TW201828131A - Method and device for registering and authenticating information comprising an authenticating server - Google Patents

Abstract

The present application discloses an information registration and authentication method and device. The registration method includes: sending a standard information registration request to an authentication server, receiving a first authentication information fed back by an authentication server, generating a standard information acquisition request, and acquiring standard information. The request and the first authentication information are sent to the security information application, and the obtained standard information of the signature returned by the security information application after the first authentication information is verified and the identity information of the standard information, wherein the signed standard information is obtained The security information application is signed by using the second authentication information, and the signed standard information, the identity information of the standard information, and the first authentication information are sent to the authentication server, so that the authentication server is After the first authentication information is authenticated and passed, and the second authentication information is authenticated according to the signed standard information, the device registers the standard information and the identity information of the standard information.

Description

 Information registration, authentication method and device  

This application relates to the field of computer technology, and more particularly to an information registration and authentication method and apparatus.

With the development of information technology, users can easily access various types of applications (such as software developers, websites, etc.) installed in terminals (such as mobile phones, tablets, etc.). Business services. For business services provided in business applications, certain categories of business services have a higher level of security, such as payment services, transfer services, and so on. Business services with higher security levels often require users to provide corresponding security information (such as passwords, biometric information, etc.) and authenticate the security information provided by users before completing business services.

For the above-mentioned business services that require users to provide security information, the user's security information is usually obtained as standard information (the standard information will be used as the certification standard for the subsequent authentication process) before the user first uses the service service, so as to follow up. The security information entered by the user is compared. In the process of obtaining the user's security information, the business application needs to use the security information application in the terminal (for example, the bio-information management application, which is responsible for collecting and storing the biometric information input by the user, and the bio-information management application is installed by the terminal manufacturer. In the terminal, the security information of the user is obtained.

In order to make the call between the business application and the security information application and the information transmission more convenient, in the prior art, the terminal system (such as the Android M system) runs the security information application in a Rich Execution Environment (Rich Execution Environment, REE) in the architecture. REE has a rich call support, making the security information application running in REE more easily called by different business applications, and more convenient to transfer the information required by each business application.

However, REE is not a secure environment. In the process of transmitting information between security information applications and business applications, security information is easily intercepted and tampered with by illegal operators during transmission. Especially for standard information, since the service provider has not saved the standard information provided by the user before, the authenticity of the standard information cannot be recognized. Once the standard information is tampered with during the transmission, the service provider still It will receive the falsified standard information and serve as the certification standard in the subsequent certification process. Obviously, this will result in illegal operators obtaining various business services in the name of the user.

The embodiment of the present application provides a method and device for registering and authenticating information, which is used to solve the problem of low security when registering using security information in the prior art.

An information registration method provided by the embodiment of the present application includes: sending a standard information registration request to an authentication server; receiving first authentication information fed back by the authentication server; generating a standard information acquisition request, and acquiring the standard information acquisition request and Sending the first authentication information to the security information application, acquiring the signed standard information returned by the security information after the first authentication information is authenticated, and the identity identifier of the standard information, where the signature The subsequent standard information is that the security information application uses the second authentication information for signing; the signed standard information, the identity information of the standard information, and the first authentication information are sent to the authentication server, so that After the authentication server authenticates the first authentication information and authenticates the second authentication information according to the signed standard information, the authentication server registers the standard information and the identity information of the standard information.

An information registration method is further provided by the embodiment of the present application, comprising: receiving a first authentication information and a standard information obtaining request sent by a service application; authenticating the first authentication information, and using the second authentication after the authentication is passed The standard information after the information is signed, and the identity of the standard information is returned to the service application, so that the service application sends the signed standard information and the identity information of the standard information to the authentication server, so that After the authentication server authenticates the first authentication information and authenticates the second authentication information according to the signed standard information, the authentication server registers the standard information and the identity information of the standard information.

An information registration method is further provided by the embodiment of the present application, comprising: the authentication server receiving a standard information registration request sent by the service application; generating the first authentication information according to the standard information registration request, and feeding back to the service application; Decoding the signed standard information sent by the service application, the identity identifier of the standard information, and the first authentication information; wherein the signed standard information is that the security information application uses the second authentication information to sign and send to Applying the first authentication information to the first authentication information, and authenticating the second authentication information according to the signed standard information; and authenticating the first authentication information and the second authentication information After passing, the standard information and the identity of the standard information are registered.

An information authentication method is provided by the embodiment of the present application, including: sending a verification request for the information to be authenticated to the authentication server; receiving the first authentication information that is sent back by the authentication server; and generating a request for obtaining the information to be authenticated, And the first authentication information is sent to the security information application, and the to-be-authenticated information returned by the security information application after the first authentication information is authenticated and the information to be authenticated are to be authenticated. Sending the information to be authenticated, the identity to be authenticated, and the first authentication information to the authentication server, so that the authentication server is to the first authentication information, the to-be-authenticated The identity identifier and the information to be authenticated are authenticated, and the authentication result is generated and fed back to the service application.

An information authentication method provided by the embodiment of the present application includes: receiving a to-be-authenticated information acquisition request sent by a service application and carrying the first authentication information; authenticating the first authentication information, and after the authentication is passed, The information to be authenticated and the identity of the information to be authenticated are sent to the authentication server through the service application, so that the authentication server authenticates the first authentication information, the identity to be authenticated, and the information to be authenticated. And generating an authentication result and feeding back to the business application.

The information authentication method is further provided by the embodiment of the present application, comprising: the authentication server receiving the verification request for the information to be authenticated sent by the service application; generating the first authentication information according to the verification request, and feeding back to the service application Receiving the information to be authenticated sent by the service application, the identity to be authenticated, and the first authentication information; the first authentication information, the identity to be authenticated, and the to-be-authenticated The information is authenticated, and the authentication result is generated and fed back to the business application.

The information registration device of the present application further includes: a registration requesting module, configured to send a standard information registration request to the authentication server; and a receiving module, configured to receive the first authentication information that is sent back by the authentication server; The obtaining module is configured to generate a standard information obtaining request, and send the standard information obtaining request and the first authentication information to the security information application, where the security information application is returned after the first authentication information is authenticated The signed standard information and the identity of the standard information, wherein the signed standard information is that the security information application uses the second authentication information for signing; the sending module is used for the signed standard The information, the identity identifier of the standard information, and the first authentication information are sent to the authentication server, so that the authentication server authenticates the first authentication information, and according to the signed standard information pair After the second authentication information is authenticated, the standard information and the identity of the standard information are registered.

The information registration device of the present application further includes: a receiving module, configured to receive a first authentication information and a standard information obtaining request sent by the service application; and a signature module, configured to authenticate the first authentication information And after the authentication is passed, the standard information that is signed using the second authentication information, and the identity of the standard information are returned to the business application, so that the business application applies the signed standard information and the standard. The identity of the information is sent to the authentication server, so that the authentication server authenticates the first authentication information, and after the second authentication information is authenticated according to the signed standard information, the standard information is The identity of the standard information is registered.

