is applied to the client and comprises an acquisition module, a signature module, a sending module and a receiving module. The obtaining module is used for obtaining the identity, the second verification code and the request parameter. The signature module is used for obtaining a first signature based on the identity, the second verification code and the request parameter. The sending module is used for sending a request message to a server, wherein the request message comprises: the identity identification, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity identification, the verification code allocated to the identity identification by the server side and the request parameter. And the receiving module is used for receiving the response parameter which is returned by the server and aims at the request parameter when the first signature is verified to be true.
Another aspect of the present disclosure provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method as described above when executing the program.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, after receiving a request message sent by a client, a server finds a first verification code allocated to an identity in advance according to the identity in the request message, obtains a second signature based on the identity, the first verification code and a request parameter in the request message, and verifies the correctness of the first signature in the request message by using the second signature. Because the first signature comprises information such as the identity, the request parameter and the verification code obtained by the client, the first signature is changed when any information is incorrect, and the first signature is verified by using the second signature generated by the server, so that the request message can be prevented from being forged by an attacker. In the identity authentication process, the server does not need to analyze the first signature, and only needs to compare the second signature with the first signature, so that the time for the server to authenticate the identity of a single request message can be saved, and the performance of the server is improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which the identity authentication method and apparatus may be applied, according to an embodiment of the present disclosure;
FIG. 2A schematically illustrates a flow chart of a method of identity authentication according to an embodiment of the present disclosure;
FIG. 2B schematically illustrates a flow diagram of a method of identity authentication according to another embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a method of identity authentication according to another embodiment of the present disclosure;
FIG. 4 schematically shows a schematic diagram of an identity authentication process according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of an identity authentication device according to an embodiment of the present disclosure;
FIG. 6 schematically illustrates a block diagram of an identity authentication device according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of an identity authentication device according to another embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of an identity authentication device according to another embodiment of the present disclosure; and
FIG. 9 schematically shows a block diagram of a computer device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides an identity authentication method and device. The method is applied to a server side and comprises a request receiving stage, a verification code obtaining stage, a signature stage, an authentication stage and a response stage. In the request receiving phase, a request message which is sent by the client and contains the identity identification, the first signature and the request parameter is received. And then, in the verification code acquisition stage, acquiring a first verification code which is recorded by the server side and is pre-allocated to the identity according to the identity in the request message. And entering a signature stage when a preset condition is met, and obtaining a second signature based on the identity, the first verification code and the request parameter. In the authentication phase, when the second signature generated by the server side is consistent with the first signature sent by the client, the identity authentication of the client is determined to be passed. And entering a response stage after the identity authentication is passed, and returning response parameters aiming at the request parameters to the client.
Fig. 1 schematically illustrates an exemplary system architecture 100 to which the identity authentication methods and apparatus may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various client applications installed thereon, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server providing support for various clients in the terminal devices 101, 102, 103. The background management server receives a request message sent by the client, may perform identity authentication on the client first, perform response such as analysis processing on the received request message after the identity authentication is passed, and feed back a response result (for example, a web page, information, or data obtained or generated according to the request message) for the request message to the terminal devices 101, 102, and 103, and the user browses the corresponding response result through the terminal devices 101, 102, and 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired.
Fig. 2A schematically shows a flow chart of an identity authentication method according to an embodiment of the present disclosure, which is described from the server side.
As shown in fig. 2A, the method includes operations S201 to S205.
In operation S201, a request message transmitted by a client is received.
In this operation, the request message sent by the client includes: an identity, a first signature, and a request parameter. The identity is used for identifying the user identity of the client. The first signature is obtained by the client based on the identity, the request parameter and the verification code obtained by the client. The request parameter includes one or more parameter information related to the request message, which may characterize the name, format, length, etc. of the service data requested to be obtained by the client, the software information of the client, the hardware information of the device where the client is located, and the like, and is not limited herein. The client sends a request message to the server for acquiring the data content requested to be acquired.
In operation S202, a first verification code pre-allocated by the server for the identity is obtained.
In this operation, the first verification code pre-allocated by the server for the identity is the only legal verification code of the identity. Only the legal client terminal associated with the identity can acquire the legal verification code of the identity. After receiving a request message sent by a client, a server acquires a first verification code which is allocated in advance according to an identity in the request message, so that the correctness of the verification code acquired by the client is determined by using the first verification code in the following process.
In operation S203, when a predetermined condition is satisfied, a second signature is obtained based on the identity, the first verification code, and the request parameter.
In operation S204, when the second signature is consistent with the first signature, it is determined that the client identity authentication is passed.
