[go: up one dir, main page]

CN113132317B - Identity authentication method, system and device - Google Patents

Identity authentication method, system and device Download PDF

Info

Publication number
CN113132317B
CN113132317B CN201911415042.0A CN201911415042A CN113132317B CN 113132317 B CN113132317 B CN 113132317B CN 201911415042 A CN201911415042 A CN 201911415042A CN 113132317 B CN113132317 B CN 113132317B
Authority
CN
China
Prior art keywords
mobile phone
phone number
token
verified
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911415042.0A
Other languages
Chinese (zh)
Other versions
CN113132317A (en
Inventor
罗恩
邱浚漾
赖燕燕
刘宇昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Internet Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Internet Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201911415042.0A priority Critical patent/CN113132317B/en
Publication of CN113132317A publication Critical patent/CN113132317A/en
Application granted granted Critical
Publication of CN113132317B publication Critical patent/CN113132317B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an identity authentication method, system and device, and belongs to the technical field of internet. The identity authentication method comprises the following steps: receiving a request data packet sent by a terminal; based on the request data packet, acquiring a prestored mobile phone number and storing the prestored mobile phone number in the local; receiving an authentication request sent by a service server, wherein the authentication request carries a mobile phone number to be authenticated input by a user at a terminal; performing identity authentication on the authentication request, verifying whether the mobile phone number to be authenticated is consistent with the prestored mobile phone number, and obtaining an authentication result that the identity authentication is passed or not; and returning a verification result to the service server. In the invention, in order to provide the security of identity authentication, whether the mobile phone number to be authenticated input by the user is consistent with the prestored mobile phone number is checked to obtain the authentication result that the identity authentication is passed or failed.

Description

一种身份认证方法、系统及装置An identity authentication method, system and device

技术领域technical field

本发明涉及互联网技术领域,尤其涉及一种身份认证方法、系统及装置。The present invention relates to the technical field of the Internet, in particular to an identity authentication method, system and device.

背景技术Background technique

随着科技的不断发展,手机、平板电脑等移动终端越来越普及,很多服务可以通过在移动终端上登录后获取。With the continuous development of science and technology, mobile terminals such as mobile phones and tablet computers are becoming more and more popular, and many services can be obtained after logging in on the mobile terminals.

用户在移动终端上进行登录,通常需要对其身份进行验证。然而,目前身份验证的方法存在安全性较低的问题。When a user logs in on a mobile terminal, his identity usually needs to be verified. However, the current authentication method has the problem of low security.

发明内容Contents of the invention

为了解决为了身份验证的方法安全性交底问题,本发明提供一种身份验证方法、系统和装置。In order to solve the problem of disclosing the security of the identity verification method, the present invention provides an identity verification method, system and device.

第一方面,本发明提供一种身份验证方法,包括:In a first aspect, the present invention provides an identity verification method, comprising:

接收终端发送的请求数据包;Receive the request packet sent by the terminal;

基于所述请求数据包,获取预存手机号并存储于本地;Based on the request data packet, obtain a pre-stored mobile phone number and store it locally;

接收业务服务器发送的验证请求,所述验证请求携带有用户在终端输入的待验证手机号;receiving the verification request sent by the service server, the verification request carrying the mobile phone number to be verified input by the user in the terminal;

对所述验证请求进行身份验证,校验所述待验证手机号与所述预存手机号是否一致,得到身份验证通过或者未通过的验证结果;Perform identity verification on the verification request, check whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, and obtain a verification result whether the identity verification is passed or not;

向所述业务服务器返回所述验证结果。Return the verification result to the service server.

上述的身份验证方法,在所述接收业务服务器发送的验证请求,所述验证请求携带有用户在所述终端输入的待验证手机号中,包括:In the above identity verification method, when the verification request sent by the service server is received, the verification request carries the mobile phone number to be verified input by the user in the terminal, including:

接收由所述业务服务器私钥加密并发送的待验证手机号密文;Receive the ciphertext of the mobile phone number to be verified encrypted and sent by the private key of the business server;

利用公钥解密所述待验证手机号密文,得到所述待验证手机号。Using the public key to decrypt the ciphertext of the mobile phone number to be verified to obtain the mobile phone number to be verified.

上述的身份验证方法,在基于所述请求数据包,获取预存手机号并存储于本地之后,以及在所述接收业务服务器发送的验证请求之前,还包括:The above identity verification method, after obtaining the pre-stored mobile phone number based on the request packet and storing it locally, and before receiving the verification request sent by the service server, further includes:

接收所述终端发送的令牌获取请求;receiving a token acquisition request sent by the terminal;

基于所述令牌获取请求,生成关联所述预存手机号的令牌;Generate a token associated with the pre-stored mobile phone number based on the token acquisition request;

将所述令牌存储于本地,并作为预存令牌,以及,将所述令牌返回所述终端,以作为所述终端的待验证令牌;storing the token locally as a pre-stored token, and returning the token to the terminal as a token to be verified by the terminal;

在所述接收业务服务器发送的验证请求中,所述验证请求还携带有来自所述终端的待验证令牌;In the verification request sent by the receiving service server, the verification request also carries a token to be verified from the terminal;

在所述对所述验证请求进行身份验证中,还包括:In said authenticating said verification request, further comprising:

当所述待验证令牌与所述预存令牌一致时,进入验证所述待验证手机号与所述预存手机号是否一致的步骤。When the token to be verified is consistent with the pre-stored token, enter the step of verifying whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number.

