CN114448629A

CN114448629A - Identity authentication method and device, storage medium and electronic equipment

Info

Publication number: CN114448629A
Application number: CN202210305760.8A
Authority: CN
Inventors: 郭茂文; 黎艳; 张�荣; 卢燕青; 刘大方
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-03-25
Filing date: 2022-03-25
Publication date: 2022-05-06

Abstract

The disclosure provides an identity authentication method and device, a storage medium and electronic equipment, and relates to the technical field of computers. The method comprises the following steps: generating first authentication information in response to an authentication request of a terminal; acquiring encrypted verification information obtained by encrypting the first verification information by using the quantum key; sending the encrypted verification information to a terminal, wherein the terminal decrypts the encrypted verification information by using the quantum key and returns second verification information to the application server according to a decryption result; and receiving second verification information returned by the terminal, and determining the identity verification result of the terminal according to the first verification information and the second verification information. The method and the device ensure the transmission safety of the verification information and improve the reliability of the identity verification.

Description

Identity authentication method and device, storage medium and electronic equipment

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to an identity authentication method and apparatus, a storage medium, and an electronic device.

Background

With the progress of computer technology, the application of identity authentication is more and more extensive. For example, authentication may be applied in a scenario where a user registers in an application.

In the related art, when the server needs to verify the user identity, a short message including a verification code for verifying the user identity may be generated. The server may send the short message to the user's handset. The user can receive the short message and enter the verification code in the short message. The server may compare the verification code input by the user with the verification code generated by the server, and may verify the identity of the user based on the comparison result.

The method provided by the related technology may have a safety problem when sending a short message to a mobile phone of a user. For example, a short message may be stolen by a trojan virus or the like during transmission. The safe transmission of the short message cannot be guaranteed, and the reliability of the authentication is lower.

It is noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure and therefore may include information that does not constitute prior art that is already known to a person of ordinary skill in the art.

Disclosure of Invention

The present disclosure provides an authentication method and apparatus, a storage medium, and an electronic device, which at least overcome the problem of low reliability of authentication in the related art to some extent.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.

According to an aspect of the present disclosure, there is provided an identity authentication method, the method including:

generating first authentication information in response to an authentication request of a terminal;

acquiring encrypted verification information obtained by encrypting the first verification information by using a quantum key;

sending the encrypted verification information to the terminal, wherein the terminal decrypts the encrypted verification information by using a quantum key and returns second verification information to the application server according to a decryption result;

and receiving second verification information returned by the terminal, and determining an identity verification result of the terminal according to the first verification information and the second verification information.

In one embodiment of the present disclosure, obtaining encrypted verification information obtained by encrypting the first verification information using a quantum key includes:

sending the first verification information to a quantum key server;

and receiving the encrypted verification information returned by the quantum key server, wherein the quantum key server encrypts the first verification information by using a quantum key and returns the encrypted verification information to the application server.

In an embodiment of the present disclosure, the sending the first authentication information to the quantum key server includes:

and sending the first verification information and the code number information to the quantum key server, wherein the quantum key server determines a quantum key used for encrypting the first verification information according to the code number information.

In an embodiment of the present disclosure, determining an authentication result of the terminal according to the first authentication information and the second authentication information includes:

comparing the first verification information with the second verification information to obtain a comparison result;

if the first verification information and the second verification information meet a preset verification condition, outputting an identity verification result passing the verification;

and if the first verification information and the second verification information do not meet the preset verification condition, outputting an identity verification result of which the verification fails.

In one embodiment of the present disclosure, before obtaining encrypted verification information obtained by encrypting the first verification information using a quantum key, the method further includes:

identifying whether the identity authentication request comprises an encryption identifier, wherein the encryption identifier is used for indicating that the first authentication information is encrypted;

the acquiring encrypted verification information obtained by encrypting the first verification information by using a quantum key includes:

and responding to the identity authentication request including the encrypted identification, and acquiring encrypted authentication information obtained by encrypting the first authentication information by using the quantum key.

In one embodiment of the present disclosure, the method further comprises:

obtaining a quantum key identifier corresponding to the quantum key, wherein the quantum key identifier is used for enabling the terminal to determine a quantum key used for decrypting encrypted verification information;

and sending the quantum key identification to the terminal.

In one embodiment of the present disclosure, after generating first authentication information in response to an authentication request of a terminal, the method includes:

generating a short message containing first verification information;

acquiring an encrypted short message obtained by encrypting the short message by using a quantum key;

and sending the encrypted short message to the terminal, wherein the terminal decrypts the encrypted short message by using a quantum key and returns second verification information to the application server according to a decryption result.

According to another aspect of the present disclosure, there is provided an authentication method performed by a terminal, the method including:

sending an authentication request to an application server;

receiving encrypted verification information returned by the application server according to the identity verification request, wherein the encrypted verification information is obtained by encrypting first verification information by using a quantum key;

decrypting the encrypted verification information by using a quantum key to obtain second verification information;

and sending the second verification information to the application server, wherein the application server is used for determining the identity verification result of the terminal according to the first verification information and the second verification information.

In one embodiment of the present disclosure, the method further comprises:

receiving a quantum key identifier returned by the application server according to the identity authentication request;

and determining a quantum key used for decrypting the encrypted verification information according to the quantum key identification.

In one embodiment of the present disclosure, the method further comprises:

and sending an identity authentication request to an application server, wherein the identity authentication request comprises code number information, and the code number information is used for determining a quantum key used for encrypting the first authentication information.

In one embodiment of the present disclosure, the method further comprises:

responding to an encryption instruction input by an interactive object of the terminal, or the terminal has a quantum key decryption function, and sending an authentication request to an application server, wherein the authentication request comprises an encryption identifier, and the encryption identifier is used for indicating that the first authentication information is encrypted.