In this operation S204, when the first verification code is used to determine the correctness of the verification code acquired by the client, the first verification code is not directly compared with the verification code acquired by the client, but the correctness of the first signature in the request message sent by the client is verified based on the second signature generated by the server. Because the second signature is obtained by the server side based on the identity, the first verification code and the request parameter, the first signature is obtained by the client side based on the identity, the request parameter and the verification code obtained by the client side, and if the second signature is consistent with the first signature, the verification code obtained by the client side is consistent with the first verification code recorded by the server side. At this time, the client is determined to have a legal identity and a correct verification code corresponding to the identity, and the client identity authentication is determined to be passed. And if the second signature is not consistent with the first signature, the verification code obtained by the client side is not consistent with the first verification code recorded by the server side. At this time, it is determined that the identity identifier and the verification code held by the client do not correspond to each other, and it is determined that the client identity authentication fails.
In operation S205, when it is determined that the client authentication is passed, a response parameter for the request parameter is returned to the client.
As can be seen, in the method shown in fig. 2A, after receiving a request message sent by a client, a server finds a first verification code pre-allocated to an identity according to the identity in the request message, obtains a second signature based on the identity, the first verification code, and a request parameter in the request message, and verifies the correctness of the first signature in the request message by using the second signature. Because the first signature comprises information such as the identity, the request parameter and the verification code obtained by the client, the first signature is changed when any information is incorrect, and the first signature is verified by using the second signature generated by the server, so that the request message can be prevented from being forged by an attacker. In the identity authentication process, the server does not need to analyze the first signature, and only needs to compare the second signature with the first signature, so that the time for the server to authenticate the identity of a single request message can be saved, and the performance of the server is improved.
Fig. 2B schematically shows a flow chart of an identity authentication method according to another embodiment of the present disclosure, describing the identity authentication method according to an embodiment of the present disclosure from the server side.
As shown in fig. 2B, the method includes operations S211 to S213 and operations S201 to S205, wherein the operations S201 to S205 are described above and are not described herein again.
In operation S211, an identity transmitted by a client is received.
In operation S212, a verification code is assigned to any one of the received ids and sent to another client associated with the any one of the ids.
In the operation, the verification code allocated to one identity is sent to another client side associated with the identity, so that when the client side sending the identity is a legal client side associated with the identity, the verification code allocated to the identity by the server side can be acquired through the other client side, namely, the only legal verification code of the identity can be acquired.
In operation S213, verification information of any one of the ids is stored in a database, where the verification information includes: the server side distributes a verification code for the identity identification to the server side.
In this operation, for each id from any client, the server correspondingly stores the id and the verification code allocated to the id in the database as the verification information of the id.
After operation S213, operations S201 to S205 are performed again.
In a specific embodiment, the identity may be a mobile phone number, the client is a client C, and the server is a server S. Under the scene that a user uses a client C to realize a preset function, the client C responds to the operation of inputting a mobile phone number A by the user, sends the mobile phone number A to a server S, and the server S receives the mobile phone number A sent by the client C and distributes a verification code a to the mobile phone number. On one hand, the server S correspondingly stores the mobile phone number A and the verification code a as verification information of the mobile phone number A. On the other hand, the server S sends the verification code a to another client C ' associated with the mobile phone number a, for example, the client C ' is an instant messaging client C ' associated with the mobile phone number a. Client C and client C' may run on the same or different electronic devices. If the client C is a valid client associated with the mobile phone number a, the verification code a may be obtained from the client C ', for example, the client C obtains the verification code a through direct or indirect communication with the client C ', or the user inputs the verification code a to the client C after obtaining the verification code a from the client C '. If the client C is an illegal client or is operated by an illegal user, the client C cannot acquire the verification code or acquire the wrong verification code.
After the client C obtains the verification code, a first signature is obtained based on the mobile phone number A, the obtained verification code and the request parameter of the request message, the mobile phone number A, the first signature and the request parameter are placed in the request message, and the request message is sent to the server S. After receiving the request message, the server S extracts the mobile phone number A, the first signature and the request parameter from the request message, searches the verification code a corresponding to the mobile phone number A from the database according to the mobile phone number A, obtains a second signature based on the mobile phone number A, the verification code a and the request parameter, and verifies the correctness of the first signature by using the second signature, thereby verifying whether the client C obtains the correct verification code a.
In another specific embodiment, the identity may be a mailbox address, the client is a client C, and the server is a server S. Under the scene that a user uses a client C to realize a preset function, the client C responds to the operation of inputting the mailbox address B by the user and sends the mailbox address B to a server S, and the server S receives the mailbox address B sent by the client C and distributes an identifying code B for the mobile phone number. On one hand, the server S correspondingly stores the mailbox address B and the verification code B as the verification information of the mailbox address B. On the other hand, the server S sends the verification code B to another client C ' associated with the mailbox address B, for example, the client C ' is an instant messaging client C ' associated with the mailbox address B. Client C and client C' may run on the same or different electronic devices. If the client C is a valid client associated with the mailbox address B, the verification code B may be obtained from the client C ', for example, the client C obtains the verification code B through direct or indirect communication with the client C ', or the user inputs the verification code B to the client C after knowing the verification code B from the client C '. If the client C is an illegal client or is operated by an illegal user, the client C cannot acquire the verification code or acquire the wrong verification code.