上述的身份验证方法,在所述接收所述终端发送的令牌获取请求之后,以及基于所述令牌获取请求,生成关联所述预存手机号的令牌之前,还包括:The above identity verification method, after receiving the token acquisition request sent by the terminal, and before generating a token associated with the pre-stored mobile phone number based on the token acquisition request, further includes:

验证所述令牌获取请求的HTTP页面地址来源,判断所述令牌获取请求是否与所述预存手机号关联,若是,进入下一步骤。Verify the source of the HTTP page address of the token acquisition request, determine whether the token acquisition request is associated with the pre-stored mobile phone number, and if so, proceed to the next step.

上述的身份验证方法,所述基于所述请求数据包,获取预存手机号并存储于本地中,包括:The above-mentioned identity verification method, based on the request data packet, obtains the pre-stored mobile phone number and stores it locally, including:

获取所述请求数据包中的身份标识;Obtain the identity in the request packet;

根据所述身份标识,查询获取对应的手机号,作为预存手机号并存储于本地。According to the identification, query and obtain the corresponding mobile phone number, which is stored locally as a pre-stored mobile phone number.

第二方面,本发明提供一种身份验证方法,包括:In a second aspect, the present invention provides an identity verification method, comprising:

向认证服务器发送请求数据包;Send a request packet to the authentication server;

接收所述认证服务器返回的状态码;receiving the status code returned by the authentication server;

当所述状态码为请求成功状态码时,显示提示用户输入手机号的界面;When the status code is a successful request status code, an interface prompting the user to input a mobile phone number is displayed;

接收用户输入的手机号,作为待验证手机号;Receive the mobile phone number entered by the user as the mobile phone number to be verified;

将所述待验证手机号经由业务服务器发送至所述认证服务器进行身份验证;Send the mobile phone number to be verified to the authentication server via the service server for identity verification;

接收并显示返回的验证结果,所述验证结果包括所述待验证手机号的身份验证通过或者未通过。Receive and display the returned verification result, the verification result including whether the identity verification of the mobile phone number to be verified passes or fails.

第三方面,本发明提供一种身份验证方法,包括:In a third aspect, the present invention provides an identity verification method, comprising:

接收终端发送的待验证手机号,所述待验证手机号由用户在终端输入;receiving the mobile phone number to be verified sent by the terminal, the mobile phone number to be verified is input by the user at the terminal;

向认证服务器发送验证请求,所述验证请求携带有所述待验证手机号;Sending a verification request to the authentication server, the verification request carrying the mobile phone number to be verified;

接收所述认证服务器返回验证结果,所述验证结果包括所述待验证手机号的身份验证通过或者未通过。Receiving a verification result returned by the verification server, the verification result including whether the identity verification of the mobile phone number to be verified passes or fails.

第四方面,本发明提供一种身份验证系统,包括存储器和处理器;In a fourth aspect, the present invention provides an identity verification system, including a memory and a processor;

所述存储器存储预存手机号;The memory stores a pre-stored mobile phone number;

所述处理器,用于接收终端发送的请求数据包,基于基于所述请求数据包,获取所述终端的手机号,以及接收业务服务器发送的验证请求,对所述验证请求进行身份验证,校验所述待验证手机号与所述预存手机号是否一致,得到身份验证通过或者未通过的验证结果。The processor is configured to receive the request packet sent by the terminal, based on the request packet, obtain the mobile phone number of the terminal, and receive the verification request sent by the service server, perform identity verification on the verification request, and check Check whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, and obtain the verification result of whether the identity verification is passed or not.

第五方面,本发明提供一种装置,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如上任一项所述的方法的步骤。In a fifth aspect, the present invention provides a device, including: a memory, a processor, and a computer program stored on the memory and operable on the processor, when the computer program is executed by the processor, the following is implemented: The steps of any one of the methods described above.

第六方面,本发明提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上任一项所述的方法的步骤。In a sixth aspect, the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of any one of the above methods are implemented.

本发明中,为了提供身份验证的安全性,先基于请求数据包获取预存手机号,再接收业务服务器的验证请求,验证请求中携带有用户在终端输入的待验证手机号,然后对该验证请求进行身份验证,校验待验证手机号与预存手机号是否一致,得到身份验证通过或未通过的验证结果。若验证结果通过,则接收用户输入待验证手机号的终端能够与业务服务器进行业务连接。In the present invention, in order to provide the security of identity verification, first obtain the pre-stored mobile phone number based on the request data packet, and then receive the verification request from the service server. The verification request carries the mobile phone number to be verified input by the user at the terminal, and then Perform identity verification, verify whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, and obtain the verification result of whether the identity verification is passed or not. If the verification result is passed, the terminal that receives the user's input of the mobile phone number to be verified can perform a business connection with the service server.

