Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of identity identifying method, device, server and clients, reach
Short message will be sent to backstage when need not obtain user identity every time, authentication procedures are simpler, and due to security credence
With the double authentication of identity documents, the higher purpose of safety.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of identity identifying method, including the following steps:
That obtain the transmission of mobile phone applications client from Short Message Service Gateway includes international mobile subscriber identity IMSI, random train
Short message and the corresponding phone number of the mobile phone applications client;
The first request comprising the IMSI and random train that the mobile phone applications client is sent is received, and according to described
IMSI and random train find the phone number, and generate security credence corresponding with the phone number, are sent to the hand
Machine applications client;
Receive the second request comprising the IMSI and the security credence that the mobile phone applications client is sent, and root
The phone number is found according to the IMSI and the security credence, and generates identity documents corresponding with the phone number,
It is sent to the mobile phone applications client.
Wherein, from Short Message Service Gateway obtain mobile phone applications client send comprising international mobile subscriber identity IMSI, with
The step of short message of machine string and the mobile phone applications client corresponding phone number includes:
Obtain that mobile phone applications client sends from the Short Message Service Gateway comprising international mobile subscriber identity IMSI, random
The short message of string, and the short message is parsed, obtain the IMSI and random train;
The corresponding phone number of the mobile phone applications client is obtained from the Short Message Service Gateway;
Save the corresponding relationship of the IMSI, random train and the phone number.
Wherein, the first request comprising the IMSI and random train that the mobile phone applications client is sent, and root are received
The phone number is found according to the IMSI and random train, and generates security credence corresponding with the phone number, is sent to
The step of mobile phone applications client includes:
Receive the first request comprising the IMSI and random train that the mobile phone applications client is sent;
According to the IMSI and random train and the corresponding relationship of the IMSI, random train and the phone number, find
The IMSI and the corresponding phone number of random train;
Security credence corresponding with the phone number is generated, and is sent to the mobile phone applications client.
Wherein, in first request further include: the public key in public private key pair that mobile phone applications client generates;
Generate security credence corresponding with the phone number the step of include:
The corresponding security credence of phone number described in the public key to certificate authority application is submitted, and is passed through in application
The security credence that the certificate authority is issued is received afterwards.
Wherein, after generating security credence corresponding with the phone number further include:
Save the corresponding relationship of the security credence Yu the phone number.
Wherein, second comprising the IMSI and the security credence that the mobile phone applications client is sent is received to ask
It asks, and the phone number is found according to the IMSI and the security credence, and generate body corresponding with the phone number
Part voucher, the step of being sent to the mobile phone applications client include:
Receive that the mobile phone applications client sends comprising the security credence and utilize the described of private key signature
The second request of IMSI;
The IMSI of the private key signature is verified, if verifying successfully, according to security credence and the mobile phone
The corresponding relationship of number finds the corresponding phone number of the security credence;
The corresponding identity documents of the phone number are generated, the mobile phone applications client is sent to.
Wherein, the step of verifying to the IMSI of the private key signature include:
It is verified using the public key by the IMSI of the signature check algorithm to the private key signature.
Wherein, the step of generating the phone number corresponding identity documents include:
It is signed by signature algorithm to the phone number using local private key, generates identity documents.
The embodiment of the present invention also provides a kind of identification authentication system, comprising:
First obtains module, for obtaining knowing comprising international mobile subscriber for mobile phone applications client transmission from Short Message Service Gateway
Other code IMSI, the short message of random train and the corresponding phone number of the mobile phone applications client;
First processing module, for receiving that the mobile phone applications client sends comprising the IMSI and random train
One request, and the phone number is found according to the IMSI and random train, and generate safety corresponding with the phone number
Voucher is sent to the mobile phone applications client;
Second processing module, for receive that the mobile phone applications client sends comprising the IMSI and the safety with
Second request of card, and the phone number is found according to the IMSI and the security credence, and generate and the cell-phone number
The corresponding identity documents of code, are sent to the mobile phone applications client.
Wherein, the first acquisition module includes:
First acquisition unit, for obtaining using comprising international movement for mobile phone applications client transmission from the Short Message Service Gateway
The short message of family identification code IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Second acquisition unit, for obtaining the corresponding phone number of the mobile phone applications client from the Short Message Service Gateway;
First storage unit, for saving the corresponding relationship of the IMSI, random train and the phone number.
Wherein, the first processing module includes:
First receiving unit, for receiving that the mobile phone applications client sends comprising the IMSI and random train
One request;
First searching unit, for according to the IMSI and random train and the IMSI, random train and the cell-phone number
The corresponding relationship of code, finds the IMSI and the corresponding phone number of random train;
Security credence generates unit, for generating security credence corresponding with the phone number, and is sent to the hand
Machine applications client.