An information registration device is further provided by the embodiment of the present application, comprising: a registration request receiving module, configured to receive a standard information registration request sent by a service application; and a feedback module, configured to generate a first authentication according to the standard information registration request The information is fed back to the service application; the registration information receiving module is configured to receive the signed standard information sent by the service application, the identity identifier of the standard information, and the first authentication information; wherein the signature The standard information is that the security information application uses the second authentication information for signature and is sent to the service application; the authentication module is configured to authenticate the first authentication information, and according to the signed standard information The second authentication information is used for authentication; the registration module is configured to register the standard information and the identity information of the standard information after the first authentication information and the second authentication information are authenticated.

The information authentication device is further provided by the embodiment of the present application, comprising: a registration request module, configured to send a verification request for the information to be authenticated to the authentication server; and a receiving module, configured to receive the authentication server feedback An authentication information; an obtaining module, configured to generate a to-be-certified information acquisition request, and send the to-be-authenticated information acquisition request and the first authentication information to a security information application, and obtain the security information application in the first a to-be-authenticated information that is returned after the authentication information is authenticated and the identity to be authenticated, and a sending module, configured to send the information to be authenticated, the identity to be authenticated, and the first authentication information to The authentication server is configured to enable the authentication server to authenticate the first authentication information, the identity to be authenticated, and the information to be authenticated, and generate an authentication result to be returned to the service application.

An information authentication apparatus is further provided by the embodiment of the present application, comprising: a receiving module, configured to receive a to-be-authenticated information acquisition request sent by a service application and carrying a first authentication information; and a signature module, configured to use the first The authentication information is authenticated, and after the authentication is passed, the information to be authenticated and the identity of the information to be authenticated are sent to the authentication server through the service application, so that the authentication server is configured to the first authentication information, The identity to be authenticated and the information to be authenticated are authenticated, and the authentication result is generated and fed back to the service application.

The information authentication device of the present application further includes: an authentication request receiving module, configured to receive a verification request for the information to be authenticated sent by the service application; and a feedback module, configured to generate, according to the verification request, The first authentication information is fed back to the service application; the authentication information receiving module is configured to receive the information to be authenticated sent by the service application, the identity to be authenticated to be authenticated, and the first authentication information; And a module, configured to respectively authenticate the first authentication information, the to-be-authenticated identity, and the information to be authenticated, and generate an authentication result to be returned to the service application.

The embodiment of the present application provides an information registration and authentication method and device. When a user needs to register standard information when using a service service, the service application initiates a standard information registration request to the authentication server, and receives the first authentication fed back by the authentication server. After the information is generated, the business application generates a standard information acquisition request and the first authentication information and sends it to the security information application. After the security information application passes the authentication for the first authentication information, the second information is used for the standard information. Signing and determining the identity of the standard information, and then returning the signed standard information and the identity of the standard information to the business application, so that the business application will feedback the security information application, and the first authentication information After being sent to the authentication server, the authentication server is authenticated and the standard information and its identity are registered. As can be seen from the foregoing manner, the first authentication information is used as an identifier of the authentication server, so that the security information application determines the identity of the standard information registrant; and returns the first authentication information of the authentication server, so that the authentication server can determine the information. Whether or not it is tampered with during transmission, and returns the signed standard information of the authentication server, so that the authentication server can determine whether the standard information is provided by the security information application in the terminal, which can effectively ensure that the authentication server can be accurate. It identifies the standard information that has been tampered with during transmission, effectively improving the security when registering standard information.

901‧‧‧Registration Request Module

902‧‧‧ receiving module

903‧‧‧Getting module

904‧‧‧Transmission module

1001‧‧‧ receiving module

1002‧‧‧Signature Module

1101‧‧‧Registration Request Receiver Module

1102‧‧‧Reward module

1103‧‧‧Registered Information Receiver Module

1104‧‧‧Certificate Module

1105‧‧‧ Registration Module

1201‧‧‧Certification Request Module

1202‧‧‧ receiving module

1203‧‧‧Get Module

1204‧‧‧Transmission module

1301‧‧‧ receiving module

1302‧‧‧Signature Module

1401‧‧‧Certificate Request Receiver Module

1402‧‧‧Feedback Module

1403‧‧‧Certified Information Receiving Module

1404‧‧‧Certificate Module

The drawings described herein are intended to provide a further understanding of the present application, and are intended to be a part of this application. In the drawings: FIG. 1 to FIG. 3 are the information registration process provided by the embodiment of the present application; FIG. 4 is a process of information registration in an actual application scenario according to an embodiment of the present application; FIG. The information authentication process is provided in the embodiment of the present application; FIG. 9 is a schematic structural diagram of the information registration device provided in the embodiment of the present application; FIG. 9 to FIG. A schematic diagram of the structure of the information authentication apparatus provided by the application embodiment.

The technical solutions of the present application will be clearly and completely described in the following with reference to the specific embodiments of the present application and the corresponding drawings. It is apparent that the described embodiments are only a part of the embodiments of the present application, and not all of them. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.

As mentioned above, when the service provider receives the standard information for the first time, since the security information related to the standard information has not been stored before, it is impossible to accurately determine whether the standard information is transmitted during the transmission. Was tampered with. If the service provider and the terminal have previously agreed on a series of authentication information and used the authentication information to authenticate the standard information, it is possible to identify whether the standard information has been tampered with during transmission. Based on this, the following information registration and authentication methods are provided in this application.

In the embodiment of the present application, an information registration method is provided. As shown in FIG. 1 , the method includes the following steps:

S101: Send a standard information registration request to the authentication server.

In a practical application scenario, when a user uses a service service with a higher security level (such as a fingerprint payment service) provided by a service application, the user usually needs to provide corresponding security information (such as fingerprint information), especially for the user. In the case of using the service service, the user usually needs to input security information as standard information to compare and verify the security information input when the user subsequently uses the service service.

That is to say, when the user first uses the service service, it is required to register the standard information provided by the user to the corresponding authentication service through the service application. Therefore, in the above steps of the embodiment of the present application, the standard application registration request is sent to the authentication server by the service application running in the terminal.

The terminal described in the present application includes but is not limited to: a mobile terminal, a tablet computer, a smart watch, and the like, and in some scenarios, may also be a computer terminal. The authentication server may be a server for performing security authentication in a service provider background service system, or may be a third-party server dedicated to performing security authentication. Of course, this does not constitute a limitation on the present application.

S102: Receive first authentication information that is sent back by the authentication server.

The first authentication information is identification information that is returned by the authentication server to the service application that issues the standard information registration request, and is used to indicate the identity of the authentication server. In one scenario of the embodiment of the present application, the first authentication information may include a certificate of the authentication service itself.

S103: Generate a standard information obtaining request, send the standard information obtaining request and the first authentication information to the security information application, and obtain the signature that the security information application returns after the first authentication information is authenticated and passed. Standard information and the identity of the standard information.

The standard information after the signature is that the security information application uses the second authentication information for signature.

After the service application receives the first authentication information fed back by the authentication server, a standard information acquisition request is generated to request the security information application in the terminal to provide the standard information required for registration.