附图说明Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本发明的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention, and constitute a part of the present invention. The schematic embodiments of the present invention and their descriptions are used to explain the present invention, and do not constitute improper limitations to the present invention. In the attached picture:

图1为本发明实施一中身份验证方法的流程图;Fig. 1 is a flow chart of the present invention implementing an identity verification method;

图2为本发明实施二中身份验证方法的流程图;Fig. 2 is the flow chart of the present invention implementing two identity verification methods;

图3为本发明实施三中身份验证方法的流程图。Fig. 3 is a flow chart of implementing three identity verification methods in the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明具体实施例及相应的附图对本发明技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be clearly and completely described below in conjunction with specific embodiments of the present invention and corresponding drawings. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

实施例一Embodiment one

图1为本发明一示范性实施例中身份验证方法的流程图,身份验证方法包括如下步骤:Fig. 1 is a flowchart of an identity verification method in an exemplary embodiment of the present invention, and the identity verification method includes the following steps:

S1020:接收终端发送的请求数据包。该数据包为HTTP请求数据包,数据包中结构中包括请求行、消息头和消息正文。请求行包括请求类型、请求资源路径、协议的版本和类型。S1020: Receive a request packet sent by the terminal. The data packet is an HTTP request data packet, and the structure in the data packet includes a request line, a message header and a message body. The request line includes request type, request resource path, version and type of protocol.

S1040:基于请求数据包,获取预存手机号并存储于本地。存储于本地的预存手机号备用,以用于进行身份验证时进行号码校验。S1040: Based on the request data packet, obtain the pre-stored mobile phone number and store it locally. The pre-stored mobile phone number stored locally is used for number verification during identity verification.

S1080:接收业务服务器发送的验证请求,验证请求携带有用户在终端输入的待验证手机号。验证请求可以是HTML5技术的交互网页应用的身份验证请求。终端上具有供用户输入手机号码的窗口,接收用户输入的手机号码后将该号码作为待验证手机号发送至业务服务器,业务服务器获取该待验证手机号后向认证服务器发送验证请求。S1080: Receive the verification request sent by the service server, where the verification request carries the mobile phone number to be verified input by the user in the terminal. The verification request may be an identity verification request of an interactive web application of HTML5 technology. The terminal has a window for the user to input a mobile phone number. After receiving the mobile phone number input by the user, the number is sent to the service server as the mobile phone number to be verified. After obtaining the mobile phone number to be verified, the service server sends a verification request to the authentication server.

S1100:对验证请求进行身份验证,校验待验证手机号与预存手机号是否一致,得到身份验证通过或者未通过的验证结果。身份验证中,若待验证手机号与S1040中获取的预存手机号一致,则身份验证通过,表明接收用户输入的待验证手机号的终端可以与业务服务器进行业务连接;否则,未通过,则不能进行业务连接。当然,在部分特殊实施例中,若待验证手机号与S1040中获取的预存手机号一致,则身份验证不通过;反之亦然。S1100: Perform identity verification on the verification request, verify whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, and obtain a verification result of passing or failing the identity verification. In identity verification, if the mobile phone number to be verified is consistent with the pre-stored mobile phone number obtained in S1040, the identity verification is passed, indicating that the terminal receiving the mobile phone number to be verified input by the user can perform business connections with the service server; otherwise, if it fails, it cannot Make business connections. Certainly, in some special embodiments, if the mobile phone number to be verified is consistent with the pre-stored mobile phone number obtained in S1040, the identity verification fails; and vice versa.

S1120:向业务服务器返回验证结果。业务服务器接收到该待验证手机号是否通过身份验证的验证结果后,可以决定是否与接收用户输入的待验证手机号的终端进行业务连接。S1120: Return the verification result to the service server. After receiving the verification result of whether the mobile phone number to be verified has passed the identity verification, the business server may decide whether to establish a service connection with the terminal receiving the mobile phone number to be verified input by the user.

本发明实施例中,先基于请求数据包获取预存手机号,再接收业务服务器的验证请求,验证请求中携带有用户在终端输入的待验证手机号,然后对该验证请求进行身份验证,校验待验证手机号与预存手机号是否一致,得到身份验证通过或未通过的验证结果。此外,在验证过程中,用户仅需要输入因此手机号码,即可以判断该是否通过身份验证,无需接收和回填短信验证码,对用户而言,身份认证耗时时间较短。In the embodiment of the present invention, the pre-stored mobile phone number is first obtained based on the request data packet, and then the verification request from the service server is received. Whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, and the verification result of identity verification passed or failed is obtained. In addition, during the verification process, the user only needs to enter the mobile phone number to judge whether the user has passed the identity verification, and there is no need to receive and fill in the SMS verification code. For the user, identity verification takes less time.

