CN108449568A - Identity identifying method and device for video conference - Google Patents
Identity identifying method and device for video conference Download PDFInfo
- Publication number
- CN108449568A CN108449568A CN201810095388.6A CN201810095388A CN108449568A CN 108449568 A CN108449568 A CN 108449568A CN 201810095388 A CN201810095388 A CN 201810095388A CN 108449568 A CN108449568 A CN 108449568A
- Authority
- CN
- China
- Prior art keywords
- terminal
- value
- random number
- identity authentication
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012795 verification Methods 0.000 claims abstract description 49
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 47
- 230000015654 memory Effects 0.000 claims description 19
- 230000009545 invasion Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
- H04N7/15—Conference systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
- H04N7/15—Conference systems
- H04N7/155—Conference systems involving storage of or access to video conference sessions
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention relates to video conference fields, disclose a kind of identity identifying method and device for video conference, wherein the identity identifying method includes:Receive terminal input E.164 number and the second digest value;The first random number is sent to terminal;The signature value that terminal is sent is received, signature value signs to obtain according to national secret algorithm;E.164 number to being verified with the second digest value, and signature value is verified by national secret algorithm identical with national secret algorithm;When to E.164 number and when the second digest value is verified, and when signature value is verified, notice terminal authentication passes through.E.164 number the present invention uses to be identified as an authenticating user identification, due to E.164 number have uniqueness and can not modificability, reliability is stronger.Safety verification twice is contained in the authentication procedures, effectively prevent illegal invasion and the leakage of data.
Description
Technical Field
The invention relates to the field of video conferences, in particular to an identity authentication method and device for a video conference.
Background
The video conference mainly realizes remote face-to-face communication in a voice and image mode, particularly refers to individuals or groups in two or more different places, and distributes various data such as static and dynamic images, voice, characters, pictures and the like of people to computers of various terminal users through various existing electric communication transmission media to realize instant and interactive communication, so that geographically dispersed users can share one place to communicate information in various modes such as graphics, voice and the like, the understanding ability of the two parties on the content is increased, and the system equipment for meeting purposes is realized.
Before a video conference starts, a terminal user firstly needs to log in a video conference system, and currently, the terminal user mainly logs in the following ways: 1. using an account number + password; 2. using a mode of account number + password abstract; 3. using a mode of account number + password + dynamic password; 4. the account + password + certificate is used. However, the above-mentioned several user login methods all have certain drawbacks, for example, when login is performed by using the account + password method, the user password plaintext is transmitted in a network with a complex environment and is easily stolen; when logging in by adopting the mode of account number + password abstract, the risk of replay attack exists; when logging in by adopting a dynamic password mode, the dynamic password tool needs to be configured with an additional dynamic token, so that the use cost is increased, and if sensitive information of the dynamic token is leaked, an attacker can easily calculate a password value.
In summary, how to improve the security and reliability of the terminal user for identity authentication before the video conference is one of the problems to be continuously solved in the field.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is as follows: how to improve the safety and reliability of the terminal user when carrying out identity authentication before the video conference.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows:
according to a first aspect, an embodiment of the present invention provides an identity authentication method for a video conference, including the following steps:
receiving an E.164 number and a second digest value input by a terminal, wherein the second digest value is obtained according to a login password;
sending a first random number to the terminal;
receiving a signature value sent by the terminal, wherein the signature value is obtained by signature according to a cryptographic algorithm;
verifying the E.164 number and the second digest value, and verifying the signature value by the same cryptographic algorithm as the cryptographic algorithm;
when the E.164 number and the second digest value are verified, and the signature value is verified, notifying the terminal that the verification is passed;
optionally, while receiving the signature value sent by the terminal, a second random number sent by the terminal is also received;
after the E.164 number and the second digest value are verified and the signature value is verified, further comprising:
judging whether the second random number is consistent with the first random number;
and when the second random number is consistent with the first random number, informing the terminal that the verification is passed.
Optionally, the method further comprises the following steps:
and when the E.164 number and the second digest value are not verified, or when the signature value is not verified, or when the second random number and the first random number are not consistent, informing the terminal that the verification is failed.
Optionally, before the step of receiving the e.164 number and the second digest value input by the terminal, the method further includes:
and allocating the E.164 number and the password key according to the registration information of the terminal.
Optionally, the step of assigning the e.164 number and the password key according to the registration information of the terminal includes:
receiving registration information of a terminal, wherein the registration information comprises a registration password input by a user;
performing digest operation on the registration password to obtain a first digest value;
storing the first abstract value and the registration information into a database;
allocating an E.164 number according to the registration information, wherein the allocated E.164 number is in one-to-one correspondence with the first digest value;
obtaining private key information with the E.164 number as an identifier from a key generation center, and storing the private key information into a key;
and sending the E.164 number to the terminal, and successfully registering.
