CN108965222B - Identity authentication method, system and computer readable storage medium - Google Patents
Identity authentication method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN108965222B CN108965222B CN201711297019.7A CN201711297019A CN108965222B CN 108965222 B CN108965222 B CN 108965222B CN 201711297019 A CN201711297019 A CN 201711297019A CN 108965222 B CN108965222 B CN 108965222B
- Authority
- CN
- China
- Prior art keywords
- string
- encrypted
- identity authentication
- preset
- storage area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 80
- 238000012795 verification Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 13
- 230000002427 irreversible effect Effects 0.000 claims description 8
- 238000005336 cracking Methods 0.000 abstract description 5
- 238000000926 separation method Methods 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 210000001503 joint Anatomy 0.000 description 3
- 238000000638 solvent extraction Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 206010035148 Plague Diseases 0.000 description 1
- 241000607479 Yersinia pestis Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an identity authentication method, which comprises the following steps: encrypting the equipment code information according to the encryption algorithm information, storing the encrypted string obtained after the secondary encryption of the encrypted string in a preset encrypted storage area, and storing the equipment code information in a preset non-encrypted storage area; during identity authentication, the equipment code information is operated according to a private key to obtain an authentication code string; reading the encrypted string to obtain a corresponding decrypted string; judging whether the authentication password string is matched with the decryption string; to verify the validity of the identity authentication request of the current user. The identity authentication method does not depend on a server, and identity information is fully hidden, so that the risk of file cracking based on the identity information is effectively avoided; the separation of three blocks of hardware, encryption string and identity verification program can be realized. The invention also provides an identity authentication system and a computer readable storage medium.
Description
Technical Field
The present invention relates to the field of computer network technologies, and in particular, to an identity authentication method, an identity authentication system, and a computer-readable storage medium.
Background
With the widespread use of internet technology, network security issues have become an important factor that plagues network development. For a common user, in order to use a network safely, authentication of the identity of a client is mostly concentrated on a medium and a password, so that the identification of whether the client is the user himself is greatly limited, and once the medium is lost and/or the password is leaked, the network side cannot accurately judge the real identity of the client in the operation. At present, the main problem is that the security is too dependent on the network knowledge of the user, and the password of the user with poor security concept is easy to steal. A hacker may obtain information such as a customer's password by illegal means, and thus, the customer's private data, even some very important data, is stolen.
The existing identity recognition technology usually adopts a cryptographic technology (especially a public key cryptographic technology) to design a protocol with high security, which mainly comprises the following two types:
password mode (one): the password is an identity recognition mode which is most widely applied, is generally a character string with the length of 5-8 and comprises numbers, letters, special characters, control characters and the like. To authenticate a user with a username and password, a server must maintain a database of usernames and passwords for legitimate users.
Several principles that should be satisfied by the choice of password:
1. easy memory, difficult guessing and difficult analysis;
2. password management can be solved by a single function, namely, the computer stores only the single function of the password without the password, and the identification process is as follows: 1) the user transmits the password to the computer; 2) the computer completes the calculation of one-way function value of the password; 3) the computer compares the one-way function values with the machine stored values.
Many WWW server systems use fixed format files to store usernames and passwords, avoiding the need to specially build a database system to store only usernames or passwords. Regardless of where the login information is stored, the most common and most secure storage method (employed by UNIX systems) is to store the username in the clear and the password in an encrypted manner. When the system creates a new set of usernames/passwords, the passwords are typically encrypted using a one-way encryption algorithm.
In the plain-text username and encrypted password mode, when a user logs in, the system checks the username against the username list stored in the database to verify the user's legitimacy. The password input by the user when logging in the system is encrypted, and the system compares the encryption result of the user password with the encryption password stored in the database. If the two encrypted passwords of the specified user match each other, the login is accepted. This is why even a system administrator cannot find a forgotten password on the UNIX operating system. At this point, the administrator may give the user a new provisional password, and the user may then change to his chosen password.
(II) marking mode: the tag is a personal holder, which functions like a key for starting an electronic device, and on which personal information for machine identification, such as a device like a U-shield, is recorded.