Wherein, in first request further include: the public key in public private key pair that mobile phone applications client generates;
The security credence generates unit
Security credence generating subunit, for submitting phone number described in the public key to certificate authority application corresponding
Security credence, and receive the security credence that the certificate authority issues after application passes through.
Wherein, the first processing module further include:
Second storage unit, for saving the corresponding relationship of the security credence Yu the phone number.
Wherein, the Second processing module includes:
Second receiving unit includes the security credence and utilization for receive the mobile phone applications client transmission
The second request of the IMSI of private key signature;
Verification unit is verified for the IMSI to the private key signature, if verify successfully, according to safety with
The corresponding relationship of card and the phone number, finds the corresponding phone number of the security credence;
Identity documents generate unit and are sent to the mobile phone for generating the corresponding identity documents of the phone number and answer
Use client.
Wherein, the verification unit includes:
Verify subelement, for using the public key by signature check algorithm to the IMSI of the private key signature into
Row verification.
Wherein, the identity documents generation unit includes:
Identity documents generating subunit, for being signed by signature algorithm to the phone number using local private key
Name generates identity documents.
The embodiments of the present invention also provide a kind of servers, applied to the authentication of user, including above-mentioned identity
Authentication device.
The embodiments of the present invention also provide a kind of clients, the authentication applied to user, comprising:
SMS transmission module, for sending the short message comprising IMSI and random train to Short Message Service Gateway;
First communication module for sending the first request comprising the IMSI and random train to server, and receives institute
State the security credence of server generation;
Second communication module is asked for second to server transmission comprising the IMSI and the security credence
It asks, and receives the identity documents that the server generates.
Wherein, further includes:
Key generation module, for generating the public private key pair of encryption and decryption;
Digital Signature module, for utilizing IMSI described in the private key signature.
Wherein, first request that the first communication module is sent also carries what the key generation module generated
Public key;And
The IMSI that second request that second module is sent carries is via the Digital Signature module
The private key signature.
The advantageous effects of the above technical solutions of the present invention are as follows:
The embodiment of the present invention, the mobile comprising the world of mobile phone applications client transmission will be obtained from Short Message Service Gateway first
CUSTOMER ID IMSI, the short message of random train and the corresponding phone number of mobile phone applications client;Then, mobile phone application is received
The first request comprising IMSI and random train that client is sent, and phone number is found according to IMSI and random train, and generate
Security credence corresponding with phone number is sent to the mobile phone applications client;Finally, receiving the mobile phone applications client
The second request comprising the IMSI and security credence sent, and phone number is found according to IMSI and security credence, and produce
Raw identity documents corresponding with phone number, are sent to mobile phone applications client.User need to only send for the first time in use
Short message success goes to complete authentication based on IMSI information and phone number, and passing through certification then according to above-mentioned steps
Afterwards, it will be able to an identity documents are obtained, it can be complete according to local identity documents when subsequently wanting to obtain identity information certification
At not needing to send the complicated cumbersome process such as short message application authentication again, process is simpler, and verification process is due to safety
The double authentication of voucher and identity documents, safety are higher.And the generation of identity documents also make it is subsequent be detached from operator
Also it can be carried out subscriber authentication in the case where network, more meet the demand for experience of modern mobile interchange network users.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
The present invention, which is directed to, to be had to send short message to backstage when obtaining identity every time existing for existing authentication mode,
Process is complicated, cumbersome, the low problem of security performance, provides a kind of identity identifying method, device, server and client
End, reaches that process is simple, the high purpose of security performance.
As shown in Figure 1, a kind of identity identifying method of the embodiment of the present invention, including the following steps:
Step 11, from Short Message Service Gateway obtain mobile phone applications client send comprising international mobile subscriber identity IMSI,
The short message of random train and the corresponding phone number of the mobile phone applications client;
Step 12, the first request comprising the IMSI and random train that the mobile phone applications client is sent is received, and
The phone number is found according to the IMSI and random train, and generates security credence corresponding with the phone number, is sent
To the mobile phone applications client;
Step 13, second comprising the IMSI and the security credence that the mobile phone applications client is sent is received to ask
It asks, and the phone number is found according to the IMSI and the security credence, and generate body corresponding with the phone number
Part voucher, is sent to the mobile phone applications client.
User need to only send short message success for the first time in use, then according to above-mentioned steps, based on IMSI information and
Phone number goes to complete authentication, and after through certification, it will be able to obtain an identity documents, subsequently want to obtain identity
It can be completed according to local identity documents when authentification of message, not need to send short message application authentication etc. again complicated cumbersome
Process, process is simpler, and verification process, due to the double authentication of security credence and identity documents, safety is higher.And
The generation of identity documents also make it is subsequent also can be carried out subscriber authentication in the case where being detached from carrier network, more meet existing
For the demand for experience of mobile interchange network users.