其中,S1040中包括S1041和S1042:Among them, S1040 includes S1041 and S1042:

S1041:获取请求数据包中的身份标识。可以根据请求数据包中的请求行获取身份标识,该身份标识可以是临时性身份标识,如TEID(Tunnle End point indertifiler,隧道端点标识),或者是其他的临时身份标识,此处不再赘述。S1041: Obtain the identity in the request data packet. The identity can be obtained according to the request line in the request packet. The identity can be a temporary identity, such as TEID (Tunnle End point indertifiler, tunnel endpoint identifier), or other temporary identity, which will not be described here.

S1042:根据身份标识,查询获取对应的手机号,作为预存手机号并存储于本地。基于上述身份标识,从预存的身份标识与手机号的对应关系中,查询获得对应的手机号,即获得发送该请求数据包的终端的手机号,以作为预存手机号。S1042: According to the identification, query and obtain the corresponding mobile phone number, and store it locally as a pre-stored mobile phone number. Based on the above identification, from the pre-stored correspondence between the identification and the mobile phone number, query to obtain the corresponding mobile phone number, that is, obtain the mobile phone number of the terminal sending the request data packet as the pre-stored mobile phone number.

具体的,S1041和S1042中的执行主体可以是网关。当然,在S1020之前,网关获取了各联网手机的session会话,且各session会话中存储有相应的TEID和对应的手机号码。使得在S1040中,可以基于请求数据包,获取该数据包中的TEID,进而网关根据该数据包中的TEID查找匹配手机号码。网关获取该手机号码后将其发送给认证服务器。Specifically, the execution subject in S1041 and S1042 may be a gateway. Certainly, before S1020, the gateway obtains the sessions of each networked mobile phone, and each session stores a corresponding TEID and a corresponding mobile phone number. So that in S1040, based on the request data packet, the TEID in the data packet can be obtained, and then the gateway searches for a matching mobile phone number according to the TEID in the data packet. After the gateway obtains the mobile phone number, it sends it to the authentication server.

在S1040之后,还包括S1050:向终端返回状态码,当获取到预存手机号时,状态码为成功状态码。具体的,认证服务器向终端返回的是响应数据包,响应数据包中包括状态码。响应数据包的结构包括状态行、消息头和消息正文。状态行中包括状态码,状态码为一个数字,不同的数字代表不同的含义。由于在S1040中获取到预存手机号,显然,S1050中返回的是成功的状态码,则可以进入下一步骤,否则,身份验证失败,且可以退出身份验证的流程。After S1040, S1050 is further included: return a status code to the terminal, and when the pre-stored mobile phone number is obtained, the status code is a success status code. Specifically, what the authentication server returns to the terminal is a response data packet, and the response data packet includes a status code. The structure of the response packet includes the status line, message header and message body. The status line includes a status code, which is a number, and different numbers represent different meanings. Since the pre-stored mobile phone number is obtained in S1040, obviously, the status code returned in S1050 is a successful status code, and the next step can be entered; otherwise, the identity verification fails, and the identity verification process can be exited.

在接收业务服务器发送的验证请求中,可以不仅校验待验证手机号与预存手机号是否一致,还可以对令牌进行校验。因此,在S1040和S1080之间,还包括步骤S1062、S1064和S1066。In receiving the verification request sent by the service server, it is not only possible to verify whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, but also to verify the token. Therefore, between S1040 and S1080, steps S1062, S1064 and S1066 are also included.

S1062:接收终端发送的令牌获取请求。当终端接收到成功返回码时,则可以向认证服务器发送令牌获取请求,该令牌可以为token令牌。S1062: Receive a token acquisition request sent by the terminal. When the terminal receives the successful return code, it can send a token acquisition request to the authentication server, and the token can be a token token.

S1064:基于令牌获取请求,生成关联预存手机号的令牌。基于令牌获取请求,生成关联预存手机号的令牌。S1064: Generate a token associated with the pre-stored mobile phone number based on the token acquisition request. Generate a token associated with a pre-stored mobile phone number based on the token acquisition request.

S1066:将令牌存储于本地,并作为预存令牌,以及,将令牌返回终端,以作为终端的待验证令牌。令牌存储于本地,作为预存令牌,以备后续校验待验证令牌。同时,将令牌返回终端。S1066: Store the token locally as a pre-stored token, and return the token to the terminal as a token to be verified by the terminal. The token is stored locally as a pre-stored token for subsequent verification of the token to be verified. At the same time, return the token to the terminal.