According to the embodiment of the disclosure, in order to further improve the reliability of identity authentication, the verification code allocated by the server for the identity identifier is a randomly generated dynamic verification code, and has a certain effective time. The verification information of any identity stored in the server side comprises the generation time of the verification code and the valid time of the verification code besides the identity and the verification code. The request message sent by the client includes the request time in addition to the identity, the first signature and the request parameter. The predetermined conditions include: the time difference between the request time and the generation time of the first verification code does not exceed the validity time of the first verification code. That is to say, after receiving the request message, the server side finds the verification information of the identity identifier in the database according to the identity identifier in the request message, and obtains the first verification code allocated to the identity identifier by the server side, the generation time of the first verification code, and the valid time of the first verification code. The server side also obtains the request time from the request message, when the time difference between the request time and the generation time of the first verification code exceeds the effective time of the first verification code, the first verification code allocated for the identity by the server side is invalid, at the moment, the request message is inevitably invalid, and the follow-up verification process is not required to be executed. Otherwise, the server side is used for allocating the first verification code for the identity identification, and the subsequent verification process can be carried out.
According to an embodiment of the present disclosure, obtaining, by the server, a second signature based on the identity identifier, the first verification code, and the request parameter includes: and combining part or all of the identity identifier and a first verification code distributed for the identity identifier by the server side into a first character string according to a first combination rule, and encrypting the first character string by using a first encryption algorithm to obtain a first key. And then, combining the first key, the request parameter in the request message and the identification information of the server side into a second character string according to a second combination rule, and encrypting the second character string by using a second encryption algorithm to obtain a second signature. It can be seen that the second signature generated in the above process includes four kinds of information, namely, the identity, the first verification code allocated to the identity by the server, the request message, and the identification information of the server, and a change in any one of the information causes a change in the second signature, and each information (particularly, the first verification code) is protected by a two-layer combination and a two-layer encryption.
Fig. 3 schematically shows a flow chart of an identity authentication method according to another embodiment of the present disclosure, describing the identity authentication method according to an embodiment of the present disclosure from the client side.
As shown in fig. 3, the method includes operations S301 to S304.
In operation S301, an identity, a second verification code and a request parameter are obtained.
The identity marks represent the user identity of the client. The second verification code is the verification code corresponding to the identity obtained by the client, when the client is a legal client associated with the identity, the second verification code should be consistent with the verification code pre-allocated to the identity by the server, otherwise, the second verification code is forged. The request parameter includes one or more parameter information related to the request message, which may characterize the name, format, length, etc. of the service data requested to be obtained by the client, the software information of the client, the hardware information of the device where the client is located, and the like, and is not limited herein. The client can locally generate request parameters according to actual needs.
In operation S302, a first signature is obtained based on the identity, the second verification code, and the request parameter.
The first signature obtained by the operation includes three kinds of information, namely the identity identifier, the second verification code and the request parameter, which are acquired by the client, and the change of any one of the three kinds of information can cause the change of the first signature.
In operation S303, a request message is sent to a server, where the request message includes: the identity identification, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity identification, the verification code allocated to the identity identification by the server side and the request parameter.
In operation S304, when the first signature is verified to be correct, a response parameter for the request parameter returned by the server is received.
It can be seen that the identity authentication method applied to the client shown in fig. 3 corresponds to the identity authentication method applied to the server shown in fig. 2A to 2B, and the mutual cooperation between the client and the server can achieve a complete identity authentication process, and repeated parts are not described again.
In an embodiment of the present disclosure, the obtaining, by the client, the second verification code includes: the second verification code is received from another client associated with the identity.
In an embodiment of the disclosure, the obtaining the first signature based on the identity, the second verification code, and the request parameter includes: and combining part or all of the identity identifier and the second verification code into a third character string according to the first combination rule, and encrypting the third character string by using a first encryption algorithm to obtain a second key. And combining the second key, the request parameter and the identification information of the server terminal into a fourth character string according to a second combination rule, and encrypting the fourth character string by using a second encryption algorithm to obtain a first signature. It can be seen that the first signature generated in the above process includes four kinds of information, namely, the identity, the second verification code obtained by the client, the request message, and the identification information of the server, and a change in any one of the information may cause a change in the first signature, and each information (particularly, the second verification code) is protected by a double-layer combination and double-layer encryption, thereby avoiding an attacker from analyzing the second verification code when intercepting the request message.