Further, step 11 includes:
Step 111, obtain the transmission of mobile phone applications client from the Short Message Service Gateway includes international mobile subscriber identity
The short message of IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Step 112, the corresponding phone number of the mobile phone applications client is obtained from the Short Message Service Gateway;
Step 113, the corresponding relationship of the IMSI, random train and the phone number are saved.
Further, step 12 includes:
Step 121, the first request comprising the IMSI and random train that the mobile phone applications client is sent is received;
Step 122, corresponding with the phone number according to the IMSI and random train and the IMSI, random train
Relationship finds the IMSI and the corresponding phone number of random train;
Step 123, security credence corresponding with the phone number is generated, and is sent to the mobile phone applications client.
In the identity identifying method of the embodiment of the present invention, in first request further include: mobile phone applications client produces
Public key in raw public private key pair;
Generate security credence corresponding with the phone number the step of include:
Step 1231, the corresponding security credence of phone number described in the public key to certificate authority application is submitted, and
The security credence that the certificate authority is issued is received after application passes through.
It is well known that certificate authorization center CA can prove the validity of key according to the key of offer, certificate, and
By public-key cryptography with some entity relationship to together.In the identity identifying method of the embodiment of the present invention, mobile phone application is submitted
CA can be obtained after application passes through to the corresponding security credence of the center CA application subscriber phone number in the public key that client generates
The security credence that center is issued.
Certainly, in order to complete authentication, identity information is necessarily required correspondingly, so, in step 123, generate
After security credence corresponding with the phone number further include:
Step 124, the corresponding relationship of the security credence Yu the phone number is saved.
It is to be established using the certificate serial number of security credence and mobile phone in the identity identifying method of the embodiment of the present invention
The corresponding relationship of number, that is, save the certificate serial number of the security credence and the corresponding relationship of the phone number.And
Due to also saving the relationship of phone number also corresponding IMSI and random train, so certificate serial number, mobile phone can be obtained
One-to-one relationship between number and IMSI string, provides foundation for subsequent authentication.
Further, step 13 includes:
Step 131, receive that the mobile phone applications client sends comprising the security credence and utilize private key signature
The IMSI second request;
Step 132, the IMSI of the private key signature is verified, if verify successfully, according to security credence with
The corresponding relationship of the phone number finds the corresponding phone number of the security credence;
Step 133, the corresponding identity documents of the phone number are generated, the mobile phone applications client is sent to.
Wherein, step 132, the step of verifying to the IMSI of the private key signature include:
Step 1321, school is carried out by the IMSI of the signature check algorithm to the private key signature using the public key
It tests.
Wherein, step 133, the step of generating the phone number corresponding identity documents include:
It is signed by signature algorithm to the phone number using local private key, generates identity documents.Certainly, on
It states and RSA Algorithm, ElGamal algorithm, elliptic curve digital signature algorithm and finite automaton can be used in signature and signature check
Machine digital signature algorithm etc. is realized, will not enumerate herein.It is terrible in the identity identifying method of the embodiment of the present invention
To higher information security is guaranteed, preferred high strength Encryption Algorithm PKI algorithm carries out signature and signature check.With technology
The higher algorithm of security intensity can also be used to realize in development, signature and signature check.
So far, the identity identifying method of the embodiment of the present invention completes authentication and obtains identity documents.
To sum up, the identity identifying method of the embodiment of the present invention is based on IMSI information and phone number, and by obtaining in CA
The security credence of the heart and final identity documents go to complete authentication, and process is simpler, and safety is higher.
Below as shown in Fig. 2, in conjunction with the mobile phone applications client in practical application, application platform server and Short Message Service Gateway
Come illustrate the embodiment of the present invention identity identifying method application:
Step 1, mobile phone applications client send the short message comprising IMSI and random train to Short Message Service Gateway.Short Message Service Gateway is received
To after short message, the phone number of short message content and the mobile phone for sending short message is transmitted to application platform server.
Step 2, application platform server parse the short message received, parse IMSI in short message content and
Random train, and record.
Step 3, application platform server by the phone number got from Short Message Service Gateway with from the short message of the phone number
In the IMSI that parses and random train composition value to (establishing corresponding relationship), and record.
Step 4, mobile phone applications client generate public and private key.
Step 5, mobile phone applications client, which is sent, carries the request of IMSI and random train in public key, short message to applying
Platform Server, request security credence.
