[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108965222A - Identity identifying method, system and computer readable storage medium - Google Patents

Identity identifying method, system and computer readable storage medium Download PDF

Info

Publication number
CN108965222A
CN108965222A CN201711297019.7A CN201711297019A CN108965222A CN 108965222 A CN108965222 A CN 108965222A CN 201711297019 A CN201711297019 A CN 201711297019A CN 108965222 A CN108965222 A CN 108965222A
Authority
CN
China
Prior art keywords
string
encryption
preset
encrypted
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711297019.7A
Other languages
Chinese (zh)
Other versions
CN108965222B (en
Inventor
翟红鹰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Puhua Yunchuang Technology Beijing Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201711297019.7A priority Critical patent/CN108965222B/en
Publication of CN108965222A publication Critical patent/CN108965222A/en
Application granted granted Critical
Publication of CN108965222B publication Critical patent/CN108965222B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of identity identifying methods, comprising steps of being encrypted according to cryptography information to device code information, and carry out secondary encrypted encryption string and be stored in preset encryption memory block, the device code information is stored in preset non-encrypted memory block;When authentication, operation is carried out to the device code information according to private key and obtains authentication password string;Corresponding decryption string is obtained by reading the encryption string;Judge whether the authentication password string matches with decryption string;It is verified come the ID authentication request legitimacy to active user.The identity identifying method does not depend on server, and identity information is sufficiently hidden, and the risk that identity-based message file cracks effectively has been evaded;Hardware, encryption string and three pieces of proof of identity program of separation may be implemented.The present invention also provides a kind of identity authorization system and computer readable storage mediums.