An identity authentication method according to an embodiment of the present disclosure is described below with reference to fig. 4. In this embodiment, the identity of the client is taken as a mobile phone number for example for explanation, in other embodiments, the identity of the client may be any unique identity that can represent the identity of the client, such as a mailbox address, a user name, and the like, and the implementation logics are the same, and the explanation is not repeated here.
Fig. 4 schematically shows a schematic diagram of an identity authentication process according to an embodiment of the present disclosure.
As shown in fig. 4, in this example, the client is a client C, and the server is a server S, which shows an identity authentication process performed when the client C initiates a registration request to the server S. An input control and a verification code acquisition control are displayed on an interface of the client C, a user inputs a mobile phone number A through the input control, and the client C acquires the mobile phone number A. And responding to the operation that the user triggers the verification code acquisition control, and sending the mobile phone number A to the server S by the client C. After receiving the mobile phone number A, the server S allocates a verification code a of a 6-digit random number to the mobile phone number A, wherein the verification code a can be used only once, and the effective time is N (N is more than 0) minutes. The server S sends the verification code a to the client C in a direct or indirect mode, and meanwhile the server A stores the mobile phone number A, the verification code a, the generation time of the verification code a and the valid time of the verification code a in a database as verification information of the mobile phone number A.
Assuming that the client C receives the verification code a ', it is not known whether the verification code a' is consistent with the verification code a before the authentication is completed. The client C communicates with the server S via http (hypertext Transfer Protocol Secure), encapsulates request parameters required for a registration request into a json string, and uses the json string as a request body (body) of a request message. The client C combines the received verification code a' and the last four bits of the mobile phone number A into a character string 1, and encrypts the character string 1 by using a first encryption algorithm to obtain a first secret key. The first encryption algorithm may be various reversible or irreversible encryption algorithms, such as SHA256 algorithm, MD5 algorithm, SHA1 algorithm, etc., without limitation. Then, the client C combines the first key, the URL information, and the request body into a character string 2, and encrypts the character string 2 by using a second encryption algorithm to obtain a first signature (signature). Wherein the second encryption algorithm is typically a reversible encryption algorithm, such as a predetermined shift, reverse order, etc. encryption algorithm. The client C puts the mobile phone number a and the first signature into a header (header), and makes up the header and a message body into a request message of a registration request, and sends the request message to the server S.
After receiving the request message, the server S determines the request time of the client C, obtains the mobile phone number A and the first signature by analyzing the message header, searches the verification information of the mobile phone number A in the database according to the mobile phone number A, and obtains the verification code a, the generation time of the verification code a and the effective time of the verification code a which are allocated to the mobile phone number A by the server S in advance. And if the generation time of the request time interval verification code a exceeds N minutes, determining that the request message is invalid, directly determining that the identity authentication of the client C fails, and not allowing to register. And if the request time is not more than N minutes from the generation time of the verification code a, determining that the request message is valid. The server S combines the found identifying code a and the last four bits of the mobile phone number a into a character string 3, and encrypts the character string 3 by using a first encryption algorithm to obtain a second key. Then, the server S combines the second key, the URL information, and the request body in the request message into a character string 4, and encrypts the character string 4 by using a second encryption algorithm to obtain a second signature.
And the server S compares the generated second signature with the first signature in the message header, if the second signature and the first signature are consistent, the request message is from a real and legal client, the identity authentication of the client C is determined to be successful, the registration is allowed, and the server S returns a response parameter aiming at the registration request to the client C so that the client C can successfully register based on the mobile phone number A.
In this example, a case that the client performs a registration request to the server is taken as an example to describe, it should be noted that the identity authentication method according to the embodiment of the present disclosure is applicable to various scenarios in which the client initiates a request to the server, such as a login scenario, a service data request scenario, and the like, and is not limited herein.
Further, in the case that the server S and the client C have interacted before, the server S may also pre-store various information related to the client C, such as hardware information of a device where the client C is located, software information of the client C, a mobile phone number associated with the client C, and the like. After receiving the request message sent by the client C, the server S may match various information recorded in the request body with various information pre-stored in association with the client C, and send safety warning information to the client C when the degree of matching is lower than a predetermined threshold. Then the identity authentication process is carried out.
Fig. 5 schematically shows a block diagram of an identity authentication apparatus 500 according to an embodiment of the present disclosure, which is applied to a server side.
As shown in fig. 5, the identity authentication apparatus 500 includes: a receiving module 510, an obtaining module 520, a signing module 530, a determining module 540, and a responding module 550.
The receiving module 510 is configured to receive a request message sent by a client, where the request message includes: the client side sends a request parameter to the client side, wherein the request parameter is obtained by the client side according to the client side, the identity identification, the request parameter and a verification code obtained by the client side.