However, the current authentication technology mainly has the following disadvantages:
1. the server authentication mode is that a user inputs an account number and a password, and the account number and the password need to be submitted to a background server through an interface for verification; this must be done using a server.
2. In the local authentication mode, the account and the password input by the user are compared with the account and password file preset locally, and once an illegal user finds the encrypted file, brute force cracking is easily caused, so that potential safety hazards are caused.
In view of the current situation, an effective identity authentication mechanism needs to be provided, so that on one hand, the identity information of a user can be hidden, and a common user or a tool is not easy to find; another aspect may address the problem of user authentication in non-networked conditions.
Disclosure of Invention
The invention mainly aims to provide an identity authentication method, an identity authentication system and a computer readable storage medium, aiming at providing a method which can hide user identity information and is not easy to be found by common users or tools; another aspect may address the issue of user authentication in non-networked conditions.
In order to achieve the above object, the present invention provides an identity authentication method, comprising the steps of:
acquiring preset equipment code information and preset encryption algorithm information;
encrypting the equipment code information according to the encryption algorithm information, encrypting the obtained encrypted string through a preset secondary encryption algorithm, storing the encrypted string subjected to secondary encryption in a preset encrypted storage area, and storing the equipment code information in a preset non-encrypted storage area;
responding to an identity authentication request of a user and acquiring private key information;
reading the equipment code information from the non-encrypted storage area, and calculating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string;
reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string;
judging whether the authentication password string is matched with the decryption string;
and when the authentication password string is matched with the decryption string, the identity authentication request of the current user is confirmed to be legal.
Further, the preset encryption algorithm information includes encryption algorithm information and public key information, where the encryption algorithm is an irreversible algorithm and is used to calculate the device code information to obtain one-to-one mapped irreversible encryption strings.
Further, the step of reading the device code information from the unencrypted storage area, and performing an operation on the device code information according to the private key and a preset verification algorithm to obtain an authentication password string includes:
and calling a special equipment interface to read the equipment code information from the non-encrypted storage area, and calculating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string.
Further, the step of reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string includes:
and calling the special equipment interface to read the encrypted string from the encrypted storage area, and carrying out secondary decryption on the encrypted string through a preset secondary decryption algorithm to obtain the corresponding decrypted string.
Further, the device code information includes one or more of an identification code, a barcode, a physical address, a device address, and a device code of the device.
Further, the preset secondary encryption algorithm is an MD5 algorithm or a DES algorithm.
Further, the password string is stored in a hidden and closed form in the storage hardware.
Further, the encrypted storage area and the unencrypted storage area are non-updatable storage areas.
The invention also provides an identity authentication system, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, and is characterized in that the processor implements the steps of the identity authentication method according to any one of the above items when executing the computer program.
The invention also provides a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the identity authentication method as defined in any one of the preceding claims.
In the invention, a non-encrypted storage area and an encrypted storage area are divided in a hardware partitioning mode, so that the separate management of non-encrypted information and encrypted information is realized, a special equipment interface is called to read the equipment code information and encrypted string information, and the equipment code information is operated according to the private key and a preset verification algorithm to obtain an authentication password string; reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string; judging whether the authentication password string is matched with the decryption string; and when the authentication password string is matched with the decryption string, the identity information is verified by confirming that the identity authentication request of the current user is legal. The invention creates an identity authentication mechanism which can fully hide identity information without depending on a server, and effectively avoids the risk of file cracking based on the identity information; the separation of three hardware, the encryption string and the identity verification program can be realized, a hardware manufacturer does not know identity verification information, the identity verification platform can build a safe operation system by means of the hardware manufacturer, the risk-free butt joint between the hardware manufacturer and the identity verification platform is effectively guaranteed, and the safety of the identity information is greatly guaranteed.
Drawings
Fig. 1 is a schematic hardware structure diagram of an identity authentication system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of functional modules of an identity authentication system according to an embodiment of the present invention;
fig. 3 is a flowchart of a method of authenticating an identity according to a first embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
It should be understood that the detailed description and specific examples, while indicating the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
Referring to fig. 1, fig. 1 is a schematic diagram of a hardware structure of an identity authentication system 100 according to various embodiments of the present invention. The identity authentication system 100 may be a server 20 for identity authentication, or may be a mobile terminal 30 for identity authentication.