Description

Identity identifying method, system and computer readable storage medium
Technical field
The present invention relates to technical field of the computer network more particularly to a kind of identity identifying method, identity authorization system and Computer readable storage medium.
Background technique
With the generally use of Internet technology, network security problem have become puzzlement one of network Development it is important because Element.For ordinary user, in order to use network safely, the verifying of client identity is had focused largely on medium and password, In this way to identifying whether it is that there are significant limitations for client itself, once medium loses and/or password leakage, network side can not The true identity of the client for judging this operation accurately.Main problem is the net that safety excessively relies on user itself at present Network knowledge, the user poor for security concept, password are easy to be stolen.Hacker obtains visitor possibly through illegal means The information such as the password at family, so that the private data of client, even some very important data are stolen.
Existing identity recognizing technology generallys use cryptographic technique (especially public key cryptography technology) and designs highly-safe association View mainly includes following two:
(1) password mode: password is a kind of most widely used identification mode, usually length be 5 ~ 8 character string, by The composition such as number, letter, spcial character, control character.If server will authenticate user using username & password, It must just safeguard the database of the username & password of legitimate user.
Several principles that the selection of password should meet:
1. being easy memory, it is not easy to guess, is not easy to analyze;
2. password management can be solved by individual event function, i.e., computer does not store password, only stores the individual event function of password, Its identification process is as follows: 1) user sends password to computer;2) computer completes the calculating of password one-way function value;3) Computer compares one-way function value and machine storage value.
Many www server systems all store the user name and password with the file of fixed format, avoid specially establishing one A Database Systems only store user name or password.Regardless of by log-on message storage, wherein, most common is also most safe Storage method (method that unix system uses) be that user name is saved with plaintext version, and save password with cipher mode. In one group of new user name/password of system creation, generally password is encrypted using One-way encryption algorithm.
Under the user name of plaintext and the password mode of encryption, when users log on, system is stored according in database User name inventory check user name to verify the legal bodily movement of practising Wushu of user.The password that user is inputted when to login system carries out The encrypted result of user password is compared by encryption, system with the encrypted ones stored in database.If designated user Two kinds of encrypted ones be mutually matched, just receive login.Here it is can not look for system manager in UNIX operating system To pass into silence password the reason of.At this moment, administrator can give you a new occasional password, and then you can be changed to oneself selected mouth It enables.
(2) mark mode: label is that one kind holds object in one's own possession, its effect is similar to key, is set for starting electronics It is standby, the equipment such as the personal information for machine recognition, such as U-shield are record on label.
But identity identifying technology at this stage is primarily present following disadvantage:
1. the mode of server authentication, user inputs account, password, need to be submitted to background server by interface, be verified; Make to use server that could complete in this way.
2. user is inputted account, password and the local preset account number cipher file of progress and carried out by the mode of local authentication It compares, file easilys lead to the generation of Brute Force phenomenon after allowing illegal user to find this encryption, to cause peace Full hidden danger.
In view of it is current the fact that, it is desirable to provide on the one hand a kind of effective ID authentication mechanism can hide user's body Part information, ordinary user or tool are not easy to find;It can solve the user identity under the conditions of non-networked on the other hand to test The problem of card.
Summary of the invention
The main purpose of the present invention is to provide a kind of identity identifying method, identity authorization system and computer-readable storages Medium, it is desirable to provide one kind can hide subscriber identity information, and ordinary user or tool are not easy to find;It on the other hand can To solve the problems, such as the ID authentication mechanism of the subscriber authentication under the conditions of non-networked.
To achieve the above object, a kind of identity identifying method provided by the invention, comprising steps of
Obtain preset device code information and preset cryptography information;
The device code information is encrypted according to the cryptography information, obtained encryption string is passed through preset secondary After Encryption Algorithm is encrypted, secondary encrypted encryption string is stored in preset encryption memory block, and by the equipment Code information is stored in preset non-encrypted memory block;
The ID authentication request of user is responded, private key information is obtained;
The device code information is read from the non-encrypted memory block, and according to the private key and preset verification algorithm to institute It states device code information and carries out operation, obtain authentication password string;
The encryption string is read from the encrypted area by preset secondary decipherment algorithm, to obtain corresponding decryption string;
Judge whether the authentication password string matches with decryption string;
In the authentication password string and the decryption String matching, confirm that the ID authentication request of active user is legal.
Further, the preset cryptography information includes cryptography information and public key information, wherein described to add Close algorithm is non-reversible algorithm, for carrying out the irreversible encryption that operation is mapped one by one to the device code information String.
Further, described to read the device code information from the non-encrypted memory block, and according to the private key and The step of preset verification algorithm carries out operation to the device code information, obtains authentication password string, comprising:
Call special equipment interface to read the device code information from the non-encrypted memory block, and according to the private key and Preset verification algorithm carries out operation to the device code information, obtains authentication password string.
Further, described that the encryption string is read from the encrypted area by preset secondary decipherment algorithm, to obtain The step of corresponding decryption is gone here and there, comprising:
Special equipment interface belonging to calling reads the encryption string from the encrypted area, and passes through preset secondary decipherment algorithm The mostly described encryption string carries out secondary decryption, to obtain affiliated corresponding decryption string.