Optionally, the step of verifying the e.164 number and the second digest value input by the terminal includes:
acquiring the first abstract value corresponding to the E.164 number input by the terminal from a database;
judging whether the second abstract value is consistent with the first abstract value;
if the two are consistent, the verification is passed; when not consistent, the verification is not passed.
According to a second aspect, an embodiment of the present invention provides an identity authentication apparatus for a video conference, including:
the first receiving unit is used for receiving the E.164 number and a second abstract value input by the terminal, wherein the second abstract value is obtained according to the login password;
a first sending unit, configured to send a first random number to the terminal;
the second receiving unit is used for receiving the signature value sent by the terminal, and the signature value is obtained by signature according to a cryptographic algorithm;
the first verification unit is used for verifying the E.164 number and the second digest value and verifying the signature value through a national cryptographic algorithm which is the same as the national cryptographic algorithm;
a first notification unit, configured to notify the terminal that the verification is passed when the verification of the e.164 number and the second digest value is passed and the verification of the signature value is passed.
Optionally, the second receiving unit is configured to receive a second random number sent by the terminal while receiving the signature value sent by the terminal;
the identity authentication apparatus further includes:
a second verifying unit configured to determine whether the second random number and the first random number are identical;
the first notification unit is further configured to notify the terminal that the authentication is passed when the second random number and the first random number are consistent;
the first notification unit is further configured to notify that the terminal fails to verify when the e.164 number and the second digest value are not verified, or when the signature value is not verified, or when the second random number and the first random number are not identical.
According to a third aspect, an embodiment of the present invention provides an identity authentication apparatus, including:
at least one processor;
and a memory communicatively coupled to the at least one processor, the memory storing instructions executable by the at least one processor to cause the at least one processor to perform the method of identity authentication.
According to a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, including: the non-transitory computer-readable storage medium stores computer instructions for causing a computer to execute the above-described identity authentication method.
Compared with the prior art, the technical scheme of the invention has the following advantages:
according to the identity authentication method for the video conference, provided by the first aspect of the invention, the E.164 number is used as the user identity authentication identifier, and the E.164 number has uniqueness and inflexibility, so that the reliability is higher compared with the traditional identity authentication identifier. The server receives the digest value instead of the password plaintext, so that the password plaintext is effectively prevented from being leaked. The identity authentication process comprises two times of security verification, namely, the verification of an E.164 number and a second abstract value input by a terminal; and secondly, verifying the signature value sent by the terminal. Only when the two verifications are passed, the identity authentication is passed, so that the safety and reliability of the identity authentication of the terminal user before the video conference is started are effectively improved, and illegal invasion and data leakage are effectively prevented. On the other hand, the signature value of the random number is obtained by performing data signature on the random number according to a national cryptographic algorithm, and the verification of the signature value is performed through the same national cryptographic algorithm.
According to the identity authentication method for the video conference provided by the first aspect of the present invention, after the signature value is verified, it is further determined whether the second random number sent by the terminal is consistent with the first random number sent by the server. Therefore, one-time verification is added on the basis of two-time verification, and the safety of identity authentication is further improved.
According to the identity authentication method for the video conference provided by the first aspect of the invention, before the step of receiving the e.164 number and the second digest value input by the terminal, the method further comprises the step of allocating the e.164 number and the cipher key according to the registration information of the terminal. Therefore, the end user can acquire the respective E.164 number and the password key so as to verify the identity subsequently.
According to the identity authentication method for the video conference provided by the first aspect of the invention, the process of verifying the E.164 number and the second digest value input by the terminal is firstly to acquire the first digest value corresponding to the E.164 number input by the terminal from the database, wherein the first digest value is obtained by performing digest operation according to the registration password when the terminal is registered; and judging whether the second abstract value is consistent with the first abstract value, and if so, passing the verification. The verification method is characterized in that the abstract value of the input password is calculated through an abstract algorithm, and then the abstract values are compared, so that the safety is high, and the calculation method is simple and rapid.