The identity authentication system 100 includes a communication module 11, a memory 21, a processor 31, and the like. Wherein, the processor 31 is connected to the memory 21 and the communication module 11, respectively, and the memory 21 stores thereon a computer program, which is executed by the processor 31 at the same time.
The communication module 11 may be connected to an external device, such as a remote scanner, via a network. The communication module 11 may receive a request from an external communication device, and may also send an event, an instruction, and information to the external device and/or other server. The external communication device may be another mobile terminal 30, a server 20 or a blockchain proxy node 10.
The memory 21 may be used to store software programs and various data. The memory 21 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system and the like; the storage data area may store data or information created according to the use of the insurance business data analysis system, or the like. Further, the memory 21 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 31, which is a control center of the transaction record management system, connects various parts of the entire transaction record management system using various interfaces and lines, and performs various functions of the transaction record management system and processes data by operating or executing software programs and/or modules stored in the memory 21 and calling data stored in the memory 21. Processor 31 may include one or more processing units; preferably, the processor 31 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 31.
Although not shown in fig. 1, the identity authentication system 100 may further include a circuit control module, which is connected to a power supply to implement power supply control.
Those skilled in the art will appreciate that the configuration of the authentication system shown in fig. 1 does not constitute a limitation of the authentication system and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
Please refer to fig. 2, which is a schematic structural diagram of functional modules of the identity authentication system 100 according to an embodiment of the present invention.
The identity authentication system 100 includes: identity information base module 12, identity authentication information acquisition module 22, and verification module 32.
The identity information base module 12 comprises a non-encrypted storage area in which preset equipment code information is stored, and an encrypted storage area in which an encrypted string is stored.
Preferably, the cryptographic string is stored in a hidden and closed form in the storage hardware; the encrypted storage area and the unencrypted storage area are non-updatable storage areas.
Specifically, the identity information base module 12 is configured to obtain preset device code information and preset encryption algorithm information; and encrypting the equipment code information according to the encryption algorithm information, encrypting the obtained encrypted string by a preset secondary encryption algorithm, storing the encrypted string subjected to secondary encryption in a preset encrypted storage area, and storing the equipment code information in a preset non-encrypted storage area.
Further, the preset encryption algorithm information includes encryption algorithm information and public key information, where the encryption algorithm is an irreversible algorithm and is used to calculate the device code information to obtain one-to-one mapped irreversible encryption strings.
For example, in a specific example, the Device code information is a Device code (Device No.) of a current Device, such as Ae9999, and is stored in the unencrypted storage area; after operation is carried out through a preset encryption algorithm according to the public key, a character string is obtained:
sdd80343244 fgthjfjo 90751Asxf343244 fgthjfjo 90751 AsxfdfggfffSdd 80343244 fgthjfjo, and the character string is secondarily encrypted to generate the encrypted string which is stored in the encrypted storage area.
In this embodiment, the unencrypted storage area and the encrypted storage area are divided by means of hardware partitioning. The separate management of the non-encrypted information and the encrypted information is realized, the identity information is read by calling a special equipment interface, and then the identity information is verified by a verification program.
The identity authentication information obtaining module 22 is configured to respond to an identity authentication request of a user and obtain private key information; reading the equipment code information from the non-encrypted storage area, and calculating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string; and reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string.
Specifically, the identity authentication information obtaining module 22 calls a special device interface to read the device code information from the unencrypted storage area, and operates the device code information according to the private key and a preset verification algorithm to obtain an authentication password string; and calling the special equipment interface to read the encrypted string from the encrypted storage area, and carrying out secondary decryption on the encrypted string through a preset secondary decryption algorithm to obtain the corresponding decrypted string.
For example, in a specific example, the unencrypted storage area stores a Device code (Device No.) of the current Device, such as Ae9999, and after operation is performed according to a preset encryption algorithm and a public key, a character string Sdd80343244 fgfhjfjo 90751Asxf343244fgthjgfjo90751 asxfdfdffghfgfgdd 80343244 fghjfjo is obtained, and finally the encrypted string generated after secondary encryption is stored in the encrypted storage area; when the identity authentication information obtaining module 22 calls the special device interface to read the encrypted string from the encrypted storage area, the read original string of the encryptor is 751AsxfdfggfhfgS, and is read as Sdd80343244 fgthjgffjo 90751Asxf343244 fghjffjo 9 through corresponding secondary decryption.