The obtaining module 520 is configured to obtain a first verification code allocated by the server for the identity.
The signature module 530 is configured to obtain a second signature based on the identity, the first verification code, and the request parameter when a predetermined condition is satisfied.
The determining module 540 is configured to determine that the client identity authentication is passed when the second signature is consistent with the first signature.
And the response module 550 is configured to return a response parameter for the request parameter to the client when it is determined that the client identity authentication passes.
Fig. 6 schematically shows a block diagram of an identity authentication apparatus according to another embodiment of the present disclosure, and the identity authentication apparatus 600 is applied to a server side.
As shown in fig. 6, the identity authentication apparatus 600 includes: a receiving module 610, an obtaining module 620, a signing module 630, a determining module 640, and a responding module 650. The receiving module 610, the obtaining module 620, the signature module 630, the determining module 640, and the response module 650 respectively have the same functions as those of the receiving module 510, the obtaining module 520, the signature module 530, the determining module 540, and the response module 550, and repeated descriptions thereof are omitted.
In one embodiment of the present disclosure, the identity authentication apparatus 600 further includes: an identity receiving module 660, an assignment module 670, and a storage processing module 680.
The identity receiving module 660 is configured to receive the identity sent by the client before the receiving module 610 receives the request message sent by the client. The allocating module 670 is configured to allocate a verification code to any received identity and send the verification code to another client associated with the identity; and the storage processing module 680 is configured to store the verification information of any one of the ids in a database, where the verification information includes: the system comprises any identity identification and a verification code corresponding to the identity identification.
In one embodiment of the present disclosure, the identity is a mobile phone number. The allocating module 670 is specifically configured to generate a verification code for any received mobile phone number and send the verification code to an instant messaging client associated with the mobile phone number.
In an embodiment of the present disclosure, the verification information of any one of the identifiers further includes: the generation time of the verification code and the validity time of the verification code. The request message also includes a request time. The predetermined conditions include: the time difference between the request time and the generation time of the first verification code does not exceed the validity time of the first verification code.
In one embodiment of the present disclosure, the signature module 630 includes: a first combining sub-module 631, a first encryption sub-module 632, a second combining sub-module 633, and a second encryption sub-module 634.
The first combining sub-module 631 is configured to combine part or all of the identity with the first verification code into a first string according to a first combining rule. The first encryption sub-module 632 is configured to encrypt the first character string by using a first encryption algorithm to obtain a first key. The second combination sub-module 633 is configured to combine the first key, the request parameter, and the identification information of the server into a second character string according to a second combination rule. And the second encryption sub-module 634 is configured to encrypt the second string with a second encryption algorithm to obtain the second signature.
Fig. 7 schematically shows a block diagram of an authentication apparatus 700 applied to a client according to another embodiment of the present disclosure.
As shown in fig. 7, the identity authentication apparatus 700 includes: an acquisition module 710, a signature module 720, a sending module 730, and a receiving module 740.
The obtaining module 710 is configured to obtain the identity, the second verification code, and the request parameter.
The signature module 720 is configured to obtain a first signature based on the identity, the second verification code, and the request parameter.
The sending module 730 is configured to send a request message to the server, where the request message includes: the identity identification, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity identification, the verification code allocated to the identity identification by the server side and the request parameter.
And the receiving module 740 is configured to receive a response parameter returned by the server side for the request parameter when the first signature is verified to be true.
Fig. 8 schematically shows a block diagram of an identity authentication apparatus according to another embodiment of the present disclosure, and the identity authentication apparatus 800 is applied to a client.
As shown in fig. 8, the identity authentication apparatus 800 includes: an obtaining module 810, a signing module 820, a sending module 830, and a receiving module 840. The obtaining module 810, the signing module 820, the sending module 830, and the receiving module 840 respectively have the same functions as the obtaining module 710, the signing module 720, the sending module 730, and the receiving module 740, and repeated descriptions thereof are omitted.
In an embodiment of the present disclosure, the obtaining module 810 is specifically configured to receive the second verification code from another client associated with the identity.
In one embodiment of the present disclosure, the signature module 820 includes: a first combining sub-module 821, a first encryption sub-module 822, a second combining sub-module 823, and a second encryption sub-module 824.
The first combining sub-module 821 is configured to combine part or all of the identity identifier and the second verification code into a third string according to a first combining rule. The first encryption sub-module 822 is configured to encrypt the third string by using a first encryption algorithm to obtain a second key. The second combination sub-module 823 is configured to combine the second key, the request parameter, and the identification information of the server into a fourth character string according to a second combination rule. And the second encryption sub-module 824 is configured to encrypt the fourth string by using a second encryption algorithm to obtain the first signature.