对应的,在S1080中,验证请求还携带有来自终端的待验证令牌。在S1100中,包括:当待验证令牌与预存令牌一致时,进入验证待验证手机号与预存手机号是否一致的步骤;否则,身份验证失败且可以退出身份验证的流程。换言之,本发明实施例中,进行身份验证时,不仅校验待验证手机号和预存手机号是否一致,在此之前,还应校验待验证令牌与预存令牌是否一致,当待验证手机号与待验证令牌均校验通过时,则得到身份验证通过的验证结果。Correspondingly, in S1080, the verification request also carries the token to be verified from the terminal. In S1100, it includes: when the token to be verified is consistent with the pre-stored token, enter the step of verifying whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number; otherwise, the identity verification fails and the identity verification process can be exited. In other words, in the embodiment of the present invention, when performing identity verification, not only is it checked whether the mobile phone number to be verified is consistent with the pre-stored mobile phone number, but before that, it is also checked whether the token to be verified is consistent with the pre-stored token. When both the account number and the token to be verified pass the verification, the verification result of identity verification is obtained.

在上述S1062和S1064之间,还可以包括S1063:验证令牌获取请求的HTTP页面地址来源,判断令牌获取请求是否与预存手机号关联,若是,进入下一步骤。Between the above S1062 and S1064, S1063 may also be included: Verify the source of the HTTP page address of the token acquisition request, determine whether the token acquisition request is associated with the pre-stored mobile phone number, and if so, proceed to the next step.

在步骤S1080中,为了提高安全性,接收到的待验证手机号为密文,具体的,接收由业务服务器私钥加密并发送的待验证手机号密文,然后利用公钥解密该待验证手机号密文,得到待验证手机号。若能用公钥解开密文,则表明签名校验通过,接收到的待验证手机号密文未被篡改。当然,作为另一种实施方式,接收到的也可以不是经过加密的待验证手机号密文,而是待验证手机号明文,自然地,也就无需解密。In step S1080, in order to improve security, the mobile phone number to be verified is received as ciphertext, specifically, the ciphertext of the mobile phone number to be verified is received encrypted and sent by the private key of the service server, and then the mobile phone number to be verified is decrypted using the public key Number ciphertext to get the phone number to be verified. If the ciphertext can be decrypted with the public key, it indicates that the signature verification has passed, and the received ciphertext of the mobile phone number to be verified has not been tampered with. Of course, as another implementation, what is received may not be the encrypted ciphertext of the mobile phone number to be verified, but the plaintext of the mobile phone number to be verified. Naturally, there is no need to decrypt it.

此外,本发明实施例中,在接收业务服务器发送的验证请求(S1080)之后,以及对验证请求进行身份验证(S1100)之前,还可以包括:对业务服务器的IP地址进行校验,IP地址校验通过后进行下一步;否则,退出身份验证流程。In addition, in the embodiment of the present invention, after receiving the verification request sent by the service server (S1080), and before performing identity verification on the verification request (S1100), it may also include: verifying the IP address of the service server, verifying the IP address After passing the verification, proceed to the next step; otherwise, exit the identity verification process.

本发明实施例中,还可以包括:认证服务器均对接收到的终端发送的信息,或者业务服务器发送的信息进行身份标识校验,当身份标识校验通过后进入下一步;否则,退出身份验证流程。In the embodiment of the present invention, it may also include: the authentication server performs identity verification on the received information sent by the terminal or the information sent by the service server, and enters the next step after the identity verification is passed; otherwise, exits the identity verification process.

此外,在认证服务器、终端以及业务服务器之间的接口数据传输,均以https加密的形式传输数据。In addition, the interface data transmission between the authentication server, the terminal and the business server, all transmit data in the form of https encryption.

本发明实施例中,除上述S1041和S1042所提的执行主体为网关外,其他步骤的执行主体可以是认证服务器。当然,网关可以集成于认证服务器上,也可以与认证服务器分离设置。In the embodiment of the present invention, except that the execution subject mentioned in S1041 and S1042 is the gateway, the execution subject of other steps may be the authentication server. Of course, the gateway can be integrated on the authentication server, or can be set separately from the authentication server.

实施例二Embodiment two

图2为本发明一示范性实施例中身份认证方法的流程图,具体流程如下。Fig. 2 is a flow chart of an identity authentication method in an exemplary embodiment of the present invention, and the specific process is as follows.

S2020:向认证服务器发送请求数据包。该数据包为HTTP请求数据包,数据包中结构中包括请求行、消息头和消息正文。请求行包括请求类型、请求资源路径、协议的版本和类型。S2020: Send a request packet to the authentication server. The data packet is an HTTP request data packet, and the structure in the data packet includes a request line, a message header and a message body. The request line includes request type, request resource path, version and type of protocol.