Step 6, application platform server make security credence, identification user identity.1. according to the IMSI that receives and with
Machine string finds corresponding phone number;2. making the corresponding security credence of phone number found out;3. saving security credence
With the corresponding relationship of phone number, and by public key generate security credence return mobile phone user's client.
Step 7, mobile phone applications client use private key signature IMSI, send the request for carrying signature IMSI, security credence
To application platform server application authentication.
Step 8, application platform server carry out user identity authentication.1. being looked into after signature verification is effective according to security credence
Look for corresponding phone number;2. generating identity documents, and identity documents are returned into mobile phone applications client.
So far, authentication is completed.The identity documents that above-mentioned generation can be carried afterwards go to carry out authentication.When
So, above-described embodiment is only a kind of preferable implementation, is not intended as limiting unique implementation of the invention.
To solve the above-mentioned problems, as shown in figure 3, the embodiment of the invention also provides a kind of identification authentication systems, comprising:
First obtains module 1, includes international mobile subscriber for obtain the transmission of mobile phone applications client from Short Message Service Gateway
Identification code IMSI, the short message of random train and the corresponding phone number of the mobile phone applications client;
First processing module 2 includes the IMSI and random train for receive the mobile phone applications client transmission
First request, and the phone number is found according to the IMSI and random train, and generate peace corresponding with the phone number
Full voucher is sent to the mobile phone applications client;
Second processing module 3 includes the IMSI and the safety for receive the mobile phone applications client transmission
Second request of voucher, and the phone number is found according to the IMSI and the security credence, and generate and the mobile phone
The corresponding identity documents of number are sent to the mobile phone applications client.
Wherein, the first acquisition module includes:
First acquisition unit, for obtaining using comprising international movement for mobile phone applications client transmission from the Short Message Service Gateway
The short message of family identification code IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Second acquisition unit, for obtaining the corresponding phone number of the mobile phone applications client from the Short Message Service Gateway;
First storage unit, for saving the corresponding relationship of the IMSI, random train and the phone number.
Wherein, the first processing module includes:
First receiving unit, for receiving that the mobile phone applications client sends comprising the IMSI and random train
One request;
First searching unit, for according to the IMSI and random train and the IMSI, random train and the cell-phone number
The corresponding relationship of code, finds the IMSI and the corresponding phone number of random train;
Security credence generates unit, for generating security credence corresponding with the phone number, and is sent to the hand
Machine applications client.
Wherein, in first request further include: the public key in public private key pair that mobile phone applications client generates;
The security credence generates unit
Security credence generating subunit, for submitting phone number described in the public key to certificate authority application corresponding
Security credence, and receive the security credence that the certificate authority issues after application passes through.
Wherein, the first processing module further include:
Second storage unit, for saving the corresponding relationship of the security credence Yu the phone number.
Wherein, the Second processing module includes:
Second receiving unit includes the security credence and utilization for receive the mobile phone applications client transmission
The second request of the IMSI of private key signature;
Verification unit is verified for the IMSI to the private key signature, if verify successfully, according to safety with
The corresponding relationship of card and the phone number, finds the corresponding phone number of the security credence;
Identity documents generate unit and are sent to the mobile phone for generating the corresponding identity documents of the phone number and answer
Use client.
Wherein, the verification unit includes:
Verify subelement, for using the public key by signature check algorithm to the IMSI of the private key signature into
Row verification.
Wherein, the identity documents generation unit includes:
Identity documents generating subunit, for being signed by signature algorithm to the phone number using local private key
Name generates identity documents.
It should be noted that the device is the device for applying above-mentioned identity identifying method, above-mentioned identity identifying method is real
The implementation of example is applied suitable for the device, can also reach identical technical effect.
The embodiment of the invention also provides a kind of servers, including above-mentioned identification authentication system.Likewise, above-mentioned identity
The implementation of authentication method embodiment can also reach identical technical effect suitable for server.
The embodiment of the invention also provides a kind of clients, the authentication applied to user, comprising:
SMS transmission module, for sending the short message comprising IMSI and random train to Short Message Service Gateway;
First communication module for sending the first request comprising the IMSI and random train to server, and receives institute
State the security credence of server generation;
Second communication module is asked for second to server transmission comprising the IMSI and the security credence
It asks, and receives the identity documents that the server generates.
It is well known that keep the safety of identity information in communication process, often it is encrypted, therefore, on
The client stated further include:
Key generation module, for generating the public private key pair of encryption and decryption;
Digital Signature module, for utilizing IMSI described in the private key signature.
Wherein, first request that the first communication module is sent also carries what the key generation module generated
Public key in public private key pair;And
The IMSI that second request that the second communication module is sent carries is via the digital signature
The private key signature of module.
It should be noted that above-mentioned client is the authentication that the above-mentioned server of cooperation completes user.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.