According to the identity authentication device for the video conference provided by the second aspect of the invention, the E.164 number is used as the user identity authentication identifier, and the E.164 number has uniqueness and inflexibility, so that the reliability is stronger compared with the traditional identity authentication identifier. The identity authentication device verifies the E.164 number and the second digest value input by the terminal through the first verification unit, and meanwhile verifies the signature value. Only when the two verifications are passed, the identity authentication is passed, so that the safety and reliability of the identity authentication of the terminal user before the video conference is started are effectively improved, and illegal intrusion and data leakage are effectively prevented. On the other hand, the signature value of the random number is obtained by performing data signature on the random number according to a national cryptographic algorithm, and the verification of the signature value is performed through the same national cryptographic algorithm.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a diagram of an application scenario in accordance with an embodiment of the present invention;
fig. 2 is a flowchart of an identity authentication method for a video conference according to embodiment 1 of the present invention;
fig. 3 is a flowchart of another implementation of an identity authentication method for a video conference according to embodiment 1 of the present invention;
fig. 4 is a specific flowchart of step S10 in the identity authentication method for a video conference according to embodiment 1 of the present invention;
fig. 5 is a schematic structural diagram of an identity authentication apparatus for a video conference according to embodiment 2 of the present invention;
fig. 6 is a schematic structural diagram of another embodiment of an identity authentication apparatus for a video conference according to embodiment 2 of the present invention;
fig. 7 is a schematic structural diagram of an allocation unit in an identity authentication apparatus for a video conference according to embodiment 2 of the present invention;
fig. 8 is a schematic structural diagram of a first verification unit in an identity authentication apparatus for a video conference according to embodiment 2 of the present invention;
fig. 9 is a schematic structural diagram of an identity authentication terminal for a video conference according to embodiment 4 of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In the description of the present invention, it should be noted that the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as there is no conflict between them.
Fig. 1 is a schematic view of an application scenario in an embodiment of the present invention, where a plurality of video conference terminals are connected to a video conference server, and only two video conference terminals are listed in the figure, that is, a first video conference terminal and a second video conference terminal. The first video conference terminal and the second video conference terminal are mobile terminals such as a mobile phone or a tablet computer or computer terminals such as a PC, and before the video conference starts, the first video conference terminal and the second video conference terminal need to complete registration and identity authentication during login through a video conference server. Hereinafter, the video conference terminals are collectively referred to as terminals.
Example 1
The embodiment of the invention provides an identity authentication method for a video conference, which is executed by a video conference server in fig. 1. As shown in fig. 2, the method comprises the following steps:
and step S11, receiving the E.164 number and the second digest value input by the terminal, wherein the second digest value is obtained according to the login password. In this embodiment, the e.164 number is used as the user identity authentication identifier, and because the e.164 number has uniqueness and inflexibility, the reliability of the e.164 number is higher than that of the conventional authentication identifier. The second digest value is obtained by performing digest operation on the login password input by the user through a digest algorithm on the terminal side, wherein in the embodiment, the digest algorithms such as SM3 or MD5 are selected.
In the embodiment, the server receives the digest value instead of the password plaintext, so that the password plaintext is effectively prevented from being leaked.
And step S12, sending the first random number to the terminal. The first random number is sent to the terminal after the server end receives the E.164 number and the second abstract value input by the terminal and randomly generates a string of characters.
And step S13, receiving the signature value sent by the terminal, wherein the signature value is obtained by signature according to the cryptographic algorithm.
It should be noted that the following steps are also included between step S12 and step S13:
and step S121, the terminal packages and sends the E.164 number, the second digest value and the received first random number sent by the server to a password key connected with the terminal. The code key is an IBC code key authenticated by the State and Key administration, and the security performance is high.
Step S122, the cryptographic key performs data signature on the set of the e.164 number, the second digest value, and the first random number to obtain a total signature value of the e.164 number, the second digest value, and the first random number, and the signature algorithm used is a national cryptographic algorithm, which is preferably SM9 national cryptographic algorithm in this embodiment.
And step S123, the password key sends the signature value to the terminal.
And step S124, the terminal sends the signature value to the server.
And step S14, verifying the E.164 number and the second digest value input by the terminal, and verifying the signature value by the same national cryptographic algorithm as the above-mentioned national cryptographic algorithm.
Specifically, in this embodiment, step S14 includes:
and step S141, acquiring a first abstract value corresponding to the E.164 number input by the terminal from the database.
It should be noted that the first digest value corresponding to the e.164 number input by the terminal is pre-stored in the database during the registration process, which is described in detail later.
Step S142, determining whether the second digest value is consistent with the first digest value.
Step S143, when the second digest value is consistent with the first digest value, determining that the verification of the E.164 number and the second digest value is passed, and executing step S144; otherwise, step S16 is executed.
The verification method is characterized in that the abstract value of the input password is calculated through an abstract algorithm, and then the abstract value is compared, so that the safety is high, and the calculation method is simple and rapid.
