CN104918245B - A kind of identity identifying method, device, server and client - Google Patents

A kind of identity identifying method, device, server and client Download PDF

Info

Publication number
CN104918245B
CN104918245B CN201410088753.2A CN201410088753A CN104918245B CN 104918245 B CN104918245 B CN 104918245B CN 201410088753 A CN201410088753 A CN 201410088753A CN 104918245 B CN104918245 B CN 104918245B
Authority
CN
China
Prior art keywords
imsi
phone number
mobile phone
applications client
security credence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410088753.2A
Other languages
Chinese (zh)
Other versions
CN104918245A (en
Inventor
张云
杭国强
余东辉
黄德斌
罗晓斌
余浩生
何志东
邱阳
吴翔宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Original Assignee
China Mobile Group Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Guangdong Co Ltd filed Critical China Mobile Group Guangdong Co Ltd
Priority to CN201410088753.2A priority Critical patent/CN104918245B/en
Publication of CN104918245A publication Critical patent/CN104918245A/en
Application granted granted Critical
Publication of CN104918245B publication Critical patent/CN104918245B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of identity identifying method, device, server and client.This method, including the following steps: obtain the transmission of mobile phone applications client from Short Message Service Gateway includes international mobile subscriber identity IMSI, the short message of random train and the corresponding phone number of mobile phone applications client;The first request comprising IMSI and random train that mobile phone applications client is sent is received, and phone number is found according to IMSI and random train, and generate security credence corresponding with phone number, is sent to mobile phone applications client;The second request comprising IMSI and security credence that mobile phone applications client is sent is received, and phone number is found according to IMSI and security credence, and generate identity documents corresponding with phone number, is sent to mobile phone applications client.Method of the invention it is achieved will send short message to backstage when need not obtain user identity every time, authentication procedures are simpler, and due to the double authentication of security credence and identity documents, safety is higher.