Further, the device code information includes the identification code of equipment, bar code, physical address, device address and equipment Code in one or more.
Further, the preset secondary Encryption Algorithm is MD5 algorithm or DES algorithm.
Further, the password string is stored in storage hardware in the form of hiding and is closed.
Further, the encryption memory block and non-encrypted memory block are nonupdatable memory block.
The present invention also provides a kind of identity authorization system, including memory, processor and storage are on a memory and can be The computer program run on processor, which is characterized in that the processor is realized when executing the computer program as above-mentioned The step of described in any item identity identifying methods.
The present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, which is characterized in that should The step of identity identifying method as described in any one of the above embodiments is realized when computer program is executed by processor.
In the present invention, by the non-encrypted memory block of the model split of hardware partition and encryption memory block, non-add is realized The separate management of confidential information and encryption information is needed by calling special equipment interface to read the device code information and encryption String information, then by carrying out operation to the device code information according to the private key and preset verification algorithm, authenticated Password string;The encryption string is read from the encrypted area by preset secondary decipherment algorithm, to obtain corresponding decryption string;Sentence Whether the authentication password string that breaks matches with decryption string;In the authentication password string and the decryption String matching, confirmation The ID authentication request of active user is legal to carry out identity information verification.The present invention, which has made one, can not depend on service The sufficiently hiding ID authentication mechanism of device, identity information has effectively evaded the risk that identity-based message file cracks;It can be with Realize that hardware, encryption string and three pieces of proof of identity program of separation, hardware vendor do not know identity verifying information, proof of identity Platform can borrow hardware vendor and carry out Build Security operation architecture, and nothing before hardware vendor, proof of identity platform has been effectively ensured The docking of risk greatly guarantees the safety of identity information.
Detailed description of the invention
Fig. 1 is the hardware structural diagram of the identity authorization system in one embodiment of the invention;
Fig. 2 is the functional module structure schematic diagram of the identity authorization system in one embodiment of the invention;
Fig. 3 is the method flow diagram of the identity identifying method in first embodiment of the invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In subsequent description, it is only using the suffix for indicating such as " module ", " component " or " unit " of element Be conducive to explanation of the invention, itself there is no a specific meaning.Therefore, " module ", " component " or " unit " can mix Ground uses.
Fig. 1 is please referred to, Fig. 1 is the hardware structural diagram of the identity authorization system 100 in each embodiment of the present invention.Institute Stating identity authorization system 100 can be server end 20 for authentication, be also possible to the mobile end for authentication End 30.
The identity authorization system 100 includes the components such as communication module 11, memory 21 and processor 31.Wherein, described Processor 31 is connect with the memory 21 and the communication module 11 respectively, is stored with computer journey on the memory 21 Sequence, the computer program are executed by processor 30 simultaneously.
Communication module 11 can be connect by network and external equipment, such as with remote scanners.Communication module 11 can connect The request that external communications equipment issues is received, also transmittable event, instruction and information to the external equipment and/or other servers End.The external communications equipment can be other mobile terminals 30, server end 20 or block chain agent node 10.
Memory 20 can be used for storing software program and various data.Memory 20 can mainly include storing program area The storage data area and, wherein storing program area can storage program area etc.;Storage data area can be stored according to insurance business data Analysis system uses created data or information etc..In addition, memory 20 may include high-speed random access memory, also It may include nonvolatile memory, a for example, at least disk memory, flush memory device or the storage of other volatile solid-states Device.
Processor 30 is the control centre of transaction record management system, is entirely traded using various interfaces and connection The various pieces of record management system, by running or execute the software program and/or module that are stored in memory 20, and The data being stored in memory 20 are called, the various functions and processing data of transaction record management system are executed.Processor 30 It may include one or more processing units;Preferably, processor 30 can integrate application processor and modem processor, In, the main processing operation system of application processor, user interface and application program etc., modem processor are mainly handled wirelessly Communication.It is understood that above-mentioned modem processor can not also be integrated into processor 30.
Although Fig. 1 is not shown, above-mentioned identity authorization system 100 can also include circuit control module, be used for and power supply Power supply control is realized in connection.
It will be understood by those skilled in the art that the structure of identity authorization system shown in Fig. 1 does not constitute and recognizes identity The restriction of card system may include perhaps combining certain components or different component cloth than illustrating more or fewer components It sets.
Fig. 2 is please combined together, is the functional module structure signal of the identity authorization system 100 in one embodiment of the invention Figure.
The identity authorization system 100 includes: identity information library module 12, authentication information acquisition module 22 and tests Demonstrate,prove module 32.
Wherein, the identity information library module 12 includes the non-encrypted memory block for being stored with preset device code information, with And it is stored with the encryption memory block of encryption string.
Preferably, the password string is stored in storage hardware in the form of hiding and is closed;The encryption memory block and Non-encrypted memory block is nonupdatable memory block.
Specifically, the identity information library module 12 is for obtaining preset device code information and preset Encryption Algorithm Information;And the device code information is encrypted according to the cryptography information, obtained encryption string is passed through preset After secondary Encryption Algorithm is encrypted, secondary encrypted encryption string is stored in preset encryption memory block, by the equipment Code information is stored in preset non-encrypted memory block.