Step S144, the signature value is verified by the same country cryptographic algorithm as the above-mentioned country cryptographic algorithm. The same country key algorithm refers to the above-mentioned country key algorithm for signature, for example, the above-mentioned country key algorithm for signature is SM9 country key algorithm, and then SM9 country key algorithm is used to verify the signature value in this step.
Step S145, when the signature value is verified, executing step S15; otherwise, step S16 is executed.
And step S15, when the E.164 number and the second digest value are verified, and the signature value is verified, the terminal is informed that the verification is passed.
And step S16, notifying the terminal of the failure of the verification.
The identity authentication process comprises two times of security verification, namely, the verification of the E.164 number and the second abstract value input by the terminal; and secondly, when the signature value sent by the terminal is verified. Only when the two verifications are passed, the identity authentication is passed, so that the safety and reliability of the identity authentication of the terminal user before the video conference is started are effectively improved, and illegal intrusion and data leakage are effectively prevented. On the other hand, the signature value of the random number is obtained by performing data signature on the random number according to the national cryptographic algorithm, and the verification of the signature value is performed through the same national cryptographic algorithm.
It should be noted that, in this embodiment, the order of step S142 and step S144 may be reversed, that is, the signature value may be verified first, and then the e.164 number and the digest value may be verified, both of which may achieve the purpose of the present invention, and belong to the protection scope of the present invention.
In this embodiment, as shown in fig. 3, in step S13, the signature value transmitted by the terminal is received, and the second random number transmitted by the terminal is also received. Here, the second random number is a random number used by the terminal to send the cryptographic key signature, and is not necessarily the same as the first random number sent by the server to the terminal, and therefore, for the purpose of distinction, the random number sent by the server to the terminal is named as the first random number, and the random number sent by the terminal to the server is named as the second random number.
After the e.164 number and the second digest value are verified and the signature value is verified in step S14, the method further includes the steps of:
step S17, it is determined whether the second random number and the first random number match.
Step S18, when the second random number is consistent with the first random number, the terminal is informed that the verification is passed; otherwise, the terminal is informed of the failure of the verification.
Therefore, in the process of identity authentication, a user can successfully enter the video conference platform only through three times of verification, and the security of identity authentication is further improved.
In addition, as an alternative implementation of the embodiment of the present invention, the steps of verifying the signature value, the steps of verifying the random number, and the steps of verifying the digest value may be adjusted in order according to actual needs, and are not limited to the order in this document.
In this embodiment, before step S11, the method further includes:
and step S10, allocating the E.164 number and the password key according to the registration information of the terminal.
In this embodiment, as shown in fig. 4, step S10 includes:
step S101, receiving registration information of a terminal, wherein the registration information comprises a registration password input by a user.
Specifically, the registration information includes information such as an IP address and a registration password, which may be set according to different scenarios, but a unique information value, such as an IP address, is required in the registration information to support subsequent assignment of a unique e.164 number.
Step S102, performing digest operation on the registered password to obtain a first digest value.
Specifically, in this embodiment, the SM3 cryptographic digest algorithm or the MD5 digest algorithm is selected to perform digest operation on the registered password, so as to obtain the first digest value.
And step S103, storing the first abstract value and the registration information into a database. For authenticating the e.164 number and the password input by the user in the subsequent step S12.
And step S104, distributing the E.164 number according to the registration information, wherein the distributed E.164 number is in one-to-one correspondence with the first abstract value.
Specifically, in this embodiment, the e.164 number is assigned according to the e.164 encoding rule, the number interval available for assignment, and other custom rules (e.g., the gender of the user in the registration information).
And step S105, obtaining private key information with the E.164 number as the identification from the key generation center and storing the private key information into the password key.
Specifically, the server side sends a request for generating a private key to the key generation center, the key generation center generates private key information using the e.164 number as an identifier after receiving the request, and returns the private key information to the server side, and the server side sends the private key information to the password key for storage.
And step S106, sending the E.164 number to the terminal, and successfully registering. The server side sends the E.164 number to the terminal through the network, and informs the terminal to receive the password key, and the password key is used for follow-up identity authentication.
According to the registration process, the end user can obtain the respective e.164 number and the key for the subsequent authentication.
Example 2
An embodiment of the present invention provides an identity authentication apparatus for a video conference, as shown in fig. 5, including: a first receiving unit 21, a first transmitting unit 22, a second receiving unit 23, a first verifying unit 24 and a first notifying unit 25. Wherein,
the first receiving unit 21 is configured to receive an e.164 number and a second digest value input by the terminal, where the second digest value is obtained according to the login password.