It should be noted that the implementation, solved technical problems, implemented functions, and achieved technical effects of each module/unit/subunit and the like in the apparatus part embodiment are respectively the same as or similar to the implementation, solved technical problems, implemented functions, and achieved technical effects of each corresponding step in the method part embodiment, and are not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any of the receiving module 610, the obtaining module 620, the signing module 630, the determining module 640, the responding module 650, the identity receiving module 660, the assigning module 670, and the storage processing module 680 may be combined in one module to be implemented, or any one of them may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the disclosure, at least one of the receiving module 610, the obtaining module 620, the signing module 630, the determining module 640, the responding module 650, the identification receiving module 660, the allocating module 670, and the storage processing module 680 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or any suitable combination of any of them. Alternatively, at least one of the receiving module 610, the obtaining module 620, the signing module 630, the determining module 640, the responding module 650, the identity receiving module 660, the assigning module 670, and the storage processing module 680 may be implemented at least in part as a computer program module that, when executed, may perform corresponding functions.
For another example, any plurality of the obtaining module 810, the signing module 820, the sending module 830 and the receiving module 840 may be combined into one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the disclosure, at least one of the obtaining module 810, the signing module 820, the sending module 830, and the receiving module 840 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or in any one of three implementations of software, hardware, and firmware, or in any suitable combination of any of them. Alternatively, at least one of the obtaining module 810, the signing module 820, the sending module 830, and the receiving module 840 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
Fig. 9 schematically shows a block diagram of a computer device adapted to implement the above described method according to an embodiment of the present disclosure. The computer device shown in fig. 9 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present disclosure.
As shown in fig. 9, a computer apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, device 900 may also include an input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904. Device 900 may also include one or more of the following components connected to I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. An identity authentication method is applied to a server side and comprises the following steps:
receiving a request message sent by a client, wherein the request message comprises: the client side sends a request parameter to the client side, wherein the request parameter is obtained by the client side according to the identity identifier, the request parameter and a verification code obtained by the client side;
acquiring a first verification code pre-allocated to the identity by the server;
when a preset condition is met, obtaining a second signature based on the identity, the first verification code and the request parameter;
when the second signature is consistent with the first signature, determining that the client identity authentication is passed; and
and when the client identity authentication is determined to pass, returning a response parameter aiming at the request parameter to the client.
2. The method of claim 1, further comprising, prior to receiving the request message sent by the client:
receiving an identity sent by the client;
allocating a verification code for any received identity and sending the verification code to another client side associated with the identity; and
storing verification information of any identity in a database, wherein the verification information comprises: the system comprises any identity identification and a verification code corresponding to the identity identification.
3. The method of claim 2, wherein:
the verification information of any identity further comprises: the generation time of the verification code and the effective time of the verification code;
the request message further includes a request time;
the predetermined conditions include: the time difference between the request time and the generation time of the first verification code does not exceed the validity time of the first verification code.
4. The method of claim 1, wherein: the obtaining a second signature based on the identity, the first verification code, and the request parameter includes:
combining part or all of the identity identification and the first verification code into a first character string according to a first combination rule;
encrypting the first character string by using a first encryption algorithm to obtain a first key;
combining the first key, the request parameter and the identification information of the server end into a second character string according to a second combination rule; and
and encrypting the second character string by using a second encryption algorithm to obtain the second signature.
5. An identity authentication method is applied to a client and comprises the following steps:
acquiring an identity, a second verification code and a request parameter;
obtaining a first signature based on the identity, the second verification code and the request parameter;
sending a request message to a server, wherein the request message comprises: the identity identification, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity identification, the verification code allocated to the identity identification by the server side and the request parameter; and
and when the first signature is verified to be true, receiving response parameters which are returned by the server and aim at the request parameters.
6. The method of claim 5, wherein the obtaining the identity and the second verification code comprises: receiving the second verification code from another client associated with the identity.
7. The method of claim 5, wherein the deriving a first signature based on the identity, the second validation code, and a request parameter comprises:
combining part or all of the identity identification and the second verification code into a third character string according to a first combination rule;
encrypting the third character string by using a first encryption algorithm to obtain a second key;
combining the second key, the request parameter and the identification information of the server end into a fourth character string according to a second combination rule; and
and encrypting the fourth character string by using a second encryption algorithm to obtain the first signature.
8. An identity authentication device is applied to a server side and comprises:
a receiving module, configured to receive a request message sent by a client, where the request message includes: the client side sends a request parameter to the client side, wherein the request parameter is obtained by the client side according to the identity identifier, the request parameter and a verification code obtained by the client side;
the acquisition module is used for acquiring a first verification code pre-allocated to the identity by the server;
the signature module is used for obtaining a second signature based on the identity, the first verification code and the request parameter when a preset condition is met;
the determining module is used for determining that the client identity authentication is passed when the second signature is consistent with the first signature; and
and the response module is used for returning response parameters aiming at the request parameters to the client when the client identity authentication is determined to pass.