Wherein, the verification module 32 is configured to determine whether the authentication password string matches the decryption string; when the authentication password string is matched with the decryption string, the identity authentication request of the current user is confirmed to be legal; and when the authentication password string is not matched with the decryption string, determining that the identity authentication request of the current user is illegal.
By adopting the identity authentication system 100 in the embodiment, a non-encrypted storage area and an encrypted storage area are divided in a hardware partitioning manner, so that the separate management of non-encrypted information and encrypted information is realized, a special equipment interface is called to read the equipment code information and encrypted string information, and the equipment code information is operated according to the private key and a preset verification algorithm to obtain an authentication password string; reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string; judging whether the authentication password string is matched with the decryption string; when the authentication password string is matched with the decryption string, the identity information is verified by confirming that the identity authentication request of the current user is legal; the identity authentication system 100 creates an identity authentication mechanism which does not depend on a server and can fully hide identity information, and the risk of file cracking based on the identity information is effectively avoided; the separation of three hardware, the encryption string and the identity verification program can be realized, a hardware manufacturer does not know identity verification information, the identity verification platform can build a safe operation system by means of the hardware manufacturer, the risk-free butt joint between the hardware manufacturer and the identity verification platform is effectively guaranteed, and the safety of the identity information is greatly guaranteed.
Further, the device code information includes one or more of an identification code, a barcode, a physical address, a device address and a device code of the device; the preset secondary encryption algorithm is an MD5 algorithm or a DES algorithm.
Referring to fig. 3, fig. 3 is a flowchart of a method of authenticating an identity according to a first embodiment of the present invention, including the steps of:
step S1, acquiring preset device code information and preset encryption algorithm information;
it can be understood that the preset encryption algorithm information includes encryption algorithm information and public key information, where the encryption algorithm is an irreversible algorithm, and is configured to perform an operation on the device code information to obtain the one-to-one mapped irreversible encryption string.
Further, the device code information includes one or more of an identification code, a barcode, a physical address, a device address and a device code of the device; the preset secondary encryption algorithm is an MD5 algorithm or a DES algorithm.
Step S2, encrypting the device code information according to the encryption algorithm information, encrypting the obtained encrypted string by a preset secondary encryption algorithm, storing the encrypted string after secondary encryption in a preset encrypted storage area, and storing the device code information in a preset non-encrypted storage area;
the identity information base module 12 comprises a non-encrypted storage area in which preset equipment code information is stored, and an encrypted storage area in which an encrypted string is stored.
Preferably, the cryptographic string is stored in a hidden and closed form in the storage hardware; the encrypted storage area and the unencrypted storage area are non-updatable storage areas.
Specifically, the identity information base module 12 is configured to obtain preset device code information and preset encryption algorithm information; and encrypting the equipment code information according to the encryption algorithm information, encrypting the obtained encrypted string by a preset secondary encryption algorithm, storing the encrypted string subjected to secondary encryption in a preset encrypted storage area, and storing the equipment code information in a preset non-encrypted storage area.
For example, in a specific example, the Device code information is a Device code (Device No.) of a current Device, such as Ae9999, and is stored in the unencrypted storage area; after operation is carried out through a preset encryption algorithm according to a public key, a character string is obtained:
sdd80343244 fgthjfjo 90751Asxf343244 fgthjfjo 90751 AsxfdfggfffSdd 80343244 fgthjfjo, and the character string is secondarily encrypted to generate the encrypted string which is stored in the encrypted storage area.
Step S3, obtaining private key information in response to the user' S identity authentication request.
And step S4, reading the equipment code information from the non-encrypted storage area, and operating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string.
And step S5, reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string.
Specifically, the identity authentication information obtaining module 22 calls a special device interface to read the device code information from the unencrypted storage area, and operates the device code information according to the private key and a preset verification algorithm to obtain an authentication password string; and calling the special equipment interface to read the encrypted string from the encrypted storage area, and carrying out secondary decryption on the encrypted string through a preset secondary decryption algorithm to obtain the corresponding decrypted string.