It should be noted that the security information application in the present application is a local application running in the terminal, and is used to provide security information (including standard information) required for the business service to the business application. The security information belongs to the user's own key information. In order to prevent an illegal operator from requesting the user's security information from the security information application, the security information application will authenticate the user identity of the standard information. Based on this, when the business application sends the standard information acquisition request to the security information application, the first authentication information is also sent to the security information, so that the security information application will authenticate the first authentication information to determine the authentication server. identity of. Standard information will only be provided after the safety information application has passed the first certification information certification.

Considering that in actual applications, the standard information provided by the security information application may be tampered with during the transmission process, in this application, the security information application will sign the standard information before returning the standard information. To indicate that the standard information is sent by the security information application within the terminal. At the same time, it is also considered that the standard information is provided by the user, so the identity information of the standard information can be determined for the standard information to indicate that the standard information is provided by the user. In this way, the standard information that the security information application feeds back to the business application has two kinds of identifiers: respectively, it is used to indicate that the standard information is sent by the security information application in the terminal, and the standard information is provided by the user. .

Specifically, the security information application in the present application uses the second authentication information to sign the standard information to indicate that the standard information is sent by the security information application. Of course, in the present application, the second authentication information may be the second key information pre-agreed between the authentication server and the security information application (or the terminal itself) in the terminal, which is not specifically limited herein. The identity of the standard information is also determined by the security information application. In the present application, the identity of the standard information includes identity key information indicating the standard information, and the identity key information is usually associated with the user's account information. That is to say, a pair of identity key information uniquely corresponds to one account information, so that it can indicate that the standard information belongs to the user. Of course, there is no specific limit here.

S104: Send the signed standard information, the identity identifier of the standard information, and the first authentication information to the authentication server, so that the authentication server authenticates the first authentication information, and After the second authentication information is authenticated according to the signed standard information, the standard information and the identity information of the standard information are registered.

After the service application receives the feedback of the security information application, the signed standard information fed back by the security information application, the identity identifier of the standard information, and the first authentication information sent by the authentication server are sent to the authentication together. The server is authenticated and registered.

After receiving the above information sent by the business application, the authentication server authenticates the received information. If the authentication is passed, it means that the standard information sent by the security information application has not been tampered with during transmission, so that the authentication server can register the standard information and its identity. The registered standard information and identity can also be used to authenticate and identify the security information provided by subsequent users.

Through the above steps, when the user needs to register the standard information when using the service service, the business application initiates a standard information registration request to the authentication server, and receives the first authentication information fed back by the authentication server, and then the business application generates standard information. The obtaining request and the first authentication information are sent to the security information application, and after the security information application passes the authentication for the first authentication information, the second authentication information is used to sign the standard information, and the standard information is determined. The identity identifier, and then the signed standard information and the identity information of the standard information are fed back to the business application, so that the business application sends the feedback information sent by the security information application and the first authentication information to the authentication server, so as to authenticate the server. After the certification, the standard information and its identity are registered. As can be seen from the foregoing manner, the first authentication information is used as an identifier of the authentication server, so that the security information application determines the identity of the standard information registrant; and returns the first authentication information of the authentication server, so that the authentication server can determine the information. Whether or not it is tampered with during transmission, and returns the signed standard information of the authentication server, so that the authentication server can determine whether the standard information is provided by the security information application in the terminal, which can effectively ensure that the authentication server can be accurate. It identifies the standard information that has been tampered with during transmission, effectively improving the security when registering standard information.

For the first authentication information, the first authentication information is an identifier of the authentication server, which is used to indicate the identity of the authentication server. Specifically, the certificate of the authentication server itself may be used as the first authentication information, of course, considering Security during transmission, the authentication server can use its own key information to sign its certificate. Then, as an optional manner in the embodiment of the present application, the foregoing step S102 is: receiving the first authentication information that is sent back by the authentication server, specifically: receiving, by using the authentication server, the authentication server itself. The first encryption key is used to sign the signed certificate, and the signed certificate is used as the first authentication information.

In addition, in some scenarios in the actual application, the first authentication information that the authentication server feeds back to the service application further includes a challenge code. After the service application sends a request to the authentication server, the authentication server generates a unique challenge code, which is carried in the first authentication information and fed back to the service application. It can be considered that one challenge code corresponds to one service request. The challenge code can be used to prevent replay attacks.

The above content is based on the description of the business application within the terminal. For the security information application that provides the standard information, the information registration process is also provided in the embodiment of the present application. As shown in FIG. 2, the process includes the following steps:

S201: Receive a first authentication information and a standard information obtaining request sent by the service application.

The first authentication information and the standard information acquisition request in this embodiment are as described above. I will not repeat them here.

S202: Authenticate the first authentication information, and after the authentication is passed, return the standard information signed by using the second authentication information, and the identity identifier of the standard information to the service application, so that the service is performed. The application sends the signed standard information and the identity of the standard information to the authentication server, so that the authentication server authenticates the first authentication information, and the second authentication is performed according to the signed standard information. After the information authentication is passed, the standard information and the identity of the standard information are registered.

After receiving the first authentication information and the standard information obtaining request sent by the service application, the security information application first authenticates the first authentication information to determine the identity of the registrant of the standard information. Only after the security information application determines the identity of the authentication server, the security information application will sign the standard information provided by the user, and determine the identity of the standard information, and then the signed standard information and the standard information. The identity is fed back to the business application. Therefore, the business application sends the security information application back to the authentication server together with the first authentication information. The authentication is performed by the authentication server, and the standard information and the identity of the standard information are registered after the authentication is passed. The content here is the same as the process in the above method, so it will not be repeated here.

Through the above steps, the first authentication information provided by the authentication server may indicate the identity of the authentication server, and the security information application authenticates the first authentication information, so as to prevent the illegal operator from acquiring the standard information from the security information application. The manner in which the security information application signs the standard information provided by the user is used to indicate that the standard information is sent by the security information application, and the identity of the standard information is determined to indicate that the standard information is provided by the user. Obviously, the standard information that the security information application gives back to the business application contains two kinds of identifiers, and if the standard information is tampered with during the transmission, the two types of standard information will change. This way can effectively reflect whether the standard information has been tampered with during the transmission process, thus ensuring the security of the final authentication server when registering.

The standard information that is signed by using the second authentication information, and the identity of the standard information are returned to the service application, specifically: receiving standard information input by the user, and signing the standard information by using the second authentication information. And determining, according to the standard information, an identity of the standard information, and returning the signed standard information and the identity of the standard information to the service application.

As described above, the identity of the standard information in the present application may specifically include identity key information of the standard information, and the identity key information is usually associated with the account information of the user. In an optional manner in the embodiment of the present application, the security information application may also use the second authentication information to use the identity key information (ie, The identity of the standard information is signed. Of course, this does not constitute a limitation on the present application.

Similarly, as described above, the first authentication information may indicate the identity of the authentication server, and in one mode of the present application, the first authentication information includes the certificate of the authentication server itself, and at this time, the first authentication information is performed. The authentication is specifically: decrypting and authenticating the signed certificate by using a first decryption key that matches the first encryption key of the authentication server.

