CN110062382A

CN110062382A - A kind of auth method, client, trunking and server

Info

Publication number: CN110062382A
Application number: CN201910122054.8A
Authority: CN
Inventors: 黄冕
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2014-07-31
Filing date: 2014-07-31
Publication date: 2019-07-26
Also published as: CN105337740B; CN105337740A

Abstract

The application provides a kind of auth method, client, trunking and server.The described method includes: server obtains the account information of user, and inquire Encryption Algorithm corresponding with the account information of the acquisition；Encryption Algorithm described in server by utilizing encrypts the first identifying code of server, forms encrypted first identifying code；Server establishes wireless network, and is the network name of wireless network setting agreement format；The network name includes encrypted first identifying code；The network name of client scan wireless network；And encrypted first identifying code is extracted from the network name for meeting the agreement format scanned；Client is decrypted encrypted first identifying code using the decipherment algorithm of storage, and carries out authentication according to decrypted result.Using embodiment each in the application, it can solve and not complete authentication when the cordless communication network of operator where user is available.

Description

A kind of auth method, client, trunking and server

It is on 07 31st, 2014 that the application, which is application No. is the 201410373794.6, applying date, entitled " a kind of The divisional application of the application for a patent for invention of auth method, client, trunking and server ".

Technical field

The application belongs to a kind of authentication in the information communications field more particularly to instant messaging/e-commerce field Method, client, trunking and server.

Background technique

With the high speed development of internet, people's lives and internet contact it is increasingly closer.In actual life There is self-service credit card repayment, self-service bus card under such as some lines to supplement with money and by third party's branch on Alipay line The system of paying completes the Self-Service etc. paid under line.

Usual user provides the server of Self-Service or is connected with server when using these Self-Services Shared device end needs to carry out authentication to user.If it is close that user inputs verifying directly on shared device or server Code, may meet with peep, the illegal means such as wooden horse, pin hole electronic eyes and cause user password to be revealed.With intelligent mobile end The development at end, occurring one kind in currently available technology can be by mobile terminal and server or public setting is online carries out The method of information exchange completion authentication.In the method, mobile terminal can be by scanning server or shared device Two-dimensional barcode information obtain and pass through user in scanning client with the relevant information of Self-Service or server or shared device Two-dimensional barcode information obtain the account information etc. of user, then mobile terminal and server or shared device pass through the information that obtains Further online progress information exchange, completes authentication.

Currently, above-mentioned client and server or shared device carry out the information interactive process of authentication, it is usually logical The cordless communication network of telecom operators is realized where crossing client.Such as connection user can be based on connection operator GSM network or WCDMA network are communicated with server, complete authentication.But if telecom operation where user The cordless communication network of quotient is unstable to lead to the cordless communication network perhaps without covering or because of flow restriction of user etc. Can not normal use, this method will be unable to complete the authentication to user.

Summary of the invention

The application is designed to provide a kind of auth method, client, shared device, server and system, can be with In the cordless communication network of the telecom operators where user authentication to user can not be completed when normal use.

A kind of auth method provided by the present application is achieved in that

Server obtains the account information of user, and the account information of the user information based on storage inquiry and the acquisition Corresponding Encryption Algorithm；

The Encryption Algorithm inquired described in server by utilizing encrypts the first identifying code of server, after forming encryption The first identifying code；

Server establishes wireless network, and is the network name of the wireless network of foundation setting agreement format；It is described Network name includes encrypted first identifying code；

The network name of client scan wireless network；The client meets the net for arranging format from what is scanned Encrypted first identifying code is extracted in network title；

Client is decrypted encrypted first identifying code using the decipherment algorithm of storage；Client is according to right The decrypted result of encrypted first identifying code carries out authentication.

A kind of auth method, which comprises

Server establishes wireless network, and is the network name of the wireless network of foundation setting agreement format；It is described Network name includes the first identifying code after the encryption；

Client is decrypted encrypted first identifying code using the decipherment algorithm of storage, and the client will The server is sent to by the wireless network to the decrypted result of the first identifying code after the encryption；

Server receives the decrypted result, and carries out authentication according to the decrypted result.

A kind of auth method, which comprises

Client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage；It is decrypting When success, the client encrypts the third identifying code of client using the decipherment algorithm of storage, is formed encrypted Third identifying code, and the encrypted third identifying code is sent to server by the wireless network；

Server receives the encrypted third identifying code, and utilizes corresponding with the account information of the user of acquisition The encrypted third identifying code is decrypted in Encryption Algorithm；The server is verified according to the encrypted third The decrypted result of code carries out authentication.

A kind of auth method, which comprises

Trunking obtains the account information of input, and the account information of the acquisition is sent to server；

Server receives the account information, and the inquiry of the user information based on storage and the user account of the acquisition are believed The corresponding Encryption Algorithm of manner of breathing；The Encryption Algorithm is sent to the trunking by the server；

Trunking receives the Encryption Algorithm, and using the received Encryption Algorithm to the first of the trunking Identifying code is encrypted, and encrypted first identifying code is formed；Trunking establishes wireless network, and is the wireless of the foundation The network name of network settings agreement format；The network name includes encrypted first identifying code；

The network name of client scan wireless network；The client meets the net for arranging format from what is scanned Encrypted first identifying code is extracted in network title, and using the decipherment algorithm of storage to encrypted first verifying Code is decrypted；Client carries out authentication according to the decrypted result to the first identifying code after the encryption.

A kind of auth method, the method includes

Trunking receives the Encryption Algorithm, and the first verifying using the received Encryption Algorithm to trunking Code is encrypted, and encrypted first identifying code is formed；Trunking establishes wireless network, and is the wireless network of the foundation The network name of agreement format is set；The network name includes encrypted first identifying code；

The network name of client scan wireless network；The client meets the net for arranging format from what is scanned Encrypted first identifying code is extracted in network title；The client adds the extraction using the decipherment algorithm of storage The first identifying code after close is decrypted, and will pass through the nothing to the decrypted result of the first identifying code after the encryption of the extraction Gauze network is sent to trunking；

Trunking receives the decrypted result that client is sent and the decrypted result is sent to server；

Server receives the decrypted result that trunking is sent, and carries out authentication according to the decrypted result.

A kind of auth method, which comprises

The network name of client scan wireless network；The client meets the net for arranging format from what is scanned Encrypted first identifying code is extracted in network title；The client adds the extraction using the decipherment algorithm of storage The first identifying code after close is decrypted；In successful decryption, the message sink end can use the decipherment algorithm pair of storage The third identifying code of client is encrypted, and encrypted third identifying code is formed；The client is by described encrypted Three identifying codes, which are sent, is sent to trunking by the wireless network；

Trunking receives the encrypted third identifying code, and encrypted three identifying code is sent to service Device；

Server receives the encrypted third identifying code, and utilizes corresponding with the account information of the user of acquisition The encrypted third identifying code is decrypted in Encryption Algorithm；The server is according to encrypted second verifying The decrypted result of code carries out authentication.

A kind of auth method, which comprises

Server establishes wireless network, and is the network name of the wireless network of foundation setting agreement format；It is described Network name includes encrypted first identifying code.

A kind of auth method, which comprises

The network name of client scan wireless network；

Client extracts encrypted first identifying code from the network name for meeting agreement format scanned；

Client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage；

Client carries out authentication according to the decrypted result to encrypted first identifying code.

A kind of auth method, which comprises

The network name of client scan wireless network；

Client extracts encrypted first identifying code from the network name for meeting the agreement format scanned；

Client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage, and will be right The decrypted result of the first identifying code is sent to server or trunking by scanning to wireless network after the encryption of the extraction.