S2040:接收认证服务器返回的状态码。具体的,认证服务器向终端返回的是响应数据包,响应数据包中包括状态码。响应数据包的结构包括状态行、消息头和消息正文。状态行中包括状态码,状态码为一个数字,不同的数字代表不同的含义S2040: Receive the status code returned by the authentication server. Specifically, what the authentication server returns to the terminal is a response data packet, and the response data packet includes a status code. The structure of the response packet includes the status line, message header and message body. The status line includes the status code, the status code is a number, and different numbers represent different meanings

S2060:当状态码为请求成功状态码时,显示提示用户输入手机号的界面。当状态码为成功状态码时,则可以进入下一步,即在终端上显示提示用户输入手机号的窗口,用户在该窗口输入登录手机号,即待验证手机号。S2060: When the status code is the request success status code, display an interface prompting the user to input a mobile phone number. When the status code is a successful status code, you can enter the next step, that is, display a window on the terminal prompting the user to enter the mobile phone number, and the user enters the login mobile phone number in this window, that is, the mobile phone number to be verified.

S2080:将待验证手机号经由业务服务器发送至认证服务器进行身份验证。待验证手机号发送至业务服务器后,由业务服务器发送至认证服务器进行身份验证。S2080: Send the mobile phone number to be verified to the authentication server via the service server for identity verification. After the mobile phone number to be verified is sent to the service server, the service server sends it to the authentication server for identity verification.

S2100:接收返回的验证结果,验证结果包括待验证手机号的身份验证通过或者未通过。S2100: Receive a returned verification result, where the verification result includes whether the identity verification of the mobile phone number to be verified passes or fails.

S2100中,还可以包括:显示验证结果。验证结果显示于终端的显示界面上,使得用户得知身份验证结果,以选择下一步操作,终端还可以根据验证结果跳转到不同的页面上。In S2100, it may further include: displaying a verification result. The verification result is displayed on the display interface of the terminal, so that the user can know the identity verification result to choose the next operation, and the terminal can also jump to different pages according to the verification result.

在S2040和S2060之间,还包括S2052、S2054和S2056。Between S2040 and S2060, it also includes S2052, S2054 and S2056.

S2052:向认证服务器发送获取令牌请求;S2052: Send a token acquisition request to the authentication server;

S2056:接收认证服务器返回的令牌,作为终端的待验证令牌。S2056: Receive the token returned by the authentication server as the token to be verified by the terminal.

在步骤S2080中,还包括:将待验证令牌经由业务服务器发送至认证服务器进行身份验证,且在待验证令牌与认证服务器中的预存令牌一致后,校验待验证手机号。In step S2080, it also includes: sending the token to be verified to the authentication server via the service server for identity verification, and verifying the mobile phone number to be verified after the token to be verified is consistent with the pre-stored token in the authentication server.

本发明实施例中,其执行主体可以是终端。In the embodiment of the present invention, its execution subject may be a terminal.

实施例三Embodiment Three

图3为本发明一示范性实施例中身份认证方法的流程图,本发明实施例三中的执行主体可以为业务服务器,具体流程如下。FIG. 3 is a flowchart of an identity authentication method in an exemplary embodiment of the present invention. The execution subject in Embodiment 3 of the present invention may be a service server, and the specific process is as follows.

S3020:接收终端发送的待验证手机号,待验证手机号由用户在终端输入。接收到用户在终端输入的手机号码即为待验证手机号。S3020: Receive the mobile phone number to be verified sent by the terminal, and the mobile phone number to be verified is input by the user in the terminal. The mobile phone number to be verified is the mobile phone number to be verified after receiving the mobile phone number input by the user on the terminal.

S3040:向认证服务器发送验证请求,验证请求携带有待验证手机号。基于上述待验证手机号,生成验证请求并发送至认证服务器。S3040: Send a verification request to the authentication server, where the verification request carries the mobile phone number to be verified. Based on the mobile phone number to be verified above, a verification request is generated and sent to the authentication server.

S3060:接收认证服务器返回验证结果,验证结果包括待验证手机号的身份验证通过或者未通过。经过认证服务器的校验后,收到验证结果。S3060: Receive a verification result returned by the authentication server, and the verification result includes whether the identity verification of the mobile phone number to be verified passes or fails. After being verified by the authentication server, the verification result is received.

其中,在S3040中,待验证手机号由业务服务器加密呈密文状态后发送至认证服务器。Wherein, in S3040, the mobile phone number to be verified is encrypted by the service server in a ciphertext state and then sent to the authentication server.

在S3020中,还包括:接收终端发送的待验证令牌。对应的,在S3040中,向认证服务器发送的验证请求中携带有待验证令牌。In S3020, further comprising: receiving the token to be verified sent by the terminal. Correspondingly, in S3040, the verification request sent to the authentication server carries the token to be verified.

本发明实施例中,身份验证方法还包括S3080:将验证结果发送至终端。若验证结果为通过,则可以显示该验证结果,并跳转页面;若验证结果为未通过,同样也可以显示该验证结果。In the embodiment of the present invention, the identity verification method further includes S3080: sending the verification result to the terminal. If the verification result is passed, the verification result may be displayed and a page may be redirected; if the verification result is failed, the verification result may also be displayed.