Further, the preset cryptography information includes cryptography information and public key information, wherein described to add Close algorithm is non-reversible algorithm, for carrying out the irreversible encryption that operation is mapped one by one to the device code information String.
For example, the device code information is the device code (Device NO.) of current device in a specific example, than Such as Ae9999, and it is stored in non-encrypted memory block;After carrying out operation by preset Encryption Algorithm and according to public key, character is obtained String:
Sdd80343244fgthjgfjo90751Asxf343244fgthjgfjo90751AsxfdfggfhfgSdd80343244f Gthjgfjo, and encryption memory block is stored in by the encryption string is generated after the secondary encryption of character string progress.
In the present embodiment, pass through the non-encrypted memory block of the model split of hardware partition and encryption memory block.It realizes non- The separate management of encryption information and encryption information needs to read the identity information by the special equipment interface of calling, then leads to It crosses checking routine and carries out identity information verification.
Wherein, the authentication information obtains the ID authentication request that module 22 is used to respond user, obtains private key letter Breath;The device code information is read from the non-encrypted memory block, and according to the private key and preset verification algorithm to institute It states device code information and carries out operation, obtain authentication password string;And it is read by preset secondary decipherment algorithm from the encrypted area The encryption is taken to go here and there, to obtain corresponding decryption string.
Call special equipment interface from the non-encrypted memory block specifically, the authentication information obtains module 22 The device code information is read, and operation is carried out to the device code information according to the private key and preset verification algorithm, Obtain authentication password string;And special equipment interface belonging to calling reads the encryption string from the encrypted area, and by pre- If secondary decipherment algorithm encryption string carry out secondary decryption, gone here and there with corresponding decryption belonging to obtaining.
For example, the device code (Device NO.) of current device is put in non-encrypted area in a specific example, such as Ae9999 obtains character string after carrying out operation by preset Encryption Algorithm and according to public key Sdd80343244fgthjgfjo90751Asxf343244fgthjgfjo90751AsxfdfggfhfgSdd80343244fgthj Gfjo, the encryption string most generated after secondary encryption afterwards are stored in encryption memory block;When the authentication information obtains When module 22 calls affiliated special equipment interface to read encryption string from the encrypted area, the original string of moral encryption equipment is read For 751AsxfdfggfhfgS, it is read as by corresponding secondary decryption Sdd80343244fgthjgfjo90751Asxf343244fgthjgfjo9。
Wherein, the authentication module 32 is for judging whether the authentication password string matches with decryption string;Described When authentication password string and the decryption String matching, confirm that the ID authentication request of active user is legal;In the authentication password string When mismatching with decryption string, confirm that the ID authentication request of active user is illegal.
Using the identity authorization system 100 in this implementation, by the non-encrypted memory block of the model split of hardware partition and Memory block is encrypted, realizes the separate management of non-encrypted information and encryption information, is needed by calling special equipment interface to read The device code information and encryption string information, then by being believed according to the private key and preset verification algorithm the device code Breath carries out operation, obtains authentication password string;The encryption string is read from the encrypted area by preset secondary decipherment algorithm, with Obtain corresponding decryption string;Judge whether the authentication password string matches with decryption string;In the authentication password string and institute When stating decryption String matching, confirms that the ID authentication request of active user is legal and carry out identity information verification;The authentication System 100, which has made one, can not depend on the sufficiently hiding ID authentication mechanism of server, identity information, effectively evade The risk that identity-based message file cracks;Hardware, encryption string and three pieces of proof of identity program of separation, hardware may be implemented Manufacturer does not know that identity verifying information, proof of identity platform can borrow hardware vendor and carry out Build Security operation architecture, effectively protects The docking of devoid of risk before hardware vendor, proof of identity platform has been demonstrate,proved, has greatly guaranteed the safety of identity information.
Further, the device code information includes the identification code of equipment, bar code, physical address, device address and equipment Code in one or more;The preset secondary Encryption Algorithm is MD5 algorithm or DES algorithm.
Referring to figure 3., comprising steps of
Step S1 obtains preset device code information and preset cryptography information;
It is understood that the preset cryptography information includes cryptography information and public key information, wherein described to add Close algorithm is non-reversible algorithm, for carrying out the irreversible encryption that operation is mapped one by one to the device code information String.
Further, the device code information includes the identification code of equipment, bar code, physical address, device address and equipment Code in one or more;The preset secondary Encryption Algorithm is MD5 algorithm or DES algorithm.
Step S2 encrypts the device code information according to the cryptography information, obtained encryption is ganged up It crosses after preset secondary Encryption Algorithm encrypted, secondary encrypted encryption string is stored in preset encryption memory block, with And the device code information is stored in preset non-encrypted memory block;
Wherein, the identity information library module 12 includes the non-encrypted memory block for being stored with preset device code information, Yi Jicun Contain the encryption memory block of encryption string.
Preferably, the password string is stored in storage hardware in the form of hiding and is closed;The encryption memory block and Non-encrypted memory block is nonupdatable memory block.
Specifically, the identity information library module 12 is for obtaining preset device code information and preset Encryption Algorithm Information;And the device code information is encrypted according to the cryptography information, obtained encryption string is passed through preset After secondary Encryption Algorithm is encrypted, secondary encrypted encryption string is stored in preset encryption memory block, by the equipment Code information is stored in preset non-encrypted memory block.