Description

A kind of identity identifying method, device, server and client
Technical field
The present invention relates to data service technical field, a kind of identity identifying method, device, server and client are particularly related to End.
Background technique
In the world of data service and cell phone internet, first critical point of the authentication as protective net assets is protected The physical identity for having demonstrate,proved operator is corresponding with digital identity, and authentication plays the role of very important.Currently, data service It with the approach that generallys use of method for obtaining user identity in cell phone internet is got by short message, i.e. application program is to spy Fixed port sends short message, and when short message arrives at application system backstage, application system parses user's body from Short Message Service Gateway agreement Part information, to obtain subscriber identity information.
But this mode, it has following defects that and has to send short message to backstage when obtaining identity every time.Authentication Process is complicated, and cumbersome, security performance is low.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of identity identifying method, device, server and clients, reach Short message will be sent to backstage when need not obtain user identity every time, authentication procedures are simpler, and due to security credence With the double authentication of identity documents, the higher purpose of safety.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of identity identifying method, including the following steps:
That obtain the transmission of mobile phone applications client from Short Message Service Gateway includes international mobile subscriber identity IMSI, random train Short message and the corresponding phone number of the mobile phone applications client;
The first request comprising the IMSI and random train that the mobile phone applications client is sent is received, and according to described IMSI and random train find the phone number, and generate security credence corresponding with the phone number, are sent to the hand Machine applications client;
Receive the second request comprising the IMSI and the security credence that the mobile phone applications client is sent, and root The phone number is found according to the IMSI and the security credence, and generates identity documents corresponding with the phone number, It is sent to the mobile phone applications client.
Wherein, from Short Message Service Gateway obtain mobile phone applications client send comprising international mobile subscriber identity IMSI, with The step of short message of machine string and the mobile phone applications client corresponding phone number includes:
Obtain that mobile phone applications client sends from the Short Message Service Gateway comprising international mobile subscriber identity IMSI, random The short message of string, and the short message is parsed, obtain the IMSI and random train;
The corresponding phone number of the mobile phone applications client is obtained from the Short Message Service Gateway;
Save the corresponding relationship of the IMSI, random train and the phone number.
Wherein, the first request comprising the IMSI and random train that the mobile phone applications client is sent, and root are received The phone number is found according to the IMSI and random train, and generates security credence corresponding with the phone number, is sent to The step of mobile phone applications client includes:
Receive the first request comprising the IMSI and random train that the mobile phone applications client is sent;
According to the IMSI and random train and the corresponding relationship of the IMSI, random train and the phone number, find The IMSI and the corresponding phone number of random train;
Security credence corresponding with the phone number is generated, and is sent to the mobile phone applications client.
Wherein, in first request further include: the public key in public private key pair that mobile phone applications client generates;
Generate security credence corresponding with the phone number the step of include:
The corresponding security credence of phone number described in the public key to certificate authority application is submitted, and is passed through in application The security credence that the certificate authority is issued is received afterwards.
Wherein, after generating security credence corresponding with the phone number further include:
Save the corresponding relationship of the security credence Yu the phone number.
Wherein, second comprising the IMSI and the security credence that the mobile phone applications client is sent is received to ask It asks, and the phone number is found according to the IMSI and the security credence, and generate body corresponding with the phone number Part voucher, the step of being sent to the mobile phone applications client include:
Receive that the mobile phone applications client sends comprising the security credence and utilize the described of private key signature The second request of IMSI;
The IMSI of the private key signature is verified, if verifying successfully, according to security credence and the mobile phone The corresponding relationship of number finds the corresponding phone number of the security credence;
The corresponding identity documents of the phone number are generated, the mobile phone applications client is sent to.
Wherein, the step of verifying to the IMSI of the private key signature include:
It is verified using the public key by the IMSI of the signature check algorithm to the private key signature.
Wherein, the step of generating the phone number corresponding identity documents include:
It is signed by signature algorithm to the phone number using local private key, generates identity documents.
The embodiment of the present invention also provides a kind of identification authentication system, comprising:
First obtains module, for obtaining knowing comprising international mobile subscriber for mobile phone applications client transmission from Short Message Service Gateway Other code IMSI, the short message of random train and the corresponding phone number of the mobile phone applications client;
First processing module, for receiving that the mobile phone applications client sends comprising the IMSI and random train One request, and the phone number is found according to the IMSI and random train, and generate safety corresponding with the phone number Voucher is sent to the mobile phone applications client;
Second processing module, for receive that the mobile phone applications client sends comprising the IMSI and the safety with Second request of card, and the phone number is found according to the IMSI and the security credence, and generate and the cell-phone number The corresponding identity documents of code, are sent to the mobile phone applications client.
Wherein, the first acquisition module includes:
First acquisition unit, for obtaining using comprising international movement for mobile phone applications client transmission from the Short Message Service Gateway The short message of family identification code IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Second acquisition unit, for obtaining the corresponding phone number of the mobile phone applications client from the Short Message Service Gateway;