实施例四Embodiment Four

本发明实施例提供一种身份验证系统、一种装置,以及计算机可读存储介质。Embodiments of the present invention provide an identity verification system, a device, and a computer-readable storage medium.

本发明实施例提供一种身份验证系统,包括存储器和处理器。存储器存储预存手机号。处理器,用于接收终端发送的请求数据包,基于基于请求数据包,获取终端的手机号,以及接收业务服务器发送的验证请求,对验证请求进行身份验证,校验待验证手机号与预存手机号是否一致,得到身份验证通过或者未通过的验证结果。An embodiment of the present invention provides an identity verification system, including a memory and a processor. The memory stores the pre-stored mobile phone number. The processor is used to receive the request data packet sent by the terminal, obtain the mobile phone number of the terminal based on the request data packet, and receive the verification request sent by the service server, perform identity verification on the verification request, and verify the mobile phone number to be verified and the pre-stored mobile phone number The numbers are consistent, and the verification result of whether the identity verification is passed or failed is obtained.

本发明实施例提供的身份验证系统还可以执行图1-图3中图像识别系统执行的方法,并实现身份验证统在图1-图3中所示实施例的功能,在此不再赘述。The identity verification system provided by the embodiment of the present invention can also execute the method performed by the image recognition system in FIGS. 1-3 , and realize the functions of the identity verification system shown in the embodiments shown in FIGS. 1-3 , which will not be repeated here.

本发明实施例提供的一种装置,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,计算机程序被所述处理器执行时实现上述身份验证方法的步骤。A device provided by an embodiment of the present invention includes: a memory, a processor, and a computer program stored on the memory and operable on the processor. When the computer program is executed by the processor, the above identity verification method is implemented. A step of.

本发明实施例还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述身份验证方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的计算机可读存储介质,如只读存储器(Read-Only Memory,简称ROM)、随机存取存储器(Random Access Memory,简称RAM)、磁碟或者光盘等。The embodiment of the present invention also provides a computer-readable storage medium. A computer program is stored on the computer-readable storage medium. When the computer program is executed by a processor, each process of the above-mentioned identity verification method embodiment is realized, and the same technology can be achieved. Effect, in order to avoid repetition, will not repeat them here. Wherein, the computer-readable storage medium is, for example, a read-only memory (Read-Only Memory, ROM for short), a random access memory (Random Access Memory, RAM for short), a magnetic disk or an optical disk, and the like.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this document, the term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus comprising that element.

以上所述的具体实例,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施例而已,并不用于限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific examples described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the present invention. Within the spirit and principles of the present invention, any modifications, equivalent replacements, improvements, etc., shall be included in the protection scope of the present invention.

Claims (8)

1. An identity verification method, comprising:
receiving a request data packet sent by a terminal;
based on the request data packet, acquiring a prestored mobile phone number and storing the prestored mobile phone number in the local;
receiving a token acquisition request sent by the terminal;
generating a token associated with the prestored mobile phone number based on the token acquisition request;
storing the token locally as a pre-stored token, and returning the token to the terminal as a token to be verified of the terminal;
in a verification request sent by a receiving service server, the verification request also carries a token to be verified from the terminal; receiving an authentication request sent by a service server, wherein the authentication request carries a mobile phone number to be authenticated input by a user at a terminal;
when the token to be verified is consistent with the prestored token, the step of verifying whether the mobile phone number to be verified is consistent with the prestored mobile phone number is carried out;
performing identity authentication on the authentication request, and checking whether the mobile phone number to be authenticated is consistent with the prestored mobile phone number to obtain an authentication result of passing or failing the identity authentication;
and returning the verification result to the service server.
2. The identity authentication method according to claim 1, wherein the receiving an authentication request sent by the service server, where the authentication request carries a to-be-authenticated mobile phone number input by the user at the terminal, comprises:
receiving a cipher text of the mobile phone number to be verified, which is encrypted and sent by the service server private key;
and decrypting the cipher text of the mobile phone number to be verified by using the public key to obtain the mobile phone number to be verified.
3. The identity authentication method according to claim 1, wherein after the receiving a token acquisition request sent by the terminal and before generating a token associated with the pre-stored mobile phone number based on the token acquisition request, further comprising:
and verifying the HTTP page address source of the token acquisition request, judging whether the token acquisition request is associated with the prestored mobile phone number, and if so, entering the next step.
4. The identity verification method according to claim 1, wherein the obtaining of the pre-stored mobile phone number and the storing of the pre-stored mobile phone number in the local area based on the request data packet comprises:
acquiring the identity in the request data packet;
and inquiring and acquiring the corresponding mobile phone number according to the identity, and storing the corresponding mobile phone number as a pre-stored mobile phone number in the local.
5. An identity verification method, comprising:
sending a request data packet to an authentication server;
receiving a status code returned by the authentication server;
when the status code is the request success status code, displaying an interface for prompting the user to input the mobile phone number, and taking the mobile phone number input by the user as the mobile phone number to be verified;
sending a token acquisition request to the authentication server;
receiving a token returned by the authentication server, and taking the token as a token to be verified of the terminal;
the token to be verified is sent to the authentication server through the service server for identity verification, and after the token to be verified is consistent with a pre-stored token in the authentication server, the mobile phone number to be verified is verified;
the mobile phone number to be verified is sent to the authentication server through the service server for identity verification;
and receiving and displaying a returned verification result, wherein the verification result comprises that the identity of the mobile phone number to be verified passes or fails.
6. An identity verification system comprising a memory and a processor, implementing the steps of the method of any one of claims 1 to 5;
the memory stores prestored mobile phone numbers;
the processor is used for receiving a request data packet sent by a terminal, acquiring the mobile phone number of the terminal based on the request data packet, receiving a verification request sent by a service server, performing identity verification on the verification request, checking whether the mobile phone number to be verified is consistent with the prestored mobile phone number, and obtaining a verification result that the identity verification passes or fails.
7. An apparatus, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 5.
8. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
CN201911415042.0A 2019-12-31 2019-12-31 Identity authentication method, system and device Active CN113132317B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911415042.0A CN113132317B (en) 2019-12-31 2019-12-31 Identity authentication method, system and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911415042.0A CN113132317B (en) 2019-12-31 2019-12-31 Identity authentication method, system and device