For example, in a specific example, the unencrypted storage area stores a Device code (Device No.) of the current Device, such as Ae9999, and after operation is performed according to a preset encryption algorithm and a public key, a character string Sdd80343244 fgfhjfjo 90751Asxf343244fgthjgfjo90751 asxfdfdffghfgfgdd 80343244 fghjfjo is obtained, and finally the encrypted string generated after secondary encryption is stored in the encrypted storage area; when the identity authentication information obtaining module 22 calls the special device interface to read the encrypted string from the encrypted storage area, the read original string of the encryptor is 751AsxfdfggfhfgS, and is read as Sdd80343244 fgthjgffjo 90751Asxf343244 fghjffjo 9 through corresponding secondary decryption.
Step S6, judging whether the authentication password string is matched with the decryption string;
and step S7, when the authentication password string is matched with the decryption string, the identity authentication request of the current user is confirmed to be legal.
By adopting the identity authentication method 301 in the embodiment, a non-encrypted storage area and an encrypted storage area are divided in a hardware partition mode, so that the separate management of non-encrypted information and encrypted information is realized, a special equipment interface is called to read the equipment code information and encrypted string information, and the equipment code information is operated according to the private key and a preset verification algorithm to obtain an authentication password string; reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string; judging whether the authentication password string is matched with the decryption string; and when the authentication password string is matched with the decryption string, the identity information is verified by confirming that the identity authentication request of the current user is legal. An identity authentication mechanism which does not depend on a server and can fully hide identity information is created, and the risk of file cracking based on the identity information is effectively avoided; the separation of three hardware, the encryption string and the identity verification program can be realized, a hardware manufacturer does not know identity verification information, the identity verification platform can build a safe operation system by means of the hardware manufacturer, the risk-free butt joint between the hardware manufacturer and the identity verification platform is effectively guaranteed, and the safety of the identity information is greatly guaranteed.
Referring to fig. 1 again, the identity authentication system 100 in an embodiment of the present invention includes a memory 21 and a processor 31, where the memory 21 stores a computer program, and the processor 31 implements the steps of the identity authentication method in any of the above embodiments when executing the computer program.
Specifically, the processor 31 implements the following steps when executing the computer program:
step S1, acquiring preset device code information and preset encryption algorithm information;
step S2, encrypting the device code information according to the encryption algorithm information, encrypting the obtained encrypted string by a preset secondary encryption algorithm, storing the encrypted string after secondary encryption in a preset encrypted storage area, and storing the device code information in a preset non-encrypted storage area;
step S3, responding to the identity authentication request of the user and acquiring private key information;
step S4, reading the equipment code information from the non-encrypted storage area, and operating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string;
step S5, reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string;
step S6, judging whether the authentication password string is matched with the decryption string;
and step S7, when the authentication password string is matched with the decryption string, the identity authentication request of the current user is confirmed to be legal.
The present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, can implement the steps of the identity authentication method in any of the above embodiments, and specific steps are not described herein again.
It is to be understood that throughout the description of the present specification, reference to the term "one embodiment", "another embodiment", "other embodiments", or "first through nth embodiments", etc., is intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. It should be understood that the above is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent structures or equivalent flow transformations made by the present specification and drawings, or applied directly or indirectly to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An identity authentication method, comprising the steps of:
acquiring preset equipment code information and preset encryption algorithm information;
encrypting the equipment code information according to the encryption algorithm information, encrypting the obtained encrypted string through a preset secondary encryption algorithm, storing the encrypted string subjected to secondary encryption in a preset encrypted storage area, and storing the equipment code information in a preset non-encrypted storage area;
responding to an identity authentication request of a user and acquiring private key information;
reading the equipment code information from the non-encrypted storage area, and calculating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string;
reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string;
judging whether the authentication password string is matched with the decryption string;
and when the authentication password string is matched with the decryption string, the identity authentication request of the current user is confirmed to be legal.