First storage unit, for saving the corresponding relationship of the IMSI, random train and the phone number.
Wherein, the first processing module includes:
First receiving unit, for receiving that the mobile phone applications client sends comprising the IMSI and random train One request;
First searching unit, for according to the IMSI and random train and the IMSI, random train and the cell-phone number The corresponding relationship of code, finds the IMSI and the corresponding phone number of random train;
Security credence generates unit, for generating security credence corresponding with the phone number, and is sent to the hand Machine applications client.
Wherein, in first request further include: the public key in public private key pair that mobile phone applications client generates;
The security credence generates unit
Security credence generating subunit, for submitting phone number described in the public key to certificate authority application corresponding Security credence, and receive the security credence that the certificate authority issues after application passes through.
Wherein, the first processing module further include:
Second storage unit, for saving the corresponding relationship of the security credence Yu the phone number.
Wherein, the Second processing module includes:
Second receiving unit includes the security credence and utilization for receive the mobile phone applications client transmission The second request of the IMSI of private key signature;
Verification unit is verified for the IMSI to the private key signature, if verify successfully, according to safety with The corresponding relationship of card and the phone number, finds the corresponding phone number of the security credence;
Identity documents generate unit and are sent to the mobile phone for generating the corresponding identity documents of the phone number and answer Use client.
Wherein, the verification unit includes:
Verify subelement, for using the public key by signature check algorithm to the IMSI of the private key signature into Row verification.
Wherein, the identity documents generation unit includes:
Identity documents generating subunit, for being signed by signature algorithm to the phone number using local private key Name generates identity documents.
The embodiments of the present invention also provide a kind of servers, applied to the authentication of user, including above-mentioned identity Authentication device.
The embodiments of the present invention also provide a kind of clients, the authentication applied to user, comprising:
SMS transmission module, for sending the short message comprising IMSI and random train to Short Message Service Gateway;
First communication module for sending the first request comprising the IMSI and random train to server, and receives institute State the security credence of server generation;
Second communication module is asked for second to server transmission comprising the IMSI and the security credence It asks, and receives the identity documents that the server generates.
Wherein, further includes:
Key generation module, for generating the public private key pair of encryption and decryption;
Digital Signature module, for utilizing IMSI described in the private key signature.
Wherein, first request that the first communication module is sent also carries what the key generation module generated Public key;And
The IMSI that second request that second module is sent carries is via the Digital Signature module The private key signature.
The advantageous effects of the above technical solutions of the present invention are as follows:
The embodiment of the present invention, the mobile comprising the world of mobile phone applications client transmission will be obtained from Short Message Service Gateway first CUSTOMER ID IMSI, the short message of random train and the corresponding phone number of mobile phone applications client;Then, mobile phone application is received The first request comprising IMSI and random train that client is sent, and phone number is found according to IMSI and random train, and generate Security credence corresponding with phone number is sent to the mobile phone applications client;Finally, receiving the mobile phone applications client The second request comprising the IMSI and security credence sent, and phone number is found according to IMSI and security credence, and produce Raw identity documents corresponding with phone number, are sent to mobile phone applications client.User need to only send for the first time in use Short message success goes to complete authentication based on IMSI information and phone number, and passing through certification then according to above-mentioned steps Afterwards, it will be able to an identity documents are obtained, it can be complete according to local identity documents when subsequently wanting to obtain identity information certification At not needing to send the complicated cumbersome process such as short message application authentication again, process is simpler, and verification process is due to safety The double authentication of voucher and identity documents, safety are higher.And the generation of identity documents also make it is subsequent be detached from operator Also it can be carried out subscriber authentication in the case where network, more meet the demand for experience of modern mobile interchange network users.
Detailed description of the invention
Fig. 1 is the flow diagram of the identity identifying method of the embodiment of the present invention;
Fig. 2 is the application schematic diagram of the identity identifying method of the embodiment of the present invention;
Fig. 3 is the structural schematic diagram of the identification authentication system of the embodiment of the present invention.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool Body embodiment is described in detail.
The present invention, which is directed to, to be had to send short message to backstage when obtaining identity every time existing for existing authentication mode, Process is complicated, cumbersome, the low problem of security performance, provides a kind of identity identifying method, device, server and client End, reaches that process is simple, the high purpose of security performance.
As shown in Figure 1, a kind of identity identifying method of the embodiment of the present invention, including the following steps:
Step 11, from Short Message Service Gateway obtain mobile phone applications client send comprising international mobile subscriber identity IMSI, The short message of random train and the corresponding phone number of the mobile phone applications client;
Step 12, the first request comprising the IMSI and random train that the mobile phone applications client is sent is received, and The phone number is found according to the IMSI and random train, and generates security credence corresponding with the phone number, is sent To the mobile phone applications client;