Publications (2)

Publication Number Publication Date
CN113132317A CN113132317A (en) 2021-07-16
CN113132317B true CN113132317B (en) 2023-03-21

Family

ID=76770504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911415042.0A Active CN113132317B (en) 2019-12-31 2019-12-31 Identity authentication method, system and device

Country Status (1)

Country Link
CN (1) CN113132317B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113688374B (en) * 2021-10-25 2022-04-01 荣耀终端有限公司 Verification method and electronic device
CN113993127B (en) * 2021-12-28 2022-05-06 支付宝(杭州)信息技术有限公司 Method and device for realizing one-key login service
CN114679336B (en) * 2022-05-10 2024-04-12 北京自如信息科技有限公司 Authentication method, authentication system, authentication device, and readable storage medium
CN118940243B (en) * 2024-08-08 2025-09-26 宁波银行股份有限公司 Business information query method and related equipment based on SMS verification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697379A (en) * 2005-06-22 2005-11-16 王李琰 A method for authenticating user identity of public network security communication service based on identification cryptographic technology
CN110266642A (en) * 2019-05-15 2019-09-20 网宿科技股份有限公司 Identity authentication method, server and electronic device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108990059B (en) * 2017-06-02 2021-06-29 创新先进技术有限公司 Verification method and device
CN109951423B (en) * 2017-12-20 2021-09-10 金联汇通信息技术有限公司 System, method and device for identity authentication and server
CN108712439B (en) * 2018-05-31 2021-06-29 中国联合网络通信集团有限公司 User information management method, device, server and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697379A (en) * 2005-06-22 2005-11-16 王李琰 A method for authenticating user identity of public network security communication service based on identification cryptographic technology
CN110266642A (en) * 2019-05-15 2019-09-20 网宿科技股份有限公司 Identity authentication method, server and electronic device

Also Published As

Publication number Publication date
CN113132317A (en) 2021-07-16

Similar Documents

Publication Publication Date Title
CN113132317B (en) Identity authentication method, system and device
US10755279B2 (en) Methods, systems and products for authentication
CN103067337B (en) Identity federation method, identity federation intrusion detection & prevention system (IdP), identity federation service provider (SP) and identity federation system
CN102946384B (en) User authentication method and equipment
CN104883367B (en) A kind of method, system and applications client that auxiliary verification logs in
WO2016015436A1 (en) Platform authorization method, platform server, application client, system, and storage medium
CN103001770B (en) A kind of user rs authentication method, server and system
CN108322416B (en) Security authentication implementation method, device and system
CN111404695B (en) Token request verification method and device
CN108040065A (en) Webpage redirect after exempt from login method, device, computer equipment and storage medium
CN108833431B (en) Password resetting method, device, equipment and storage medium
CN102217280A (en) Method, system, and server for user service authentication
CN110213195A (en) A kind of login authentication method, server and user terminal
JP2001186122A (en) Authentication system and authentication method
CN115766056A (en) Interface security protection processing method and device
CN102045329B (en) Single point login method, login initiating terminal, target terminal and verification center
CN112383401B (en) User name generation method and system for providing identity authentication service
CN102811369B (en) Security authentication method during video sharing and handheld equipment
CN115460019B (en) Method, apparatus, device and medium for providing digital identity-based target application
CN106911628A (en) A kind of user registers the method and device of application software on the client
CN108449568A (en) Identity identifying method and device for video conference
CN106357669B (en) A kind of Web system login method and log in auxiliary system
CN114422233A (en) Login method and system for private device
CN109257177B (en) Key generation method, system, mobile terminal, server and storage medium
TWI684884B (en) Identity authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant