CN105337740B - An authentication method, client, relay device and server - Google Patents

Abstract

The application provides an identity authentication method, a client, a server and relay equipment. The method comprises the following steps: the method comprises the steps that a server acquires account information of a user and inquires an encryption algorithm corresponding to the acquired account information; the server encrypts a first verification code of the server by using the encryption algorithm to form an encrypted first verification code; the server establishes a wireless network and sets a network name in an agreed format for the wireless network; the network name comprises the encrypted first verification code; the client scans the network name of the wireless network; extracting the encrypted first verification code from the scanned network name which accords with the agreed format; and the client decrypts the encrypted first verification code by using a stored decryption algorithm and performs identity verification according to a decryption result. By utilizing the embodiments in the application, the problem that the identity authentication is finished when the wireless communication network of the operator where the user is located cannot be used can be solved.

Description

An authentication method, client, relay device and server

technical field

The present application belongs to the field of information communication, and in particular relates to an identity verification method, client, relay device and server in the field of instant messaging/e-commerce.

Background technique

With the rapid development of the Internet, people's lives are more and more closely connected with the Internet. In real life, there have been some offline self-service credit card repayment, self-service bus card recharge, and self-service offline payment through online third-party payment systems such as Alipay.

Usually, when a user uses these self-service services, the server that provides the self-service service or the public device connected to the server needs to authenticate the user. If the user directly enters the verification password on the public device or server, the user's password may be leaked due to illegal means such as voyeurism, Trojan horse, and pinhole electronic eye. With the development of intelligent mobile terminals, there is currently a method in the prior art that can complete identity verification through online information interaction between a mobile terminal and a server or a public setting. In this method, the mobile terminal can obtain information related to self-service by scanning the two-dimensional code information on the server or public device, or the server or public device can obtain the user's account information by scanning the two-dimensional code information of the user on the client terminal, etc. , and then the mobile terminal and the server or public equipment further conduct information exchange online through the acquired information to complete the identity verification.

At present, the above-mentioned information exchange process of authentication between the client and the server or the public device is usually realized through the wireless communication network of the telecommunications operator where the client is located. For example, a Unicom user can communicate with the server based on the Unicom operator's GSM network or WCDMA network to complete identity verification. However, if the wireless communication network of the telecommunication operator where the user is located is unstable or has no coverage, or the wireless communication network cannot be used normally due to the user's traffic restriction, etc., this method cannot complete the authentication of the user.

SUMMARY OF THE INVENTION

The purpose of the present application is to provide an identity verification method, client, public equipment, server and system, which can complete the identity verification of the user when the wireless communication network of the telecommunication operator where the user is located cannot be used normally.

An authentication method provided by this application is implemented as follows:

The server obtains the account information of the user, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information;

The server encrypts the first verification code of the server by using the queried encryption algorithm to form an encrypted first verification code;

The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code;

The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format;

The client uses the stored decryption algorithm to decrypt the encrypted first verification code; the client performs identity verification according to the decryption result of the encrypted first verification code.

An authentication method, the method includes:

The server obtains the account information of the user, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information;

The server encrypts the first verification code of the server by using the queried encryption algorithm to form an encrypted first verification code;

The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code;

The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format;

The client uses the stored decryption algorithm to decrypt the encrypted first verification code, and the client sends the decryption result of the encrypted first verification code to the server through the wireless network;

The server receives the decryption result and performs authentication according to the decryption result.

An authentication method, the method includes:

The server obtains the account information of the user, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information;

The server encrypts the first verification code of the server by using the queried encryption algorithm to form an encrypted first verification code;

The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code;

The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format;

The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code; when the decryption is successful, the client uses the stored decryption algorithm to encrypt the third verification code of the client to form an encrypted first verification code. a third verification code, and send the encrypted third verification code to the server through the wireless network;

The server receives the encrypted third verification code, and decrypts the encrypted third verification code by using an encryption algorithm corresponding to the acquired user's account information; the server decrypts the encrypted third verification code according to the encrypted third verification code. The decryption result of the three-captcha code is used for authentication.

An authentication method, the method includes:

The relay device obtains the input account information, and sends the obtained account information to the server;

The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device;

The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; the relay device establishes a wireless network and provides The established wireless network sets the network name in the agreed format; the network name includes the encrypted first verification code;

The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format, and uses the stored decryption algorithm to decrypt the encrypted first verification code. A verification code is decrypted; the client performs identity verification according to the decryption result of the encrypted first verification code.

An authentication method, the method includes

The relay device obtains the input account information, and sends the obtained account information to the server;

The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device;

The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; the relay device establishes a wireless network and provides the The network name in the agreed format of the wireless network settings; the network name includes the encrypted first verification code;

The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; the client uses the stored decryption algorithm to extract the encrypted first verification code. The encrypted first verification code is decrypted, and the decryption result of the extracted encrypted first verification code is sent to the relay device through the wireless network;

The relay device receives the decryption result sent by the client and sends the decryption result to the server;

The server receives the decryption result sent by the relay device, and performs authentication according to the decryption result.

An authentication method, the method includes:

The relay device obtains the input account information, and sends the obtained account information to the server;

The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device;

The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; the relay device establishes a wireless network and provides the The network name in the agreed format of the wireless network settings; the network name includes the encrypted first verification code;

The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; the client uses the stored decryption algorithm to extract the encrypted first verification code. The encrypted first verification code is decrypted; when the decryption is successful, the message receiving end can use the stored decryption algorithm to encrypt the client's third verification code to form an encrypted third verification code; the client sending the encrypted third verification code to the relay device through the wireless network;

The relay device receives the encrypted third verification code, and sends the encrypted three verification code to the server;

The server receives the encrypted third verification code, and decrypts the encrypted third verification code by using an encryption algorithm corresponding to the acquired user's account information; the server decrypts the encrypted third verification code according to the encrypted third verification code. The decryption result of the second verification code is used for authentication.

An authentication method, the method includes:

The server obtains the account information of the user, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information;

The server encrypts the first verification code of the server by using the queried encryption algorithm to form an encrypted first verification code;

The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code.

An authentication method, the method includes:

The client scans the network name of the wireless network;

The client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format;

The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code;

The client performs identity verification according to the decryption result of the encrypted first verification code.

An authentication method, the method includes:

The client scans the network name of the wireless network;

The client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format;

The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code, and sends the decryption result of the extracted encrypted first verification code to the server or relay device by scanning the wireless network .

An identity verification method, characterized in that the method comprises:

The client scans the network name of the wireless network;

The client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format;

The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code; when the decryption is successful, the client uses the stored decryption algorithm to encrypt the third verification code of the client to form an encrypted first verification code. third verification code;

The client sends the encrypted third verification code to the server or relay device through the wireless network.

An authenticated server that includes:

an account acquisition unit, used to acquire the user's account information;

a user database for storing user information; the user information may include user account information and user encryption algorithm;

a query unit, configured to query an encryption algorithm corresponding to the acquired account information based on the stored user information;

an encryption unit that generates a first verification code, and is used to encrypt the first verification code by using the queried encryption algorithm to form an encrypted first verification code;

The wireless network unit is configured to establish a wireless network and set a network name in a predetermined format for the established wireless network; the network name includes the encrypted first verification code.

An authentication client that includes:

The storage unit is used to store the agreed format of the network name; it is also used to store the decryption algorithm of the user's account information;

a network scanning unit, configured to scan the network name of the wireless network conforming to the agreed format based on the stored agreed format of the network name;

an extraction unit, configured to extract the encrypted first verification code from the scanned network name conforming to the agreed format;

A first decryption unit, configured to decrypt the extracted encrypted first verification code based on the stored decryption algorithm.

An authenticated relay device comprising:

an information acquisition unit, used to acquire the user's account information;

an information receiving unit for receiving the encryption algorithm sent by the server;

an information encryption unit for generating or receiving a first verification code from a server, and encrypting the first verification code by using the received encryption algorithm to form an encrypted first verification code;

A wireless network broadcasting unit, configured to establish a wireless network, and set a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code.

In an identity verification method provided by this application, a server or a public device can establish a wireless network, and broadcast a randomly generated verification code after encrypting it with a public key through the network name of the wireless network. The client can scan the wireless network established by the server through the wireless device carried by itself according to the predetermined rule, and can extract the encrypted verification code in the network name according to the predetermined network name format. The client uses the private key stored by itself to decrypt the encrypted verification code, and if the decryption is successful, the authentication can be passed. The identity verification method of the present application can perform information exchange with the client through the wireless network established by the server or public equipment when the wireless communication network of the telecommunication operator where the user is located cannot be used normally to complete the identity verification. Most of the existing mobile devices are equipped with wireless access devices, such as WIFI access devices, etc. The method described in this application can also greatly improve the application occasions of identity verification, improve the convenience of identity verification, and save users The data traffic of your telecom operator.