For example, the device code information is the device code (Device NO.) of current device in a specific example, than Such as Ae9999, and it is stored in non-encrypted memory block;After carrying out operation by preset Encryption Algorithm and according to public key, character is obtained String:
Sdd80343244fgthjgfjo90751Asxf343244fgthjgfjo90751AsxfdfggfhfgSdd80343244f Gthjgfjo, and encryption memory block is stored in by the encryption string is generated after the secondary encryption of character string progress.
Step S3 responds the ID authentication request of user, obtains private key information.
Step S4 reads the device code information from the non-encrypted memory block, and according to the private key and preset Verification algorithm carries out operation to the device code information, obtains authentication password string.
Step S5 reads the encryption from the encrypted area by preset secondary decipherment algorithm and goes here and there, corresponding to obtain Decryption string.
Call special equipment interface from the non-encrypted memory block specifically, the authentication information obtains module 22 The device code information is read, and operation is carried out to the device code information according to the private key and preset verification algorithm, Obtain authentication password string;And special equipment interface belonging to calling reads the encryption string from the encrypted area, and by pre- If secondary decipherment algorithm encryption string carry out secondary decryption, gone here and there with corresponding decryption belonging to obtaining.
For example, the device code (Device NO.) of current device is put in non-encrypted area in a specific example, such as Ae9999 obtains character string after carrying out operation by preset Encryption Algorithm and according to public key Sdd80343244fgthjgfjo90751Asxf343244fgthjgfjo90751AsxfdfggfhfgSdd80343244fgthj Gfjo, the encryption string most generated after secondary encryption afterwards are stored in encryption memory block;When the authentication information obtains When module 22 calls affiliated special equipment interface to read encryption string from the encrypted area, the original string of moral encryption equipment is read For 751AsxfdfggfhfgS, it is read as by corresponding secondary decryption Sdd80343244fgthjgfjo90751Asxf343244fgthjgfjo9。
Step S6, judges whether the authentication password string matches with decryption string;
Step S7 confirms that the ID authentication request of active user is legal in the authentication password string and the decryption String matching.
Using the identity identifying method 301 in this implementation, by the non-encrypted memory block of the model split of hardware partition and Memory block is encrypted, realizes the separate management of non-encrypted information and encryption information, is needed by calling special equipment interface to read The device code information and encryption string information, then by being believed according to the private key and preset verification algorithm the device code Breath carries out operation, obtains authentication password string;The encryption string is read from the encrypted area by preset secondary decipherment algorithm, with Obtain corresponding decryption string;Judge whether the authentication password string matches with decryption string;In the authentication password string and institute When stating decryption String matching, confirms that the ID authentication request of active user is legal and carry out identity information verification.Having made one can Not depend on the sufficiently hiding ID authentication mechanism of server, identity information, it is broken identity-based message file has effectively been evaded The risk of solution;Hardware, encryption string and three pieces of proof of identity program of separation, hardware vendor may be implemented and do not know proof of identity Information, proof of identity platform can borrow hardware vendor and carry out Build Security operation architecture, and hardware vendor, identity school has been effectively ensured The docking of devoid of risk before platform is tested, greatly guarantees the safety of identity information.
Fig. 1 please be recombine, the identity authorization system 100 in one embodiment of the invention includes memory 21 and processor 31, computer program is stored on the memory 21, and the processor 31 realizes above-mentioned when executing the computer program The step of identity identifying method in one embodiment.
Specifically, the processor 31 realizes step when executing the computer program:
Step S1 obtains preset device code information and preset cryptography information;
Step S2 encrypts the device code information according to the cryptography information, obtained encryption string is passed through pre- If secondary Encryption Algorithm encrypted after, secondary encrypted encryption string is stored in preset encryption memory block, and will The device code information is stored in preset non-encrypted memory block;
Step S3 responds the ID authentication request of user, obtains private key information;
Step S4 reads the device code information from the non-encrypted memory block, and according to the private key and preset verifying Algorithm carries out operation to the device code information, obtains authentication password string;
Step S5 reads the encryption from the encrypted area by preset secondary decipherment algorithm and goes here and there, to obtain corresponding decryption String;
Step S6, judges whether the authentication password string matches with decryption string;
Step S7 confirms that the ID authentication request of active user is legal in the authentication password string and the decryption String matching.
The present invention also provides a kind of computer readable storage mediums, are stored thereon with computer program, and the program is processed The step of identity identifying method in any of the above-described embodiment may be implemented when executing in device, specific steps, details are not described herein.
It is understood that in the description of this specification, reference term " embodiment ", " another embodiment ", " other The description of embodiment " or " first embodiment ~ N embodiment " etc. mean specific features described in conjunction with this embodiment or example, Structure, material or feature are included at least one embodiment or example of the invention.In the present specification, to above-mentioned term Schematic representation may not refer to the same embodiment or example.Moreover, description specific features, structure, material or Feature can be combined in any suitable manner in any one or more of the embodiments or examples.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
By the description of above embodiment, those skilled in the art can be understood that above-described embodiment method Can realize by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases before Person is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially makes tribute to the prior art in other words The part offered can be embodied in the form of software products, which is stored in a storage as described above In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.More than it is understood that It is merely a preferred embodiment of the present invention, is not intended to limit the scope of the invention, it is all using description of the invention and attached Equivalent structure or equivalent flow shift made by figure content is applied directly or indirectly in other relevant technical fields, same Reason is included within the scope of the present invention.

Claims (10)

1. a kind of identity identifying method, which is characterized in that comprising steps of
Obtain preset device code information and preset cryptography information;
The device code information is encrypted according to the cryptography information, obtained encryption string is passed through preset secondary After Encryption Algorithm is encrypted, secondary encrypted encryption string is stored in preset encryption memory block, and by the equipment Code information is stored in preset non-encrypted memory block;
The ID authentication request of user is responded, private key information is obtained;
The device code information is read from the non-encrypted memory block, and according to the private key and preset verification algorithm to institute It states device code information and carries out operation, obtain authentication password string;
The encryption string is read from the encrypted area by preset secondary decipherment algorithm, to obtain corresponding decryption string;
Judge whether the authentication password string matches with decryption string;
In the authentication password string and the decryption String matching, confirm that the ID authentication request of active user is legal.
2. identity identifying method method as described in claim 1, which is characterized in that the preset cryptography information includes Cryptography information and public key information, wherein the Encryption Algorithm is non-reversible algorithm, for carrying out to the device code information The irreversible encryption string that operation is mapped one by one.
3. identity identifying method as described in claim 1, which is characterized in that described from described in the non-encrypted memory block reading Device code information, and operation is carried out to the device code information according to the private key and preset verification algorithm, it is authenticated The step of password string, comprising:
Call special equipment interface to read the device code information from the non-encrypted memory block, and according to the private key and Preset verification algorithm carries out operation to the device code information, obtains authentication password string.
4. identity identifying method as claimed in claim 3, which is characterized in that it is described by preset secondary decipherment algorithm from institute It states encrypted area and reads the encryption string, to obtain the step of corresponding decryption is gone here and there, comprising:
Special equipment interface belonging to calling reads the encryption string from the encrypted area, and by passing through preset secondary decryption The algorithm encryption string carries out secondary decryption, to obtain affiliated corresponding decryption string.
5. the identity identifying method as described in any one of claim 1 ~ 4, which is characterized in that the device code information includes setting Standby identification code, bar code, physical address, one or more in device address and device code.
6. the identity identifying method as described in any one of claim 1 ~ 4, which is characterized in that the preset secondary encryption is calculated Method is MD5 algorithm or DES algorithm.
7. the identity identifying method as described in any one of claim 1 ~ 4, which is characterized in that the password string is to hide and seal The form closed is stored in storage hardware.
8. identity identifying method as described in claim 1, which is characterized in that the encryption memory block and non-encrypted memory block are Nonupdatable memory block.
9. a kind of identity authorization system, which is characterized in that including memory, processor and store on a memory and can handle The computer program run on device, which is characterized in that the processor realizes such as claim 1 when executing the computer program The step of to identity identifying method described in any one of 8.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program quilt It realizes when processor executes such as the step of identity identifying method described in any item of the claim 1 to 8.
CN201711297019.7A 2017-12-08 2017-12-08 Identity authentication method, system and computer readable storage medium Expired - Fee Related CN108965222B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711297019.7A CN108965222B (en) 2017-12-08 2017-12-08 Identity authentication method, system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711297019.7A CN108965222B (en) 2017-12-08 2017-12-08 Identity authentication method, system and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN108965222A true CN108965222A (en) 2018-12-07
CN108965222B CN108965222B (en) 2021-12-07

Family

ID=64495328

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711297019.7A Expired - Fee Related CN108965222B (en) 2017-12-08 2017-12-08 Identity authentication method, system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN108965222B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049019A (en) * 2019-03-26 2019-07-23 合肥工业大学 The medical internet of things equipment of active safety identifies and monitoring method
CN110298691A (en) * 2019-06-10 2019-10-01 北京三快在线科技有限公司 Legality identification method, device and electronic equipment
CN111787271A (en) * 2020-07-31 2020-10-16 平安信托有限责任公司 Video conference control method, device, equipment and computer readable storage medium
CN111931159A (en) * 2020-08-11 2020-11-13 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN112054890A (en) * 2019-06-06 2020-12-08 西安诺瓦星云科技股份有限公司 Screen configuration file exporting method, screen configuration file importing method, screen configuration file exporting device, screen configuration file importing device and broadcast control equipment
CN112446982A (en) * 2019-08-10 2021-03-05 云丁网络技术(北京)有限公司 Method, device, computer readable medium and equipment for controlling intelligent lock
CN112613011A (en) * 2020-12-29 2021-04-06 北京天融信网络安全技术有限公司 USB flash disk system authentication method and device, electronic equipment and storage medium
WO2021184974A1 (en) * 2020-03-19 2021-09-23 支付宝(杭州)信息技术有限公司 Identity authentication method for privacy protection, and apparatus
US11417159B2 (en) 2019-08-02 2022-08-16 Yunding Network Technology (Beijing) Co., Ltd. Methods and systems for controlling a smart lock
WO2022237558A1 (en) * 2021-05-11 2022-11-17 支付宝(杭州)信息技术有限公司 Blockchain-based user element authentication method and apparatus
CN118432898A (en) * 2024-05-10 2024-08-02 广东天银智能科技有限公司 Security authentication method and system based on system integration

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006306A (en) * 2010-12-08 2011-04-06 广东高新兴通信股份有限公司 Security authentication method for WEB service
US20140245024A1 (en) * 2013-02-28 2014-08-28 Kabushiki Kaisha Toshiba Device and authentication method therefor
CN104639566A (en) * 2015-03-10 2015-05-20 四川省宁潮科技有限公司 Transaction authorizing method based on out-of-band identity authentication
CN105354507A (en) * 2015-10-23 2016-02-24 浙江远望软件有限公司 Data security confidentiality method under cloud environment
CN105516203A (en) * 2016-01-27 2016-04-20 北京博明信德科技有限公司 Safety methodology based on fingerprint scatter storage and system
US20170063816A1 (en) * 2015-08-24 2017-03-02 Virtru Corporation Methods and systems for distributing encrypted cryptographic data
CN106576237A (en) * 2014-07-21 2017-04-19 宇龙计算机通信科技(深圳)有限公司 Mobility management entity, home server, terminal, and identity authentication system and method
CN206193798U (en) * 2016-11-24 2017-05-24 燕南国创科技(北京)有限公司 Mobile memory
US20170244678A1 (en) * 2015-07-28 2017-08-24 International Business Machines Corporation User authentication over networks
CN107092838A (en) * 2017-03-30 2017-08-25 北京洋浦伟业科技发展有限公司 A kind of safety access control method of hard disk and a kind of hard disk

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006306A (en) * 2010-12-08 2011-04-06 广东高新兴通信股份有限公司 Security authentication method for WEB service
US20140245024A1 (en) * 2013-02-28 2014-08-28 Kabushiki Kaisha Toshiba Device and authentication method therefor
CN106576237A (en) * 2014-07-21 2017-04-19 宇龙计算机通信科技(深圳)有限公司 Mobility management entity, home server, terminal, and identity authentication system and method
CN104639566A (en) * 2015-03-10 2015-05-20 四川省宁潮科技有限公司 Transaction authorizing method based on out-of-band identity authentication
US20170244678A1 (en) * 2015-07-28 2017-08-24 International Business Machines Corporation User authentication over networks
US20170063816A1 (en) * 2015-08-24 2017-03-02 Virtru Corporation Methods and systems for distributing encrypted cryptographic data
CN105354507A (en) * 2015-10-23 2016-02-24 浙江远望软件有限公司 Data security confidentiality method under cloud environment
CN105516203A (en) * 2016-01-27 2016-04-20 北京博明信德科技有限公司 Safety methodology based on fingerprint scatter storage and system
CN206193798U (en) * 2016-11-24 2017-05-24 燕南国创科技(北京)有限公司 Mobile memory
CN107092838A (en) * 2017-03-30 2017-08-25 北京洋浦伟业科技发展有限公司 A kind of safety access control method of hard disk and a kind of hard disk

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049019B (en) * 2019-03-26 2020-09-01 合肥工业大学 Active and safe medical Internet of things equipment identification and monitoring method
CN110049019A (en) * 2019-03-26 2019-07-23 合肥工业大学 The medical internet of things equipment of active safety identifies and monitoring method
CN112054890A (en) * 2019-06-06 2020-12-08 西安诺瓦星云科技股份有限公司 Screen configuration file exporting method, screen configuration file importing method, screen configuration file exporting device, screen configuration file importing device and broadcast control equipment
CN112054890B (en) * 2019-06-06 2024-06-07 西安诺瓦星云科技股份有限公司 Screen configuration file export and import method and device and broadcasting control equipment
CN110298691A (en) * 2019-06-10 2019-10-01 北京三快在线科技有限公司 Legality identification method, device and electronic equipment
US11928904B2 (en) 2019-08-02 2024-03-12 Yunding Network Technology (Beijing) Co., Ltd. Methods and systems for controlling a smart lock
US11417159B2 (en) 2019-08-02 2022-08-16 Yunding Network Technology (Beijing) Co., Ltd. Methods and systems for controlling a smart lock
CN112446982A (en) * 2019-08-10 2021-03-05 云丁网络技术(北京)有限公司 Method, device, computer readable medium and equipment for controlling intelligent lock
WO2021184974A1 (en) * 2020-03-19 2021-09-23 支付宝(杭州)信息技术有限公司 Identity authentication method for privacy protection, and apparatus
CN111787271A (en) * 2020-07-31 2020-10-16 平安信托有限责任公司 Video conference control method, device, equipment and computer readable storage medium
CN111931159A (en) * 2020-08-11 2020-11-13 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN111931159B (en) * 2020-08-11 2023-04-07 福建天晴在线互动科技有限公司 Method and system for verifying validity of webpage data interface
CN112613011B (en) * 2020-12-29 2024-01-23 北京天融信网络安全技术有限公司 USB flash disk system authentication method and device, electronic equipment and storage medium
CN112613011A (en) * 2020-12-29 2021-04-06 北京天融信网络安全技术有限公司 USB flash disk system authentication method and device, electronic equipment and storage medium
WO2022237558A1 (en) * 2021-05-11 2022-11-17 支付宝(杭州)信息技术有限公司 Blockchain-based user element authentication method and apparatus
CN118432898A (en) * 2024-05-10 2024-08-02 广东天银智能科技有限公司 Security authentication method and system based on system integration

Also Published As

Publication number Publication date
CN108965222B (en) 2021-12-07

Similar Documents

Publication Publication Date Title
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN106330850B (en) Security verification method based on biological characteristics, client and server
CN104579649B (en) Personal identification method and system
CN101350723B (en) USB Key equipment and method for implementing verification thereof
US8485438B2 (en) Mobile computing device authentication using scannable images
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
CN107294900A (en) Identity registration method and apparatus based on biological characteristic
CN107294721A (en) The method and apparatus of identity registration, certification based on biological characteristic
CN107196922A (en) Identity identifying method, user equipment and server
CN109325342A (en) Identity information management method, apparatus, computer equipment and storage medium
CN106326763A (en) Method and device for obtaining electronic file
CN107231331A (en) Obtain, issue the implementation method and device of electronic certificate
EP3206329B1 (en) Security check method, device, terminal and server
CN113014539A (en) Internet of things equipment safety protection system and method
CN103929425B (en) A kind of identity registration, identity authentication method, equipment and system
Cetin Design, testing and implementation of a new authentication method using multiple devices
Singhal et al. Software tokens based two factor authentication scheme
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
WO2022042745A1 (en) Key management method and apparatus
JP4303952B2 (en) Multiple authentication system, computer program, and multiple authentication method
US20120234923A1 (en) Method and/or device for managing authentication data
TWI640887B (en) User verification system implemented along with a mobile device and method thereof
TWM551721U (en) Login system implemented along with a mobile device without password
TWI644227B (en) Cross verification system implemented along with a mobile device and method thereof
Fujita et al. Design and Implementation of a multi-factor web authentication system with MyNumberCard and WebUSB

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20190729

Address after: Room 202, 2nd floor, F1 Building, Yuanjun Shuyuan International Media Industry Park, No. 8 Gaojing Cultural Park Road, Chaoyang District, Beijing

Applicant after: Puhua Yunchuang Technology (Beijing) Co.,Ltd.

Address before: 100036 No. 141, Gate 1, 3rd Floor, No. 14 Fuxing Road, Haidian District, Beijing

Applicant before: Zhai Hongying

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20211207

CF01 Termination of patent right due to non-payment of annual fee