In one embodiment of the present disclosure, before determining the quantum key used for decrypting the encrypted verification information according to the quantum key identifier, the method further includes:

identifying the encryption verification information to obtain an identification result, wherein the identification result indicates that the encryption verification information is encrypted information;

transmitting the encrypted authentication information to a quantum key fob, the quantum key fob being included in the terminal;

and the quantum key card determines a quantum key used for decrypting the encrypted verification information according to the quantum key identification.

In one embodiment of the present disclosure, the quantum key fob determining a quantum key to use to decrypt the encrypted verification information based on a quantum key identification, includes:

and in response to the access control rule of the quantum key fob being met, the quantum key fob decrypts the encrypted verification information using the quantum key to obtain the second verification information.

In one embodiment of the present disclosure, after sending the authentication request to the application server, the method includes:

the short message client receives an encrypted short message returned by the application server according to the identity authentication request, wherein the encrypted short message is obtained by encrypting the short message containing the first authentication information by using a quantum key, and the short message client is contained in the terminal;

the short message client sends the encrypted short message to a quantum key fob through a secure channel, and the quantum key fob decrypts the encrypted short message by using the quantum key to obtain a decryption result;

the quantum key card sends the decryption result to the short message client through the secure channel, wherein the decryption result comprises the second verification information;

and the application client acquires the second verification information and sends the second verification information to the application server, and the application server is used for determining the identity verification result of the terminal according to the first verification information and the second verification information.

According to another aspect of the present disclosure, there is provided an authentication system comprising a quantum key fob, an application client, an application server, and a quantum key server;

the application client is used for sending an authentication request to the application server;

the application server is communicated with the application client and used for responding to the identity authentication request, generating first authentication information and returning encrypted authentication information obtained by encrypting the first authentication information to the application client;

the quantum key server is communicated with the application server and is used for acquiring the first verification information, encrypting the first verification information by using a quantum key to obtain encrypted verification information and returning the encrypted verification information to the application server;

the quantum key fob is communicated with the application client and is used for acquiring the encryption verification information received by the application client and decrypting the encryption verification information;

the application client is further used for obtaining a decryption result of the quantum key fob and returning second verification information to the application server according to the decryption result;

the application server is further configured to receive second verification information returned by the terminal, and determine an authentication result of the terminal according to the first verification information and the second verification information.

In one embodiment of the present disclosure, the system further comprises: the system comprises a short message client, a short message gateway and a short message platform;

the short message platform is communicated with the application server and used for generating a short message containing first verification information according to the first verification information generated by the application server;

the quantum key server is also used for encrypting the short message by using a quantum key to obtain an encrypted short message;

the short message gateway is respectively communicated with the short message platform and the short message client and is used for forwarding the encrypted short message sent by the short message platform to the short message client;

the short message client is used for receiving the encrypted short message from the short message gateway;

the quantum key card is communicated with the short message client and used for decrypting the encrypted short message by using a quantum key.

According to still another aspect of the present disclosure, there is provided an authentication apparatus applied to an application server, the apparatus including:

the authentication information generation module is used for responding to an authentication request of the terminal and generating first authentication information;

the encryption verification information acquisition module is used for acquiring encryption verification information obtained by encrypting the first verification information by using a quantum key;

the first sending module is used for sending the encrypted verification information to the terminal, wherein the terminal decrypts the encrypted verification information by using a quantum key and returns second verification information to the application server according to a decryption result;

the first acquisition module is used for receiving second verification information returned by the terminal;

and the determining module is used for determining the identity authentication result of the terminal according to the first authentication information and the second authentication information.

In an embodiment of the present disclosure, the encryption verification information obtaining module is configured to send the first verification information to a quantum key server; and receiving the encrypted verification information returned by the quantum key server, wherein the quantum key server encrypts the first verification information by using a quantum key and returns the encrypted verification information to the application server.

In an embodiment of the present disclosure, the authentication request includes code number information, and the encryption verification information obtaining module is configured to send the first verification information and the code number information to the quantum key server, where the quantum key server determines, according to the code number information, a quantum key used for encrypting the first verification information.

In an embodiment of the present disclosure, the determining module is configured to compare the first verification information with the second verification information to obtain a comparison result; if the first verification information and the second verification information meet a preset verification condition, outputting an identity verification result passing the verification; and if the first verification information and the second verification information do not meet the preset verification condition, outputting an identity verification result of which the verification fails.

In one embodiment of the present disclosure, the apparatus further comprises:

an encrypted identifier identifying module, configured to identify whether the identity authentication request includes an encrypted identifier, where the encrypted identifier is used to indicate that the first authentication information is encrypted;

and the encryption verification information acquisition module is used for responding to the identity verification request including the encryption identifier and acquiring the encryption verification information obtained by encrypting the first verification information by using the quantum key.

In one embodiment of the present disclosure, the apparatus further comprises:

a quantum key identifier obtaining module, configured to obtain a quantum key identifier corresponding to the quantum key, where the quantum key identifier is used to enable the terminal to determine a quantum key used for decrypting the encrypted verification information;

and the quantum key identification sending module is used for sending the quantum key identification to the terminal.

In one embodiment of the disclosure, the verification information generating module is used for generating a short message containing first verification information;

the encryption verification information acquisition module is used for acquiring an encrypted short message obtained by encrypting the short message by using a quantum key;

and the first sending module is used for sending the encrypted short message to the terminal, wherein the terminal decrypts the encrypted short message by using a quantum key and returns second verification information to the application server according to a decryption result.

According to still another aspect of the present disclosure, there is provided an authentication apparatus applied to a terminal, the apparatus including:

the identity authentication request sending module is used for sending an identity authentication request to the application server;

the second obtaining module is used for receiving encrypted verification information returned by the application server according to the identity verification request, wherein the encrypted verification information is obtained by encrypting the first verification information by using a quantum key;

the decryption module is used for decrypting the encrypted verification information by using the quantum key to obtain second verification information;

and the verification information sending module is used for sending the second verification information to the application server, and the application server is used for determining the identity verification result of the terminal according to the first verification information and the second verification information.