For the second authentication information, in a mode in the embodiment of the present application, the second authentication information includes second key information that is agreed with the authentication server in advance, where the second key information includes a second encryption key and a second decryption key. In this scenario, the standard information is used to sign the standard information, specifically: using the second encryption agreed in advance with the authentication server for the standard information. The key is signed.

Of course, in the case that the identity information of the standard information includes the identity key information of the standard information, the identity key information may also be signed using the second authentication information. This is similar to the content category in the above manner, so it will not be repeated here.

The above content is based on the description of the security information application running in the terminal. For the authentication server, the information registration process is also provided in the embodiment of the present application. As shown in FIG. 3, the following steps are specifically included:

S301: The authentication server receives the standard information registration request sent by the service application.

S302: Generate first authentication information and feed back to the service application according to the standard information registration request.

S303: Receive the signed standard information sent by the service application, the identity identifier of the standard information, and the first authentication information, where the signed standard information is that the security information application uses the second authentication information to sign And sent to the business application.

S304: Perform authentication on the first authentication information, and authenticate the second authentication information according to the signed standard information.

S305: After the first authentication information and the second authentication information are authenticated, the standard information and the identity information of the standard information are registered.

Similar to the method shown in FIG. 1 and FIG. 2 above, after receiving the standard information registration request sent by the service application, the authentication server will feed back to the service application the first authentication information indicating the identity of the authentication server. After the service application sends the standard information acquisition request to the security information, the security information application can determine the identity of the authentication server according to the first authentication information, so that the security information application can return the second authentication information signature to the service application. Standard information and the identity of the standard information. After the authentication server receives the signed standard information and the first authentication information returned by the service application, the first authentication information is authenticated, and the second authentication information is authenticated according to the signed standard information, if the authentication is Pass, then, it means that the standard information has not been tampered with during the transmission process, so the authentication server will register the standard information and its identity for subsequent identification and identification.

As described in the foregoing, the certificate of the authentication server itself can effectively prove the identity of the authentication server, and in order to ensure the validity of the certificate received by the security information application, the authentication server usually signs its own certificate, thereby If the certificate is tampered with during the transmission process, the security information application can be identified. Therefore, according to the step S302, the first authentication information is generated and fed back to the service application according to the standard information registration request, specifically And: according to the standard information registration request, the certificate of the authentication server itself is retrieved, and the certificate is signed by using the first encryption key of the authentication server as the first authentication information, and is fed back to the service application.

Similar to the content in the foregoing method, in a scenario in the embodiment of the present application, the authentication server may also carry the challenge code in the first authentication information, and use the first encryption key to sign and send the service to the service. application. This does not constitute a limitation on the present application.

After the business application returns the signed standard information and the first authentication information to the authentication server, the authentication server also authenticates the first authentication information, and authenticates the second authentication information according to the signed standard information.

Specifically, the authenticating the first authentication information includes: performing decryption authentication on the first authentication information by using a first decryption key. The authentication server will use the first decryption key of its own to decrypt and authenticate the first authentication information. If the decrypted certificate (or challenge code) changes, it indicates that it is highly likely to be tampered with during the transmission process. Thus, the authentication server will determine that the authentication has not passed. If the authentication server does not change the certificate (or challenge code) after decryption, it passes the authentication.

For the second authentication information, similar to the content in the foregoing method, the second authentication information includes second key information agreed in advance by the authentication server and the security information application; The second key information includes: a second encryption key and a second decryption key. In addition, the signed standard information is signed by the security application using a second encryption key. In this scenario, the second authentication information is authenticated according to the signed standard information, specifically: using a second decryption key pre-agreed with the security information application according to the pre-agreed second key information. Decrypting the signed standard information to authenticate the second authentication information.

If the authentication server decrypts the signed standard information using the agreed second decryption key and obtains the standard information, then the standard information can be considered to have not been tampered with during the transmission process, thereby passing the authentication. If the information obtained after decryption is unusable, it means that the signed information is not signed by the pre-agreed second encryption key, which is most likely the information that has been tampered with, so that the authentication fails. .

The authentication server registers the standard information and the identity of the standard information only after the authentication server passes the authentication.

Through the above information registration method as shown in FIG. 1 to FIG. 3, the authentication server can effectively identify whether the standard information has been tampered with during the transmission process, thereby ensuring that the user can not be illegally operated when using the service service. Affected.

Certainly, the foregoing information registration method may be applicable to a scenario in which any terminal obtains a service service through a service application, and the foregoing authentication server may be a server with an authentication function in a service provider background service system. Considering the actual application scenario, for a service provider that can provide a service level that requires a higher security level, such as a payment service or a transfer service, an Internet Finance Authentication Alliance (Internet Finance Authentication Alliance) is usually used. IFAA)'s network authentication architecture enables identity authentication support for business services that require a higher level of security. That is, the authentication server is provided by IFAA to implement the above registration process.

In such a scenario, different device manufacturers will also adopt the identity authentication architecture provided by IFAA to provide the necessary interface or service for identity authentication in the terminals they produce.

In order to clearly explain the above registration method in the present application, the registration in the identity authentication architecture provided by IFAA is taken as an example for detailed description.

As shown in FIG. 4, the actual application process of registering between the terminal and the IFAA authentication server in this example. The service application and the security information application are running in the terminal, and the service application serves as a service service access port of a service provider, and can provide various types of service services for users who use the terminal, and the security information application is used to provide services for the service application. Security information required (standard information in this example). The process shown in FIG. 4 specifically includes the following steps:

S401: The service application sends a standard information registration request to the IFAA authentication server.

When a user first uses a service service in the service application in the terminal, the user's biometric information needs to be registered in the IFAA authentication server as standard information. At this point, the business application issues a standard information registration request to the IFAA authentication server.

S402: The IFAA authentication server returns the signed data package containing the challenge code and the certificate to the service application.

The challenge code can prevent replay attacks, and the certificate is used to indicate the identity of the IFAA authentication server itself. It can be considered that the signed data package is the first authentication information described in the above registration method.

In addition, it should be noted that, in this step, the IFAA authentication server uses the IFAAS key information to sign the above data packet, and the IFAAS key information is generated by the IFAA authentication server itself. The certificate of the IFAA authentication server itself is signed by the BIOM key information, and the BIOM key information is used to indicate the category of the service provider that provides the service.

S403: The service application generates a standard information acquisition request, and sends the standard information acquisition request and the signed data package to the security information application through the IFAAService.

Among them, IFAAService is a service provided by the IFAA identity authentication architecture set in the terminal. Of course, in one mode of the actual application scenario, the service application can invoke the IFAAService through the IFAASDK (a communication tool based on the IFAA identity authentication architecture), which is not specifically limited herein.

S404: The security information application authenticates the signed data package, and after the authentication is passed, the standard information is signed.

It should be noted that the security information application first needs to decrypt the signed data packet (specifically, the IFAA key information can be used for decryption, which is not specifically limited herein), and after decryption, the certificate in the authentication data package (the BIOM can be used) The key information decrypts the certificate to verify that the IFAA will register the standard information.