A kind of auth method, which comprises

The network name of client scan wireless network；

Client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage；It is decrypting When success, the client encrypts the third identifying code of client using the decipherment algorithm of storage, is formed encrypted Third identifying code；

The encrypted third identifying code is sent to server or trunking by the wireless network by client.

A kind of server of authentication, comprising:

Account acquiring unit, for obtaining the account information of user；

Customer data base, for storing user information；The user information may include the account information of user, user Encryption Algorithm；

Query unit is inquired encryption corresponding with the account information of the acquisition for the user information based on storage and is calculated Method；

Encryption unit generates the first identifying code, and the Encryption Algorithm for inquiring described in utilizing is verified to described first Code is encrypted, and encrypted first identifying code is formed；

Radio network unit for establishing wireless network, and is the net of the wireless network of foundation setting agreement format Network title；The network name includes encrypted first identifying code.

A kind of authentication client, comprising:

Storage unit, for storing the agreement format of network name；The decryption for being also used to store the account information of user is calculated Method；

Network sweep unit, the agreement format scanning for the network name based on storage meet the nothing of the agreement format The network name of gauze network；

Extraction unit, for extracting encrypted first verifying from the network name for meeting agreement format scanned Code；

First decryption unit is carried out for encrypted first identifying code of the decipherment algorithm based on storage to the extraction Decryption.

A kind of trunking of authentication, comprising:

Information acquisition unit, for obtaining the account information of user；

Information receiving unit, for receiving the Encryption Algorithm of server transmission；

Information encryption unit for generating or receiving the first identifying code from server, and utilizes received Encryption Algorithm pair First identifying code is encrypted, and encrypted first identifying code is formed；

Wireless network broadcast unit for establishing wireless network, and is the wireless network of foundation setting agreement format Network name；The network name includes encrypted first identifying code.

In a kind of auth method provided by the present application, server or shared device can establish wireless network, will be sharp It will be broadcasted after the verifying code encryption generated at random by the network name of wireless network with public key.Client can be by certainly The wireless network that the wireless device that body carries is established according to scheduled rule scanning to the server, and can be according to scheduled Identifying code after being encrypted in the extraction of network name format plus network name.The client is added using the private key of itself storage to described Identifying code is decrypted after close, if successful decryption, can pass through authentication.The auth method of the application can be The cordless communication network of telecom operators where user can not normal use when, can be established by server or shared device Wireless network and client carry out information exchange, complete authentication.Existing mobile device is configured with wireless access dress mostly It sets, such as WIFI access device etc., the application of authentication can also be increased substantially using method described herein, The convenience of authentication is improved, but also the data communication flow of user place telecom operators can be saved.

Detailed description of the invention

In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property Under, it is also possible to obtain other drawings based on these drawings.

Fig. 1 is a kind of a kind of method flow diagram of embodiment of the method for authentication of the application；

Fig. 2 is the schematic diagram of the predetermined format of network name in a kind of auth method of the application；

Fig. 3 is a kind of method flow diagram of another embodiment of auth method of the application；

Fig. 4 is a kind of method flow diagram of another embodiment of auth method of the application；

Fig. 5 is a kind of modular structure schematic diagram of the server of authentication of the application；

Fig. 6 is a kind of modular structure schematic diagram of another embodiment of the server of authentication of the application；

Fig. 7 is a kind of modular structure schematic diagram of first identity authenticating unit of the server of authentication of the application；

Fig. 8 is a kind of modular structure schematic diagram of another embodiment of the server of authentication of the application；

Fig. 9 is a kind of modular structure schematic diagram of second identity authenticating unit of the server of authentication of the application；

Figure 10 is a kind of modular structure schematic diagram of the client of authentication of the application；

Figure 11 is a kind of modular structure schematic diagram of another embodiment of the client of authentication of the application；

Figure 12 is a kind of modular structure schematic diagram of another embodiment of the client of authentication of the application；

Figure 13 is a kind of modular structure schematic diagram of another embodiment of the client of authentication of the application；

Figure 14 is a kind of a kind of modular structure schematic diagram of embodiment of the trunking of authentication of the application；

Figure 15 is a kind of modular structure schematic diagram of another embodiment of the trunking of authentication of the application.

Specific embodiment

In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation Example is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field is common The application protection all should belong in technical staff's every other embodiment obtained without creative efforts Range.

User is lower using before Self-Service online, it will usually believe in the server registration user of Self-Service provider Breath is used for subsequent identity validation.The user information may include the information such as the account information of user, password.The server can To obtain and store the user information, the user information can be specifically stored in customer data base.The user Database can be stored in the database of the server, be also possible to be stored on the database in other equipment.It is described Server after the user information for obtaining user, can be generated a pair of of Encryption Algorithm corresponding with the account information of the user and Decipherment algorithm.The server can store the user informations such as account information, password including user, can also store and user The corresponding Encryption Algorithm of account information and/or decipherment algorithm, specifically can store in the customer data base.The use The Encryption Algorithm at family can be uniquely corresponding with the account information of the user, and the server can be according to the account information of user Inquire Encryption Algorithm corresponding with the user.The server can will decryption corresponding with the user account information Algorithm is sent in the client of user, can be stored by the client of user.The client of the user can be preparatory The corresponding application of installation, the client can be led to by the corresponding application installed in the client with server Letter.User can pass through when the application for logging in the installation for the first time carries out account confirmation or other verifyings with server Application in the client obtains the decipherment algorithm corresponding with the user that server is sent.The client can store The decipherment algorithm of the acquisition.For unified presentation, the application of above-mentioned client-side can be referred to as client.The application The Encryption Algorithm and decipherment algorithm may include a kind of processing method to cleartext information.The Encryption Algorithm can wrap The information processing method encrypted to cleartext information is included, correspondingly, the decipherment algorithm can carry out the Encryption Algorithm The information of encryption is decrypted, and obtains correct cleartext information.The Encryption Algorithm and decipherment algorithm are the processing sides to information Method can use the Encryption Algorithm and encrypt to cleartext information in specific application example, using with Encryption Algorithm phase Corresponding decipherment algorithm is decrypted, and obtains cleartext information.Certainly, different according to the Encryption Algorithm of selection and decipherment algorithm, Also it can use the decipherment algorithm in application scenes to encrypt cleartext information, be decrypted using Encryption Algorithm.

When carrying out authentication, the client can carry out information exchange with the server, can pass through verifying Can the decipherment algorithm of client decrypt server with the information that Encryption Algorithm encrypts to carry out authentication.It is provided by the present application When carrying out authentication, the server and client can carry out letter by Wireless LAN for a kind of auth method Breath interaction, completes authentication.Here is a kind of one embodiment of auth method of the application, and Fig. 1 is a kind of body The method flow diagram of one embodiment of part verification method.As shown in Figure 1, which comprises

S1: the account information of the available user of server, and the inquiry of the user information based on storage and the acquisition The corresponding Encryption Algorithm of account information.

User can be in the account information of server input user, the account letter of the available user's input of server Breath.Specifically, the server can obtain the account information of user's input by the way that the account input interface of server is arranged in. The account information of user's input can also be obtained by trunkings such as other dedicated equipment such as POS card-payment machine, scanner, so The account information for the user that will acquire afterwards is sent to server.

After the server obtains the account information of user, Encryption Algorithm corresponding with the account information can be inquired. The Encryption Algorithm corresponding with account information can have decipherment algorithm corresponding with the Encryption Algorithm.It is described in aforementioned Server can store the user information of account information, password including user etc., can also store and user account information phase Corresponding Encryption Algorithm.The server can inquire the account information phase with the acquisition based on the user information of the storage Corresponding encryption information.In the present embodiment, customer data base can be set in the server, can be used for storing the institute of user State the information such as user information, Encryption Algorithm or decipherment algorithm.The customer data base can be set in the server, can also be with It is arranged in other private servers.Whether the server can be inquired in the customer data base has and the acquisition The corresponding Encryption Algorithm of account information.Under normal conditions, if the user A before carrying out authentication in the clothes Business device registered user information, and the server can store the information such as the account information of user A, encryption information.Institute After stating the account information that server obtains user A, Encryption Algorithm corresponding with the user A can be inquired.

The Encryption Algorithm and decipherment algorithm in the present embodiment is specifically asymmetric typically in cipher system Public key and private key in cipher key cryptographic system.Public key and private key in the asymmetric key cipher system can mutually add Close and decryption.The public key and private key can be public key algorithm and private key that a kind of pair of cleartext information is encrypted or decrypted Algorithm.When using the asymmetric key cipher system encryption cleartext information, only using a pair of of the public key/private being mutually matched Key could complete the decrypting process to cleartext information.Under normal conditions, public key can be disclosed, it may not be necessary to it maintains secrecy, it can To be stored by server；Private key can be underground, can be by above-mentioned user one corresponding with this pair of of public key and private key Side is stored.For example, the private key can store in a certain application of the user client.

Certainly, after the server obtains the account information that user inputs, the account letter of user's input can be verified Whether legal, such as can verify whether the account information format that user inputs meets preset format, or verifying user if ceasing Whether the account information of input was registered in server registration.Do not conform in the account information of server authentication user input When method, the server can be handled using preset processing method.

The account information of the available user's input of server, and can be looked into the user information that customer data base stores Ask Encryption Algorithm corresponding with user's input account information.

S2: the Encryption Algorithm inquired described in the server by utilizing encrypts the first identifying code of server, shape At the first identifying code after encryption.

After the server inquires Encryption Algorithm corresponding with user's input account, the first of server can be tested Card code is encrypted.The first identifying code A may include server according to information such as the account information of user or Encryption Algorithm According to the one or more identifying codes that scheduled algorithm generates, it is also possible to one or more generated according to certain regular random Position identifying code.Certainly, first identifying code also may include that other received servers of server or special equipment are sent Identifying code.When the server can store first identifying code.The first identifying code A specifically may include character The form of string, such as the first identifying code A can be one group 16 random strings.The server is generating described the After one identifying code A, the Encryption Algorithm of the user inquired can use, i.e. public key in the present embodiment is tested described first Card code A is encrypted.The public key can be a kind of public key algorithm of encryption/decryption, and the server can use inquiry To public key the first identifying code A is encrypted, form the first identifying code after encryption, can be indicated herein with A ' it is described plus The first identifying code after close.

Server can be generated or receive the first identifying code A, and the server can use the Encryption Algorithm inquired The first identifying code A is encrypted, the first identifying code A ' after encryption is formed.

S3: server establishes wireless network, and is the network name of the wireless network of foundation setting agreement format；Institute Stating network name may include encrypted first identifying code.

Server described in the present embodiment can establish wireless network, specifically can be by setting up on the server Wireless network equipment establishes wireless network.Server described in the present embodiment can be arranged with the Wireless Communication Equipment at same group In equipment, can also be separated with the Wireless Communication Equipment, be separately positioned on different places, between can pass through the biography of setting Transmission link is communicated.The encrypted first identifying code A ' can be passed through the network of the wireless network by the server Title is broadcasted.It should be noted that wireless network described herein, may include in short-distance wireless communication mode Communication connection, such as bluetooth (Bluetooth), infrared (IrDA), (WI-FI or WLAN, mostly use greatly WLAN 802.11 serial protocols), WIFI direct-connected (Wi-Fi Direct), ultra-wideband communications (Ultra Wide Band), purple peak (Zigbee), the communication technologys such as near-field communication (Near Field Communication, NFC), WImax.The application combines upper It states communication mode and introduces specific implementation, while being not excluded for other communication modes specific side following applied to the application Case.

Specifically, the wireless network that the server is established in the present embodiment can be WIFI network.Wireless Fidelity (Wireless Fidelity, WIFI) technology typically refers to the WLAN access technology based on 802.11 agreements, belongs to The short-distance wireless communication technology that office or family etc. use.WIFI network usually can be by WIFI access point (Access Point, AP) and terminal composition.Wherein access point AP can establish wireless network by equipment such as wireless network cards, by terminal device It is connected in another network.Another described network can be wireless network or cable network.Institute in the present embodiment Stating access point AP can directly be communicated with server by ADSL or other route, by corresponding trunking with Server is communicated.Described access point AP is equivalent to the bridge between heterogeneous networks, and working principle is equivalent to built in one The hub (HUB) of wireless transmitter either router, what the client with WIFI access function can be established by AP WIFI network and the server carry out information exchange.

The server can broadcast out the encrypted first identifying code A ' by the network name of wireless network It goes.When the server establishes wireless network, the network name of predetermined format can be set for the wireless network.In this implementation In example, when establishing WIFI network a WIFI network title or mark can be arranged for the WIFI network in the server Symbol, the network name or identifier are commonly referred to as SSID (Service Set Identifier, SSID).The SSID is generally up to about There can be 32 characters.It may include the encrypted first identifying code A ' in the SSID.In the present embodiment, the clothes The SSID can be arranged using according to the format of agreement in business device, and the SSID of the agreement format can will be verified after the encryption Code A '.For example, the SSID can be regard the encrypted first identifying code A ' as, then broadcast out by WIFI network It goes.Or the first identifying code A ' of the encryption can be located at the agreement format according to the agreement format of pre-set SSID SSID certain field in.Such as the format of the SSID can be the first identifying code A ' and preset name or account after encryption The combination of information etc., such as can be with are as follows: AUTH+A ', or can be with are as follows: the format of account title+A '.It is the present embodiment institute in Fig. 2 The structural schematic diagram of the SSID for the agreement format stated a kind of, as shown in Fig. 2, the SSID network name, and WFII SSID about Fixed format may include: AUTH (preset name)+0000 (separating character)+encrypted identifying code A ' (16).Utilize this Arrange the SSID of format described in embodiment, the SSID of the WIFI of the server broadcast can be indicated are as follows: AUTH0000A’。

Certainly, in this application, the agreement format of the network name can be other preset network names Format is formed, the application does not limit this.Correspondingly, the server can be by the agreement format of the network consisting title It is sent to the client, can be specifically sent in the preset specific application of client.The client can know institute The agreement format of network consisting title is stated, the information of network name different field can be obtained according to the predetermined format.

Server can establish WIFI network, and be the SSID of the WIFI network of foundation setting agreement format.It is described The SSID for the agreement format that server is established may include the encrypted first identifying code A '.The server can broadcast The WIFI network that the server is established.

S4: client can scan the network name of WIFI network, and meet the net for arranging format from what is scanned Encrypted first identifying code is extracted in network title.

Client described herein usually may include possessing the notes of wireless access device (such as wireless network card) This computer, net book, mobile phone, personal digital assistant Personal Digital Assistant, PDA), mobile internet device Terminal devices such as (Mobile Internet Device, MID).The client can scan the wireless network of surrounding, and When scanning network name and meeting the WIFI network of agreement format, the network name of the wireless network is obtained, and can be from Encrypted first identifying code is extracted in the acquisition network name.