In one embodiment of the present disclosure, the apparatus further comprises:

the quantum key identification acquisition module is used for receiving the quantum key identification returned by the application server according to the identity authentication request;

and the quantum key determining module is used for determining a quantum key used for decrypting the encrypted verification information according to the quantum key identification.

In an embodiment of the present disclosure, the authentication request sending module is configured to send an authentication request to an application server, where the authentication request includes code number information, and the code number information is used to determine a quantum key used for encrypting the first authentication information.

In an embodiment of the present disclosure, the authentication request sending module is configured to send an authentication request to an application server in response to an encryption instruction input by an interactive object of the terminal or the terminal has a quantum key decryption function, where the authentication request includes an encryption identifier, and the encryption identifier is used to indicate that the first authentication information is encrypted.

In one embodiment of the present disclosure, the apparatus further comprises:

the encryption verification information identification module is used for identifying the encryption verification information to obtain an identification result, and the identification result indicates that the encryption verification information is encrypted information;

a second transmission module for transmitting the encrypted authentication information to a quantum key fob, the quantum key fob being included in the terminal;

and the quantum key determining module is used for determining a quantum key used for decrypting the encrypted verification information by the quantum key card according to the quantum key identification.

In one embodiment of the disclosure, the quantum key determining module is configured to respond to an access control rule that conforms to the quantum key fob, and the quantum key fob decrypts the encrypted verification information using the quantum key to obtain the second verification information.

In an embodiment of the present disclosure, the second obtaining module is configured to receive, by a short message client, an encrypted short message returned by the application server according to the authentication request, where the encrypted short message is obtained by encrypting, using a quantum key, a short message including the first authentication information, and the short message client is included in the terminal;

a second sending module, configured to send the encrypted short message to a quantum key fob by the short message client through a secure channel, where the quantum key fob decrypts the encrypted short message using the quantum key to obtain a decryption result;

a decryption module, configured to send the decryption result to the short message client through the secure channel by using the quantum key fob, where the decryption result includes the second verification information;

and the verification information sending module is used for acquiring the second verification information by the application client and sending the second verification information to the application server, and the application server is used for determining the identity verification result of the terminal according to the first verification information and the second verification information.

According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above-described authentication method via execution of the executable instructions.

According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the authentication method described above.

According to the technical scheme provided by the disclosure, the encrypted verification information obtained by quantum encryption of the generated first verification information can be obtained, and the encrypted verification information is sent to the terminal. The terminal can decrypt the encrypted authentication information after receiving the encrypted authentication information. The method and the device ensure the transmission safety of the first verification information and improve the reliability of identity verification.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.

Fig. 1 is a schematic diagram illustrating a system structure of an identity authentication method in an embodiment of the present disclosure;

fig. 2 is a schematic diagram illustrating a system structure of another authentication method in the embodiment of the present disclosure;

FIG. 3 shows a flow chart of a method of identity verification in an embodiment of the present disclosure;

fig. 4 is a schematic diagram illustrating a process of obtaining a decryption result by a short message client in an embodiment of the disclosure;

FIG. 5 is a schematic diagram of an authentication device in an embodiment of the present disclosure;

FIG. 6 is a schematic diagram of another authentication device in an embodiment of the present disclosure;

fig. 7 shows a block diagram of an electronic device in an embodiment of the present disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

An embodiment of the present disclosure provides an identity authentication method, please refer to fig. 1, which shows a schematic diagram of an exemplary system architecture to which the identity authentication method of the embodiment of the present disclosure may be applied.

As shown in fig. 1, the system architecture may include quantum key fob 101, application client 102, application server 103, and quantum key server 104. Quantum key fob 101 and application client 102 can be located at terminal 105, among other things.

Optionally, the application client 102 is configured to send an authentication request to the application server 103. And the application server 103 is in communication with the application client 102 and is configured to generate first authentication information in response to the authentication request, and return encrypted authentication information obtained by encrypting the first authentication information to the application client 102. A method for generating the first verification information will not be described in detail herein, and reference is made to the related description in the following method embodiments.

Optionally, the quantum key server 104 is in communication with the application server 103, and is configured to obtain the first verification information, encrypt the first verification information using the quantum key, obtain encrypted verification information, and return the encrypted verification information to the application server 103. The method for encrypting the first authentication information will not be described in detail, and reference is made to the related description in the following method embodiments.

Optionally, the quantum key fob 101 is in communication with the application client 102, and is configured to obtain the encrypted verification information received by the application client 102 and decrypt the encrypted verification information. The method for decrypting the encrypted verification information will not be described in detail herein, and reference is made to the related description in the following method embodiments.

Optionally, the application client 102 is further configured to obtain a decryption result of the quantum key fob 101, and return second verification information to the application server 103 according to the decryption result. The application server 103 is further configured to receive second authentication information returned by the terminal 105, and determine an authentication result of the terminal 105 according to the first authentication information and the second authentication information. A method for determining the authentication result of the terminal 105 is not described in detail herein, and reference is made to the related description in the following method embodiments accordingly.

The method for the communication between the application server 103 and the terminal 105 and the communication between the quantum key server 104 and the application server 103 are not limited in the embodiments of the present disclosure, and for example, the communication may be established through a wired network or a wireless network.

Optionally, the wireless or wired networks described above use standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including Hypertext Mark-up Language (HTML), Extensible markup Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN), Internet protocol Security (IPsec), and so on. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.

The terminal 105 may be a variety of electronic devices including, but not limited to, a smartphone, a tablet, a laptop portable computer, a desktop computer, a wearable device, an augmented reality device, a virtual reality device, and the like.

Optionally, the application clients 102 installed in different terminals 105 are the same, or are the same type of application client based on different operating systems. The specific form of the application client 102 may also be different based on the terminal 105, for example, the application client 102 may be a mobile phone client, a PC client, or the like.

The application server 103 may be a server that provides various services, such as a background management server that provides support for devices operated by the user using the terminal 105. The background management server can analyze and process the received data such as the request and feed back the processing result to the terminal.

The quantum key server 104 is a server using quantum cryptography service, and optionally, the quantum key server 104 may store one or more quantum key banks, where any one of the quantum key banks includes one or more quantum keys.

Optionally, the application server 103 and the quantum key server 104 may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be cloud servers providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, CDN (Content Delivery Network), big data, and an artificial intelligence platform. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like.

In a possible embodiment, the authentication may be performed by short message, in which case the system architecture may further include a short message client 106, a short message gateway 107 and a short message platform 108. At this time, a schematic diagram of an exemplary system architecture of the authentication method or the authentication apparatus may be as shown in fig. 2. Wherein the short message client 106 is located at the terminal 105.

Illustratively, the short message platform 108, in communication with the application server 103, is configured to generate a short message containing the first authentication information according to the first authentication information generated by the application server 103. The quantum key server 104 is also used for encrypting the short message by using the quantum key to obtain an encrypted short message. The short message gateway 107 is in communication with the short message platform 108 and the short message client 106, respectively, and is configured to forward the encrypted short message sent by the short message platform 108 to the short message client 106. A short message client 106 for receiving the encrypted short message from the short message gateway 107. Quantum key fob 101, in communication with short message client 106, is configured to decrypt the encrypted short message using the quantum key.

Those skilled in the art will appreciate that the number of terminals 105, application servers 103, and quantum key servers 104 in fig. 1 and 2 is merely illustrative, and that there may be any number of terminals 105, application servers 103, and quantum key servers 104, as desired. The embodiments of the present disclosure are not limited thereto.

The present exemplary embodiment will be described in detail below with reference to the drawings and examples.

First, an identity authentication method is provided in the embodiments of the present disclosure, and the method may be executed by any terminal and application server having a computing processing capability.

Fig. 3 shows a flowchart of an authentication method in an embodiment of the present disclosure, and as shown in fig. 3, the authentication method provided in the embodiment of the present disclosure includes the following steps S301 to S308:

s301, the terminal sends an identity authentication request to the application server.

The embodiment of the present disclosure does not limit the implementation scenario of the identity authentication method, and for example, the identity authentication method may be used for online registration, and when an interactive object of the terminal needs to be registered on an application program, the terminal needs to authenticate the identity of the interactive object. In the implementation scenario, the application server is an application server corresponding to the application program. Or, the identity authentication method may be used for online shopping, and when an interactive object of the terminal needs to make an order in an application program capable of online shopping, the terminal needs to authenticate the identity of the interactive object. In this implementation scenario, the application server is an application server corresponding to the application program that can perform online shopping.

Illustratively, the authentication request is used to request the application server to send the first authentication information, and the form of the authentication request is not limited in the embodiments of the present disclosure.

Optionally, the method further comprises: and sending an authentication request to the application server, wherein the authentication request comprises code number information, and the code number information is used for determining a quantum key used for encrypting the first authentication information. The code number information is not limited in the embodiments of the present disclosure, for example, the code number information may be stored in a terminal, and any terminal corresponds to one code number information. And, the code number information may correspond to a quantum key store in a quantum key server, and one quantum key store may correspond to at least one code number information.

Optionally, the method further comprises: responding to an encryption instruction input by an interactive object of the terminal, or the terminal has a quantum key decryption function, and sending an authentication request to the application server, wherein the authentication request comprises an encryption identifier which is used for indicating that the first authentication information is encrypted.

For example, in the case where the terminal has a quantum key decryption function, the authentication request including the encrypted identifier may be directly transmitted to the application server. Or, the terminal may display an interface for selecting whether to encrypt to an interactive object of the terminal under the condition that the terminal has the quantum key decryption function, and the interactive object may select whether to encrypt on the interface. When the interactive object selects to be encrypted, an encryption instruction can be input on the interface. After the terminal receives the encryption command of the interactive object, an authentication request including the encrypted identifier may be sent to the application server.

S302, the application server responds to the identity authentication request of the terminal and generates first authentication information.

The embodiment of the present disclosure does not limit the method for generating the first verification information, and for example, in the above-mentioned online registration scenario and online shopping scenario, the first verification information may be randomly generated. The content and length of the first authentication information are not limited in the embodiments of the present disclosure, for example, the first authentication information may be composed of at least one of numbers and letters, and the length of the first authentication information may be 6 bits or 8 bits.

In one possible embodiment, the authentication may be performed in the form of a short message. In this case, after generating the first authentication information in response to the authentication request of the terminal, the method includes: a short message containing the first authentication information is generated. For example, the first verification information may be a 6-digit number "123456". The short message containing the first authentication information may be "your authentication code is 123456".

S303, the application server obtains encrypted verification information obtained by encrypting the first verification information by using the quantum key.

In one possible embodiment, the obtaining, by the application server, encrypted verification information obtained by encrypting the first verification information using the quantum key includes: sending the first verification information to a quantum key server; and receiving the encrypted verification information returned by the quantum key server, wherein the quantum key server encrypts the first verification information by using the quantum key and returns the encrypted verification information to the application server.

Illustratively, the quantum key server may encrypt the first authentication information using a quantum encryption algorithm. The quantum key server can store one to more quantum key banks, and any one of the quantum key banks includes one to more quantum keys. The quantum key server may determine a quantum key store from the one or more quantum key stores, and may determine a quantum key from the quantum key store that encrypts the first authentication information.

In another possible implementation, the application server may encrypt the first authentication information using a quantum key to obtain encrypted authentication information. In this case, the application server may store one or more quantum key banks therein, and may determine a quantum key for encrypting the first authentication information from the quantum key bank, and encrypt the first authentication information using the quantum key. The method for determining, by the application server, the quantum key for encrypting the first authentication information from the quantum key store may be the same as the method for determining, by the quantum key server, the quantum key for encrypting the first authentication information from the quantum key store.

In one possible embodiment, the authentication may be performed in the form of a short message. In this case, an encrypted short message obtained by encrypting a short message, which includes the first authentication information, using the quantum key may be acquired. The method of encrypting the short message may be the same as the method of encrypting the first authentication information described above.

In an exemplary embodiment, the identity authentication request includes code number information, and the sending the first authentication information to the quantum key server includes: and sending the first verification information and the code number information to a quantum key server, wherein the quantum key server determines a quantum key used for encrypting the first verification information according to the code number information.

In one possible embodiment, when the terminal sends an authentication request, the code number information is sent to the application server together with the authentication request. The application server generates a first verification message based on the identity verification request, and sends the first verification message and the code number message to the sub-key server. The quantum key server may determine a quantum key repository based on the code number information, determine a quantum key from the quantum key repository, and encrypt the first authentication information using the quantum key to obtain an encrypted authentication result. The embodiments of the present disclosure do not limit the method for determining the quantum key from the quantum key library, and the quantum key may be determined based on an application scenario or experience, for example. In addition, the quantum keys determined from the quantum key library at any two times are not the same.

In one possible implementation, the application server may send an application identifier of the application server to the sub-key server, where the application identifier corresponds to the application server. After the quantum key server obtains the encryption verification information, the encryption verification result can be returned to the application server based on the application identifier.

Optionally, the method further comprises: and acquiring a quantum key identifier corresponding to the quantum key, wherein the quantum key identifier is used for ensuring the terminal to determine the quantum key used for decrypting the encrypted verification information.

In some embodiments, after determining the quantum key, the quantum key server may obtain a quantum key identifier corresponding to the quantum key, and for example, the information indicated by the quantum key identifier may include a starting position of the quantum key in a quantum key library, a length of the quantum key, and the like.

For example, after obtaining the quantum key identifier corresponding to the quantum key, the quantum key server may send the quantum key identifier to the application server. The application server may obtain the quantum key identifier while obtaining the encryption verification information, or may obtain the quantum key identifier before or after obtaining the encryption verification information.

In an exemplary embodiment, before obtaining encrypted verification information obtained by encrypting the first verification information using the quantum key, the method further includes: and identifying whether the identity authentication request comprises an encryption identifier, wherein the encryption identifier is used for indicating that the first authentication information is encrypted. Acquiring encrypted verification information obtained by encrypting the first verification information by using the quantum key, wherein the encrypted verification information comprises: and acquiring encrypted verification information obtained by encrypting the first verification information by using the quantum key in response to the identity verification request including the encrypted identifier.

The embodiment of the present disclosure does not limit the form of the encrypted identifier, and the encrypted identifier may be recognized by the application server. For example, when the authentication request obtained by the application server includes an encrypted identifier, the application server may identify the encrypted identifier, and send first authentication information generated according to the authentication request to the quantum key server, requesting the quantum key server to encrypt the first authentication information. If the authentication request acquired by the application server does not include the encrypted identifier, the application server may directly return the first authentication information generated according to the authentication request to the terminal without the need of the quantum key server to encrypt the first authentication information.

S304, the application server sends the encrypted verification information to the terminal, wherein the terminal decrypts the encrypted verification information by using the quantum key and returns second verification information to the application server according to a decryption result.

In a possible implementation manner, the quantum key server may send the encryption verification result to the application server, and after the application server obtains the encryption verification result, the application server may send the encryption verification result to the terminal. Or after the quantum key server obtains the encryption verification result, the quantum key server can directly send the encryption verification result to the terminal, and the encryption verification result is not forwarded through the application server.

Optionally, the method further comprises: and sending the quantum key identification to the terminal.

For example, after the application server obtains the quantum key identifier, the application server may send the quantum key identifier to the terminal corresponding to the code number information according to the code number information included in the authentication request.

In one possible embodiment, the authentication may be performed in the form of a short message. In this case, the encrypted short message is sent to the terminal, wherein the terminal decrypts the encrypted short message by using the quantum key and returns second verification information to the application server according to the decryption result. The method for sending the encrypted short message to the terminal is not limited in the embodiments of the present disclosure, and for example, the method may be the same as the above-described method for sending the encrypted verification information to the terminal. Alternatively, the application server or the quantum key server may send the encrypted short message to the short message platform.

The short message platform can audit the encrypted short message, and the purpose of the audit comprises determining that the encrypted short message does not contain contents which may cause security problems to the terminal, such as Trojan horse virus and the like. After the audit, the short message platform can send the encrypted short message to the short message gateway. The short message gateway can convert the format of the encrypted short message into a short message client format and send the encrypted short message in the short message client format to the terminal. Illustratively, the short message gateway can send the encrypted short message in the short message client format to the short message client on the terminal.

The short message client can identify the encrypted short message after receiving the encrypted short message, and when the short message client identifies that the encrypted verification information is encrypted, the short message client can send the encrypted verification information to the quantum key fob for decryption.

The method for the quantum key fob to decrypt the encrypted verification information using the quantum key can be seen in S306. The method for the terminal to return the second verification information to the application server according to the decryption result may be referred to as S307, which is not described herein again.

S305, the terminal receives the encrypted verification information returned by the application server according to the identity verification request, wherein the encrypted verification information is obtained by encrypting the first verification information by using the quantum key.

Illustratively, the identity authentication request may include code number information corresponding to the terminal. The application server can send the encrypted verification information to the terminal corresponding to the code number information according to the code number information. The terminal may receive the encrypted authentication information.

Optionally, when the application server sends the encrypted verification information in the form of a short message, the short message client receives an encrypted short message returned by the application server according to the authentication request, where the encrypted short message is obtained by encrypting a short message including the first verification information using a quantum key, and the short message client is included in the terminal.

S306, the terminal decrypts the encrypted verification information by using the quantum key to obtain second verification information.

Illustratively, the terminal stores a quantum key for decrypting the encrypted verification information, and after the terminal receives the encrypted verification information, the terminal can decrypt the encrypted verification information by using the quantum key to obtain second verification information. In one possible embodiment, the authentication may be performed in the form of a short message. In this case, the terminal may decrypt the encrypted short message using the quantum key to obtain a decryption result of the encrypted short message, where the decryption result includes the second verification information.

In an exemplary embodiment, the method further comprises: the terminal receives a quantum key identification returned by the application server according to the identity authentication request; and determining a quantum key used for decrypting the encrypted verification information according to the quantum key identification.

Illustratively, the terminal stores a quantum key library, and optionally, the quantum key library may correspond to the code number information of the terminal. The application server may send the quantum key identification to the terminal. The terminal may receive the quantum key identification, and the terminal may determine a quantum key from the quantum key repository to decrypt the encrypted validation information based on the quantum key identification. Therefore, the terminal can decrypt the encrypted verification information by using the quantum key to obtain second verification information.

In a possible implementation manner, the terminal includes a quantum key fob, the quantum key store is stored in the quantum key fob, and the terminal can store the quantum key store through the quantum key fob, determine a quantum key for decrypting the encrypted verification information, and decrypt the encrypted verification information to obtain the second verification information.

Optionally, when the application server sends the encrypted verification information in the form of a short message, the short message client sends the encrypted short message through the secure channel vector sub-key fob, and the quantum key fob decrypts the encrypted short message using the quantum key to obtain a decryption result. And the quantum key card sends a decryption result to the short message client through the secure channel, wherein the decryption result comprises second verification information. The secure channel is not set, and for example, the secure channel can be set by monitoring transmission dynamics, supporting encryption transmission and other methods. In addition, the sequence of sending the quantum key identifier and the encryption verification information to the terminal by the application server is not limited in the embodiment of the disclosure, for example, the quantum key identifier and the encryption verification information may be sent to the terminal at the same time.

Optionally, before the terminal determines the quantum key used for decrypting the encrypted verification information according to the quantum key identifier, the method further includes: identifying the encryption verification information to obtain an identification result, wherein the identification result indicates that the encryption verification information is encrypted information; transmitting the encryption verification information to a quantum key fob, the quantum key fob being included in the terminal; the quantum key card determines a quantum key used for decrypting the encrypted verification information according to the quantum key identification.

For example, if the identification result indicates that the encrypted verification information is unencrypted information, the terminal may directly obtain the second verification information without decrypting the encrypted verification information to obtain the encrypted result.

In some embodiments, the encrypted authentication information may be sent to the quantum key fob by an APDU (Application Protocol Data Unit) command that may cause the quantum key fob to receive and decrypt the encrypted authentication information. The quantum key fob may read the APDU instruction and perform a corresponding decryption operation based on the APDU instruction.

Optionally, the determining, by the quantum key fob according to the quantum key identifier, a quantum key used for decrypting the encrypted verification information includes: and in response to the access control rule conforming to the quantum key fob, the quantum key fob decrypts the encrypted verification information using the quantum key to obtain second verification information.

The access control rule is not limited in the embodiment of the present application, and the access control rule may be set according to experience or implementation scenarios, and for example, the access control rule may be set based on an APDU instruction. For example, the APDU instruction may contain an AID value for quantum key card authentication. When the quantum key fob receives the encryption verification information, the quantum key fob can determine whether the access rules are met by verifying whether the AID value in the APDU instruction is consistent with the AID value configured in the quantum key fob. When the AID value in the APDU instruction is consistent with the AID value configured by the quantum key fob, the access control rule of the quantum key fob is met, and the quantum key fob can execute decryption operation; and when the AID value in the APDU instruction is inconsistent with the AID value configured by the quantum key fob, the quantum key fob does not accord with the access control rule of the quantum key fob, and does not execute decryption operation.

S307, the terminal sends second verification information to the application server, and the application server is used for determining the identity verification result of the terminal according to the first verification information and the second verification information.

In one possible embodiment, the application server may send an application identifier corresponding to the application server to the terminal, and the terminal may send the second authentication information to the application server based on the application identifier. Or after the interactive object of the terminal acquires the second verification information, the second verification information may be input into the application client corresponding to the application server, and the terminal sends the second verification information based on a channel in the application client, for example, the channel may be a Transport Layer Security (TLS) channel.

In one possible embodiment, the authentication may be performed in the form of a short message. In this case, after the interactive object of the terminal obtains the decryption result including the second verification information, the second verification information in the decryption result may be input into the application client corresponding to the application server, and the terminal sends the second verification information based on the channel in the application client.

S308, the application server receives the second verification information returned by the terminal, and determines the identity verification result of the terminal according to the first verification information and the second verification information.

In an exemplary embodiment, determining an authentication result of the terminal according to the first authentication information and the second authentication information includes: comparing the first verification information with the second verification information to obtain a comparison result; if the first verification information and the second verification information meet the preset verification condition, outputting an identity verification result passing the verification; and if the first verification information and the second verification information do not meet the preset verification condition, outputting an identity verification result of which the verification fails.

The preset verification condition is not limited in the embodiments of the present disclosure, for example, the preset verification condition may be that the first verification information is the same as the second verification information. Therefore, when the first authentication information is the same as the second authentication information, the first authentication information and the second authentication information satisfy the preset authentication condition, and the authentication result that the authentication is passed can be output. Or when the first verification information is different from the second verification information, the first verification information and the second verification information do not meet the preset verification condition, and an identity verification result of which the verification fails can be output.