After the certification is passed, the security information application will obtain the biometric information input by the user as standard information and use the DA key information to sign the standard information. The DA key information is used to indicate the identity of the terminal (in one case, the DA key information may indicate the identity of the security information application, and the security application information is set by the device manufacturer in the terminal, so the DA key is The key information also indicates the identity of the terminal).

S405: Determine identity key information of the standard information according to the signed standard information.

In this example, the identity key information of the standard information is typically associated with the account information used by the user in the business application to indicate the user to which the standard information belongs. In actual application, the identity key information of the standard information is generated by IFAAService through KeyStore (a secure storage standard calling interface in the REE environment) to call KeyMaster (a secure storage module), and the key master generates the identity key information.

It should be noted that in order to ensure the security of the identity key information in the transmission process, the security information application can use the DA key information to sign the identity key information.

S406: The security information application returns the terminal certificate, the signed standard information, and the signed identity key information to the service application.

S407: Send the terminal certificate, the signed standard information, and the signed identity key information to the IFAA authentication server through the IFAAService.

It should be noted that the terminal certificate is also called an authenticator certificate, which is set in the device manufactured by the device manufacturer participating in the IFAA identity authentication architecture, that is, the terminal certificate can indicate whether the terminal uses the IFAA identity authentication architecture. .

Of course, in one of the ways of this example, the IFAA authentication server is also returned with the aforementioned challenge code and the certificate of the IFAA authentication server itself, so that the IFAA authentication server can also challenge the challenge code and the IFAA authentication server. Certify your own certificate.

S408: The IFAA authentication server authenticates the received information, and after the authentication is passed, registers the standard information and the identity key information.

It should be noted that the IFAA authentication server first authenticates the terminal certificate. Specifically, the IFAA key information can be used to decrypt the received information, and the validity of the terminal certificate is authenticated. After passing, the DA key information pair is used. The identity key information is decrypted and authenticated. After passing, the standard information of the signature is decrypted and authenticated using the DA key information. After passing, then the standard information can be considered to have not been tampered with during transmission, and the IFAA authentication server will Standard information and its identity key information are registered.

S409: Reward the registration result to the business application.

As can be seen from the above example, in the actual application scenario, multiple key information can be used to accurately determine whether the standard information has been tampered with during transmission.

The above content is the registration method of standard information. After registering the standard information, the user can use the corresponding business service. When the user uses the business service, the user's security information needs to be provided. Accordingly, the authentication server can also be based on The user authenticates with the security information provided by the business service. Therefore, in the embodiment of the present application, an information authentication method is also provided. As shown in FIG. 5, the method includes the following steps:

S501: Send a verification request for the information to be authenticated to the authentication server.

When a user uses a business service (such as a fingerprint payment service) in a business application, the user is often required to provide his/her own security information (such as fingerprint information) to compare with the previously registered standard information. At this point, the service application will obtain the user's security information as the information to be authenticated, which will be sent to the authentication server for authentication and verification.

In the above case, the business application sends a verification request for the information to be authenticated to the authentication server.

S502: Receive first authentication information that is sent back by the authentication server.

Similar to the aforementioned registration method, the first authentication information indicates the identity of the authentication server. I won't go into too much detail here.

S503: Send a to-be-authenticated information acquisition request to the security information application according to the first authentication information, obtain the to-be-authenticated information provided by the security information application, and the to-be-authenticated identity identifier of the to-be-authenticated information.

Similarly, the security information application determines the identity of the authenticator according to the first authentication information, and after determining that the identity of the authenticator is legal, the authentication and the information to be authenticated provided by the user and the identity to be authenticated are returned to the user. Business Applications.

Different from the foregoing registration method, for the information to be authenticated, it is not necessary to use the second authentication information for signing.

S504: Send the to-be-authenticated information, the to-be-authenticated identity, and the first authentication information to the authentication server, so that the authentication server, the first authentication information, and the identity to be authenticated The identifier and the information to be authenticated are authenticated, and the authentication result is generated and fed back to the service application.

It can be seen from the above that through the first authentication information and the identity to be authenticated, it can be identified whether the information to be authenticated has been tampered with during the transmission process, and the authentication server will authenticate the authentication information after the authentication is passed.

In the embodiment of the present application, an information authentication method is further provided. As shown in FIG. 6, the method includes the following steps:

S601: Receive an information request to be authenticated that is sent by the service application and carries the first authentication information.

S602: Send, according to the standard information obtaining request that carries the first authentication information, the information to be authenticated and the identity of the information to be authenticated to the authentication server by using the service application, so that the authentication server is configured to The authentication information, the identity to be authenticated, and the information to be authenticated are authenticated, and the authentication result is generated and fed back to the service application.

For the above step S602, the information to be authenticated and the identity of the information to be authenticated are returned to the service application according to the standard information acquisition request that carries the first authentication information, specifically: carrying the standard information acquisition request The first authentication information is authenticated, and after the authentication is passed, the information to be authenticated input by the user is received, the standard information to which the information to be authenticated belongs is identified, and the identity standard matching the standard information is determined as the to-be-certified And the information to be authenticated and the to-be-authenticated identity of the information to be authenticated are returned to the service application.

In the embodiment of the present application, an information authentication method is further provided. As shown in FIG. 7, the method includes the following steps:

S701: The authentication server receives a verification request sent by the service application for the information to be authenticated.

S702: Generate first authentication information and feed back to the service application according to the verification request.

S703: Receive information to be authenticated sent by the service application, an identity identifier of the information to be authenticated, and the first authentication information.

S704: Perform authentication on the first authentication information, the identity identifier, and the information to be authenticated, respectively, and generate an authentication result to be returned to the service application.

It should be noted that, for the foregoing step S704, the authentication server separately authenticates the information sent by the service application, specifically, the first authentication information, the identity identifier, and the information to be authenticated, respectively. The authentication is specifically: decrypting, by using the first decryption key of the first authentication information, the first authentication information, and authenticating the decrypted certificate, and authenticating the identity identifier according to the first authentication information. The identity information of the standard information is used to determine whether the identity identifier matches the identity identifier of the registered identity information, and the authentication information is compared with the registered standard information for the information to be authenticated.

In the actual application scenario, if the authentication server fails to pass any authentication in the authentication process, the authentication server can return the failure notification, and only after all the information has passed the authentication, the feedback will be successful. Notice. Then, specifically, the authentication result is sent back to the service application, specifically: for the first authentication information, if the authentication is passed, the information to be authenticated and the identity to be authenticated are authenticated; otherwise, the authentication is returned. a failure notification; for the identity identifier, if the authentication is passed, the information to be authenticated is authenticated; otherwise, the authentication failure notification is returned; for the information to be authenticated, if the authentication is successful, a success notification is returned; otherwise, the return is returned. Authentication failure notification.

Corresponding to the registration process described above, in order to clearly explain the above authentication method in the present application, the authentication is performed in the identity authentication architecture provided by IFAA as an example for detailed description.

As shown in FIG. 8, the actual application process of authentication between the terminal and the IFAA authentication server in this example is shown. The process shown specifically includes the following steps:

S801: The service application sends an information verification request to be authenticated to the IFAA authentication server.