In aforementioned, the agreement format of the network consisting title can be sent to the client by the server, because This, the available agreement format to the network name of the client, and can about fixing according to the network name Meet the network name of the wireless network of the agreement format around formula scanning.Such as the received network name of client The format for claiming agreement may include: identifying code A ' (16) after AUTH (preset name)+0000 (separating character)+encryption.It is described Client can scan the wireless network of surrounding, and from the wireless network name of available scanning.The client can be sentenced Whether the network name of the wireless network around the scanning of breaking meets the agreement format.The client can be according to institute The scanning of agreement format is stated to the network name for meeting the agreement format: AUTH0000A '.The server is scanned to the symbol Contract fix formula network name after, the network name of the available WIFI network, and therefrom extract network name described in Encrypted first identifying code A '.

S501: client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage； The client carries out authentication according to the decrypted result to encrypted first identifying code.

The decipherment algorithm that the client can use the user of itself storage is tested described encrypted the first of extraction Card code A ' is decrypted.Decipherment algorithm described in the present embodiment may include the private key of storage on the client.The client The first identifying code A ' after the public key encryption is decrypted in the private key that can use the storage.It mentions, makes in aforementioned It, only could be complete using a pair of of the public/private keys being mutually matched when with the asymmetric key cipher system encryption cleartext information The decrypting process of pairs of cleartext information.In the present embodiment, the first identifying code A of the public key encryption, only with the public key The private key to match could be decrypted.If the client can decrypt encrypted first verifying using the private key of storage Code A ' indicates that the private key of client storage with the server is a pair of of phase to the first identifying code A public key encrypted Mutual matched key, then decrypted result is successfully.Correspondingly, if the client cannot using the private key for being stored in itself The encrypted first identifying code A ' is decrypted, then decrypted result is failure.

The client can carry out authentication according to the decrypted result to encrypted first identifying code.Example Such as, if the decrypted result is that successfully, the client can pass through authentication.The client is available pre- at this time User can be set in the data access authority in the case where authentication passes through first set, the application in specific client Pass through by authentication just to the access authority of application specific functionality.If the decrypted result be it is unsuccessful, it is described Client cannot pass through authentication.In the WIFI network that the server is established, client is can be set in the server The access authentication mode at end, including without encryption certification, encryption certification, server described in the present embodiment can connecing client Enter authentication mode to be set as authenticating without encryption.The client, which may not need, to be carried out password authentification and is connected to corresponding WIFI net In network, communicated with server foundation.The WIFI network that the server is established belongs to the WLAN of short haul connection, Client can carry out information exchange by being linked into the WIFI network and the server, carry out authentication.

In a specific application scenarios, server can provide the service of mobile phone self-recharging.The server can A WIFI network corresponding with the account information is established with the account information inputted according to user, only passes through authentication Mobile terminal on the application just mobile phone self-recharging service of accessible server setting application.On the mobile terminal Application also can be set when only passing through authentication just to have permission and send the mobile phone self-recharging service for accessing server The request of application.Specifically, server can serviced by the two-dimensional barcode information in port scan client or by user C The account information of device input obtains the account information of user C: user123.The server can be inquired in customer data base Account information is that public key corresponding to user123 is K_PUB.The public key can be expressed as public affairs corresponding with user user123 Key Encryption Algorithm.After inquiring the corresponding public key information of user yongh123, the server can generate one 16 at random The first identifying code MK3D90HB8H2JT4VZ of position.The server can use public key K_ corresponding to the user user123 PUB encrypts the first identifying code MK3D90HB8H2JT4VZ that the server generates at random, forms encrypted first Identifying code PYKJH89LOEN7F56G.The server can establish a WIFI network by WIFI equipment, and can be according to The SSID of the WIFI network is arranged in the agreement format of SSID.The agreement format of the SSID can be before this authentication The user is sent to download in the application of client.The agreement format of the SSID can be with are as follows: and AUTH (preset name)+ Identifying code A ' (16) after 0000 (separating character)+encryption.The server can be arranged according to the agreement format of above-mentioned SSID User account is the SSID for the WIFI network that server corresponding to user123 is established, can be with are as follows: AUTH0000PYKJH89LOEN7F56G.It can will include encrypted first verifying after the server establishes WIFI network The SSID of code is broadcasted to surrounding space.The client can pass through the symbol around the application scanning installed on the mobile terminal Close the WIFI network of the SSID of the agreement format.The client is in scanning to the WIFI for the SSID for meeting the agreement format When network, the SSID of the available WIFI network is AUTH0000PYKJH89LOEN7F56G, and according to the pact of the SSID The formula that fixes extracts the encrypted first identifying code PYKJH89LOEN7F56G.The client, which can use, is stored in itself Private key K_PRI the encrypted first identifying code PYKJH89LOEN7F56G of the extraction is decrypted.The client The encrypted first identifying code PYKJH89LOEN7F56G can be decrypted using private key K_PRI, the decrypted result be at Function, application in the client can be by authentications, and specific application in the client can be according to presetting Rule be connected to the WIFI network that the SSID is AUTH0000PYKJH89LOEN7F56G, and have permission to access server and set The application for the mobile phone self-recharging service set, or have permission the request that access mobile phone self-recharging service is sent to server.Institute Stating server and the client can be AUTH0000PYKJH89LOEN7F56G's by the SSID that the server is established WIFI network carries out information exchange, completes the mobile phone self-recharging service of the client.

A kind of auth method described in the present embodiment, the network name that can use WIFI network carry out identity and test Card cannot complete authentication when the cordless communication network of operator is unable to normal use where solving the problems, such as client. Majority terminal device has WIFI access function at present, can significantly be provided using auth method described in the present embodiment The application of authentication provides the convenience of authentication, but also can save the number of user place telecom operators According to communication flows.

Certainly, the WIFI network that server described herein is established can by corresponding gateway or equipment with it is described The cordless communication network or computer internet of operator where client are connected, and can provide more for the client Service.

Authentication can be carried out by client in above-described embodiment.The application also provides a kind of auth method Another embodiment, in this embodiment, decrypted result can be fed back to server by the client, by server according to Decrypted result carries out authentication.Fig. 3 is a kind of flow chart of another embodiment of herein described auth method.Such as Shown in Fig. 3, auth method described in the present embodiment may include:

S1: the account information of the available user of server, and can be inquired based on the user information of storage and be obtained with described The corresponding Encryption Algorithm of the account information taken；

S2: server can use the Encryption Algorithm inquired and encrypt to the first identifying code of server, shape At encrypted first identifying code；

S3: server can establish wireless network, and be the network name of the wireless network of foundation setting agreement format Claim；The network name may include the first identifying code after the encryption；

S4: client can scan wireless network；The client can be from meeting of scanning agreement format Encrypted first identifying code is extracted in network name；

S502: the decipherment algorithm that the client can use storage solves encrypted first identifying code Close, the decrypted result to the first identifying code after the encryption can be sent to described by the client by the wireless network Server；

S601: the server can receive the decrypted result, and carry out authentication according to the decrypted result.

The client can be by the decrypted result to encrypted first identifying code of the extraction in the present embodiment The server is sent to by the wireless network.The client is sent to testing described encrypted first for server Card code decrypted result may include:

Client is to the encrypted first identifying code successful decryption of the extraction or failure.

The server can receive the decrypted result of client return, and the server can will be tied according to the decryption Fruit carries out part verifying.For example, if the decrypted result that the client returns is that successfully, the server can pass through the visitor The authentication at family end, the corresponding authority of the available server of client, can carry out further data visit It asks.If the decrypted result that the client returns is failure, the server can not pass through the identity of the client Verifying.

In preferred embodiment, the client can by the client to encrypted first identifying code into The first identifying code is sent to server after the decryption that row decryption obtains, and is carried out by server according to the first identifying code after the decryption Authentication.Therefore, client described in the embodiment is sent to the solution to encrypted first identifying code of server Close result may include:

The second identifying code after the decryption of acquisition is decrypted to encrypted first identifying code in client.