2. The identity authentication method according to claim 1, wherein the preset encryption algorithm information includes encryption algorithm information and public key information, wherein the encryption algorithm is an irreversible algorithm, and is configured to perform an operation on the device code information to obtain the one-to-one mapped irreversible encryption string.
3. The identity authentication method of claim 1, wherein the step of reading the device code information from the unencrypted storage area and operating the device code information according to the private key and a preset verification algorithm to obtain an authentication password string comprises:
and calling a special equipment interface to read the equipment code information from the non-encrypted storage area, and calculating the equipment code information according to the private key and a preset verification algorithm to obtain an authentication password string.
4. The identity authentication method of claim 3, wherein the step of reading the encrypted string from the encrypted storage area through a preset secondary decryption algorithm to obtain a corresponding decrypted string comprises:
and calling the special equipment interface to read the encrypted string from the encrypted storage area, and carrying out secondary decryption on the encrypted string through a preset secondary decryption algorithm to obtain the corresponding decrypted string.
5. An identity authentication method according to any one of claims 1 to 4, wherein the device code information comprises one or more of an identification code, a barcode, a physical address, a device address and a device code of the device.
6. The identity authentication method according to any one of claims 1 to 4, wherein the preset quadratic encryption algorithm is an MD5 algorithm or a DES algorithm.
7. An identity authentication method according to any one of claims 1 to 4, wherein the cryptographic string is stored in the storage hardware in a hidden and closed form.
8. The method of identity authentication of claim 1, wherein the encrypted storage area and the unencrypted storage area are non-updatable storage areas.
9. An identity authentication system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the identity authentication method as claimed in any one of claims 1 to 8 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the identity authentication method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711297019.7A CN108965222B (en) | 2017-12-08 | 2017-12-08 | Identity authentication method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711297019.7A CN108965222B (en) | 2017-12-08 | 2017-12-08 | Identity authentication method, system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108965222A CN108965222A (en) | 2018-12-07 |
| CN108965222B true CN108965222B (en) | 2021-12-07 |
Family
ID=64495328
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711297019.7A Expired - Fee Related CN108965222B (en) | 2017-12-08 | 2017-12-08 | Identity authentication method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108965222B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110049019B (en) * | 2019-03-26 | 2020-09-01 | 合肥工业大学 | Active and safe medical Internet of things equipment identification and monitoring method |
| WO2021023164A1 (en) | 2019-08-02 | 2021-02-11 | 云丁网络技术(北京)有限公司 | Intelligent lock control method and system |
| CN112446982A (en) * | 2019-08-10 | 2021-03-05 | 云丁网络技术(北京)有限公司 | Method, device, computer readable medium and equipment for controlling intelligent lock |
| CN111382409A (en) * | 2020-03-19 | 2020-07-07 | 支付宝(杭州)信息技术有限公司 | Identity authentication method and device for protecting privacy |
| CN111787271A (en) * | 2020-07-31 | 2020-10-16 | 平安信托有限责任公司 | Video conference control method, device, equipment and computer readable storage medium |
| CN111931159B (en) * | 2020-08-11 | 2023-04-07 | 福建天晴在线互动科技有限公司 | Method and system for verifying validity of webpage data interface |
| CN112613011B (en) * | 2020-12-29 | 2024-01-23 | 北京天融信网络安全技术有限公司 | USB flash disk system authentication method and device, electronic equipment and storage medium |
| CN113221165B (en) * | 2021-05-11 | 2022-04-22 | 支付宝(杭州)信息技术有限公司 | User element authentication method and device based on block chain |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006306A (en) * | 2010-12-08 | 2011-04-06 | 广东高新兴通信股份有限公司 | Security authentication method for WEB service |
| CN104639566A (en) * | 2015-03-10 | 2015-05-20 | 四川省宁潮科技有限公司 | Transaction authorizing method based on out-of-band identity authentication |