Step 13, second comprising the IMSI and the security credence that the mobile phone applications client is sent is received to ask It asks, and the phone number is found according to the IMSI and the security credence, and generate body corresponding with the phone number Part voucher, is sent to the mobile phone applications client.
User need to only send short message success for the first time in use, then according to above-mentioned steps, based on IMSI information and Phone number goes to complete authentication, and after through certification, it will be able to obtain an identity documents, subsequently want to obtain identity It can be completed according to local identity documents when authentification of message, not need to send short message application authentication etc. again complicated cumbersome Process, process is simpler, and verification process, due to the double authentication of security credence and identity documents, safety is higher.And The generation of identity documents also make it is subsequent also can be carried out subscriber authentication in the case where being detached from carrier network, more meet existing For the demand for experience of mobile interchange network users.
Further, step 11 includes:
Step 111, obtain the transmission of mobile phone applications client from the Short Message Service Gateway includes international mobile subscriber identity The short message of IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Step 112, the corresponding phone number of the mobile phone applications client is obtained from the Short Message Service Gateway;
Step 113, the corresponding relationship of the IMSI, random train and the phone number are saved.
Further, step 12 includes:
Step 121, the first request comprising the IMSI and random train that the mobile phone applications client is sent is received;
Step 122, corresponding with the phone number according to the IMSI and random train and the IMSI, random train Relationship finds the IMSI and the corresponding phone number of random train;
Step 123, security credence corresponding with the phone number is generated, and is sent to the mobile phone applications client.
In the identity identifying method of the embodiment of the present invention, in first request further include: mobile phone applications client produces Public key in raw public private key pair;
Generate security credence corresponding with the phone number the step of include:
Step 1231, the corresponding security credence of phone number described in the public key to certificate authority application is submitted, and The security credence that the certificate authority is issued is received after application passes through.
It is well known that certificate authorization center CA can prove the validity of key according to the key of offer, certificate, and By public-key cryptography with some entity relationship to together.In the identity identifying method of the embodiment of the present invention, mobile phone application is submitted CA can be obtained after application passes through to the corresponding security credence of the center CA application subscriber phone number in the public key that client generates The security credence that center is issued.
Certainly, in order to complete authentication, identity information is necessarily required correspondingly, so, in step 123, generate After security credence corresponding with the phone number further include:
Step 124, the corresponding relationship of the security credence Yu the phone number is saved.
It is to be established using the certificate serial number of security credence and mobile phone in the identity identifying method of the embodiment of the present invention The corresponding relationship of number, that is, save the certificate serial number of the security credence and the corresponding relationship of the phone number.And Due to also saving the relationship of phone number also corresponding IMSI and random train, so certificate serial number, mobile phone can be obtained One-to-one relationship between number and IMSI string, provides foundation for subsequent authentication.
Further, step 13 includes:
Step 131, receive that the mobile phone applications client sends comprising the security credence and utilize private key signature The IMSI second request;
Step 132, the IMSI of the private key signature is verified, if verify successfully, according to security credence with The corresponding relationship of the phone number finds the corresponding phone number of the security credence;
Step 133, the corresponding identity documents of the phone number are generated, the mobile phone applications client is sent to.
Wherein, step 132, the step of verifying to the IMSI of the private key signature include:
Step 1321, school is carried out by the IMSI of the signature check algorithm to the private key signature using the public key It tests.
Wherein, step 133, the step of generating the phone number corresponding identity documents include:
It is signed by signature algorithm to the phone number using local private key, generates identity documents.Certainly, on It states and RSA Algorithm, ElGamal algorithm, elliptic curve digital signature algorithm and finite automaton can be used in signature and signature check Machine digital signature algorithm etc. is realized, will not enumerate herein.It is terrible in the identity identifying method of the embodiment of the present invention To higher information security is guaranteed, preferred high strength Encryption Algorithm PKI algorithm carries out signature and signature check.With technology The higher algorithm of security intensity can also be used to realize in development, signature and signature check.
So far, the identity identifying method of the embodiment of the present invention completes authentication and obtains identity documents.
To sum up, the identity identifying method of the embodiment of the present invention is based on IMSI information and phone number, and by obtaining in CA The security credence of the heart and final identity documents go to complete authentication, and process is simpler, and safety is higher.
Below as shown in Fig. 2, in conjunction with the mobile phone applications client in practical application, application platform server and Short Message Service Gateway Come illustrate the embodiment of the present invention identity identifying method application:
Step 1, mobile phone applications client send the short message comprising IMSI and random train to Short Message Service Gateway.Short Message Service Gateway is received To after short message, the phone number of short message content and the mobile phone for sending short message is transmitted to application platform server.
Step 2, application platform server parse the short message received, parse IMSI in short message content and Random train, and record.
Step 3, application platform server by the phone number got from Short Message Service Gateway with from the short message of the phone number In the IMSI that parses and random train composition value to (establishing corresponding relationship), and record.
Step 4, mobile phone applications client generate public and private key.