The method provided by the disclosure can acquire the encrypted verification information obtained by quantum encryption of the generated first verification information and send the encrypted verification information to the terminal. The terminal can decrypt the encrypted authentication information after receiving the encrypted authentication information. The method and the device ensure the transmission safety of the first verification information and improve the reliability of identity verification.

As shown in fig. 4, an embodiment of the present application provides a method for a short message client to obtain a decryption result, where the method may include the following steps.

S401, the application client sends an authentication request, and the authentication request can carry an encrypted identifier.

S402, the application server generates a short message containing the first verification information. Optionally, the application server determines to perform quantum encryption based on the encryption identifier in the authentication request. The implementation manner of this step may refer to the above S302, which is not described herein again.

S403, the application server sends the short message. Optionally, the application server sends the application identifier and the code number information. The implementation manner of this step can be referred to above as S303, which is not described herein again.

S404, the quantum key server encrypts the short message to obtain an encrypted short message. Optionally, the quantum key server may determine a quantum key used for encrypting the short message based on the code number information. The implementation manner of this step can be referred to above as S303, which is not described herein again.

S405, the quantum key server sends the encrypted short message to the application server. The implementation manner of this step can be referred to above as S303, which is not described herein again.

S406, the application server sends the encrypted short message to the short message platform. The implementation manner of this step can be referred to above as S304, which is not described herein again.

S407, the short message platform sends the encrypted short message to the short message gateway. The implementation manner of this step can be referred to above as S304, which is not described herein again.

S408, the short message gateway sends the encrypted short message to the application client. The implementation manner of this step can be referred to above as S304, which is not described herein again.

S409, the short message client judges that the short message is the quantum key encrypted short message. The implementation manner of this step can be referred to above as S304, which is not described herein again.

And S410, sending the encrypted short message to the quantum key card. The implementation manner of this step can be referred to above as S305, and is not described here again.

S411, the quantum key card decrypts the encrypted short message to obtain a decryption result. The implementation manner of this step can be referred to above as S306, and is not described here again.

S412, the quantum key fob returns the decryption result. The implementation manner of this step can be referred to above as S307, which is not described herein again.

S413, the short message client displays the decryption result.

Based on the same inventive concept, the embodiment of the present disclosure further provides an identity verification apparatus, which may be, but is not limited to, the application server described above. As described in the examples below. Because the principle of the embodiment of the apparatus for solving the problem is similar to that of the embodiment of the method, the embodiment of the apparatus can be implemented by referring to the implementation of the embodiment of the method, and repeated details are not described again.

Fig. 5 is a schematic diagram of an authentication apparatus in an embodiment of the disclosure, and as shown in fig. 5, the apparatus may include:

a verification information generating module 501, configured to generate first verification information in response to an authentication request of a terminal;

an encryption verification information obtaining module 502, configured to obtain encryption verification information obtained by encrypting the first verification information using the quantum key;

the first sending module 503 is configured to send the encrypted verification information to the terminal, where the terminal decrypts the encrypted verification information using the quantum key, and returns second verification information to the application server according to a decryption result;

a first obtaining module 504, configured to receive second verification information returned by the terminal;

a determining module 505, configured to determine an authentication result of the terminal according to the first authentication information and the second authentication information.

In an exemplary embodiment, the encrypted authentication information obtaining module 502 is configured to send first authentication information to the quantum key server; and receiving the encrypted verification information returned by the quantum key server, wherein the quantum key server encrypts the first verification information by using the quantum key and returns the encrypted verification information to the application server.

In an exemplary embodiment, the authentication request includes code number information, and the encrypted authentication information obtaining module 502 is configured to send the first authentication information and the code number information to the quantum key server, where the quantum key server determines, according to the code number information, a quantum key used for encrypting the first authentication information.

In an exemplary embodiment, the determining module 505 is configured to compare the first verification information with the second verification information to obtain a comparison result; if the first verification information and the second verification information meet the preset verification condition, outputting an identity verification result passing the verification; and if the first verification information and the second verification information do not meet the preset verification condition, outputting an identity verification result of which the verification fails.

In an exemplary embodiment, the identity verification apparatus provided in the embodiments of the present disclosure may further include:

the encrypted identifier identification module is used for identifying whether the identity authentication request comprises an encrypted identifier, wherein the encrypted identifier is used for indicating that the first authentication information is encrypted;

the encryption verification information obtaining module 502 is configured to, in response to the identity verification request including the encryption identifier, obtain encryption verification information obtained by encrypting the first verification information using the quantum key.

the quantum key identification acquisition module is used for acquiring quantum key identifications corresponding to the quantum keys, and the quantum key identifications are used for enabling the terminal to determine the quantum keys used for decrypting the encrypted verification information;

In an exemplary embodiment, the verification information generating module 501 is configured to generate a short message containing first verification information;

an encryption verification information obtaining module 502, configured to obtain an encrypted short message obtained by encrypting the short message using a quantum key;

and a first sending module 503, configured to send the encrypted short message to the terminal, where the terminal decrypts the encrypted short message by using the quantum key, and returns second verification information to the application server according to a decryption result.

Based on the same inventive concept, the embodiment of the present disclosure further provides an identity authentication device, which may be, but is not limited to, the terminal described above. As described in the examples below. Because the principle of the embodiment of the apparatus for solving the problem is similar to that of the embodiment of the method, the embodiment of the apparatus can be implemented by referring to the implementation of the embodiment of the method, and repeated details are not described again.