The first sending unit 22 is configured to send the first random number to the terminal.
The second receiving unit 23 is configured to receive a signature value sent by the terminal, where the signature value is obtained by signing according to a cryptographic algorithm.
The first verification unit 24 is used for verifying the E.164 number and the second digest value.
The first notification unit 25 is configured to verify the signature value by the same cryptographic algorithm as the cryptographic algorithm described above when the e.164 number and the second digest value are verified.
The identity authentication device for the video conference uses the E.164 number as the user identity authentication identifier, and the E.164 number has uniqueness and inflexibility, so that the reliability is higher compared with the traditional authentication identifier. The first verification unit in the identity authentication device verifies the E.164 number and the second abstract value input by the terminal through the first verification unit; and secondly, verifying the signature value. Only when the two verifications are passed, the identity authentication is passed, so that the safety and reliability of the identity authentication of the terminal user before the video conference is started are effectively improved, and illegal intrusion and data leakage are effectively prevented. On the other hand, the signature value of the random number is obtained by performing data signature on the random number according to the national cryptographic algorithm, and the signature value is verified through the same national cryptographic algorithm.
Preferably, the second receiving unit in this embodiment is configured to receive the signature value sent by the terminal, and also configured to receive the second random number sent by the terminal.
Correspondingly, as shown in fig. 6, the identity authentication device further includes a second verification unit 26. Wherein,
the second verifying unit 26 is configured to determine whether the second random number and the first random number are identical after the e.164 number and the second digest value are verified and the signature value is verified.
The first notification unit 25 is further configured to notify the terminal that the authentication is passed when the second random number and the first random number coincide.
The first notification unit 25 is also configured to notify the terminal that the authentication has failed when the e.164 number and the second digest value are not verified, or when the signature value is not verified, or when the second random number and the first random number are not identical.
Preferably, the identity authentication apparatus further comprises an assigning unit 20 for assigning the e.164 number and the password key according to the registration information of the terminal.
Preferably, as shown in fig. 7, in the present embodiment, the allocating unit 20 includes a third receiving unit 201, a first obtaining unit 202, a storing unit 203, a sub-allocating unit 204, a second obtaining unit 205, and a second sending unit 206. Wherein,
the third receiving unit 201 is configured to receive registration information of the terminal, where the registration information includes a registration password input by a user.
The first obtaining unit 202 is configured to perform a digest operation on the registered password to obtain a first digest value.
The storage unit 203 is configured to store the first digest value and the registration information in a database.
The sub-allocation unit 204 is configured to allocate an e.164 number according to the registration information, where the allocated e.164 number corresponds to the first digest value one to one.
The second obtaining unit 205 is configured to obtain private key information identified by e.164 number from the key generation center, and store the private key information in the cipher key.
The second sending unit 206 is configured to send the e.164 number to the terminal, and the registration is successful.
Preferably, as shown in fig. 8, in the present embodiment, the first verification unit 24 includes a third acquisition unit 241, a judgment unit 242, and a determination unit 243. Wherein,
the third obtaining unit 241 is configured to obtain the first digest value corresponding to the e.164 number input by the terminal from the database.
The determining unit 242 is configured to determine whether the second digest value is consistent with the first digest value.
The determining unit 243 is configured to determine that the verification of the e.164 number and the second digest value passes when the second digest value is consistent with the first digest value; and determining that the verification of the e.164 number and the second digest value is not passed when the second digest value is not consistent with the first digest value.
Example 3
The present embodiment discloses a specific example of data signing on the set of the second random number, the number e.164, and the second digest value by the SM9 cryptographic algorithm in embodiment 1, as follows:
A1. calculating the element g ═ e in the group GT (P1, Ppub)
A2. Generating a random number r ═ 1, N ];
A3. calculating an element w ═ gr in the group GT, and converting the w data type into a character string;
A4. calculating an integer H-H2 (M | | w, N);
A5. calculating L ═ (r-h) mod N; if L is 0, jumping to A2;
A6. calculating the element S ═ L ] dA in group G1;
A7. and converting the data types of h and S into character strings, wherein the signature name of M is (h, S).
Wherein, M: a random number to be signed;
GT: a cyclic multiplication group with the order of prime number N;
g1: a cyclic addition group with the order of prime number N;
g2: a cyclic addition group with the order of prime number N;
hv H1() H2 (): a cryptographic hash function;
and hid: one byte selected and disclosed by KGC is part of the input of H1;
dA: a private key of the user;
e: satisfying bilinear and non-degenerate pairs from G1 × G2 to GT;
p1: a generator of G1;
p2: a generator of G2;
ppub: a master public key;
s: a master private key.