Step 5, mobile phone applications client, which is sent, carries the request of IMSI and random train in public key, short message to applying Platform Server, request security credence.
Step 6, application platform server make security credence, identification user identity.1. according to the IMSI that receives and with Machine string finds corresponding phone number;2. making the corresponding security credence of phone number found out;3. saving security credence With the corresponding relationship of phone number, and by public key generate security credence return mobile phone user's client.
Step 7, mobile phone applications client use private key signature IMSI, send the request for carrying signature IMSI, security credence To application platform server application authentication.
Step 8, application platform server carry out user identity authentication.1. being looked into after signature verification is effective according to security credence Look for corresponding phone number;2. generating identity documents, and identity documents are returned into mobile phone applications client.
So far, authentication is completed.The identity documents that above-mentioned generation can be carried afterwards go to carry out authentication.When So, above-described embodiment is only a kind of preferable implementation, is not intended as limiting unique implementation of the invention.
To solve the above-mentioned problems, as shown in figure 3, the embodiment of the invention also provides a kind of identification authentication systems, comprising:
First obtains module 1, includes international mobile subscriber for obtain the transmission of mobile phone applications client from Short Message Service Gateway Identification code IMSI, the short message of random train and the corresponding phone number of the mobile phone applications client;
First processing module 2 includes the IMSI and random train for receive the mobile phone applications client transmission First request, and the phone number is found according to the IMSI and random train, and generate peace corresponding with the phone number Full voucher is sent to the mobile phone applications client;
Second processing module 3 includes the IMSI and the safety for receive the mobile phone applications client transmission Second request of voucher, and the phone number is found according to the IMSI and the security credence, and generate and the mobile phone The corresponding identity documents of number are sent to the mobile phone applications client.
Wherein, the first acquisition module includes:
First acquisition unit, for obtaining using comprising international movement for mobile phone applications client transmission from the Short Message Service Gateway The short message of family identification code IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Second acquisition unit, for obtaining the corresponding phone number of the mobile phone applications client from the Short Message Service Gateway;
First storage unit, for saving the corresponding relationship of the IMSI, random train and the phone number.
Wherein, the first processing module includes:
First receiving unit, for receiving that the mobile phone applications client sends comprising the IMSI and random train One request;
First searching unit, for according to the IMSI and random train and the IMSI, random train and the cell-phone number The corresponding relationship of code, finds the IMSI and the corresponding phone number of random train;
Security credence generates unit, for generating security credence corresponding with the phone number, and is sent to the hand Machine applications client.
Wherein, in first request further include: the public key in public private key pair that mobile phone applications client generates;
The security credence generates unit
Security credence generating subunit, for submitting phone number described in the public key to certificate authority application corresponding Security credence, and receive the security credence that the certificate authority issues after application passes through.
Wherein, the first processing module further include:
Second storage unit, for saving the corresponding relationship of the security credence Yu the phone number.
Wherein, the Second processing module includes:
Second receiving unit includes the security credence and utilization for receive the mobile phone applications client transmission The second request of the IMSI of private key signature;
Verification unit is verified for the IMSI to the private key signature, if verify successfully, according to safety with The corresponding relationship of card and the phone number, finds the corresponding phone number of the security credence;
Identity documents generate unit and are sent to the mobile phone for generating the corresponding identity documents of the phone number and answer Use client.
Wherein, the verification unit includes:
Verify subelement, for using the public key by signature check algorithm to the IMSI of the private key signature into Row verification.
Wherein, the identity documents generation unit includes:
Identity documents generating subunit, for being signed by signature algorithm to the phone number using local private key Name generates identity documents.
It should be noted that the device is the device for applying above-mentioned identity identifying method, above-mentioned identity identifying method is real The implementation of example is applied suitable for the device, can also reach identical technical effect.
The embodiment of the invention also provides a kind of servers, including above-mentioned identification authentication system.Likewise, above-mentioned identity The implementation of authentication method embodiment can also reach identical technical effect suitable for server.
The embodiment of the invention also provides a kind of clients, the authentication applied to user, comprising:
SMS transmission module, for sending the short message comprising IMSI and random train to Short Message Service Gateway;
First communication module for sending the first request comprising the IMSI and random train to server, and receives institute State the security credence of server generation;
Second communication module is asked for second to server transmission comprising the IMSI and the security credence It asks, and receives the identity documents that the server generates.
It is well known that keep the safety of identity information in communication process, often it is encrypted, therefore, on The client stated further include:
Key generation module, for generating the public private key pair of encryption and decryption;
Digital Signature module, for utilizing IMSI described in the private key signature.
Wherein, first request that the first communication module is sent also carries what the key generation module generated Public key in public private key pair;And
The IMSI that second request that the second communication module is sent carries is via the digital signature The private key signature of module.
It should be noted that above-mentioned client is the authentication that the above-mentioned server of cooperation completes user.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications It should be regarded as protection scope of the present invention.