9. An identity authentication device applied to a client comprises:
the acquisition module is used for acquiring the identity, the second verification code and the request parameter;
the signature module is used for obtaining a first signature based on the identity, the second verification code and the request parameter;
a sending module, configured to send a request message to a server, where the request message includes: the identity identification, the first signature and the request parameter, so that the server side verifies the correctness of the first signature based on the identity identification, the verification code allocated to the identity identification by the server side and the request parameter; and
and the receiving module is used for receiving the response parameters which are returned by the server and aim at the request parameters when the first signature is verified to be true.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executing the program implementing:
an identity authentication method as claimed in any one of claims 1 to 7.
11. A computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform:
an identity authentication method as claimed in any one of claims 1 to 7.
CN201910475902.3A 2019-05-31 2019-05-31 Identity authentication method, identity authentication device, computer equipment and medium Active CN112019493B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910475902.3A CN112019493B (en) 2019-05-31 2019-05-31 Identity authentication method, identity authentication device, computer equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910475902.3A CN112019493B (en) 2019-05-31 2019-05-31 Identity authentication method, identity authentication device, computer equipment and medium

Publications (2)

Publication Number Publication Date
CN112019493A true CN112019493A (en) 2020-12-01
CN112019493B CN112019493B (en) 2024-04-09

Family

ID=73506386

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910475902.3A Active CN112019493B (en) 2019-05-31 2019-05-31 Identity authentication method, identity authentication device, computer equipment and medium

Country Status (1)

Country Link
CN (1) CN112019493B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112737790A (en) * 2020-12-30 2021-04-30 北京天融信网络安全技术有限公司 Data transmission method and device, server and client terminal
CN112765588A (en) * 2021-01-21 2021-05-07 网易宝有限公司 Identity recognition method and device, electronic equipment and storage medium
CN113641656A (en) * 2021-08-19 2021-11-12 平安普惠企业管理有限公司 Questionnaire answer management method, device, computer equipment and storage medium
CN113672897A (en) * 2021-07-22 2021-11-19 北京奇艺世纪科技有限公司 Data communication method, device, electronic equipment and storage medium
CN113691377A (en) * 2021-08-20 2021-11-23 珠海格力电器股份有限公司 Method and device for processing equipment list
CN114285662A (en) * 2021-12-28 2022-04-05 北京天融信网络安全技术有限公司 Authentication method, device, equipment and storage medium
CN114338682A (en) * 2021-12-24 2022-04-12 北京字节跳动网络技术有限公司 Flow identity mark transmission method and device, electronic equipment and storage medium
CN114117376B (en) * 2022-01-28 2022-04-15 蘑菇物联技术(深圳)有限公司 Identity authentication method, method for distributing dynamic password and corresponding equipment
CN114363088A (en) * 2022-02-18 2022-04-15 京东科技信息技术有限公司 Method and device for requesting data
CN114401110A (en) * 2021-12-13 2022-04-26 杭州安恒信息技术股份有限公司 Request authentication method, system, computer device and readable storage medium
CN114584328A (en) * 2022-05-09 2022-06-03 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN114785560A (en) * 2022-03-29 2022-07-22 中国工商银行股份有限公司 Information processing method, apparatus, device and medium
CN114980098A (en) * 2022-04-28 2022-08-30 中移互联网有限公司 Identity verification method and device based on Subscriber Identity Module (SIM) card
CN116916310A (en) * 2023-07-07 2023-10-20 中移互联网有限公司 Verification code generation and verification method and device and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009175923A (en) * 2008-01-23 2009-08-06 Dainippon Printing Co Ltd Platform integrity verification system and method
CN102624739A (en) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 Authentication and authorization method and system applied to client platform
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN106533687A (en) * 2015-09-14 2017-03-22 阿里巴巴集团控股有限公司 Identity authentication method and device
CN107249004A (en) * 2017-07-24 2017-10-13 广州市玄武无线科技股份有限公司 A kind of identity identifying method, device and client

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009175923A (en) * 2008-01-23 2009-08-06 Dainippon Printing Co Ltd Platform integrity verification system and method
CN102624739A (en) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 Authentication and authorization method and system applied to client platform
CN106533687A (en) * 2015-09-14 2017-03-22 阿里巴巴集团控股有限公司 Identity authentication method and device
CN106375348A (en) * 2016-11-17 2017-02-01 杭州华三通信技术有限公司 Portal authentication method and Portal authentication device
CN107249004A (en) * 2017-07-24 2017-10-13 广州市玄武无线科技股份有限公司 A kind of identity identifying method, device and client