Fig. 6 is a schematic diagram of another authentication apparatus in an embodiment of the disclosure, and as shown in fig. 6, the apparatus may include:

an authentication request sending module 601, configured to send an authentication request to an application server;

a second obtaining module 602, configured to receive encrypted verification information returned by the application server according to the authentication request, where the encrypted verification information is obtained by encrypting the first verification information with a quantum key;

the decryption module 603 is configured to decrypt the encrypted verification information using the quantum key to obtain second verification information;

the verification information sending module 604 is configured to send second verification information to the application server, and the application server is configured to determine an authentication result of the terminal according to the first verification information and the second verification information.

In an exemplary embodiment, the apparatus further comprises:

In an exemplary embodiment, the authentication request sending module 601 is configured to send an authentication request to the application server, where the authentication request includes code number information, and the code number information is used to determine a quantum key used for encrypting the first authentication information.

In an exemplary embodiment, the authentication request sending module 601 is configured to send an authentication request to the application server in response to an interactive object of the terminal inputting an encryption instruction or the terminal having a quantum key decryption function, where the authentication request includes an encryption identifier, and the encryption identifier is used to indicate that the first authentication information is encrypted.

In an exemplary embodiment, the apparatus further comprises:

and the quantum key determining module is used for determining the quantum key used for decrypting the encrypted verification information by the quantum key card according to the quantum key identification.

In an exemplary embodiment, the quantum key determination module is configured to, in response to compliance with the access control rule of the quantum key fob, the quantum key fob decrypts the encrypted verification information using the quantum key to obtain the second verification information.

In an exemplary embodiment, the second obtaining module 602 is configured to receive, by the short message client, an encrypted short message returned by the application server according to the authentication request, where the encrypted short message is obtained by encrypting, using a quantum key, a short message including the first authentication information, and the short message client is included in the terminal;

the second sending module is used for sending the encrypted short message by the short message client through the secure channel vector sub-key card, and the quantum key card decrypts the encrypted short message by using the quantum key to obtain a decryption result;

a decryption module 603, configured to send a decryption result to the short message client through the secure channel by using the quantum key fob, where the decryption result includes second verification information;

the verification information sending module 604 is configured to obtain second verification information by the application client, and send the second verification information to the application server, where the application server is configured to determine an authentication result of the terminal according to the first verification information and the second verification information.

As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as a system, method or program product. Accordingly, various aspects of the present disclosure may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

The device provided by the present disclosure may acquire encrypted verification information obtained by quantum-encrypting the generated first verification information, and send the encrypted verification information to the terminal. The terminal can decrypt the encrypted authentication information after receiving the encrypted authentication information. The method and the device ensure the transmission safety of the first verification information and improve the reliability of identity verification.

An electronic device 700 according to this embodiment of the disclosure is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.

As shown in fig. 7, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: the at least one processing unit 710, the at least one memory unit 720, and a bus 730 that couples various system components including the memory unit 720 and the processing unit 710.

Wherein the storage unit stores program code that is executable by the processing unit 710 to cause the processing unit 710 to perform steps according to various exemplary embodiments of the present disclosure as described in the above section "exemplary methods" of this specification.

The storage unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.

The memory unit 720 may also include programs/utilities 7204 having a set (at least one) of program modules 7205, such program modules 7205 including but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 730 may be any representation of one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The electronic device 700 may also communicate with one or more external devices 740 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 700, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 700 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 760. As shown, the network adapter 760 communicates with the other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium, which may be a readable signal medium or a readable storage medium. On which a program product capable of implementing the above-described method of the present disclosure is stored. In some possible embodiments, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the disclosure described in the "exemplary methods" section above of this specification, when the program product is run on the terminal device.

More specific examples of the computer-readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

In the present disclosure, a computer readable storage medium may include a propagated data signal with readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Alternatively, program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

In particular implementations, program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.

Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. An authentication method, performed by an application server, the method comprising:

2. The method of claim 1, wherein the obtaining encrypted verification information obtained by encrypting the first verification information by using a quantum key comprises:

sending the first verification information to a quantum key server;

3. The method according to claim 2, wherein the identity authentication request includes code number information, and the sending the first authentication information to a quantum key server includes:

4. The method according to claim 1, wherein the determining the authentication result of the terminal according to the first authentication information and the second authentication information comprises:

5. The method of claim 1, wherein before obtaining the encrypted verification information obtained by encrypting the first verification information using a quantum key, the method further comprises:

6. The method of claim 1, further comprising:

and sending the quantum key identification to the terminal.

7. The method according to claim 1, wherein after generating the first authentication information in response to the authentication request of the terminal, the method comprises:

generating a short message containing first verification information;

8. An identity verification method, performed by a terminal, the method comprising:

sending an authentication request to an application server;

9. The method of claim 8, further comprising:

10. The method according to any one of claims 8 or 9, further comprising:

11. The method according to any one of claims 8 or 9, further comprising:

12. The method of claim 9, wherein prior to determining the quantum key to use to decrypt the encrypted validation information based on the quantum key identification, the method further comprises:

13. The method of claim 12, wherein the quantum key fob determining a quantum key to use to decrypt the encrypted validation information based on a quantum key identification, comprises:

and in response to meeting the access control rule of the quantum key fob, the quantum key fob decrypts the encrypted verification information by using the quantum key to obtain the second verification information.

14. The method of claim 8, wherein after sending the authentication request to the application server, the method comprises:

15. An identity verification system, comprising a quantum key fob, an application client, an application server, and a quantum key server;

16. The system of claim 15, further comprising: the system comprises a short message client, a short message gateway and a short message platform;

the short message gateway is communicated with the short message platform and the short message client respectively and is used for forwarding the encrypted short message sent by the short message platform to the short message client;

17. An identity authentication device applied to an application server, the identity authentication device comprising:

18. An identity authentication device, applied to a terminal, the device comprising:

19. An electronic device, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the authentication method of any one of claims 1 to 7 or the authentication method of any one of claims 8 to 14 via execution of the executable instructions.

20. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the authentication method according to any one of claims 1 to 7, or carries out the authentication method according to any one of claims 8 to 14.