Claims (14)

1. a kind of identity identifying method, characterized in that it comprises the following steps:
The short message comprising international mobile subscriber identity IMSI, random train that mobile phone applications client is sent is obtained from Short Message Service Gateway And the corresponding phone number of the mobile phone applications client;
The first request comprising the IMSI and random train that the mobile phone applications client is sent is received, and according to the IMSI The phone number is found with random train, and generates security credence corresponding with the phone number, the mobile phone is sent to and answers Use client;
The second request comprising the IMSI and the security credence that the mobile phone applications client is sent is received, and according to institute It states IMSI and the security credence finds the phone number, and generate identity documents corresponding with the phone number, send To the mobile phone applications client;Wherein,
Second request comprising the IMSI and the security credence for receiving the mobile phone applications client and sending, and root The phone number is found according to the IMSI and the security credence, and generates identity documents corresponding with the phone number, The step of being sent to the mobile phone applications client include:
That receive the mobile phone applications client transmission includes the security credence and the IMSI using private key signature Second request;
The IMSI of the private key signature is verified, if verifying successfully, according to security credence and the phone number Corresponding relationship, find the corresponding phone number of the security credence;
The corresponding identity documents of the phone number are generated, the mobile phone applications client is sent to.
2. identity identifying method according to claim 1, which is characterized in that obtain mobile phone applications client from Short Message Service Gateway What is sent includes international mobile subscriber identity IMSI, the short message of random train and the corresponding mobile phone of the mobile phone applications client The step of number includes:
That obtain the transmission of mobile phone applications client from the Short Message Service Gateway includes international mobile subscriber identity IMSI, random train Short message, and the short message is parsed, obtain the IMSI and random train;
The corresponding phone number of the mobile phone applications client is obtained from the Short Message Service Gateway;
Save the corresponding relationship of the IMSI, random train and the phone number.
3. identity identifying method according to claim 2, which is characterized in that receive what the mobile phone applications client was sent The first request comprising the IMSI and random train, and the phone number is found according to the IMSI and random train, and generate Security credence corresponding with the phone number, the step of being sent to the mobile phone applications client include:
Receive the first request comprising the IMSI and random train that the mobile phone applications client is sent;
According to the IMSI and random train and the corresponding relationship of the IMSI, random train and the phone number, find described IMSI and the corresponding phone number of random train;
Security credence corresponding with the phone number is generated, and is sent to the mobile phone applications client.
4. identity identifying method according to claim 3, which is characterized in that in first request further include: mobile phone is answered With the public key in the public private key pair of client generation;
Generate security credence corresponding with the phone number the step of include:
The corresponding security credence of phone number described in the public key to certificate authority application is submitted, and in application by being followed by Receive the security credence that the certificate authority is issued.
5. identity identifying method according to claim 3, which is characterized in that generate safety corresponding with the phone number After voucher further include:
Save the corresponding relationship of the security credence Yu the phone number.
6. identity identifying method according to claim 4, which is characterized in that carried out to the IMSI of the private key signature The step of verification includes:
It is verified using the public key by the IMSI of the signature check algorithm to the private key signature.
7. identity identifying method according to claim 1, which is characterized in that generate the corresponding identity of the phone number with The step of card includes:
It is signed by signature algorithm to the phone number using local private key, generates identity documents.
8. a kind of identification authentication system characterized by comprising
First obtains module, includes international mobile subscriber identity for obtain the transmission of mobile phone applications client from Short Message Service Gateway IMSI, the short message of random train and the corresponding phone number of the mobile phone applications client;