S802: The IFAA authentication server returns the signed data package containing the challenge code and the certificate to the service application.

S803: The service application generates a to-be-certified information acquisition request, and sends the to-be-authenticated information acquisition request and the signed data packet to the security information application through the IFAAService.

S804: The security information application authenticates the signed data packet, and after the authentication is passed, the information to be authenticated is signed by using the identity key information in the registration process.

S805: The security information application returns the signed information to be authenticated to the business application.

S806: Send the signed information to be authenticated to the IFAA authentication server through the IFAAService.

S807: The IFAA authentication server authenticates the signed information to be authenticated by using the registered identity key information for the received information to be authenticated, and then compares the information to be authenticated with the registered standard information. .

S808: Return the authentication result to the business application.

The above is the information transmission method provided by the embodiment of the present application. Based on the same idea, the embodiment of the present application further provides an information registration device. As shown in FIG. 9, the device includes:

The registration request module 901 is configured to send a standard information registration request to the authentication server.

The receiving module 902 is configured to receive first authentication information that is sent back by the authentication server.

The obtaining module 903 is configured to generate a standard information obtaining request, and send the standard information obtaining request and the first authentication information to the security information application, and obtain the security information application after the first authentication information is authenticated. Returning the signed standard information and the identity of the standard information, wherein the signed standard information is that the security information application uses the second authentication information to sign.

The sending module 904 is configured to send the signed standard information, the identity identifier of the standard information, and the first authentication information to the authentication server, so that the authentication server is in the first authentication After the information authentication is passed, and the second authentication information is authenticated according to the signed standard information, the standard information and the identity information of the standard information are registered.

The receiving module 902 is specifically configured to receive a certificate that is sent by the authentication server and is signed by using the first encryption key of the authentication server itself, and use the signed certificate as the first authentication information. .

As shown in FIG. 10, the embodiment of the present application further provides an information registration device, where the device includes: a receiving module 1001, configured to receive a first authentication information and a standard information obtaining request sent by a service application; and a signature module 1002. After authenticating the first authentication information, and after the authentication is passed, the standard information that is signed using the second authentication information, and the identity of the standard information are returned to the service application, so that the service application is Sending the signed standard information and the identity information of the standard information to the authentication server, so that the authentication server authenticates the first authentication information, and the second authentication information is based on the signed standard information. After the certification is passed, the standard information and the identity of the standard information are registered.

The signature module 1002 is specifically configured to receive standard information input by a user, use the second authentication information to sign the standard information, and determine an identity identifier of the standard information for the standard information, and sign the The standard information and the identity of the standard information are returned to the business application.

It should be noted that the identity of the standard information includes identity key information of the standard information, and the identity key information is associated with the account information of the user.

In the scenario that the first authentication information includes the certificate signed by the authentication server, the signature module 1002 is specifically configured to use the first decryption key that matches the first encryption key of the authentication server. The key decrypts and authenticates the signed certificate.

The second authentication information includes a second key information that is previously agreed with the authentication server, wherein the second key information includes a second encryption key and a second decryption key, and the signature module 1002, Specifically, for the standard information, the second encryption key agreed in advance with the authentication server is used for signature.

As shown in FIG. 11 , the embodiment of the present application further provides an information registration device, where the device includes: a registration request receiving module 1101, configured to receive a standard information registration request sent by a service application; and a feedback module 1102, configured to The standard information registration request is generated, and the first authentication information is generated and fed back to the service application; the registration information receiving module 1103 is configured to receive the signed standard information sent by the service application, the identity identifier of the standard information, and the The first authentication information is described; wherein the signed standard information is that the security information application uses the second authentication information for signature and is sent to the service application; and the authentication module 1104 is configured to use the first authentication information. Performing authentication, and authenticating the second authentication information according to the signed standard information; the registration module 1105 is configured to: after the first authentication information and the second authentication information are authenticated, Standard information and the identity of the standard information are registered.

Specifically, the feedback module 1102 is specifically configured to: according to the standard information registration request, retrieve the certificate of the authentication server itself, and sign the certificate by using its first encryption key, as the first authentication. Information and feedback to the business application.

The authentication module 1104 is specifically configured to perform decryption authentication on the first authentication information by using a first decryption key.

The second authentication information includes second key information that is previously agreed by the authentication server and the security information application; wherein the second key information includes: a second encryption key and a second decryption key The signed standard information is signed by the security application using a second encryption key. In this scenario, the authentication module 1104 is specifically configured to decrypt the signed standard information by using a second decryption key that is pre-agreed with the security information application according to the pre-agreed second key information. The second authentication information is authenticated.

As shown in FIG. 12, the embodiment of the present application further provides an information authentication apparatus, where the apparatus includes: an authentication request module 1201, configured to send a verification request for information to be authenticated to an authentication server; and a receiving module 1202. Receiving the first authentication information that is sent by the authentication server; the obtaining module 1203 is configured to generate a to-be-authenticated information acquisition request, and send the to-be-authenticated information acquisition request and the first authentication information to the security information application to obtain The security information is applied to the to-be-authenticated information that is returned after the first authentication information is authenticated, and the to-be-authenticated identity to be authenticated. The sending module 1204 is configured to use the information to be authenticated and the to-be-authenticated information. The authentication identity and the first authentication information are sent to the authentication server, so that the authentication server authenticates the first authentication information, the identity to be authenticated, and the information to be authenticated, and generates an authentication result feedback. Apply to the business.

As shown in FIG. 13 , the embodiment of the present application further provides an information authentication apparatus, where the apparatus includes: a receiving module 1301, configured to receive a to-be-authenticated information acquisition request sent by a service application and carrying the first authentication information; The group 1302 is configured to authenticate the first authentication information, and after the authentication is passed, send the information to be authenticated and the identity of the information to be authenticated to the authentication server through the service application, so that the authentication is performed. The server authenticates the first authentication information, the identity to be authenticated, and the information to be authenticated, and generates an authentication result to be returned to the service application.

Specifically, the signature module 1302 is specifically configured to perform authentication on the first authentication information carried in the standard information acquisition request, and after the authentication is passed, identify the standard information to which the information to be authenticated belongs, and The identity standard that matches the standard information is determined as the identity to be authenticated of the information to be authenticated, and the information to be authenticated and the identity to be authenticated of the information to be authenticated are returned to the service application.

As shown in FIG. 14, the embodiment of the present application further provides an information authentication apparatus, where the apparatus includes: an authentication request receiving module 1401, configured to receive a verification request for information to be authenticated sent by a service application; and a feedback module 1402, And the authentication information receiving module 1403 is configured to receive the to-be-authenticated information sent by the service application, and the to-be-authenticated information to be authenticated, according to the verification request. An identity identifier and the first authentication information; the authentication module 1404 is configured to respectively authenticate the first authentication information, the to-be-authenticated identity, and the to-be-authenticated information, and generate an authentication result to the service application. .

The authentication module 1404 is specifically configured to decrypt the first authentication information by using the first decryption key of the first authentication information, and authenticate the decrypted certificate; The authentication identity identifies whether the identity to be authenticated matches the identity of the registered identity information according to the identity of the registered standard information; and compares the registered information with the registered standard information Certification.