Correspondingly, the server receives the decrypted result, and authentication is carried out according to the decrypted result and includes: The server receives the decrypted result, and the second identifying code after extracting the decryption in the decrypted result；It is described Whether server second identifying code and first identifying code are identical, and are tested when comparison result is identical by identity Card.

The decipherment algorithm that the client can use storage solves encrypted first identifying code of the extraction It is close, the second identifying code after the available decryption of when encrypted first identifying code of the extraction described in successful decryption.The message Decrypted result including the first identifying code after decryption can be sent to the server by the wireless network by receiving end.Clothes Business device end can receive the decrypted result and therefrom extract the second identifying code after the decryption, and can the extraction Decryption after the second identifying code it is whether identical as the first identifying code of the server；The server can connect according to described The comparison result of the second identifying code and first identifying code after the decryption of receipts carries out authentication.If the comparison result To be identical, authentication can be passed through；If comparison result be it is not identical, authentication can not be passed through.

For example, the client is decrypted the encrypted first identifying code A ' using the private key of storage, solving The second identifying code when close success after available decryption is B.The nothing that the client can be established by the server The second identifying code B after the decryption is sent to the server by gauze network.The server can store the generation First identifying code, therefore, after the server receives the second identifying code B after the decryption, the second identifying code B with Whether the first identifying code A that the server generates is identical.If the first identifying code of the second identifying code B and the generation The comparison result of A be it is identical, the server can pass through authentication；If the second identifying code B and the generation First identifying code A comparison result be it is not identical, the server can not be by authentication, and the server can be at this time It is handled according to preset processing mode.Authentication is carried out in the way of described in the present embodiment, can be further improved The safety of authentication.

The application also provides another preferred embodiment of the authentication.Fig. 4 is herein described authentication side The method flow diagram of another embodiment of method.As shown in Figure 4, which comprises

S1: the available account information of server, and can be inquired and the user based on the user information of storage The corresponding Encryption Algorithm of account information；

S3: server can establish wireless network, and can be the net of the wireless network setting agreement format of the foundation Network title；The network name includes encrypted first identifying code；

S503: the decipherment algorithm that client can use storage solves encrypted first identifying code of the extraction It is close；In successful decryption, the decipherment algorithm that the message sink end can use storage carries out the third identifying code of client Encryption, forms encrypted third identifying code；The encrypted third identifying code transmission can be passed through institute by the client It states wireless network and is sent to server；

S602: server can receive the encrypted third identifying code, and can use the account with the user obtained The encrypted third identifying code is decrypted in number corresponding Encryption Algorithm of information；The server is according to the encryption Algorithm carries out authentication to the decrypted result of the encrypted third identifying code.

It should be noted that Encryption Algorithm or decipherment algorithm described herein may include carrying out a set pattern to information The calculation method then converted, wherein may include the application for being decrypted using Encryption Algorithm, being encrypted using decipherment algorithm Scene.Such as the Encryption Algorithm and decipherment algorithm described in the present embodiment may include public key and private key, wherein can use The public key is decrypted to being encrypted using private key, also be can use private key and is encrypted to information and is solved using public key It is close.In the embodiment, the client can decrypt that the server sends using the decipherment algorithm of storage encrypted the One identifying code, can verify the client is the message recipient identity that the reception server sends message.Further, institute It states client and can use the decipherment algorithm of storage and the third identifying code in the client is encrypted, formed encrypted Third identifying code.The encrypted third identifying code can be sent to service by the wireless network by the client Device.The server can use Encryption Algorithm corresponding with the account information of user to the encrypted third identifying code It is decrypted.If can decrypt, the message sender iden-tity that client sends message to the server can be verified.Specifically For example, the private key that the client can use storage encrypts third identifying code.The third identifying code can wrap Include the verification code information that client is generated according to certain rule or at random.The client can be by the third after private key encryption Identifying code is sent to server by the wireless network.The server can use public key corresponding with user account information The encrypted third identifying code is decrypted.If authentication can be passed through with successful decryption, the server； If decryption failure, the server can not pass through authentication.

In above-described embodiment, decryption of the server according to the Encryption Algorithm to the encrypted third identifying code As a result carrying out authentication may include:

The 4th identifying code when the server is to the encrypted third identifying code successful decryption, after obtaining decryption； The server can the 4th identifying code and server preset identifying code it is whether identical and identical in comparison result Shi Jinhang authentication.

In this embodiment, the server can decrypt the encrypted third identifying code, and the after obtaining decryption Four identifying codes.The server can the 4th identifying code and server preset identifying code it is whether identical.The visitor The third identifying code of family end encryption and the preset identifying code of server usually may include that the server and client side sets in advance The information for further authentication set.In specific one embodiment, the third identifying code of the client can be with The second identifying code for being decrypted and obtaining including encrypted first identifying code of the client to the extraction, the clothes The preset identifying code of business device may include the first identifying code of the server, correspondingly, the server the more described 4th Identifying code with the preset identifying code of server it is whether identical include: the server compared with second identifying code and the service Whether the first identifying code of device is identical.For example, server to account information be user123 user carry out authentication when, The first identifying code A can be generated, the server can store the generation the first identifying code A, and the first of the generation is tested Demonstrate,prove preset identifying code of the code A as server.The server can be added by Encryption Algorithm (such as public key of user) It is close to obtain encrypted first identifying code A '.The server is by the network name of the WIFI established by described encrypted the One identifying code A ' is broadcasted.The client scan is decrypted in the wireless network to the wireless network and using the private key of itself First identifying code A ' after the encryption that network name is included, the second identifying code B after available decryption.In the present embodiment, The client can be encrypted the second identifying code B as the third identifying code of the client, can use visitor The private key at family end encrypts the third identifying code B, obtains encrypted third identifying code B ', and can pass through the nothing Gauze network sends server.After the server can use public key corresponding with account information user123 to the encryption Third identifying code B ' be decrypted, the 4th identifying code C after available decryption.Further, the server can compare The first identifying code A for the user that the 4th identifying code C after the decryption is user123 with the account information that server stores is It is no identical.If the comparison result of the 4th identifying code C and the first identifying code of server A after the public key decryptions is phase Together, the server can pass through authentication；If the 4th identifying code C and the server first after the public key decryptions The comparison result of identifying code A be it is not identical, the server can not pass through authentication.

In a kind of another embodiment of authentication described herein, the third identifying code of the client be can wrap The account information of the user of client is included, the preset identifying code of the server may include the user information of server storage, Correspondingly, whether the preset identifying code of the 4th identifying code and server after the server decryption is identical includes: Whether the account information of the user after the server decryption is identical as the account information for the user that server stores. In the present embodiment, the account information of the available own user of the client believes the account of the user of the client Cease the third identifying code as the client.The client is after decrypting encrypted first identifying code, Ke Yili It is encrypted with account information of the private key of storage to the user in client.Such as it can use the private key K_PRI of client The account information user123 of the user of client is encrypted, encrypted user account information is formed SFTFDK40AA9KANCM, and server can be sent to by the wireless network.After the server receives the encryption User account information SFTFDK40AA9KANCM, can use public key K_PUB corresponding to account information user123 to described Encrypted user account information is decrypted.The server should by the account information of the user after decryption and server storage The account information of user is compared, if identical, can pass through authentication；If it is different, authentication can not be passed through. For example, if the account information of server decryption is user123,123 phase of account information with the user of server storage Together, authentication can be passed through.If the account of the server decryption is user456, the account with the user of server storage Number information user123 is not identical, can not pass through authentication.