First processing module is asked for receiving first comprising the IMSI and random train that the mobile phone applications client is sent It asks, and the phone number is found according to the IMSI and random train, and generate security credence corresponding with the phone number, It is sent to the mobile phone applications client;
Second processing module includes the IMSI and the security credence for receive the mobile phone applications client transmission Second request, and the phone number is found according to the IMSI and the security credence, and generate and the phone number pair The identity documents answered are sent to the mobile phone applications client;Wherein,
The Second processing module includes:
Second receiving unit, for receiving that the mobile phone applications client sends comprising the security credence and utilizing private key The second request of the IMSI of signature;
Verification unit is verified for the IMSI to the private key signature, if verify successfully, according to security credence with The corresponding relationship of the phone number finds the corresponding phone number of the security credence;
Identity documents generate unit, for generating the corresponding identity documents of the phone number, are sent to the mobile phone application visitor Family end.
9. identification authentication system according to claim 8, which is characterized in that described first, which obtains module, includes:
First acquisition unit, for obtaining knowing comprising international mobile subscriber for mobile phone applications client transmission from the Short Message Service Gateway The short message of other code IMSI, random train, and the short message is parsed, obtain the IMSI and random train;
Second acquisition unit, for obtaining the corresponding phone number of the mobile phone applications client from the Short Message Service Gateway;
First storage unit, for saving the corresponding relationship of the IMSI, random train and the phone number.
10. identification authentication system according to claim 9, which is characterized in that the first processing module includes:
First receiving unit is asked for receiving first comprising the IMSI and random train that the mobile phone applications client is sent It asks;
First searching unit, for according to the IMSI and random train and the IMSI, random train and the phone number Corresponding relationship finds the IMSI and the corresponding phone number of random train;
Security credence generates unit, for generating security credence corresponding with the phone number, and is sent to the mobile phone and answers Use client.
11. a kind of server, the authentication applied to user, which is characterized in that including described in claim any one of 8-10 Identification authentication system.
12. a kind of client, the authentication applied to user characterized by comprising
SMS transmission module, for sending the short message comprising IMSI and random train to Short Message Service Gateway, so that the Short Message Service Gateway will The phone number of the mobile phone of short message comprising IMSI and random train and transmission short message is forwarded to server;
First communication module for sending the first request comprising the IMSI and random train to server, and receives the clothes The security credence that business device generates, the security credence are that the server is requested by receiving described first, are asked by described first After IMSI described in asking and random train find the phone number, the security credence corresponding with the phone number of generation;
Second communication module, for sending the second request comprising the IMSI and the security credence to the server, and Receive the identity documents that the server generates;Wherein, the IMSI that second request includes is to utilize private key signature IMSI, the identity documents are the servers by receiving second request, to the IMSI of the private key signature into Row verification, and the security credence pair is found according to the corresponding relationship of security credence and the phone number after verifying successfully After the phone number answered, the identity documents corresponding with the phone number of generation.
13. client according to claim 12, which is characterized in that further include:
Key generation module, for generating the public private key pair of encryption and decryption;
Digital Signature module, for utilizing IMSI described in the private key signature.
14. client according to claim 13, which is characterized in that described the first of the first communication module transmission is asked Seek the public key also carried in the public private key pair that the key generation module generates;And the institute that the second communication module is sent Stating the IMSI that the second request carries is the private key signature via the Digital Signature module.
CN201410088753.2A 2014-03-11 2014-03-11 A kind of identity identifying method, device, server and client Active CN104918245B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410088753.2A CN104918245B (en) 2014-03-11 2014-03-11 A kind of identity identifying method, device, server and client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410088753.2A CN104918245B (en) 2014-03-11 2014-03-11 A kind of identity identifying method, device, server and client

Publications (2)

Publication Number Publication Date
CN104918245A CN104918245A (en) 2015-09-16
CN104918245B true CN104918245B (en) 2018-12-07

Family

ID=54086855

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410088753.2A Active CN104918245B (en) 2014-03-11 2014-03-11 A kind of identity identifying method, device, server and client

Country Status (1)

Country Link
CN (1) CN104918245B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108990059B (en) * 2017-06-02 2021-06-29 创新先进技术有限公司 Verification method and device
US10277586B1 (en) * 2018-10-29 2019-04-30 Syniverse Technologies, Llc Mobile authentication with URL-redirect
CN110430054B (en) * 2019-08-09 2022-10-21 北京智汇信元科技有限公司 Identity management method and system
CN114844950B (en) * 2022-04-20 2023-06-02 建信金融科技有限责任公司 Service request response method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103037366A (en) * 2011-09-30 2013-04-10 卓望数码技术(深圳)有限公司 Mobile terminal user authentication method and mobile terminal based on asymmetric cryptographic technique
CN103167491A (en) * 2011-12-15 2013-06-19 上海格尔软件股份有限公司 Authentication method of mobile terminal uniqueness based on software digital certificate

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060274695A1 (en) * 2005-06-03 2006-12-07 Nokia Corporation System and method for effectuating a connection to a network
US20070156804A1 (en) * 2006-01-05 2007-07-05 Fuze Networks System and method for a virtual mobile network supporting dynamic personal virtual mobile network with multimedia service orchestration

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103037366A (en) * 2011-09-30 2013-04-10 卓望数码技术(深圳)有限公司 Mobile terminal user authentication method and mobile terminal based on asymmetric cryptographic technique
CN103167491A (en) * 2011-12-15 2013-06-19 上海格尔软件股份有限公司 Authentication method of mobile terminal uniqueness based on software digital certificate

Also Published As

Publication number Publication date
CN104918245A (en) 2015-09-16

Similar Documents

Publication Publication Date Title
CN103391197B (en) A kind of web identity authentication based on handset token and NFC technique
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
JP5601729B2 (en) How to log into a mobile radio network
CN107070667A (en) Identity identifying method, user equipment and server
CN112953970B (en) Identity authentication method and identity authentication system
CN105553654B (en) Key information processing method and device, key information management system
CN103037366B (en) Mobile phone users authentication method based on asymmetric cryptographic technique and mobile terminal
CN105306211B (en) A kind of identity identifying method of client software
CN110099048B (en) Cloud storage method and equipment
CN106936792A (en) Safety certifying method and system and the mobile terminal for safety certification
CN103297403A (en) Method and system for achieving dynamic password authentication
CN101808092B (en) Multi-certificate sharing method and system as well as intelligent card
CN102036236A (en) Method and device for authenticating mobile terminal
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
CN105391734A (en) Secure login system, secure login method, login server and authentication server
CN106713279A (en) Video terminal identity authentication system
CN102801724A (en) Identity authentication method combining graphic image with dynamic password
CN111949958B (en) Authorization authentication method and device in Oauth protocol
CN107733838A (en) A kind of mobile terminal client terminal identity identifying method, device and system
CN105591745A (en) Method and system for performing identity authentication on user using third-party application
CN104660397A (en) Secret key managing method and system
CN104918245B (en) A kind of identity identifying method, device, server and client
CN103905194A (en) Identity traceability authentication method and system
CN102404337A (en) Data encryption method and device
CN108400989B (en) Security authentication equipment, method and system for shared resource identity authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20190627

Address after: 510000 Tianhe District, Guangzhou City, Guangdong Province, 333 Gaotang Road, self-compiled 1-1

Co-patentee after: CHINA MOBILE COMMUNICATIONS GROUP Co.,Ltd.

Patentee after: CHINA MOBILE INTERNET Co.,Ltd.

Address before: 510000 Tianhe District, Guangzhou City, Guangdong Province, 333 Gaotang Road, self-compiled 1-1

Patentee before: CHINA MOBILE INTERNET Co.,Ltd.

Effective date of registration: 20190627

Address after: 510000 Tianhe District, Guangzhou City, Guangdong Province, 333 Gaotang Road, self-compiled 1-1

Patentee after: CHINA MOBILE INTERNET Co.,Ltd.

Address before: 510623 13th Floor, Guangdong Global Building, 11 Zhujiang West Road, Zhujiang New Town, Guangzhou City, Guangdong Province

Patentee before: CHINA MOBILE GROUP GUANGDONG Co.,Ltd.