The authentication module 1404 is specifically configured to: if the authentication is passed, authenticate the information to be authenticated and the identity to be authenticated; otherwise, return an authentication failure notification; for the identity identifier, If the authentication is passed, the information to be authenticated is authenticated; otherwise, the authentication failure notification is returned; if the authentication is successful, the success notification is returned; otherwise, the authentication failure notification is returned.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, a network interface, and memory.

The memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer readable media such as read only memory (ROM) or flash memory (flash) RAM). Memory is an example of a computer readable medium.

Computer readable media including both permanent and non-permanent, removable and non-removable media can be stored by any method or technology. Information can be computer readable instructions, data structures, modules of programs, or other materials. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), and other types of random access memory (RAM). Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM only, digitally versatile A compact disc (DVD) or other optical storage, magnetic cassette, magnetic tape storage or other magnetic storage device or any other non-transportable medium can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include computer-readable transitory media, such as modulated data signals and carrier waves.

It is also to be understood that the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, Other elements not explicitly listed, or elements that are inherent to such a process, method, commodity, or equipment. An element defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device including the element.

Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of a fully hardware embodiment, a fully software embodiment, or an embodiment combining the software and hardware. Moreover, the present application can take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk memory, CD-ROM, optical memory, etc.) containing computer usable code therein. .

The above description is only an embodiment of the present application and is not intended to limit the application. Various changes and modifications can be made to the present application by those skilled in the art. Any modifications, equivalents, improvements, etc. made within the spirit and principles of the present application are intended to be included within the scope of the appended claims.

Claims (34)