In auth method described in above-mentioned any one embodiment, the server is the wireless network of the foundation It can also include the APPID information of different application in the network name of the agreement format of setting, the client can be according to institute The agreement format for stating network name extracts the APPID information of the different application, and according to the APPID data separation of the extraction Different application in client.The APPID information may include the identifier for distinguishing the different application of client.Service Device can preset the APPID information for different application, such as the APPID of counterpart expenditure treasured wallet application can be set Are as follows: the APPID of corresponding QQ application can be set in " PAY_PACK " are as follows: and " IM_QQ ", or corresponding Ali Wang Wang application is set APPD are as follows: " IM_WW " etc..Correspondingly, may include the APPID information, the client in the agreement format of the SSID The APPID information can be extracted according to the agreement format of the SSID after obtaining the agreement format SSID, and can basis Different application in client described in the APPID data separation of the extraction.Certainly, server is sent in the client It also may include the APPID information in message, the server can be distinguished in the client not by the APPID With application.Through this embodiment, the server or client can be completed different in client by the wireless network of foundation The authentication of application.

It may include SessionID information in network name described above in another specific application scenarios, it is described SessionID information may include server foundation for identifying the server and client progress authentication generation The identifier of session.The network name agreement format may include: identifying code after session identification+encryption, such as: SessionID+ A'.The SessionID can distinguish the session of the server and different clients, obtain and distinguish the server and same visitor Session of the family end in the generation of different time.In specific application scenarios, the server can establish multiple and different WIFI network and multiple client generate session, carry out information exchange, and the server can be different for session establishment each time SessionID.It may include the SessionID in the agreement format of the SSID, the client obtains the SSID The SessionID can be extracted according to the agreement format of the SSID afterwards, the client can be according to the extraction SessionID distinguishes whether judgement belongs to the information that server interacts with a session.Certainly, the client is sent It also may include the SessionID information into the message of server, the server can be sentenced according to the SessionID It is disconnected whether to belong to the information that client interacts with a session.

In the application another embodiment, the client can not directly carry out information exchange with the server. The client can such as POS machine, utility equipment communicated as trunking with the server, complete identity Verifying.Therefore, the application provides a kind of another embodiment of auth method, the method may include:

S201: trunking obtains the account information of input, and the account information of the acquisition is sent to server；

S202: server receives the account information, and the user of the user information based on storage inquiry and the acquisition The corresponding Encryption Algorithm of account information；The Encryption Algorithm is sent to the trunking by the server；

S203: trunking receives the Encryption Algorithm, and using the received Encryption Algorithm to the trunking The first identifying code encrypted, form encrypted first identifying code；

S204: trunking establishes wireless network, and is the network name of the wireless network of foundation setting agreement format Claim；The network name includes the first identifying code after the encryption；

S205: the network name of client scan wireless network；The client meet the agreement from what is scanned Encrypted first identifying code is extracted in the network name of format；

S2061: the client carries out encrypted first identifying code of the extraction using the decipherment algorithm of storage Decryption；Client carries out authentication according to the decrypted result to the first identifying code after the encryption.

First identifying code of trunking described above may include the first identifying code that the trunking generates, or The first identifying code sent from received server.

In a kind of another embodiment of above-mentioned auth method, after completing upper S204, may include:

S2062: the client carries out encrypted first identifying code of the extraction using the decipherment algorithm of storage Decryption, and relaying can will be sent to by the wireless network to the decrypted result of the first identifying code after the encryption of the extraction Equipment；

S2071: the trunking can receive the decrypted result of client transmission and send out the decrypted result It send to server；

S2081: the server can receive the decrypted result that the trunking is sent, and according to the decrypted result Carry out authentication.

A kind of auth method described above, the client send to the first identifying code after the decryption Decrypted result includes: client to the encrypted first identifying code successful decryption of the extraction or failure.The client hair Sending includes: to decrypt to encrypted first identifying code of the extraction to the decrypted result of the first identifying code after the decryption Success or failure.If the decrypted result is that successfully, can pass through authentication；If the decrypted result is failure, can Not pass through authentication.

Certainly, the client transmission may include: to the decrypted result of the first identifying code after the decryption

The second identifying code after the decryption of acquisition is decrypted to encrypted first identifying code in client；

Correspondingly, the server receives the decrypted result that trunking is sent, and according to the decrypted result into Row authentication includes: that the server receives the decrypted result, and the second identifying code is extracted in the decrypted result described in； Whether the first identifying code of the server second identifying code and server is identical, and leads to when comparison result is identical Cross ID card verification.

In another auth method of the application, the method may include:

S205: the network name of client scan wireless network；The client described about fixes from meeting of scanning Encrypted first identifying code is extracted in the network name of formula；

S2063: client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage； In successful decryption, the decipherment algorithm that the message sink end can use storage adds the third identifying code of client It is close, form encrypted third identifying code；The client can send the encrypted third identifying code by described Wireless network is sent to trunking；

S3072: trunking can receive the encrypted third identifying code, and the encrypted identifying code is sent out It send to server；

S3082: server can receive encrypted three identifying code, and can use the account with the user obtained The encrypted third identifying code is decrypted in the corresponding Encryption Algorithm of information；The server is calculated according to the encryption Method carries out authentication to the decrypted result of the encrypted third identifying code.

The third identifying code of client described above may include: that client is generated according to certain rule or at random Verification code information.In above-described embodiment, the private key that client can use itself encrypts the third identifying code of client, And server is sent to by the trunking.If after the server can use the corresponding private key decryption encryption Third identifying code, then can pass through authentication.

In preferred embodiment, the server is according to the Encryption Algorithm to the encrypted third identifying code Decrypted result carries out authentication:

Fourth verifying of server when to the encrypted third identifying code successful decryption, after obtaining decryption Code；Whether the server the 4th identifying code and the preset identifying code of server are identical, and when comparison result is identical Pass through authentication.

Referring to the other embodiments of the application, the third identifying code of the client includes the client to the encryption The second identifying code after the decryption of acquisition is decrypted in the first identifying code afterwards, and the preset identifying code of the server may include institute State the first identifying code of server；

Correspondingly, whether the preset identifying code of the server the 4th identifying code and server is identical includes: Whether the first identifying code of the server second identifying code and server is identical；

Alternatively,

The third identifying code of the client includes the account information of the user of client, the preset verifying of the server Code includes the account information of the user of server storage；

Correspondingly, whether the preset identifying code of the server the 4th identifying code and server is identical includes: Whether the account information of the user after the server decryption is identical as the account information for the user that server stores.

It certainly, can also include not in the network name of the agreement format for the wireless network setting that the trunking is established With the APPID information of application, the client can extract the different application according to the agreement format of the network name APPID information, and according to the different application in the APPID data separation client of the extraction.

Based on auth method described herein, the application provides a kind of server of authentication.Fig. 5 is this Shen Please the authentication server modular structure schematic diagram.As shown in figure 5, the server may include:

Account acquiring unit 101 can be used for obtaining the account information of user；

Customer data base 102 can be used for storing user information；The user information may include the account letter of user It ceases, the Encryption Algorithm of user；

It is corresponding with the account information of the acquisition to can be used for the user information inquiry based on storage for query unit 103 Encryption Algorithm；

Encryption unit 104, can be generated the first identifying code, and the Encryption Algorithm for inquiring described in utilizing is to described the One identifying code is encrypted, and encrypted first identifying code is formed；

Radio network unit 105 can be used for establishing wireless network, and about fix for the setting of the wireless network of the foundation The network name of formula；The network name includes encrypted first identifying code.

Fig. 6 is a kind of modular structure schematic diagram of another embodiment of the server of authentication described herein, As shown in fig. 6, the server can also include:

First receiving unit 106, can be used for obtaining that client or trunking send to encrypted first verifying The decrypted result of code；

First identity authenticating unit 107 can be used for carrying out identity according to the decrypted result of the receiving unit 106 testing Card.

The modular structure schematic diagram of Fig. 7 the first identity authenticating unit 107 described above, as shown in fig. 7, first identity Authentication unit 107 may include:

First extraction unit 1071 can be used for the first identifying code after extracting decryption in the decrypted result；

First comparing unit 1072 can be used for the first identifying code and encryption unit 104 after the decryption of extraction described in comparison Whether the first identifying code generated is identical；

First authentication unit 1073 can be used for the first identifying code and encryption unit 104 after the decryption according to the extraction The comparison result of the first identifying code generated carries out authentication.

Fig. 8 is a kind of modular structure schematic diagram of another embodiment of the server of authentication described herein, As shown in figure 8, the server can also include:

Second receiving unit 108 can be used for receiving the encrypted third identifying code of client or trunking transmission；

Decryption unit 109 can be used for calculating using encryption corresponding with the user account of acquisition in customer data base 102 The encrypted third identifying code is decrypted in method；

Second identity authenticating unit 1010, can be used for according to the decrypted result of the encrypted third identifying code into Row authentication.

The modular structure schematic diagram of Fig. 9 the first identity authenticating unit 1010 described above, as shown in figure 9, second body Part authentication unit 1010 may include:

Second extraction unit 1011 can be used for extracting the decryption unit 109 to the encrypted third identifying code Decrypt the 4th identifying code obtained；

Second comparing unit 1012, the preset identifying code of the 4th identifying code and storage after can be used for decrypting described in comparison It is whether identical；

Second authentication unit 1013 can be used for according to the 4th identifying code knot compared with the preset identifying code of storage Fruit carries out authentication.

The preset identifying code that second comparing unit 1012 stores may include first the testing of generating of encryption unit 104 Demonstrate,prove the user account information of code or customer data base storage.

The application also provides a kind of client of authentication, and Figure 10 is a kind of module of the client of authentication Structural schematic diagram.As shown in Figure 10, the client may include:

Storage unit 201 can be used for storing the agreement format of network name；It can be also used for the account letter of storage user The decipherment algorithm of breath；

Network sweep unit 202, the agreement format scanning that can be used for the network name based on storage meet the agreement The network name of the wireless network of format；

Extraction unit 203 can be used for extracting encrypted the from the network name for meeting agreement format scanned One identifying code；

First decryption unit 204 can be used for the decipherment algorithm based on storage and test encrypted the first of the extraction Card code is decrypted.

Figure 11 is a kind of modular structure schematic diagram of another embodiment of the client of authentication described above.Such as figure Shown in 11, the client can also include:

Identity authenticating unit 205 can be used for the decrypted result progress identity based on first decryption unit 204 and test Card.

Figure 12 is a kind of modular structure schematic diagram of another embodiment of the client of authentication described above.Such as figure Shown in 12, the client can also include:

First transmission unit 206 can be used for that the decrypted result of the first identifying code after the encryption of the extraction will be passed through The wireless network is sent to server or trunking.

The client is sent to the decrypted result to encrypted first identifying code of server or trunking Include:

Client is to the encrypted first identifying code successful decryption of the extraction or failure；

Alternatively,

Figure 13 is a kind of modular structure schematic diagram of another embodiment of the client of authentication described above.Such as figure Shown in 13, the client can also include:

First encryption unit 207 can be used for that success is being decrypted to encrypted first identifying code of the extraction When, it is encrypted using third identifying code of the decipherment algorithm using storage to client, forms encrypted third identifying code；

The encrypted third identifying code can be sent to clothes by the wireless network by the second transmission unit 208 Business device or trunking.

The third identifying code of client described above includes: that the client carries out encrypted first identifying code Second identifying code after the decryption that decryption obtains；Alternatively, the account information of the user of client.

The application also provides a kind of trunking, and Figure 14 is the modular structure schematic diagram of the trunking.Such as Figure 14 institute Show, the trunking may include:

Information acquisition unit 301 can be used for obtaining the account information of user；

Information receiving unit 302 can be used for receiving the Encryption Algorithm of server transmission；

Information encryption unit 303 can be used for generating or receive the first identifying code from server, and utilizes received encryption Algorithm encrypts first identifying code, forms encrypted first identifying code；

Wireless network broadcast unit 304 can be used for establishing wireless network, and about for the setting of the wireless network of the foundation The network name for the formula that fixes；The network name includes encrypted first identifying code.

Figure 15 is a kind of modular structure schematic diagram of the another embodiment of trunking described above, such as Figure 15 institute Show, the trunking can also include:

Feedback reception unit 305 can be used for receiving the feedback result of client transmission；

Transmission unit 306 is fed back, can be used for the received client feedback result being sent to server.In described Include: after the feedback result that the received client of equipment is sent

Client is to encrypted first identifying code successful decryption or failure；

Alternatively,

Client carries out encrypted the of encryption acquisition to the third identifying code of client using the decipherment algorithm of storage Three identifying codes.

Above-mentioned client, server, Encryption Algorithm described in trunking and decipherment algorithm may include it is asymmetric plus Public key and private key in close algorithm.It can certainly include other algorithms that others meet the application authentication algorithm.Tool The wireless network of foundation described in the products application of body may include WIFI network.

The application also provides a kind of system of authentication, and the system may include:

Client can be used for scanning the network name of wireless network；The client is described about from meeting of scanning Encrypted first identifying code is extracted in the network name for the formula that fixes；The decipherment algorithm using storage be can be also used for institute Encrypted first identifying code for stating extraction is decrypted；Can be also used for will be to the first identifying code after the encryption of the extraction Decrypted result is sent to the server by the wireless network；

Server can be used for obtaining the account information of user, and the inquiry of the user information based on storage and the acquisition The corresponding Encryption Algorithm of account information；It can be also used for testing using the Encryption Algorithm inquired the first of server Card code is encrypted, and encrypted first identifying code is formed；Wireless network can also be established, and is the wireless network of the foundation The network name of agreement format is set；The network name includes the first identifying code after the encryption；The solution can also be received It is close as a result, and according to the decrypted result carry out authentication.

Using a kind of auth method, client, server and the trunking of the application, client can be with It is communicated using the wireless network that trunking or server are established with server, carries out authentication.In this authentication During, the network name that can use the wireless network of foundation carries out the transmitting of authentication information.It is each using the application A embodiment can not carry out asking for authentication when the cordless communication network of operator is not available where can solve user Topic.Moreover, the application of authentication can also be increased substantially using the application, the convenience of authentication is improved.

Although the description of the agreement including referring to 802.11 in above content etc, the application is not limited to Must be comply fully with specification 802.11 including agreement the case where.Conveyer modified slightly on the basis of certain agreements System can also carry out the scheme of each embodiment of above-mentioned the application.Certainly, it even if not using above-mentioned IP/TCP/UDP agreement, but adopts It, still can be real as long as meeting the information exchange of the application the various embodiments described above and information judges feedback system with proprietary protocol Existing identical application, details are not described herein.

It is also known in the art that other than realizing controller in a manner of pure computer readable program code, it is complete Entirely can by by method and step carry out programming in logic come so that controller with logic gate, switch, specific integrated circuit, programmable Logic controller realizes identical function with the form for being embedded in microcontroller etc..Therefore this controller is considered one kind Hardware component, and the structure that the device for realizing various functions for including in it can also be considered as in hardware component.Or Even, can will be considered as realizing the device of various functions either the software module of implementation method can be Hardware Subdivision again Structure in part.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.

For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.

As seen through the above description of the embodiments, those skilled in the art can be understood that the application can It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the certain of each embodiment of the application or embodiment Method described in part.

Each embodiment in this specification is described in a progressive manner, same and similar part between each embodiment It may refer to each other, each embodiment focuses on the differences from other embodiments.Implement especially for system For example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part illustrates.

The application can be used in numerous general or special purpose computing system environments or configuration.Such as: personal computer, clothes Business device computer, handheld device or portable device, laptop device, multicomputer system, microprocessor-based system, set Top box, programmable consumer-elcetronics devices, network PC, minicomputer, mainframe computer including any of the above system or equipment Distributed computing environment etc..

The application can describe in the general context of computer-executable instructions executed by a computer, such as program Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with In the local and remote computer storage media including storage equipment.

Although depicting the application by embodiment, it will be appreciated by the skilled addressee that the application there are many deformation and Variation is without departing from spirit herein, it is desirable to which the attached claims include these deformations and change without departing from the application's Spirit.

Claims

1. a kind of auth method, comprising:

Server establishes near field communication network, is that the near field communication network settings of the foundation arrange the network of format Title；

Server passes through network name described in the near field communication Web broadcast；

Client scan near field communication network, and the near field based on the network name for meeting the agreement format scanned Cordless communication network and the server carry out information exchange, complete authentication.

2. a kind of auth method, comprising:

Server is by network name described in the near field communication Web broadcast, so that client is met based on what is scanned The near field communication network and the server of the network name of the agreement format carry out information exchange, complete identity and test Card.

3. method according to claim 2, the network name of the agreement format further includes the account information of user, application At least one of identifier information, identifier information of session,

Wherein, the identifier information of the application is used to distinguish the application of client, and the identifier information of the session is used for area Divide the session of the server and different clients, or distinguishes the generation of the server and same client in different time Session.

4. method according to claim 2, wherein server establishes multiple and different near field communication networks and multiple visitors Family end generates session.

5. a kind of auth method, which comprises

The network name for the wireless network that client scan server is established；

Near field communication network and the service of the client based on the network name for meeting agreement format scanned Device carries out information exchange, completes authentication.

6. method as claimed in claim 5, the network name of the agreement format further includes the account information of user, application At least one of identifier information, identifier information of session,

7. method as claimed in claim 5, the application setting user in the client obtains after being passed through by authentication Take the access authority of application specific functionality.

8. a kind of auth method, comprising:

Server establishes near field communication network, is that the near field communication network settings of the foundation arrange the network of format Title；Encryption is carried out to the first identifying code including the use of the public key inquired in the network name of the agreement format and forms encryption First identifying code afterwards；

The network name of client scan near field communication network, and meet the network name for arranging format from what is scanned Encrypted first identifying code is extracted in title；

Client is decrypted encrypted first identifying code of the extraction using the decipherment algorithm of storage, according to described The decrypted result of encrypted first identifying code carries out authentication.

9. a kind of auth method, comprising:

10. method as claimed in claim 9, the network name of the agreement format further includes the account information of user, application Identifier information, at least one of the identifier information of session,

11. method as claimed in claim 9, wherein server establish multiple and different near field communication network with it is multiple Client generates session.

12. a kind of auth method, comprising:

Trunking inquires public key corresponding with the user account information obtained to server according to the account information of acquisition；

The public key inquired is sent to trunking by server；

The trunking is based on the public key and establishes near field communication network, is the near field communication network of the foundation The network name of agreement format is set；

The trunking passes through network name described in the near field communication Web broadcast；

13. a kind of auth method, comprising:

The trunking establishes near field communication network based on the public key inquired, is the near field communication of the foundation The network name of network settings agreement format；

The trunking is by network name described in the near field communication Web broadcast, so as to be met based on what is scanned The near field communication network and the server of the network name of the agreement format carry out information exchange, complete identity and test Card.

14. method as claimed in claim 13, the network name of the agreement format further includes the account information of user, application Identifier information, at least one of the identifier information of session,

15. method as claimed in claim 13, wherein the trunking establishes multiple and different near field communication networks Session is generated with multiple client.

16. a kind of server of authentication, comprising:

Radio network unit, for establishing near field communication Web broadcast, and the wireless network setting agreement format to establish Network name；It is also used to through network name described in the near field communication Web broadcast, so that client is based on scanning To meet it is described agreement format network name near field communication network and the server carry out information exchange, complete Authentication.

17. the network name of server as claimed in claim 16, the agreement format further includes the account information of user, answers At least one of identifier information, identifier information of session,

18. server as claimed in claim 16, wherein the server establishes multiple and different near field communication networks Session is generated with multiple client.

19. a kind of trunking of authentication, comprising:

Information acquisition unit, for obtaining the account information of user；

Information receiving unit, for receiving the public key of server transmission, the public key includes that server is believed based on the user of storage Cease the public key corresponding with the account information of acquisition inquired；

Information encryption unit, for generating or receiving the first identifying code from server, and using received Encryption Algorithm to described First identifying code is encrypted, and encrypted first identifying code is formed；

Agreement is arranged for establishing near field communication Web broadcast, and for the wireless network established in wireless network broadcast unit The network name of format；The network name includes encrypted first identifying code；It is also used to wireless by the near field Network name described in communications network broadcast so that the near field of network name of the client based on meeting of scanning agreement format without Line communication network and the server carry out information exchange, complete authentication.

20. trunking as claimed in claim 19, the network name of the agreement format further include the account information of user, At least one of the identifier information of application, identifier information of session,

21. trunking as claimed in claim 19, wherein the trunking establishes multiple and different near field communications Network and multiple client generate session.

22. a kind of client, comprising:

Storage unit, for storing the agreement format of network name；It is also used to store the decipherment algorithm of the account information of user；

Network sweep unit, for the network name based on storage agreement format scanning meet it is described agreement format near field without The network name of line communication network；The network name includes the wireless network established by server or trunking and is arranged about The network name for the formula that fixes；Be also used to based on scan meet agreement format network name near field communication network with Server carries out information exchange, completes authentication.

23. a kind of client, comprising:

Storage unit, for storing the agreement format of network name；It is also used to store the private key of the account information of user；

Network sweep unit, for the network name based on storage agreement format scanning meet it is described agreement format near field without The network name of line communication network；The network name includes the wireless network established by server or trunking and is arranged about The network name for the formula that fixes includes that server obtains or trunking is according to inquiring and user account letter in the network name The corresponding public key of manner of breathing carries out encrypted first identifying code of encryption formation to the first identifying code；

Extraction unit, for extracting encrypted first identifying code from the network name for meeting agreement format scanned；

First decryption unit is decrypted for encrypted first identifying code of the private key based on storage to extraction, carries out body Part verifying.

24. a kind of authentication system, comprising:

Server, user obtain the user information of user's registration, and the user information includes the account information of user, generate and are somebody's turn to do Corresponding a pair of of the public key of user account information and private key, and private key corresponding with the user account information is sent to use In the client at family, stored by the client of user；

Trunking for receiving the public key and the first identifying code of server transmission, and is tested using the public key described first Card code is encrypted, and encrypted first identifying code is formed；It is also used to establish wireless network, and the wireless network setting to establish Arrange the network name of format；The network name includes encrypted first identifying code；

Client, for scanning the network name of wireless network；The client from scan meet agreement format network Encrypted first identifying code is extracted in title；Be also used to the private key based on storage to encrypted first identifying code of extraction into Row decryption, carries out authentication.