The embodiment also discloses a specific example of verifying the signature value through the SM9 cryptographic algorithm in the embodiment 1. Here, the set of the second random number, the e.164 number, and the second digest value is M ' (corresponding to the previous M), and the signature value of the set of the second random number, the e.164 number, and the second digest value is (h ', S ') (corresponding to the previous (h, S)), as follows:
B1. converting h 'into an integer, and verifying whether h' belongs to [1, N-1] or not;
B2. converting S 'into a point on an elliptic curve, and verifying that S' belongs to G1;
B3. calculating the element g ═ e (P1, Ppub) in the group GT;
B4. calculating an element t ═ gh' in the group GT;
B5. computing certificate H1 ═ H1(IDA | | | hid, N);
B6. calculating the element P ═ h1] P2+ Ppub in group G2;
B7. calculating the element u ═ e (S', P) in the group GT;
B8. calculating an element w 'in the group GT as u.t, and converting the data type of w' into a bit string;
B9. the integer H2 ═ H2(M ' | | w ', N) was calculated, and it was verified whether H2 ═ H ' was true.
Example 4
The present embodiment provides an identity authentication device, as shown in fig. 9, which may include one or more processors 41 and a memory 42, wherein the processors 41 and the memory 42 may be connected by a bus or other means. Fig. 9 illustrates an example of one processor 41.
The processor 41 may be a Central Processing Unit (CPU). The Processor 41 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof. A general purpose processor may be a microprocessor or the processor 41 may be any conventional processor or the like.
The memory 42, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the identity authentication method for video conferencing in the embodiment of the present invention. The processor 41 executes various functional applications and data processing of the server by executing the non-transitory software programs, instructions and modules stored in the memory 42, namely, implements the identity authentication method for the video conference in the above embodiment.
The memory 42 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the vehicle annual check label detecting device, and the like. Further, the memory 42 may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 42 may optionally include memory located remotely from processor 41, which may be connected to processor 41 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 42 and, when executed by the one or more processors 41, perform the identity authentication method for video conferencing described in embodiment 1.
The product can execute the method provided by the embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method. For details of the technology not described in detail in this embodiment, reference may be made to the description of embodiment 1.
Example 5
The present embodiment provides a non-transitory computer storage medium storing computer-executable instructions that can perform the identity authentication method for a video conference described in embodiment 1. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard disk (Hard disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), a Random Access Memory (RAM), or the like.
It should be understood that the above-described embodiments are merely examples for clarity of description and are not intended to limit the scope of the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. This list is neither intended to be exhaustive nor exhaustive. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (10)
1. An identity authentication method for a video conference, comprising the steps of:
receiving an E.164 number and a second digest value input by a terminal, wherein the second digest value is obtained according to a login password;
sending a first random number to the terminal;
receiving a signature value sent by the terminal, wherein the signature value is obtained by signature according to a cryptographic algorithm;
verifying the E.164 number and the second digest value, and verifying the signature value by the same cryptographic algorithm as the cryptographic algorithm;
when the E.164 number and the second digest value are verified, and the signature value is verified, the terminal is informed that the verification is passed.
2. The identity authentication method of claim 1,
receiving a second random number sent by the terminal while receiving the signature value sent by the terminal;
after the E.164 number and the second digest value are verified and the signature value is verified, further comprising:
judging whether the second random number is consistent with the first random number;
and when the second random number is consistent with the first random number, informing the terminal that the verification is passed.
3. The identity authentication method of claim 2, further comprising the steps of:
notifying the terminal of a failure of the authentication when the e.164 number and the second digest value are not verified, or when the signature value is not verified, or when the second random number and the first random number are not identical.
4. The identity authentication method of claim 1, further comprising, before the step of receiving the e.164 number and the second digest value input by the terminal:
and allocating the E.164 number and the password key according to the registration information of the terminal.
5. The identity authentication method of claim 4, wherein the step of assigning the e.164 number and the password key according to the registration information of the terminal comprises:
receiving registration information of a terminal, wherein the registration information comprises a registration password input by a user;
performing digest operation on the registration password to obtain a first digest value;
storing the first abstract value and the registration information into a database;
allocating an E.164 number according to the registration information, wherein the allocated E.164 number is in one-to-one correspondence with the first digest value;
obtaining private key information with the E.164 number as an identifier from a key generation center and storing the private key information into a password key;
and sending the E.164 number to the terminal, and successfully registering.