 An information registration method, the method comprising: sending a standard information registration request to an authentication server; receiving first authentication information fed back by the authentication server; generating a standard information acquisition request, the standard information acquisition request, and the Sending the authentication information to the security information application, obtaining the signed standard information returned by the security information application after the first authentication information is verified, and the identity information of the standard information, wherein the signed standard information is the security The information application uses the second authentication information for signing; the signed standard information, the identity information of the standard information, and the first authentication information are sent to the authentication server, so that the authentication server is in the first authentication information. After the authentication is passed, and the second authentication information is authenticated according to the signed standard information, the standard information and the identity information of the standard information are registered.    The method of claim 1, wherein the receiving the first authentication information that is sent by the authentication server comprises: receiving the first encryption key sent by the authentication server and using the authentication server itself. The signed certificate and the signed certificate is used as the first authentication information.    An information registration method, comprising: receiving a first authentication information and a standard information acquisition request sent by a service application; authenticating the first authentication information, and after the authentication is passed, using the second authentication information The signed standard information and the identity of the standard information are returned to the business application, so that the business application sends the signed standard information and the identity of the standard information to the authentication server, so that the authentication server is in the right After the first authentication information is authenticated, and the second authentication information is authenticated according to the signed standard information, the standard information and the identity information of the standard information are registered.    The method of claim 3, wherein the standard information that is signed using the second authentication information, and the identity of the standard information are returned to the service application, specifically: receiving standard information input by the user; The standard information is signed by using the second authentication information, and the identity information of the standard information is determined for the standard information; and the signed standard information and the identity of the standard information are returned to the business application.    The method of claim 4, wherein the identity of the standard information includes identity key information of the standard information, and the identity key information is associated with the account information of the user.    The method of claim 3, wherein the first authentication information includes a certificate signed by the authentication server; and the first authentication information is authenticated, specifically comprising: using the first authentication server The first decryption key matched by the encryption key decrypts and authenticates the signed certificate.    The method of claim 4, wherein the second authentication information comprises second key information agreed in advance with the authentication server; wherein the second key information includes a second encryption key and a second The second decryption key is used to sign the standard information by using the second authentication information, and specifically includes: signing, by using the second encryption key agreed in advance with the authentication server, for the standard information.    An information registration method, the method comprising: the authentication server receiving a standard information registration request sent by the service application; generating the first authentication information according to the standard information registration request, and feeding back the service application; receiving the service application sending The signed standard information, the identity of the standard information, and the first authentication information; wherein the signed standard information is that the security information application uses the second authentication information to sign and send to the service application; The first authentication information is authenticated, and the second authentication information is authenticated according to the signed standard information; after the first authentication information and the second authentication information are authenticated, the standard information and the standard information are The identity is registered.    The method of claim 8, wherein the generating the first authentication information and feeding back to the service application according to the standard information registration request comprises: retrieving the authentication server according to the standard information registration request The certificate is signed with its own first encryption key as the first authentication information and fed back to the business application.    The method of claim 8, wherein the authenticating the first authentication information comprises: decrypting and authenticating the first authentication information by using a first decryption key.    The method of claim 8, wherein the second authentication information comprises second key information agreed in advance by the authentication server and the security information application; wherein the second key information includes: a second encryption key and a second decryption key; the signed standard information is signed by the security application using the second encryption key; and the second authentication information is authenticated according to the signed standard information, specifically: according to The pre-agreed second key information is used to decrypt the signed standard information by using a second decryption key pre-agreed with the security information application to authenticate the second authentication information.    An information authentication method, comprising: sending a verification request for information to be authenticated to an authentication server; receiving first authentication information fed back by the authentication server; generating an information request to be authenticated, and the authentication is to be authenticated The information acquisition request and the first authentication information are sent to the security information application, and the information to be authenticated returned by the security information application after the first authentication information is authenticated and the identity to be authenticated of the information to be authenticated are obtained; The information, the identity to be authenticated, and the first authentication information are sent to the authentication server, so that the authentication server authenticates the first authentication information, the identity to be authenticated, and the information to be authenticated, and generates an authentication result feedback. The business application.    An information authentication method, comprising: receiving a to-be-authenticated information acquisition request sent by a service application and carrying the first authentication information; authenticating the first authentication information, and after the authentication is passed, the method is to be authenticated The information and the identity of the information to be authenticated are sent to the authentication server through the service application, so that the authentication server authenticates the first authentication information, the identity to be authenticated, and the information to be authenticated, and generates an authentication result and sends the authentication result to the Business Applications.    The method of claim 13, wherein the information to be authenticated and the identity of the information to be authenticated are returned to the service application according to the standard information acquisition request that carries the first authentication information, which includes: The first authentication information carried in the standard information obtaining request is authenticated; after the authentication is passed, the information to be authenticated input by the user is received; the standard information to which the information to be authenticated belongs is identified, and the identity standard matching the standard information is determined as The identity to be authenticated of the information to be authenticated; the information to be authenticated and the identity to be authenticated of the information to be authenticated are returned to the service application.    An information authentication method, the method comprising: the authentication server receiving a verification request sent by the service application for the information to be authenticated; generating, according to the verification request, the first authentication information and feeding back to the service application; receiving the The information to be authenticated sent by the service application, the identity to be authenticated of the information to be authenticated, and the first authentication information; the first authentication information, the identity to be authenticated, and the information to be authenticated are respectively authenticated, and the authentication result is fed back The business application.    The method of claim 15, wherein the first authentication information, the identity identifier, and the information to be authenticated are respectively authenticated, and the method includes: using the first decryption key for the first authentication information. Decrypting the first authentication information by the key, and authenticating the decrypted certificate; and determining, according to the identity identifier of the registered standard information, whether the identity to be authenticated and the registered identification information are The identity is matched; for the information to be authenticated, the authentication is compared with the registered standard information.    The method of claim 16, wherein the generating the authentication result to the service application comprises: authenticating the information to be authenticated and the identity to be authenticated if the authentication is passed for the first authentication information Otherwise, the authentication failure notification is returned; if the authentication is passed, the information to be authenticated is authenticated; otherwise, the authentication failure notification is returned; for the information to be authenticated, if the authentication is successful, the success notification is returned; otherwise, Then the authentication failure notification is returned.    An information registration device, comprising: a registration request module, configured to send a standard information registration request to an authentication server; and a receiving module, configured to receive the first authentication information fed back by the authentication server; The group is configured to generate a standard information obtaining request, and send the standard information obtaining request and the first authentication information to the security information application, and obtain the signed standard information returned by the security information application after the first authentication information is authenticated and passed. And the identity information of the standard information, wherein the signed standard information is that the security information application uses the second authentication information for signing; the sending module is configured to use the signed standard information, the identity information of the standard information, and Sending the first authentication information to the authentication server, so that the authentication server authenticates the first authentication information, and after the second authentication information is authenticated according to the signed standard information, the standard information and the The identity of the standard information is registered.    The device of claim 18, wherein the receiving module is configured to receive a certificate sent by the authentication server and signed by using the first encryption key of the authentication server itself, and The signed certificate is used as the first authentication information.    An information registration device, comprising: a receiving module, configured to receive a first authentication information and a standard information obtaining request sent by a service application; and a signature module, configured to authenticate the first authentication information, and After the authentication is passed, the second authentication information is used to sign the standard information, and the identity information of the standard information is returned to the business application, so that the business application sends the signed standard information and the identity information of the standard information to the business application. The authentication server is configured to enable the authentication server to authenticate the first authentication information, and after the second authentication information is authenticated according to the signed standard information, register the standard information and the identity of the standard information.    The device of claim 20, wherein the signature module is specifically configured to receive standard information input by a user, sign the standard information by using the second authentication information, and determine the standard for the standard information. The identity of the information, and the signed standard information and the identity of the standard information are returned to the business application.    The device of claim 21, wherein the identity information of the standard information includes identity key information of the standard information, and the identity key information is associated with the account information of the user.    The device of claim 20, wherein the first authentication information includes a certificate signed by an authentication server; the signature module is specifically configured to use a first encryption key of the authentication server. The matched first decryption key decrypts and authenticates the signed certificate.    The device of claim 21, wherein the second authentication information comprises second key information agreed with the authentication server in advance; wherein the second key information includes a second encryption key and a second The second decryption key; the signature module is specifically configured to perform signature on the standard information by using a second encryption key agreed in advance with the authentication server.    An information registration device, comprising: a registration request receiving module, configured to receive a standard information registration request sent by a service application; and a feedback module configured to generate a first authentication information according to the standard information registration request and And returning to the service application; the registration information receiving module is configured to receive the signed standard information sent by the service application, the identity identifier of the standard information, and the first authentication information; wherein the signed standard information is security information The application uses the second authentication information to perform signature and is sent to the service application; the authentication module is configured to authenticate the first authentication information, and the second authentication information is authenticated according to the signed standard information; And a group, configured to register the standard information and the identity of the standard information after the first authentication information and the second authentication information are authenticated.    The device of claim 25, wherein the feedback module is specifically configured to retrieve a certificate of the authentication server according to the standard information registration request, and use the first encryption key of the certificate. Signing is performed as the first authentication information and fed back to the business application.    The device of claim 25, wherein the authentication module is specifically configured to perform decryption authentication on the first authentication information by using a first decryption key.    The device of claim 25, wherein the second authentication information comprises second key information agreed in advance by the authentication server and the security information application; wherein the second key information comprises: The second encryption key and the second decryption key; the signed standard information is signed by the security application using the second encryption key; the authentication module is specifically configured to use according to the pre-agreed second key information. Decrypting the signed standard information with the second decryption key pre-agreed by the security information application to authenticate the second authentication information.    An information authentication device, comprising: a registration request module, configured to send a verification request for the information to be authenticated to the authentication server; and a receiving module, configured to receive the first authentication of the authentication server feedback The information acquisition module is configured to generate a to-be-certified information acquisition request, and send the to-be-certified information acquisition request and the first authentication information to the security information application, and obtain the security information application to return after the first authentication information is authenticated and passed. The information to be authenticated and the identity to be authenticated of the information to be authenticated; the sending module, configured to send the information to be authenticated, the identity to be authenticated, and the first authentication information to the authentication server, so that the authentication server The device authenticates the first authentication information, the identity to be authenticated, and the information to be authenticated, and generates an authentication result to be returned to the service application.    An information authentication device, comprising: a receiving module, configured to receive a to-be-authenticated information acquisition request sent by a service application and carrying a first authentication information; and a signature module, configured to use the first authentication information Performing authentication, and after the authentication is passed, sending the information to be authenticated and the identity of the information to be authenticated to the authentication server through the service application, so that the authentication server identifies the first authentication information, the identity to be authenticated, and The information to be authenticated is authenticated, and the authentication result is generated and fed back to the service application.    The device of claim 30, wherein the signature module is configured to perform authentication on the first authentication information carried in the standard information acquisition request, and after the authentication is passed, identify the information to be authenticated. The standard information is determined by the identity standard that matches the standard information as the identity to be authenticated of the information to be authenticated, and the information to be authenticated and the identity to be authenticated of the information to be authenticated are returned to the service application.    An information authentication device, comprising: an authentication request receiving module, configured to receive a verification request sent by a service application for information to be authenticated; and a feedback module, configured to generate a first according to the verification request The authentication information is fed back to the service application; the authentication information receiving module is configured to receive the information to be authenticated sent by the service application, the identity to be authenticated of the information to be authenticated, and the first authentication information; and the authentication module is configured to respectively The first authentication information, the identity to be authenticated, and the information to be authenticated are authenticated, and an authentication result is generated and fed back to the service application.    The device of claim 32, wherein the authentication module is specifically configured to decrypt the first authentication information by using the first decryption key for the first authentication information, and decrypt the decrypted The certificate is authenticated; for the identity to be authenticated, according to the identity identifier of the registered standard information, it is determined whether the identity to be authenticated matches the identity of the registered identity information; and the information to be authenticated is registered Standard information for comparison verification.    The device of claim 33, wherein the authentication module is specifically configured to authenticate the information to be authenticated and the identity to be authenticated if the authentication is passed for the first authentication information; otherwise, return The authentication failure notification is sent; if the authentication is passed, the information to be authenticated is authenticated; otherwise, the authentication failure notification is returned; if the authentication is successful, the success notification is returned; otherwise, the authentication failure is returned. Notice.