Description of drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings required for the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this application. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

Fig. 1 is a method flow chart of an embodiment of a method for identity verification of the present application;

Fig. 2 is the schematic diagram of the predetermined format of the network name in a kind of identity verification method of the present application;

3 is a method flow chart of another embodiment of an identity verification method of the present application;

4 is a method flow chart of another embodiment of an identity verification method of the present application;

5 is a schematic diagram of a module structure of a server for identity verification of the present application;

6 is a schematic diagram of a module structure of another embodiment of an identity verification server of the present application;

7 is a schematic diagram of a module structure of a first identity verification unit of an identity verification server of the present application;

8 is a schematic diagram of a module structure of another embodiment of an identity verification server of the present application;

9 is a schematic diagram of a module structure of a second identity verification unit of a server for identity verification of the present application;

10 is a schematic diagram of the module structure of a client for identity verification of the present application;

11 is a schematic diagram of a module structure of another embodiment of an identity verification client of the present application;

12 is a schematic diagram of a module structure of another embodiment of an identity verification client of the present application;

13 is a schematic diagram of a module structure of another embodiment of an identity verification client of the present application;

14 is a schematic diagram of a module structure of an embodiment of an identity verification relay device of the present application;

FIG. 15 is a schematic structural diagram of a module of another embodiment of a relay device for identity verification according to the present application.

Detailed ways

In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described The embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the scope of protection of this application.

Before users use self-service offline, they usually register user information on the server of the self-service provider for subsequent identity confirmation. The user information may include user account information, password and other information. The server may acquire and store the user information, and specifically may store the user information in a user database. The user database may be a database stored on the server, or a database stored on other devices. After acquiring the user information of the user, the server may generate a pair of encryption algorithm and decryption algorithm corresponding to the account information of the user. The server may store user information including user account information, passwords, etc., and may also store encryption algorithms and/or decryption algorithms corresponding to user account information, which may be specifically stored in the user database. The encryption algorithm of the user may uniquely correspond to the account information of the user, and the server may query the encryption algorithm corresponding to the user according to the account information of the user. The server may send the decryption algorithm corresponding to the user account information to the user's client, which may be stored by the user's client. The client of the user may pre-install a corresponding application, and the client may communicate with the server through the corresponding application installed on the client. When the user logs in the installed application for the first time to perform account confirmation or other verification with the server, the user can obtain the decryption algorithm corresponding to the user sent by the server through the application on the client. The client may store the obtained decryption algorithm. For a unified expression, the above-mentioned applications on the client side may be collectively referred to as clients. The encryption algorithm and decryption algorithm described in this application may include a method for processing plaintext information. The encryption algorithm may include an information processing method for encrypting plaintext information. Correspondingly, the decryption algorithm may decrypt the information encrypted by the encryption algorithm to obtain correct plaintext information. The encryption algorithm and the decryption algorithm are information processing methods. In a specific application example, the encryption algorithm can be used to encrypt the plaintext information, and the decryption algorithm corresponding to the encryption algorithm can be used to decrypt the plaintext information to obtain the plaintext information. Of course, depending on the selected encryption algorithm and decryption algorithm, in some application scenarios, the decryption algorithm may also be used to encrypt the plaintext information, and the encryption algorithm may be used to decrypt the information.

During identity verification, the client can exchange information with the server, and identity verification can be performed by verifying whether the decryption algorithm of the client can decrypt the information encrypted by the server with the encryption algorithm. In the identity verification method provided by the present application, when performing identity verification, the server and the client can exchange information through a wireless local area network to complete the identity verification. The following is an embodiment of an identity verification method of the present application, and FIG. 1 is a method flowchart of an embodiment of the identity verification method. As shown in Figure 1, the method includes:

S1: The server may acquire account information of the user, and query an encryption algorithm corresponding to the acquired account information based on the stored user information.

The user can input the user's account information on the server, and the server can obtain the account information input by the user. Specifically, the server may acquire account information input by the user through an account input interface provided on the server. The account information input by the user can also be acquired by other dedicated devices such as POS card swiping machines, scanners and other relay devices, and then the acquired account information of the user is sent to the server.

After acquiring the account information of the user, the server may query the encryption algorithm corresponding to the account information. The encryption algorithm corresponding to the account information may include a decryption algorithm corresponding to the encryption algorithm. In the foregoing, the server may store user information including user account information, password, etc., and may also store an encryption algorithm corresponding to the user account information. The server may query encrypted information corresponding to the acquired account information based on the stored user information. In this embodiment, the server may set a user database, which may be used to store the user information, encryption algorithm or decryption algorithm and other information of the user. The user database can be set on the server or on other dedicated servers. The server may inquire whether there is an encryption algorithm corresponding to the acquired account information in the user database. Generally, if the user A has registered user information with the server before performing identity verification, the server may store user A's account information, encrypted information and other information. After acquiring the account information of the user A, the server can query the encryption algorithm corresponding to the user A.

The encryption algorithm and the decryption algorithm in this embodiment can generally be the public key and the private key in the asymmetric key cryptosystem in the cryptosystem. The public and private keys in the asymmetric key cryptosystem can be mutually encrypted and decrypted. The public key and private key may be a public key algorithm and a private key algorithm for encrypting or decrypting plaintext information. When using the asymmetric key cryptosystem to encrypt the plaintext information, the decryption process of the plaintext information can only be completed by using a pair of public key/private key that matches each other. In general, the public key can be public, it does not need to be kept secret, and can be stored by the server; the private key can be kept private, and can be stored by the user side corresponding to the pair of public key and private key. For example, the private key may be stored in an application of the user client.

Of course, after acquiring the account information input by the user, the server can verify whether the account information input by the user is legal, for example, whether the format of the account information input by the user conforms to a preset format, or whether the account information input by the user is in the The server is registered and so on. When the server verifies that the account information input by the user is invalid, the server may use a preset processing method for processing.

The server may acquire account information input by the user, and may query the encryption algorithm corresponding to the account information input by the user in the user information stored in the user database.

S2: The server encrypts the first verification code of the server by using the queried encryption algorithm to form the encrypted first verification code.

The server may encrypt the first verification code of the server after inquiring about the encryption algorithm corresponding to the account input by the user. The first verification code A may include one or more verification codes generated by the server according to a predetermined algorithm according to information such as the user's account information or encryption algorithm, or may be one or more verification codes randomly generated according to certain rules. code. Of course, the first verification code may also include verification codes received by the server and sent by other servers or dedicated devices. When the server can store the first verification code. The first verification code A may specifically include the form of a character string. For example, the first verification code A may be a set of 16-bit random character strings. After generating the first verification code A, the server may encrypt the first verification code A by using the queried user's encryption algorithm, that is, the public key in this embodiment. The public key can be an encryption/decryption public key algorithm, and the server can use the queried public key to encrypt the first verification code A to form the encrypted first verification code, which can be used here. A' represents the encrypted first verification code.

The server may generate or receive the first verification code A, and the server may encrypt the first verification code A with the queried encryption algorithm to form the encrypted first verification code A'.

S3: The server establishes a wireless network, and sets a network name in a predetermined format for the established wireless network; the network name may include the encrypted first verification code.

The server described in this embodiment may establish a wireless network, and specifically, a wireless network may be established through a wireless network device set up on the server. In this embodiment, the server and the wireless network device may be installed in the same group of devices, or may be separated from the wireless network device and installed in different places respectively, and can communicate with each other through the configured transmission link. The server may broadcast the encrypted first verification code A' through the network name of the wireless network. It should be noted that the wireless network described in this application may include communication connections in short-range wireless communication methods, such as Bluetooth (Bluetooth), infrared (IrDA), wireless local area network (WI-FI or WLAN, mostly 802.11 series) Protocol), Wi-Fi Direct, Ultra Wide Band, Zigbee, Near Field Communication (NFC), WImax and other communication technologies. This application introduces specific implementation solutions in combination with the above communication methods, and does not exclude that other communication methods are applied to the specific solutions described below in this application.

Specifically, in this embodiment, the wireless network established by the server may be a WIFI network. Wireless Fidelity (Wireless Fidelity, WIFI) technology generally refers to a wireless local area network access technology based on the 802.11 protocol, and belongs to a short-range wireless communication technology used in offices or homes. A WIFI network may generally consist of a WIFI access point (Access Point, AP) and a terminal. The access point AP can establish a wireless network through devices such as a wireless network card, and connect the terminal device to another network. The other network may be a wireless network or a wired network. In this embodiment, the access point AP can directly communicate with the server through ADSL or other lines, and communicate with the server through a corresponding relay device. The access point AP is equivalent to a bridge between different networks, and its working principle is equivalent to a hub (HUB) or a router with a built-in wireless transmitter. The server performs information exchange.

The server may broadcast the encrypted first verification code A' through the network name of the wireless network. When the server establishes a wireless network, a network name in a predetermined format may be set for the wireless network. In this embodiment, when establishing a WIFI network, the server may set a WIFI network name or identifier for the WIFI network, and the network name or identifier is usually called SSID (Service Set Identifier, SSID). The SSID can usually be up to 32 characters long. The SSID may include the encrypted first verification code A'. In this embodiment, the server may set the SSID in an agreed format, and the SSID in the agreed format may encode the encrypted verification code A'. For example, the encrypted first verification code A' can be used as the SSID, and then broadcasted through the WIFI network. Or the encrypted first verification code A' may be located in a certain field of the SSID of the agreed format according to the preset SSID format. For example, the format of the SSID can be the combination of the encrypted first verification code A' and the preset name or account information, such as: AUTH+A', or can be the format of: account name+A'. FIG. 2 is a schematic diagram of the structure of an SSID in an agreed format described in this embodiment. As shown in FIG. 2 , the SSID network name , and the SSID of WFII in the agreed format may include: AUTH (preset name) + 0000 (separation character) + encrypted verification code A' (16 digits). Using the SSID in the agreed format described in this embodiment, the SSID of the WIFI broadcast by the server may be expressed as: AUTH0000A'.

Of course, in this application, the agreed format of the network name may be the composition format of other preset network names, which is not limited in this application. Correspondingly, the server may send the agreed format of the constituent network name to the client, and specifically may be sent to a specific application preset by the client. The client may know the agreed format of the constituent network name, and may obtain information of different fields of the network name according to the predetermined format.

The server may establish a WIFI network, and set an SSID in a predetermined format for the established WIFI network. The SSID in the agreed format established by the server may include the encrypted first verification code A'. The server may broadcast the WIFI network established by the server.

S4: The client can scan the network name of the WIFI network, and extract the encrypted first verification code from the scanned network name that conforms to the agreed format.

The clients described in this application may generally include notebook computers, netbooks, mobile phones, personal digital assistants (PDAs), mobile Internet devices (MIDs), etc. that have wireless access devices (such as wireless network cards). Terminal Equipment. The client can scan the surrounding wireless networks, and when scanning a WIFI network whose network name conforms to the agreed format, obtain the network name of the wireless network, and can extract the encrypted first verification from the obtained network name. code.

In the foregoing, the server can send the agreed format of the network name to the client, so the client can obtain the agreed format of the network name, and can obtain the agreed format of the network name according to the agreed format of the network name. Scans for network names of wireless networks in the surrounding format that conform to the conventions described. For example, the format of the network name agreement received by the client may include: AUTH (preset name)+0000 (separation character)+encrypted verification code A' (16 bits). The client can scan the surrounding wireless networks, and can obtain the scanned wireless network names. The client may determine whether the scanned network names of the surrounding wireless networks conform to the agreed format. The client can scan a network name that conforms to the agreed format according to the agreed format: AUTH0000A'. After the server scans the network name that conforms to the agreed format, it can obtain the network name of the WIFI network, and extract the encrypted first verification code A' in the network name.

S501: The client decrypts the extracted encrypted first verification code by using the stored decryption algorithm; the client performs identity verification according to the decryption result of the encrypted first verification code.

The client can decrypt the extracted encrypted first verification code A' by using the user's decryption algorithm stored by itself. The decryption algorithm described in this embodiment may include a private key stored on the client. The client can use the stored private key to decrypt the first verification code A' encrypted by the public key. As mentioned above, when using the asymmetric key cryptosystem to encrypt the plaintext information, the decryption process of the plaintext information can only be completed by using a pair of public keys/private keys that match each other. In this embodiment, the first verification code A encrypted by the public key can only be decrypted by the private key that matches the public key. If the client can decrypt the encrypted first verification code A' by using the stored private key, it means that the private key stored by the client and the public key used by the server to encrypt the first verification code A are the same. For keys that match each other, the decryption result is successful. Correspondingly, if the client cannot decrypt the encrypted first verification code A' by using the private key stored in itself, the decryption result is failure.

The client may perform identity verification according to the decryption result of the encrypted first verification code. For example, if the decryption result is successful, the client can be authenticated. At this time, the client terminal can obtain the preset data access authority under the condition of passing the identity verification, and the application on the specific client terminal can set the user's access authority to the specific application function only after passing the identity verification. If the decryption result is unsuccessful, the client cannot pass the authentication. In the WIFI network established by the server, the server can set the access authentication mode of the client, including non-encrypted authentication and encrypted authentication. In this embodiment, the server can set the access authentication mode of the client to the non-encrypted authentication. . The client can connect to the corresponding WIFI network without performing password verification, and establish communication with the server. The WIFI network established by the server belongs to a wireless local area network for short-distance communication, and the client can exchange information with the server by accessing the WIFI network to perform identity verification.

In a specific application scenario, the server can provide the service of self-service recharging of mobile phones. The server can establish a WIFI network corresponding to the account information according to the account information input by the user, and only the application on the mobile terminal that has passed the identity verification can access the application of the mobile phone self-service recharge service set by the server. The application on the mobile terminal may also be set to have the right to send the application request for accessing the mobile phone self-service recharge service of the server only when the identity verification is passed. Specifically, the server may scan the QR code information on the client through the port or obtain the account information of the user C: user123 through the account information input by the user C on the server. The server may query the user database that the account information is that the public key corresponding to user123 is K_PUB. The public key can be represented as a public key encryption algorithm corresponding to the user user123. After querying the public key information corresponding to the user yongh123, the server may randomly generate a 16-bit first verification code MK3D90HB8H2JT4VZ. The server may use the public key K_PUB corresponding to the user user123 to encrypt the first verification code MK3D90HB8H2JT4VZ randomly generated by the server to form the encrypted first verification code PYKJH89LOEN7F56G. The server can establish a WIFI network through a WIFI device, and can set the SSID of the WIFI network according to the agreed format of the SSID. The agreed format of the SSID may be sent to the application downloaded by the user to the client before this authentication. The agreed format of the SSID may be: AUTH (preset name)+0000 (separation character)+encrypted verification code A' (16 bits). The server may set the SSID of the WIFI network established by the user account as the server corresponding to user123 according to the above-mentioned SSID convention format, which may be: AUTH0000PYKJH89LOEN7F56G. After the server establishes the WIFI network, it can broadcast the SSID including the encrypted first verification code to the surrounding space. The client may scan the surrounding WIFI networks that conform to the SSID in the agreed format through the application installed on the mobile terminal. When the client scans the WIFI network with the SSID in the agreed format, it can obtain the SSID of the WIFI network as AUTH0000PYKJH89LOEN7F56G, and extract the encrypted first verification code PYKJH89LOEN7F56G according to the agreed format of the SSID. The client can decrypt the extracted encrypted first verification code PYKJH89LOEN7F56G by using the private key K_PRI stored in itself. The client can decrypt the encrypted first verification code PYKJH89LOEN7F56G using the private key K_PRI, and the decryption result is successful, the application on the client can pass the authentication, and the specific application on the client can The preset rules are connected to the WIFI network whose SSID is AUTH0000PYKJH89LOEN7F56G, and have the authority to access the application of the mobile phone self-service recharge service set by the server, or have the authority to send a request to the server to access the mobile phone self-service recharge service. The server and the client can exchange information through the WIFI network with the SSID established by the server as AUTH0000PYKJH89LOEN7F56G, and complete the mobile phone self-service recharge service of the client.

The identity verification method described in this embodiment can use the network name of the WIFI network for identity verification, which solves the problem that the identity verification cannot be completed when the wireless communication network of the operator where the client is located cannot be used normally. At present, most terminal devices have the WIFI access function, and the identity verification method described in this embodiment can greatly provide the application occasion of identity verification, provide the convenience of identity verification, and also save the data communication traffic of the telecommunications operator where the user is located. .

Of course, the WIFI network established by the server described in this application can be connected to the wireless communication network of the operator where the client is located or the computer Internet through a corresponding gateway or device, and can provide more services for the client.

In the above-mentioned embodiment, the authentication may be performed by the client. The present application also provides another embodiment of the authentication method. In this embodiment, the client can feed back the decryption result to the server, and the server performs authentication according to the decryption result. FIG. 3 is a flowchart of another embodiment of an identity verification method described in this application. As shown in FIG. 3 , the authentication method described in this embodiment may include:

S1: The server can obtain the account information of the user, and can query the encryption algorithm corresponding to the obtained account information based on the stored user information;

S2: The server can encrypt the first verification code of the server by using the queried encryption algorithm to form an encrypted first verification code;

S3: The server may establish a wireless network, and set a network name in a predetermined format for the established wireless network; the network name may include the encrypted first verification code;

S4: the client can scan the wireless network; the client can extract the encrypted first verification code from the scanned network name that conforms to the agreed format;

S502: The client can use the stored decryption algorithm to decrypt the encrypted first verification code, and the client can send the decryption result of the encrypted first verification code to the wireless network through the wireless network. the server;

S601: The server may receive the decryption result, and perform identity verification according to the decryption result.

In this embodiment, the client may send the decryption result of the extracted encrypted first verification code to the server through the wireless network. The decryption result of the encrypted first verification code sent by the client to the server may include:

The client succeeds or fails to decrypt the extracted encrypted first verification code.

The server may receive the decryption result returned by the client, and the server may perform authentication according to the decryption result. For example, if the decryption result returned by the client is successful, the server can pass the authentication of the client, and the client can obtain the corresponding authority of the server, and can perform further data access. If the decryption result returned by the client is failure, the server may not pass the authentication of the client.

In a preferred embodiment, the client can send the decrypted first verification code obtained by the client decrypting the encrypted first verification code to the server, and the server can verify the encrypted first verification code according to the decrypted first verification code. code for authentication. Therefore, in this embodiment, the decryption result of the encrypted first verification code sent by the client to the server may include:

The client decrypts the encrypted first verification code and obtains the decrypted second verification code.

Correspondingly, the server receiving the decryption result and performing identity verification according to the decryption result includes: the server receiving the decryption result and extracting the decrypted second verification code from the decryption result; The server compares whether the second verification code is the same as the first verification code, and passes the identity verification when the comparison result is the same.

The client can use the stored decryption algorithm to decrypt the extracted encrypted first verification code, and can obtain the decrypted second verification code when successfully decrypting the extracted encrypted first verification code. The message receiving end may send the decryption result including the decrypted first verification code to the server through the wireless network. The server side can receive the decryption result and extract the decrypted second verification code therefrom, and can compare whether the extracted decrypted second verification code is the same as the server's first verification code; the server Identity verification may be performed according to a comparison result between the received decrypted second verification code and the first verification code. If the comparison result is the same, the authentication may be passed; if the comparison result is not the same, the authentication may not be passed.

For example, the client uses the stored private key to decrypt the encrypted first verification code A', and the decrypted second verification code that can be obtained when the decryption is successful is B. The client may send the decrypted second verification code B to the server through the wireless network established by the server. The server can store the generated first verification code. Therefore, after receiving the decrypted second verification code B, the server compares the second verification code B with the first verification code generated by the server. A is the same. If the comparison result between the second verification code B and the generated first verification code A is the same, the server can pass the identity verification; if the second verification code B is the same as the generated first verification code A If the result of the comparison is not the same, the server may not pass the authentication, and at this time, the server may perform processing according to a preset processing method. Using the method described in this embodiment to perform identity verification can further improve the security of identity verification.

The present application also provides another preferred embodiment of the identity verification. FIG. 4 is a method flowchart of another embodiment of the identity verification method described in the present application. As shown in Figure 4, the method includes:

S1: the server can obtain the account information for use, and can query the encryption algorithm corresponding to the account information of the user based on the stored user information;

S2: The server can encrypt the first verification code of the server by using the queried encryption algorithm to form an encrypted first verification code;

S3: The server can establish a wireless network, and can set a network name in a predetermined format for the established wireless network; the network name includes the encrypted first verification code;

S4: the client can scan the wireless network; the client can extract the encrypted first verification code from the scanned network name that conforms to the agreed format;

S503: The client can use the stored decryption algorithm to decrypt the extracted encrypted first verification code; when the decryption is successful, the message receiving end can use the stored decryption algorithm to encrypt the third verification code of the client , forming an encrypted third verification code; the client can send the encrypted third verification code to the server through the wireless network;

S602: The server can receive the encrypted third verification code, and can decrypt the encrypted third verification code by using an encryption algorithm corresponding to the acquired user's account information; the server can decrypt the encrypted third verification code according to the encrypted The algorithm performs identity verification on the decryption result of the encrypted third verification code.

It should be noted that the encryption algorithm or decryption algorithm described in this application may include a calculation method for performing certain rule transformation on information, which may include application scenarios in which the encryption algorithm is used for decryption and the decryption algorithm is used for encryption. For example, the encryption algorithm and decryption algorithm described in this embodiment may include a public key and a private key, wherein the public key pair may be used for encryption and the private key may be used for decryption, or the private key may be used to encrypt information and the public key may be used for decryption. to decrypt. In this embodiment, the client can decrypt the encrypted first verification code sent by the server by using the stored decryption algorithm, and can verify that the client is the recipient of the message sent by the receiving server. Further, the client can use the stored decryption algorithm to encrypt the third verification code on the client to form an encrypted third verification code. The client may send the encrypted third verification code to the server through the wireless network. The server may decrypt the encrypted third verification code by using an encryption algorithm corresponding to the user's account information. If decryption is possible, the identity of the message sender of the message sent by the client to the server can be verified. For example, the client may encrypt the third verification code by using the stored private key. The third verification code may include verification code information generated by the client according to certain rules or randomly. The client may send the third verification code encrypted by the private key to the server through the wireless network. The server may decrypt the encrypted third verification code by using the public key corresponding to the user account information. If the decryption succeeds, the server may pass the authentication; if the decryption fails, the server may fail the authentication.

In the above embodiment, the authentication performed by the server on the decryption result of the encrypted third verification code according to the encryption algorithm may include:

When the server decrypts the encrypted third verification code successfully, it obtains the decrypted fourth verification code; the server can compare whether the fourth verification code is the same as the server's preset verification code, and compare the encrypted third verification code. Authenticate when the result is the same.

In this embodiment, the server may decrypt the encrypted third verification code to obtain the decrypted fourth verification code. The server may compare whether the fourth verification code is the same as a preset verification code of the server. The third verification code encrypted by the client and the preset verification code of the server may generally include information preset by the server and the client for further authentication. In a specific embodiment, the third verification code of the client may include a second verification code obtained by decrypting the extracted encrypted first verification code by the client. The verification code may include the first verification code of the server. Correspondingly, the server comparing whether the fourth verification code is the same as the preset verification code of the server includes: the server comparing the second verification code with the Whether the first verification code of the server is the same. For example, when the server authenticates the user whose account information is user123, the server may generate the first verification code A, the server may store the generated first verification code A, and use the generated first verification code A as the server preset verification code. The server may perform encryption through an encryption algorithm (such as the user's public key) to obtain the encrypted first verification code A'. The server broadcasts the encrypted first verification code A' through the network name of the established WIFI. The client scans the wireless network and uses its own private key to decrypt the encrypted first verification code A' contained in the network name in the wireless network, and can obtain the decrypted second verification code B. In this embodiment, the client can encrypt the second verification code B as the third verification code of the client, and can encrypt the third verification code B by using the private key of the client to obtain an encrypted After the third verification code B', and can be sent to the server through the wireless network. The server can use the public key corresponding to the account information user123 to decrypt the encrypted third verification code B', and can obtain the decrypted fourth verification code C. Further, the server may compare whether the decrypted fourth verification code C is the same as the first verification code A of the user whose account information is user123 stored by the server. If the comparison result between the fourth verification code C decrypted by the public key and the first verification code A of the server is the same, the server can pass the identity verification; if the fourth verification code C decrypted by the public key is the same as If the comparison result of the first verification code A of the server is not the same, the server may not pass the identity verification.

In another embodiment of the identity verification described in this application, the third verification code of the client may include account information of the user of the client, and the preset verification code of the server may include user information stored in the server, and correspondingly The server comparing whether the decrypted fourth verification code is the same as the server's preset verification code includes: the server comparing whether the decrypted user account information is the same as the user account information stored by the server. In this embodiment, the client terminal may acquire account information of its own user, and use the account information of the user of the client terminal as the third verification code of the client terminal. After decrypting the encrypted first verification code, the client can use the stored private key to encrypt the account information of the user on the client. For example, the account information user123 of the user of the client can be encrypted by using the private key K_PRI of the client to form encrypted user account information SFTFDK40AA9KANCM, which can be sent to the server through the wireless network. The server receives the encrypted user account information SFTFDK40AA9KANCM, and can use the public key K_PUB corresponding to the account information user123 to decrypt the encrypted user account information. The server compares the decrypted account information of the user with the account information of the user stored by the server, and if they are the same, they can pass the identity verification; if they are different, they can pass the identity verification. For example, if the account information decrypted by the server is user123, which is the same as the account information 123 of the user stored by the server, the authentication can be passed. If the account decrypted by the server is user456, which is different from the user's account information user123 stored by the server, the authentication may not be passed.

In the authentication method according to any one of the above embodiments, the network name in the agreed format set by the server for the established wireless network may also include APPID information of different applications, and the client may The agreed format of the name extracts the APPID information of the different applications, and differentiates the different applications on the client according to the extracted APPID information. The APPID information may include identifiers for distinguishing different applications of the client. The server can preset APPID information for different applications. For example, you can set the APPID corresponding to Alipay wallet application to: "PAY_PACK", you can set the APPID corresponding to QQ application to be: "IM_QQ", or set the APPID corresponding to Aliwangwang application to: " IM_WW" etc. Correspondingly, the agreed format of the SSID may include the APPID information, and the client may extract the APPID information according to the agreed format of the SSID after acquiring the SSID in the agreed format, and may extract the APPID information according to the extracted APPID. Information distinguishes different applications on the client. Of course, the APPID information may also be included in the message sent by the client to the server, and the server may distinguish different applications on the client through the APPID. With this embodiment, the server or the client can complete the authentication of different applications on the client through the established wireless network.

In another specific application scenario, the above-mentioned network name may include SessionID information, and the SessionID information may include an identifier established by the server to identify a session generated by the server and the client performing authentication. The network name convention format may include: session ID+encrypted verification code, such as: SessionID+A'. The SessionID can distinguish sessions between the server and different clients, and can distinguish sessions generated between the server and the same client at different times. In a specific application scenario, the server may establish multiple different WIFI networks to generate sessions with multiple clients for information exchange, and the server may establish a different SessionID for each session. The agreed format of the SSID may include the SessionID, the client can extract the SessionID according to the agreed format of the SSID after obtaining the SSID, and the client can distinguish and judge the server according to the extracted SessionID. Whether the information being interacted with belongs to the same session. Certainly, the message sent by the client to the server may also include the SessionID information, and the server may judge whether the information interacting with the client belongs to the same session according to the SessionID.

In another implementation manner of the present application, the client may not directly perform information interaction with the server. The client can communicate with the server as a relay device, such as a POS machine, a public service device, etc., to complete identity verification. Therefore, the present application provides another embodiment of an identity verification method, and the method may include:

S201: The relay device acquires the input account information, and sends the acquired account information to the server;

S202: The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device;

S203: The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code;

S204: The relay device establishes a wireless network, and sets a network name in a predetermined format for the established wireless network; the network name includes the encrypted first verification code;

S205: the client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format;

S2061: The client decrypts the extracted encrypted first verification code by using the stored decryption algorithm; the client performs identity verification according to the decryption result of the encrypted first verification code.

The above-mentioned first verification code of the relay device may include the first verification code generated by the relay device, or the first verification code sent from the received server.

In another embodiment of the above-mentioned identity verification method, after completing S204, it may include:

S2062: The client decrypts the extracted encrypted first verification code by using the stored decryption algorithm, and can send the decryption result of the extracted encrypted first verification code to the wireless network through the wireless network. relay equipment;

S2071: The relay device can receive the decryption result sent by the client and send the decryption result to the server;

S2081: The server may receive the decryption result sent by the relay device, and perform identity verification according to the decryption result.

In the above-mentioned identity verification method, the decryption result of the decrypted first verification code sent by the client includes: the client successfully decrypts the extracted encrypted first verification code or fails. The decryption result of the decrypted first verification code sent by the client includes: decryption of the extracted encrypted first verification code succeeds or fails. If the decryption result is successful, the authentication may be passed; if the decryption result is failure, the authentication may not be passed.

Certainly, the decryption result of the decrypted first verification code sent by the client may include:

the decrypted second verification code obtained by the client decrypting the encrypted first verification code;

Correspondingly, the server receiving the decryption result sent by the relay device, and performing identity verification according to the decryption result includes: the server receiving the decryption result, and extracting the second verification code from the decryption result; The server compares whether the second verification code is the same as the first verification code of the server, and passes the identity card verification when the comparison result is the same.

In another identity verification method of the present application, the method may include:

S201: The relay device acquires the input account information, and sends the acquired account information to the server;

S202: The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device;

S203: The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code;

S204: The relay device establishes a wireless network, and sets a network name in a predetermined format for the established wireless network; the network name includes the encrypted first verification code;

S205: The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format;

S2063: The client decrypts the extracted encrypted first verification code by using the stored decryption algorithm; when the decryption is successful, the message receiving end can use the stored decryption algorithm to encrypt the third verification code of the client, forming an encrypted third verification code; the client can send the encrypted third verification code to the relay device through the wireless network;

S3072: The relay device can receive the encrypted third verification code, and send the encrypted verification code to the server;

S3082: The server can receive the encrypted three verification code, and can use the encryption algorithm corresponding to the acquired user's account information to decrypt the encrypted third verification code; the server can decrypt the encrypted third verification code according to the encryption algorithm Perform identity verification on the decryption result of the encrypted third verification code.

The above-mentioned third verification code of the client terminal may include: verification code information generated by the client terminal according to certain rules or randomly. In the above embodiment, the client can use its own private key to encrypt the third verification code of the client, and send it to the server through the relay device. If the server can decrypt the encrypted third verification code by using the corresponding private key, the authentication can be passed.

In a preferred embodiment, the authentication performed by the server on the decryption result of the encrypted third verification code according to the encryption algorithm may include:

When the encrypted third verification code is successfully decrypted, the server obtains the decrypted fourth verification code; the server compares whether the fourth verification code is the same as the server preset verification code, and compares the result in the comparison result. Same time pass authentication.

Referring to other embodiments of the present application, the third verification code of the client includes the decrypted second verification code obtained by the client decrypting the encrypted first verification code, the preset verification code of the server may include the first verification code of the server;

Correspondingly, the server comparing whether the fourth verification code is the same as the server's preset verification code includes: the server comparing whether the second verification code is the same as the server's first verification code;

or,

The third verification code of the client includes account information of the user of the client, and the preset verification code of the server includes the account information of the user stored by the server;

Correspondingly, comparing, by the server, whether the fourth verification code is the same as the preset verification code of the server includes: comparing, by the server, whether the decrypted account information of the user is the same as the account information of the user stored by the server.

Of course, the network name in the agreed format set by the relay device may also include APPID information of different applications, and the client can extract the APPID information of the different applications according to the agreed format of the network name, And different applications on the client are distinguished according to the extracted APPID information.

Based on the identity verification method described in this application, this application provides an identity verification server. FIG. 5 is a schematic diagram of the module structure of the identity verification server described in this application. As shown in Figure 5, the server may include:

The account obtaining unit 101 can be used to obtain the account information of the user;

The user database 102 can be used to store user information; the user information can include the user's account information and the user's encryption algorithm;

The query unit 103 can be configured to query the encryption algorithm corresponding to the acquired account information based on the stored user information;

The encryption unit 104 can generate a first verification code, and is used to encrypt the first verification code by using the queried encryption algorithm to form an encrypted first verification code;

The wireless network unit 105 can be used to establish a wireless network, and set a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code.

FIG. 6 is a schematic diagram of a module structure of another embodiment of an identity verification server described in this application. As shown in FIG. 6 , the server may further include:

The first receiving unit 106 can be used to obtain the decryption result of the encrypted first verification code sent by the client or the relay device;

The first identity verification unit 107 may be configured to perform identity verification according to the decryption result of the receiving unit 106 .

FIG. 7 is a schematic diagram of the module structure of the above-mentioned first identity verification unit 107. As shown in FIG. 7 , the first identity verification unit 107 may include:

The first extraction unit 1071 can be used to extract the decrypted first verification code from the decrypted result;

The first comparison unit 1072 can be used to compare whether the extracted decrypted first verification code is the same as the first verification code generated by the encryption unit 104;

The first verification unit 1073 may be configured to perform identity verification according to the comparison result of the extracted decrypted first verification code and the first verification code generated by the encryption unit 104 .

FIG. 8 is a schematic diagram of a module structure of another embodiment of an authentication server described in this application. As shown in FIG. 8 , the server may further include:

The second receiving unit 108 can be configured to receive the encrypted third verification code sent by the client or the relay device;

The decryption unit 109 can be configured to decrypt the encrypted third verification code by using the encryption algorithm corresponding to the obtained user account in the user database 102;

The second identity verification unit 1010 may be configured to perform identity verification according to the decryption result of the encrypted third verification code.

FIG. 9 is a schematic diagram of the module structure of the first identity verification unit 1010 described above. As shown in FIG. 9 , the second identity verification unit 1010 may include:

The second extraction unit 1011 can be configured to extract the fourth verification code obtained by the decryption unit 109 decrypting the encrypted third verification code;

The second comparison unit 1012 can be used to compare whether the decrypted fourth verification code is the same as the stored preset verification code;

The second verification unit 1013 may be configured to perform identity verification according to the comparison result between the fourth verification code and the stored preset verification code.

The preset verification code stored in the second comparison unit 1012 may include the first verification code generated by the encryption unit 104 or the user account information stored in the user database.

The present application also provides an authentication client, and FIG. 10 is a schematic diagram of the module structure of the authentication client. As shown in Figure 10, the client may include:

The storage unit 201 can be used to store the agreed format of the network name; it can also be used to store the decryption algorithm of the user's account information;

The network scanning unit 202 can be configured to scan the network name of the wireless network conforming to the agreed format based on the stored agreed format of the network name;

The extraction unit 203 can be used to extract the encrypted first verification code from the scanned network name that conforms to the agreed format;

The first decryption unit 204 may be configured to decrypt the extracted encrypted first verification code based on the stored decryption algorithm.

FIG. 11 is a schematic structural diagram of a module of another embodiment of the above-mentioned authentication client. As shown in Figure 11, the client may also include:

The identity verification unit 205 may be configured to perform identity verification based on the decryption result of the first decryption unit 204 .

FIG. 12 is a schematic structural diagram of a module of another embodiment of the above-mentioned authentication client. As shown in Figure 12, the client may also include:

The first sending unit 206 may be configured to send the decryption result of the extracted encrypted first verification code to a server or a relay device through the wireless network.

The decryption result of the encrypted first verification code sent by the client to the server or the relay device includes:

The client succeeds or fails to decrypt the extracted encrypted first verification code;

or,

The client decrypts the encrypted first verification code and obtains the decrypted second verification code.

FIG. 13 is a schematic structural diagram of a module of another embodiment of the above-mentioned authentication client. As shown in Figure 13, the client may also include:

The first encryption unit 207 can be used to encrypt the third verification code of the client by utilizing the stored decryption algorithm when the extracted encrypted first verification code is successfully decrypted to form an encrypted third verification code. code;

The second sending unit 208 can send the encrypted third verification code to a server or a relay device through the wireless network.

The third verification code of the client terminal includes: the decrypted second verification code obtained by decrypting the encrypted first verification code by the client terminal; or the account information of the user of the client terminal.

The present application also provides a relay device, and FIG. 14 is a schematic structural diagram of a module of the relay device. As shown in Figure 14, the relay device may include:

An information acquisition unit 301, which can be used to acquire account information of a user;

The information receiving unit 302 can be used to receive the encryption algorithm sent by the server;

The information encryption unit 303 can be used to generate or receive a first verification code from the server, and encrypt the first verification code by using the received encryption algorithm to form an encrypted first verification code;

The wireless network broadcasting unit 304 can be used to establish a wireless network, and set a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code.

FIG. 15 is a schematic structural diagram of a module of another implementation manner of the above-mentioned relay device. As shown in FIG. 15 , the relay device may further include:

The feedback receiving unit 305 can be used to receive the feedback result sent by the client;

The feedback sending unit 306 may be configured to send the received feedback result of the client to the server. The feedback results sent by the client and received by the relay device include:

The client succeeds or fails to decrypt the encrypted first verification code;

or,

The client decrypts the encrypted first verification code and obtains the decrypted second verification code;

or,

The client encrypts the third verification code of the client by using the stored decryption algorithm to obtain the encrypted third verification code.

The encryption algorithm and decryption algorithm described in the above client, server, and relay device may include the public key and the private key in the asymmetric encryption algorithm. Of course, other algorithms that conform to the identity verification algorithm of the present application may also be included. The established wireless network described in the specific product application may include a WIFI network.

The application also provides an identity verification system, the system may include:

The client can be used to scan the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; it can also be used to utilize the stored decryption algorithm Decrypting the extracted encrypted first verification code; can also be used to send the decryption result of the extracted encrypted first verification code to the server through the wireless network;

The server can be used to obtain the user's account information, and based on the stored user information to query the encryption algorithm corresponding to the obtained account information; it can also be used to use the queried encryption algorithm to verify the server's first verification code Encryption is performed to form an encrypted first verification code; a wireless network can also be established, and a network name in an agreed format is set for the established wireless network; the network name includes the encrypted first verification code; it can also receive the decryption result, and perform authentication according to the decryption result.

Using the identity verification method, client, server and relay device described in the present application, the client can communicate with the server by using the wireless network established by the relay device or the server to perform identity verification. During this authentication process, the network name of the established wireless network can be used to transmit the authentication information. With the various embodiments of the present application, the problem that the identity verification cannot be performed when the wireless communication network of the operator where the user is located is unavailable can be solved. Moreover, by using the present application, the application occasion of identity verification can be greatly improved, and the convenience of identity verification can be improved.

Although the descriptions of protocols including 802.11 are mentioned in the above content, the present application is not limited to the case where protocols including 802.11 must be fully compliant with the specification. A slightly modified transmission mechanism based on some protocols can also implement the solutions of the above embodiments of the present application. Of course, even if the above IP/TCP/UDP protocol is not used, but a private protocol is used, as long as the information exchange and information judgment feedback methods of the above embodiments of the present application are met, the same application can still be implemented, which will not be repeated here.

Those skilled in the art also know that, in addition to implementing the controller in the form of pure computer-readable program code, the controller can be implemented as logic gates, switches, application-specific integrated circuits, programmable logic controllers and embedded devices by logically programming the method steps. The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included therein for realizing various functions can also be regarded as a structure within the hardware component. Or even, the means for implementing various functions can be regarded as both a software module implementing a method and a structure within a hardware component.

The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions.

For the convenience of description, when describing the above device, the functions are divided into various units and described respectively. Of course, when implementing the present application, the functions of each unit may be implemented in one or more software and/or hardware.

From the description of the above embodiments, those skilled in the art can clearly understand that the present application can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in storage media, such as ROM/RAM, magnetic disks , CD-ROM, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments or some parts of the embodiments of the present application.

The various embodiments in this specification are described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the partial descriptions of the method embodiments.

The present application may be used in numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, including A distributed computing environment for any of the above systems or devices, and the like.

The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

Although the application has been described by way of examples, those of ordinary skill in the art will recognize that the application is subject to many modifications and variations without departing from the spirit of the application, and the appended claims are intended to include such modifications and changes without departing from the spirit of the application.

Claims (40)

1. an identity verification method, it is characterised in that the method comprises: The server obtains the user's account information, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information; The server encrypts the first verification code of the server using the queried encryption algorithm to form an encrypted first verification code; The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format; The client uses the stored decryption algorithm to decrypt the encrypted first verification code; the client performs identity verification according to the decryption result of the encrypted first verification code. 2. an identity verification method, it is characterised in that the method comprises: The server obtains the user's account information, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information; The server encrypts the first verification code of the server using the queried encryption algorithm to form an encrypted first verification code; The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format; The client uses the stored decryption algorithm to decrypt the encrypted first verification code, and the client sends the decryption result of the encrypted first verification code to the server through the wireless network; The server receives the decryption result and performs authentication according to the decryption result. 3. An identity verification method according to claim 2, wherein the decryption result of the encrypted first verification code sent by the client to the server comprises: The client succeeds or fails to decrypt the extracted encrypted first verification code. 4. An identity verification method according to claim 2, wherein the decryption result of the encrypted first verification code sent by the client to the server comprises: a second verification code obtained by the client decrypting the encrypted first verification code; Correspondingly, the server receiving the decryption result and performing identity verification according to the decryption result includes: the server receiving the decryption result and extracting the second verification code from the decryption result; the server Compare whether the second verification code is the same as the first verification code, and pass the identity verification when the comparison result is the same. 5. A method for identity verification, wherein the method comprises: The server obtains the user's account information, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information; The server encrypts the first verification code of the server using the queried encryption algorithm to form an encrypted first verification code; The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name conforming to the agreed format; The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code; when the decryption is successful, the client uses the stored decryption algorithm to encrypt the third verification code of the client to form an encrypted third verification code. verification code, and send the encrypted third verification code to the server through the wireless network; The server receives the encrypted third verification code, and decrypts the encrypted third verification code by using an encryption algorithm corresponding to the acquired user's account information; the server decrypts the encrypted third verification code according to the encrypted third verification code. The decryption result of the three-captcha code is used for authentication. 6. A kind of identity verification method as claimed in claim 5, is characterized in that, described server carries out identity verification according to the decryption result of described encrypted third verification code comprises: When successfully decrypting the encrypted third verification code, the server obtains the decrypted fourth verification code; the server compares whether the fourth verification code is the same as the server's preset verification code, and compares the encrypted third verification code. Authentication is passed when the result is the same. 7. a kind of identity verification method as claimed in claim 6, is characterized in that, The third verification code of the client includes a second verification code obtained by decrypting the encrypted first verification code by the client, and the preset verification code of the server includes the first verification code of the server; Correspondingly, comparing, by the server, whether the fourth verification code is the same as a preset verification code of the server includes: comparing, by the server, whether the second verification code is the same as the first verification code of the server; or, The third verification code of the client includes account information of the user of the client, and the preset verification code of the server includes the account information of the user stored by the server; Correspondingly, the server comparing whether the fourth verification code is the same as the preset verification code of the server includes: the server comparing whether the decrypted user account information is the same as the user account information stored by the server. 8. An identity verification method, wherein the method comprises: The relay device obtains the input account information, and sends the obtained account information to the server; The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device; The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; A network name in a network setting convention format; the network name includes the encrypted first verification code; The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format, and uses the stored decryption algorithm to decrypt the encrypted first verification code. A verification code is decrypted; the client performs identity verification according to the decryption result of the encrypted first verification code. 9. An identity verification method, characterized in that the method comprises: The relay device obtains the input account information, and sends the obtained account information to the server; The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device; The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; the relay device establishes a wireless network, and configures the established wireless network The network name in the agreed format; the network name includes the encrypted first verification code; The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; the client uses the stored decryption algorithm to encrypt the extracted decrypt the obtained first verification code, and send the decryption result of the extracted encrypted first verification code to the relay device through the wireless network; The relay device receives the decryption result sent by the client and sends the decryption result to the server; The server receives the decryption result sent by the relay device, and performs authentication according to the decryption result. 10. An identity verification method according to claim 9, wherein the decryption result of the encrypted first verification code sent by the client to the relay device comprises: The client succeeds or fails to decrypt the extracted encrypted first verification code. 11. An identity verification method according to claim 9, wherein the decryption result of the encrypted first verification code sent by the client to the relay device comprises: a second verification code obtained by the client decrypting the encrypted first verification code; Correspondingly, the server receiving the decryption result sent by the relay device, and performing identity verification according to the decryption result includes: the server receiving the decryption result, and extracting the decrypted second verification result from the decryption result. code; the server compares whether the second verification code is the same as the first verification code of the server, and passes the identity verification when the comparison result is the same. 12. An identity verification method, characterized in that the method comprises: The relay device obtains the input account information, and sends the obtained account information to the server; The server receives the account information, and queries the encryption algorithm corresponding to the obtained user account information based on the stored user information; the server sends the encryption algorithm to the relay device; The relay device receives the encryption algorithm, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; the relay device establishes a wireless network, and configures the established wireless network The network name in the agreed format; the network name includes the encrypted first verification code; The client scans the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; the client uses the stored decryption algorithm to encrypt the extracted The first verification code after decryption is decrypted; when the decryption is successful, the client uses the stored decryption algorithm to encrypt the third verification code of the client to form an encrypted third verification code; the client encrypts the encrypted The latter third verification code is sent to the relay device through the wireless network; The relay device receives the encrypted third verification code, and sends the encrypted third verification code to the server; The server receives the encrypted third verification code, and decrypts the encrypted third verification code by using an encryption algorithm corresponding to the acquired user's account information; the server decrypts the encrypted third verification code according to the encrypted third verification code. The decryption result of the three-captcha code is used for authentication. 13. An identity verification method according to claim 12, wherein the server performing identity verification according to the decryption result of the encrypted third verification code comprises: When successfully decrypting the encrypted third verification code, the server obtains the decrypted fourth verification code; the server compares whether the fourth verification code is the same as the server's preset verification code, and compares the encrypted third verification code. Authentication is passed when the result is the same. 14. A kind of identity verification method as claimed in claim 13, is characterized in that, The third verification code of the client includes a second verification code obtained by the client decrypting the encrypted first verification code, and the preset verification code includes the first verification code of the server; Correspondingly, comparing, by the server, whether the fourth verification code is the same as a preset verification code of the server includes: comparing, by the server, whether the second verification code is the same as the first verification code of the server; or, The third verification code of the client includes account information of the client user, and the preset verification code of the server includes the account information of the user stored by the server; Correspondingly, the server comparing whether the fourth verification code is the same as the preset verification code of the server includes: the server comparing whether the decrypted user account information is the same as the user account information stored by the server. 15. An identity verification method, characterized in that the method comprises: The server obtains the user's account information, and queries the encryption algorithm corresponding to the obtained account information based on the stored user information; The server encrypts the first verification code of the server using the queried encryption algorithm to form an encrypted first verification code; The server establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; The server also receives the decryption result of the encrypted first verification code sent by the client or the relay device, and performs identity verification according to the decryption result, and the decryption result of the encrypted first verification code includes: The client extracts the encrypted first verification code from the scanned network name conforming to the agreed format, and uses the stored decryption algorithm to decrypt the encrypted first verification code to obtain a decryption result. 16. An identity verification method according to claim 15, wherein the decryption result of the encrypted first verification code received by the server comprises: The client succeeds or fails to decrypt the encrypted first verification code; or, The client decrypts the encrypted first verification code and obtains the decrypted second verification code; Correspondingly, the server also receives the decryption result of the encrypted first verification code sent by the client or the relay device, and performing identity verification according to the decryption result includes: the server receiving the decryption result sent by the client or the relay device. and extract the decrypted second verification code from the decrypted result; the server compares whether the second verification code is the same as the server's first verification code, and performs identity verification when the comparison results are the same . 17. An identity verification method according to claim 15, characterized in that, the server also receives the encrypted third verification code sent by the client or the relay device, and utilizes an encrypted third verification code corresponding to the acquired user's account information. The corresponding encryption algorithm decrypts the encrypted third verification code; the server performs identity verification according to the decryption result of the encrypted third verification code. 18. An identity verification method according to claim 17, wherein the server performing identity verification according to the decryption result of the encrypted third verification code comprises: When the encrypted third verification code is successfully decrypted, the server obtains the decrypted fourth verification code; the server compares whether the fourth verification code is the same as the server's preset verification code, and according to the The fourth verification code and the comparison result are used for identity verification. 19. A kind of identity verification method as claimed in claim 18, is characterized in that, The third verification code of the client includes a decrypted second verification code obtained by the client decrypting the encrypted first verification code, and the preset verification code of the server includes the first verification code of the server; Correspondingly, the server comparing whether the fourth verification code is the same as the server's preset verification code includes: the server comparing whether the second verification code is the same as the server's first verification code; or, The third verification code of the client includes account information of the user of the client, and the preset feature code of the server includes the account information of the user stored by the server; Correspondingly, the server comparing whether the fourth verification code is the same as the preset verification code of the server includes: the server comparing whether the decrypted user account information is the same as the user account information stored by the server. 