6. The identity authentication method of claim 5, wherein the step of verifying the e.164 number and the second digest value input by the terminal comprises:
acquiring the first abstract value corresponding to the E.164 number input by the terminal from a database;
judging whether the second abstract value is consistent with the first abstract value;
if the two are consistent, the verification is passed; when not consistent, the verification is not passed.
7. An identity authentication apparatus for video conferencing, comprising:
the first receiving unit is used for receiving the E.164 number and a second abstract value input by the terminal, wherein the second abstract value is obtained according to the login password;
a first sending unit, configured to send a first random number to the terminal;
the second receiving unit is used for receiving the signature value sent by the terminal, and the signature value is obtained by signature according to a cryptographic algorithm;
the first verification unit is used for verifying the E.164 number and the second digest value and verifying the signature value through a national cryptographic algorithm which is the same as the national cryptographic algorithm;
a first notification unit, configured to notify the terminal that the verification is passed when the verification of the e.164 number and the second digest value is passed and the verification of the signature value is passed.
8. The identity authentication device of claim 7,
the second receiving unit is configured to receive a second random number sent by the terminal while receiving the signature value sent by the terminal;
the identity authentication apparatus further includes:
a second verifying unit configured to determine whether the second random number and the first random number are identical;
the first notification unit is further configured to notify the terminal that the authentication is passed when the second random number and the first random number are consistent;
the first notification unit is further configured to notify that the terminal fails to verify when the e.164 number and the second digest value are not verified, or when the signature value is not verified, or when the second random number and the first random number are not identical.
9. An identity authentication device, comprising:
at least one processor;
and a memory communicatively coupled to the at least one processor, the memory storing instructions executable by the at least one processor to cause the at least one processor to perform the method of identity authentication of any of claims 1 to 6.
10. A non-transitory computer-readable storage medium, comprising: the non-transitory computer-readable storage medium stores computer instructions for causing a computer to perform the identity authentication method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810095388.6A CN108449568A (en) | 2018-01-31 | 2018-01-31 | Identity identifying method and device for video conference |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810095388.6A CN108449568A (en) | 2018-01-31 | 2018-01-31 | Identity identifying method and device for video conference |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108449568A true CN108449568A (en) | 2018-08-24 |
Family
ID=63191458
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810095388.6A Pending CN108449568A (en) | 2018-01-31 | 2018-01-31 | Identity identifying method and device for video conference |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108449568A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110113168A (en) * | 2019-04-03 | 2019-08-09 | 厦门历思科技服务有限公司 | A kind of information authentication method, client, system and computer readable storage medium |
| CN111416807A (en) * | 2020-03-13 | 2020-07-14 | 苏州科达科技股份有限公司 | Data acquisition method, device and storage medium |
| CN114154126A (en) * | 2021-10-31 | 2022-03-08 | 苏州浪潮智能科技有限公司 | BMC login authentication method, device and medium |
| CN114662073A (en) * | 2022-05-23 | 2022-06-24 | 深圳市中科创激光技术有限公司 | Verification method and device for LED system, computer equipment and medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005354A (en) * | 2007-01-18 | 2007-07-25 | 北京飞天诚信科技有限公司 | Radio intelligent cipher key with biological characteristic identification and its control method |
| CN101155212A (en) * | 2006-09-30 | 2008-04-02 | 中兴通讯股份有限公司 | Method for limiting use of mobile terminal |
| CN101183932A (en) * | 2007-12-03 | 2008-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Security identification system of wireless application service and login and entry method thereof |
| CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
| CN101321063A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | System user access management system and method based on digital certificate technique |
| CN101465019A (en) * | 2009-01-14 | 2009-06-24 | 北京华大智宝电子系统有限公司 | Method and system for implementing network authentication |
| CN101467131A (en) * | 2005-07-20 | 2009-06-24 | 美国唯美安视国际有限公司 | Network user authentication system and method |
| CN101478547A (en) * | 2009-02-09 | 2009-07-08 | 北京大明五洲科技有限公司 | Apparatus for trustable digital signature to intelligent cipher key and working method thereof |