| CN105354507A (en) * | 2015-10-23 | 2016-02-24 | 浙江远望软件有限公司 | Data security confidentiality method under cloud environment |
| CN105516203A (en) * | 2016-01-27 | 2016-04-20 | 北京博明信德科技有限公司 | Safety methodology based on fingerprint scatter storage and system |
| CN106576237A (en) * | 2014-07-21 | 2017-04-19 | 宇龙计算机通信科技(深圳)有限公司 | Mobility management entity, home server, terminal, and identity authentication system and method |
| CN206193798U (en) * | 2016-11-24 | 2017-05-24 | 燕南国创科技(北京)有限公司 | Mobile memory |
| CN107092838A (en) * | 2017-03-30 | 2017-08-25 | 北京洋浦伟业科技发展有限公司 | A kind of safety access control method of hard disk and a kind of hard disk |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140245024A1 (en) * | 2013-02-28 | 2014-08-28 | Kabushiki Kaisha Toshiba | Device and authentication method therefor |
| US9674158B2 (en) * | 2015-07-28 | 2017-06-06 | International Business Machines Corporation | User authentication over networks |
| US10523646B2 (en) * | 2015-08-24 | 2019-12-31 | Virtru Corporation | Methods and systems for distributing encrypted cryptographic data |
-
2017
- 2017-12-08 CN CN201711297019.7A patent/CN108965222B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006306A (en) * | 2010-12-08 | 2011-04-06 | 广东高新兴通信股份有限公司 | Security authentication method for WEB service |
| CN106576237A (en) * | 2014-07-21 | 2017-04-19 | 宇龙计算机通信科技(深圳)有限公司 | Mobility management entity, home server, terminal, and identity authentication system and method |
| CN104639566A (en) * | 2015-03-10 | 2015-05-20 | 四川省宁潮科技有限公司 | Transaction authorizing method based on out-of-band identity authentication |
| CN105354507A (en) * | 2015-10-23 | 2016-02-24 | 浙江远望软件有限公司 | Data security confidentiality method under cloud environment |
| CN105516203A (en) * | 2016-01-27 | 2016-04-20 | 北京博明信德科技有限公司 | Safety methodology based on fingerprint scatter storage and system |
| CN206193798U (en) * | 2016-11-24 | 2017-05-24 | 燕南国创科技(北京)有限公司 | Mobile memory |
| CN107092838A (en) * | 2017-03-30 | 2017-08-25 | 北京洋浦伟业科技发展有限公司 | A kind of safety access control method of hard disk and a kind of hard disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108965222A (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108965222B (en) | Identity authentication method, system and computer readable storage medium | |
| US11743041B2 (en) | Technologies for private key recovery in distributed ledger systems | |
| JP6941146B2 (en) | Data security service | |
| CN107925581B (en) | Biometric authentication system and authentication server | |
| CN108173662B (en) | Equipment authentication method and device | |
| US8533469B2 (en) | Method and apparatus for sharing documents | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| US8549298B2 (en) | Secure online service provider communication | |
| US20140164777A1 (en) | Remote device secure data file storage system and method | |
| US8369521B2 (en) | Smart card based encryption key and password generation and management | |
| JP2018521417A (en) | Safety verification method based on biometric features, client terminal, and server | |
| CN107920052B (en) | Encryption method and intelligent device | |
| CN110061967B (en) | Service data providing method, device, equipment and computer readable storage medium | |
| KR102137122B1 (en) | Security check method, device, terminal and server | |
| CN113221128B (en) | Account and password storage method and registration management system | |
| CN109981665B (en) | Resource providing method and device, and resource access method, device and system | |
| CN111327629B (en) | Identity verification method, client and server | |
| EP1160648A2 (en) | Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium | |
| CN110771190A (en) | Controlling access to data | |
| EP2775658A2 (en) | A password based security method, systems and devices | |
| CN108234126B (en) | System and method for remote account opening | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| WO2017091133A1 (en) | Method and system for secure storage of information | |
| WO2019234801A1 (en) | Service provision system and service provision method | |
| KR101809976B1 (en) | A method for security certification generating authentication key combinating multi-user element |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190729 Address after: Room 202, 2nd floor, F1 Building, Yuanjun Shuyuan International Media Industry Park, No. 8 Gaojing Cultural Park Road, Chaoyang District, Beijing Applicant after: Puhua Yunchuang Technology (Beijing) Co.,Ltd. Address before: 100036 No. 141, Gate 1, 3rd Floor, No. 14 Fuxing Road, Haidian District, Beijing Applicant before: Zhai Hongying |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20211207 |