20. An identity verification method, characterized in that the method comprises: The client scans the network name of the wireless network; the network name includes the wireless network established by the server and the network name in the agreed format, and the network name includes the account information that the server obtains of the user, and the query and acquisition based on the stored user information. an encryption algorithm corresponding to the account information, and encrypting the first verification code of the server using the queried encryption algorithm to form an encrypted first verification code; The client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code; The client performs identity verification according to the decryption result of the encrypted first verification code. 21. An identity verification method, characterized in that the method comprises: The client scans the network name of the wireless network; the network name includes the wireless network established by the server and the network name in the agreed format, and the network name includes the account information that the server obtains of the user, and the query and acquisition based on the stored user information. The encryption algorithm corresponding to the account information, and encrypting the first verification code of the server using the queried encryption algorithm to form the encrypted first verification code; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format. The first verification code; The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code, and sends the decryption result of the extracted encrypted first verification code to the server or relay device by scanning the wireless network. 22. An identity verification method according to claim 21, wherein the decryption result of the encrypted first verification code sent by the client to the server or the relay device comprises: The client succeeds or fails to decrypt the extracted encrypted first verification code; or, The client decrypts the encrypted first verification code and obtains the decrypted second verification code. 23. An identity verification method, characterized in that the method comprises: The client scans the network name of the wireless network; the network name includes the wireless network established by the server and the network name in the agreed format, and the network name includes the account information that the server obtains of the user, and the query and acquisition based on the stored user information. an encryption algorithm corresponding to the account information, and encrypting the first verification code of the server using the queried encryption algorithm to form an encrypted first verification code; The client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; The client uses the stored decryption algorithm to decrypt the extracted encrypted first verification code; when the decryption is successful, the client uses the stored decryption algorithm to encrypt the third verification code of the client to form an encrypted third verification code. verification code; The client sends the encrypted third verification code to the server or relay device through the wireless network. 24. An identity verification method according to claim 23, wherein the third verification code of the client comprises: the decrypted second verification code obtained by the client decrypting the encrypted first verification code; or, Account information of the user of the client. 25. An identity verification method, characterized in that the method comprises: The relay device obtains the user's account information, and sends the obtained account information to the server; The relay device receives the encryption algorithm sent by the server, and uses the received encryption algorithm to encrypt the first verification code of the relay device to form an encrypted first verification code; the encryption algorithm includes the user information stored by the server based on the stored user information. The queried encryption algorithm corresponding to the obtained account information; The relay device establishes a wireless network, and sets a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; The relay server also receives a decryption result of the encrypted first verification code sent by the client, where the decryption result of the encrypted first verification code includes: a scanned image obtained by the client conforms to the agreed format. The encrypted first verification code is extracted from the network name of , and the decryption result is obtained by decrypting the encrypted first verification code by using the stored decryption algorithm. 26. A kind of identity verification method as claimed in claim 25, is characterized in that, The relay device also receives the feedback result sent by the client, and sends the received feedback result to the server; The feedback results sent by the client and received by the relay device include: The client succeeds or fails to decrypt the encrypted first verification code; or, The client decrypts the encrypted first verification code and obtains the decrypted second verification code; or, The client encrypts the third verification code of the client by using the stored decryption algorithm to obtain the encrypted third verification code. 27. A server for authentication, characterized in that, comprising: an account acquisition unit, used to acquire the user's account information; a user database for storing user information; the user information may include user account information and user encryption algorithm; a query unit, configured to query an encryption algorithm corresponding to the acquired account information based on the stored user information; an encryption unit that generates a first verification code, and is used to encrypt the first verification code by using the queried encryption algorithm to form an encrypted first verification code; a wireless network unit, used for establishing a wireless network, and setting a network name in a predetermined format for the established wireless network; the network name includes the encrypted first verification code; Also includes: The first receiving unit is configured to receive the decryption result of the encrypted first verification code sent by the client or the relay device, where the decryption result of the encrypted first verification code includes: Extract the encrypted first verification code from the network name that conforms to the agreed format, and use the stored decryption algorithm to decrypt the encrypted first verification code to obtain a decryption result; A first identity verification unit, configured to perform identity verification according to the decryption result of the first receiving unit. 28. The server for identity verification according to claim 27, wherein the first identity verification unit comprises: a first extraction unit for extracting the decrypted first verification code from the decrypted result; a first comparison unit for comparing whether the extracted first verification code after decryption is the same as the first verification code generated by the encryption unit; The first verification unit is configured to perform identity verification according to the comparison result of the extracted decrypted first verification code and the first verification code generated by the encryption unit. 29. The authentication server of claim 27, further comprising: a second receiving unit, configured to receive the encrypted third verification code sent by the client or the relay device; a decryption unit, configured to decrypt the encrypted third verification code by using an encryption algorithm corresponding to the obtained user account in the user database; The second identity verification unit is configured to perform identity verification according to the decryption result of the encrypted third verification code. 30. The server for identity verification according to claim 29, wherein the second identity verification unit comprises: a second extraction unit, configured to extract the fourth verification code obtained by the decryption unit decrypting the encrypted third verification code; a second comparison unit, configured to compare whether the fourth verification code is the same as the stored preset verification code; The second verification unit is configured to perform identity verification according to the comparison result between the fourth verification code and the stored preset verification code. 31. The server for identity verification according to claim 30, wherein the preset verification code stored by the second comparison unit comprises: the first verification code generated by the encryption unit; or, User account information stored in the user database. 32. A client for authentication, comprising: The storage unit is used to store the agreed format of the network name; it is also used to store the decryption algorithm of the user's account information; The network scanning unit is configured to scan the network name of the wireless network that conforms to the agreed format based on the stored agreed format of the network name; the network name includes the wireless network established by the server and sets the network name of the agreed format, and the network name is in the specified format. Including the server acquiring the user's account information, and querying the encryption algorithm corresponding to the acquired account information based on the stored user information, and using the inquired encryption algorithm to encrypt the first verification code of the server to form the encrypted first verification code. ; an extraction unit, configured to extract the encrypted first verification code from the scanned network name conforming to the agreed format; The first decryption unit is configured to decrypt the extracted encrypted first verification code based on the stored decryption algorithm. 33. A client for authentication as claimed in claim 32, further comprising: An identity verification unit, configured to perform identity verification based on the decryption result of the first decryption unit. 34. An authentication client as claimed in claim 32, further comprising: A first sending unit, configured to send the decryption result of the extracted encrypted first verification code to a server or a relay device through the wireless network. 35. The client for identity verification according to claim 34, wherein the decryption result of the encrypted first verification code sent by the client to a server or a relay device comprises: The client succeeds or fails to decrypt the extracted encrypted first verification code; or, The client decrypts the encrypted first verification code and obtains the decrypted second verification code. 36. The authentication client of claim 32, further comprising: a first encryption unit, configured to encrypt the third verification code of the client by using the stored decryption algorithm to form the encrypted third verification code when the extracted encrypted first verification code is successfully decrypted; The second sending unit sends the encrypted third verification code to a server or a relay device through the wireless network. 37. The client of claim 36, wherein the third verification code of the client comprises: the decrypted second verification code obtained by the client decrypting the encrypted first verification code; or, Account information of the user of the client. 38. A relay device for identity verification, comprising: an information acquisition unit, used to acquire the user's account information; an information receiving unit, configured to receive an encryption algorithm sent by the server, where the encryption algorithm includes an encryption algorithm corresponding to the acquired account information queried by the server based on the stored user information; an information encryption unit for generating or receiving a first verification code from a server, and encrypting the first verification code by using the received encryption algorithm to form an encrypted first verification code; a wireless network broadcasting unit, used for establishing a wireless network, and setting a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; Also includes: A feedback receiving unit, configured to receive a feedback result sent by the client; the feedback result includes: the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format, and uses The decryption result obtained by the stored decryption algorithm decrypting the encrypted first verification code; The feedback sending unit is used for sending the received feedback result of the client to the server. 39. The relay device for identity verification according to claim 38, wherein the feedback result sent by the client received by the relay device comprises: The client succeeds or fails to decrypt the encrypted first verification code; or, The client decrypts the encrypted first verification code and obtains the decrypted second verification code; or, The client encrypts the third verification code of the client by using the stored decryption algorithm to obtain the encrypted third verification code. 40. An identity verification system, comprising: The client is used to scan the network name of the wireless network; the client extracts the encrypted first verification code from the scanned network name that conforms to the agreed format; it is also used for using the stored decryption algorithm to extract the encrypted first verification code. Decrypting the first verification code; also used for sending the decryption result of the extracted encrypted first verification code to the server through the wireless network; The server is used to obtain the account information of the user, and based on the stored user information, query the encryption algorithm corresponding to the obtained account information; and is also used to encrypt the first verification code of the server by using the obtained encryption algorithm to form an encrypted It is also used to establish a wireless network, and set a network name in an agreed format for the established wireless network; the network name includes the encrypted first verification code; it is also used to receive the decryption result, and perform authentication according to the decryption result.