| CN102281138A (en) * | 2010-06-12 | 2011-12-14 | 国民技术股份有限公司 | Method and system for improving safety of verification code |
| CN103220673A (en) * | 2013-04-24 | 2013-07-24 | 中国联合网络通信集团有限公司 | Wireless local area network (WLAN) user authentication method, authentication server and user equipment (UE) |
| CN107249004A (en) * | 2017-07-24 | 2017-10-13 | 广州市玄武无线科技股份有限公司 | A kind of identity identifying method, device and client |
-
2018
- 2018-01-31 CN CN201810095388.6A patent/CN108449568A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101467131A (en) * | 2005-07-20 | 2009-06-24 | 美国唯美安视国际有限公司 | Network user authentication system and method |
| CN101155212A (en) * | 2006-09-30 | 2008-04-02 | 中兴通讯股份有限公司 | Method for limiting use of mobile terminal |
| CN101005354A (en) * | 2007-01-18 | 2007-07-25 | 北京飞天诚信科技有限公司 | Radio intelligent cipher key with biological characteristic identification and its control method |
| CN101183932A (en) * | 2007-12-03 | 2008-05-21 | 宇龙计算机通信科技(深圳)有限公司 | Security identification system of wireless application service and login and entry method thereof |
| CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
| CN101321063A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | System user access management system and method based on digital certificate technique |
| CN101465019A (en) * | 2009-01-14 | 2009-06-24 | 北京华大智宝电子系统有限公司 | Method and system for implementing network authentication |
| CN101478547A (en) * | 2009-02-09 | 2009-07-08 | 北京大明五洲科技有限公司 | Apparatus for trustable digital signature to intelligent cipher key and working method thereof |
| CN102281138A (en) * | 2010-06-12 | 2011-12-14 | 国民技术股份有限公司 | Method and system for improving safety of verification code |
| CN103220673A (en) * | 2013-04-24 | 2013-07-24 | 中国联合网络通信集团有限公司 | Wireless local area network (WLAN) user authentication method, authentication server and user equipment (UE) |
| CN107249004A (en) * | 2017-07-24 | 2017-10-13 | 广州市玄武无线科技股份有限公司 | A kind of identity identifying method, device and client |
Non-Patent Citations (1)
| Title |
|---|
| 陈亮等: ""基于ENUM技术的VoIP认证系统研究与实现"", 《计算机应用研究》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110113168A (en) * | 2019-04-03 | 2019-08-09 | 厦门历思科技服务有限公司 | A kind of information authentication method, client, system and computer readable storage medium |
| CN110113168B (en) * | 2019-04-03 | 2022-04-22 | 厦门历思科技服务有限公司 | Information authentication method, client, system and computer readable storage medium |
| CN111416807A (en) * | 2020-03-13 | 2020-07-14 | 苏州科达科技股份有限公司 | Data acquisition method, device and storage medium |
| CN114154126A (en) * | 2021-10-31 | 2022-03-08 | 苏州浪潮智能科技有限公司 | BMC login authentication method, device and medium |
| CN114154126B (en) * | 2021-10-31 | 2024-04-19 | 苏州浪潮智能科技有限公司 | BMC login authentication method, device and medium |
| CN114662073A (en) * | 2022-05-23 | 2022-06-24 | 深圳市中科创激光技术有限公司 | Verification method and device for LED system, computer equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516195B (en) | A kind of security certification system and its authentication method based on application platform login | |
| CN112671720B (en) | Token construction method, device and equipment for cloud platform resource access control | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| CN106921640A (en) | Identity identifying method, authentication device and Verification System | |
| CN112615834B (en) | Security authentication method and system | |
| TW201707415A (en) | Method, Apparatus, and System for Secure Authentication | |
| CN108449568A (en) | Identity identifying method and device for video conference | |
| CN113055176B (en) | Terminal authentication method and system, terminal device, P2P verification platform and medium | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN111130798A (en) | Request authentication method and related equipment | |
| CN114244530A (en) | Resource access method and device, electronic equipment and computer readable storage medium | |
| CN115001714B (en) | Resource access method and device, electronic equipment and storage medium | |
| CN115150072A (en) | Cloud network issuing authentication method, equipment, device and storage medium | |
| CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration | |
| CN107480980A (en) | A kind of method of virtual resource allocation, server and system | |
| CN111147471B (en) | Terminal network access authentication method, device, system and storage medium | |
| CN116170144B (en) | Smart power grid anonymous authentication method, electronic equipment and storage medium | |
| CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
| CN117336092A (en) | Client login method and device, electronic equipment and storage medium | |
| CN115766056A (en) | Interface security protection processing method and device | |
| CN114760138B (en) | Video conference system safety method and device based on cloud architecture | |
| CN118410469B (en) | Application verification method and device | |
| CN107455003B (en) | User identity authentication method and server | |
| CN112291182A (en) | Method, device, electronic equipment and storage medium for keeping user account login state |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180824 |
|
| RJ01 | Rejection of invention patent application after publication |