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112737790A (en) * 2020-12-30 2021-04-30 北京天融信网络安全技术有限公司 Data transmission method and device, server and client terminal
CN112737790B (en) * 2020-12-30 2023-04-07 北京天融信网络安全技术有限公司 Data transmission method and device, server and client terminal
CN112765588A (en) * 2021-01-21 2021-05-07 网易宝有限公司 Identity recognition method and device, electronic equipment and storage medium
CN112765588B (en) * 2021-01-21 2024-05-10 网易宝有限公司 Identity recognition method and device, electronic equipment and storage medium
CN113672897A (en) * 2021-07-22 2021-11-19 北京奇艺世纪科技有限公司 Data communication method, device, electronic equipment and storage medium
CN113672897B (en) * 2021-07-22 2024-03-08 北京奇艺世纪科技有限公司 Data communication method, device, electronic equipment and storage medium
CN113641656A (en) * 2021-08-19 2021-11-12 平安普惠企业管理有限公司 Questionnaire answer management method, device, computer equipment and storage medium
CN113691377A (en) * 2021-08-20 2021-11-23 珠海格力电器股份有限公司 Method and device for processing equipment list
CN114401110B (en) * 2021-12-13 2024-05-28 杭州安恒信息技术股份有限公司 Request authentication method, system, computer device and readable storage medium
CN114401110A (en) * 2021-12-13 2022-04-26 杭州安恒信息技术股份有限公司 Request authentication method, system, computer device and readable storage medium
CN114338682A (en) * 2021-12-24 2022-04-12 北京字节跳动网络技术有限公司 Flow identity mark transmission method and device, electronic equipment and storage medium
CN114285662B (en) * 2021-12-28 2023-11-10 北京天融信网络安全技术有限公司 Authentication method, authentication device, authentication equipment and storage medium
CN114285662A (en) * 2021-12-28 2022-04-05 北京天融信网络安全技术有限公司 Authentication method, device, equipment and storage medium
CN114117376B (en) * 2022-01-28 2022-04-15 蘑菇物联技术(深圳)有限公司 Identity authentication method, method for distributing dynamic password and corresponding equipment
CN114363088A (en) * 2022-02-18 2022-04-15 京东科技信息技术有限公司 Method and device for requesting data
CN114363088B (en) * 2022-02-18 2024-04-16 京东科技信息技术有限公司 Method and device for requesting data
CN114785560A (en) * 2022-03-29 2022-07-22 中国工商银行股份有限公司 Information processing method, apparatus, device and medium
CN114785560B (en) * 2022-03-29 2024-02-06 中国工商银行股份有限公司 Information processing method, device, equipment and medium
CN114980098A (en) * 2022-04-28 2022-08-30 中移互联网有限公司 Identity verification method and device based on Subscriber Identity Module (SIM) card
CN114584328A (en) * 2022-05-09 2022-06-03 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN114584328B (en) * 2022-05-09 2022-08-02 武汉四通信息服务有限公司 API interface access method, computer device and computer storage medium
CN116916310A (en) * 2023-07-07 2023-10-20 中移互联网有限公司 Verification code generation and verification method and device and electronic equipment

Also Published As

Publication number Publication date
CN112019493B (en) 2024-04-09

Similar Documents

Publication Publication Date Title
CN112019493B (en) Identity authentication method, identity authentication device, computer equipment and medium
CN108200050B (en) Single sign-on server, method and computer readable storage medium
CN107135073B (en) Interface calling method and device
US11539690B2 (en) Authentication system, authentication method, and application providing method
KR101744747B1 (en) Mobile terminal, terminal and method for authentication using security cookie
CN112559993B (en) Identity authentication method, device and system and electronic equipment
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN106534160A (en) Identity authentication method and system based on block chain
CN105306490A (en) System, method and device for payment verification
US20170085567A1 (en) System and method for processing task resources
US20200196143A1 (en) Public key-based service authentication method and system
US20160241536A1 (en) System and methods for user authentication across multiple domains
CN110958119A (en) Identity verification method and device
CN113055182B (en) Authentication method and system, terminal, server, computer system, and medium
CN113626840A (en) Interface authentication method and device, computer equipment and storage medium
CN115001714B (en) Resource access method and device, electronic equipment and storage medium
US10826901B2 (en) Systems and method for cross-channel device binding
CN110764979A (en) Log identification method, system, electronic device and computer readable medium
JP2021503637A (en) Systems and methods for authentication
CN110399706B (en) Authorization authentication method, device and computer system
CN112769565A (en) Method and device for upgrading cryptographic algorithm, computing equipment and medium
CN108965335B (en) Method for preventing malicious access to login interface, electronic device and computer medium
CN105141586B (en) A kind of method and system verified to user
CN112819469B (en) Payment method and system, terminal, server, computer system and medium
CN112583602B (en) Information code data transmission method, device, system, computer device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant