CN106656992B - Information verification method - Google Patents
Information verification method Download PDFInfo
- Publication number
- CN106656992B CN106656992B CN201610971327.2A CN201610971327A CN106656992B CN 106656992 B CN106656992 B CN 106656992B CN 201610971327 A CN201610971327 A CN 201610971327A CN 106656992 B CN106656992 B CN 106656992B
- Authority
- CN
- China
- Prior art keywords
- client
- server
- key
- calling number
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012795 verification Methods 0.000 title claims abstract description 207
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000008569 process Effects 0.000 claims abstract description 21
- 230000002457 bidirectional effect Effects 0.000 claims description 23
- 230000006854 communication Effects 0.000 claims description 11
- 230000006870 function Effects 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 10
- 230000009466 transformation Effects 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 6
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 11
- 238000010586 diagram Methods 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 241000209202 Bromus secalinus Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
Images
Classifications
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
 
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides an information verification method, which comprises the following steps: (1) the client sends user registration information to the server to request for verifying the user identity; the server is used for verifying the user identity and generating a key container file corresponding to the client according to the user registration information after the user identity is successfully verified; (2) the client downloads or updates the key container file from the server, the key container file comprises information to be matched and a public-private key pair or a symmetric key of an asymmetric key, and the information is bound with the key container file and is used for authenticating the client; (3) and after the actual information in the client is matched with the information to be matched, when the application service of the client needs to perform user identity authenticity authentication, performing two-way authentication based on an asymmetric key or one-way authentication based on a symmetric key on the client and the server. The invention greatly simplifies the verification process and reduces the verification cost while greatly improving the verification reliability and safety.
    Description
Technical Field
      The invention belongs to the technical field of information security, and relates to an information verification technology.
    Background
      With the rapid development of mobile communication and internet technology, the application requirements of personal identity authentication in various industries such as banks, securities, commerce, trade, office, education and the like are more and more, and the security problem of personal identity authentication also draws wide attention. At present, the technology of authentication through modes such as dynamic tokens, U shields and fingerprints is commonly used in the field of internet. However, these techniques generally require users to carry certified hardware products with them, which is inconvenient. The short message verification is relatively simple and convenient, the user experience is good, but the short message is required to send the plaintext verification code to the user every time the short message is verified, the verification cost is high, and the safety risk is caused.
      The principle of checking the short message is that the user can sense that certain behavior is happening, for example, a payment behavior is happening, and a threshold is increased for a cheater who steals an account of the user, because the cheater can take a payment password but does not necessarily master the mobile phone of the user. And the user receives the inexplicable payment short message verification code, and can sense that the account is possibly stolen, so that the safety is improved. However, the short message verification code is used as a safe center column, and has the prominent weakness that the short message verification code is sent in a plaintext and intercepted and forwarded in the communication process, so that the safety is lost, and various cheats that the verification code is leaked by cheating a victim by adopting a manual means are aimed at the weakness.
      Besides the plaintext, the short message authentication adopts a unilateral authentication mode, namely, a sender can ensure that a receiver is the mobile phone number, and the receiver cannot authenticate the short message sent by the receiver. The situation is very easy to cause the quick spread of the Trojan horse of the mobile phone, and hacker software with various modification display numbers is available on the market, and can send out short messages displayed as service numbers of bank telecommunication and the like, and the contents are notifications of various official mouthfuls, so that customers are induced to click links. After the user clicks in, an APK downloads the APK to prompt installation, and the Trojan horse is found in the mobile phone after the APK is installed. The Trojan horse can be rapidly spread, a Trojan horse mobile phone can silently send fishing short messages to people in an address book, and can intelligently call according to the record names in the address book, the short messages to children can be the name of children, the short messages to lovers can be the names of people, the contents of the short messages are mostly what I take photos recently, and the people can see the types by clicking links. Therefore, the reliability of the fishing short messages is greatly enhanced, and more people are promoted to attract the fishing short messages. The mobile phone of the middle hain continuously sends the short message to the address list to spread the Trojan, so that the Trojan is spread quickly after ten times of transmission and hundreds of transmission.
      After the Trojan horse is planted in the mobile phone, the Trojan horse is hidden. The payment platform can specially monitor the short message verification codes of all payment platforms and the deduction notification short messages of the banks, Trojan horse can automatically forward the short message verification codes to the equipment controlled by the cheater, and the Trojan horse can secretly delete the short message for deduction notification of the banks, so that the user cannot perceive the payment behavior at all. The cheater uses the customer information collected by the phishing website to cheat, the password needs to be paid in the verification, and the cheater can fill in the short message verification code forwarded by the Trojan horse. Therefore, the security protection function of the short message verification code is completely destroyed.
      Although voice verification appears in recent years, the voice verification code needs to be broadcast every time a user makes a call, and the user needs to remember the verification code, which is not only inconvenient, but also has the problem of high cost.
    Disclosure of Invention
      The invention aims to provide an information verification method, which is used for greatly improving the reliability and safety of verification, greatly simplifying the verification process and reducing the verification cost.
      In order to achieve the above purpose, the solution of the invention is:
      an information verification method comprising the steps of:
      (1) the client sends user registration information to the server to request for verifying the user identity;
      the server is used for verifying the user identity and generating a key container file corresponding to the client according to the user registration information after the user identity is successfully verified;
      (2) after receiving a message indicating that the user identity is successfully verified from a server, a client downloads the key container file or updates an original key container file to be the key container file from the server, wherein the key container file comprises information to be matched and a public-private key pair or a symmetric key of an asymmetric key, and the information to be matched and the public-private key pair or the symmetric key of the asymmetric key are bound with the key container file so as to be used for authenticating the client;
      (3) and when the actual information in the client is successfully matched with the information to be matched and the authenticity of the user identity is required to be authenticated in the application service of the client, the client performs bidirectional authentication based on the asymmetric key or unidirectional authentication based on the symmetric key on the server.
      The information to be matched is user name and client hardware system information; the key container file also contains the binary code of the key core algorithm.
      Preferably, the key container file is formed by: according to different CPUs and compilers, binary codes of compiled executable software are subjected to secondary transformation or partial information replacement, and keys or algorithms are mixed with the binary codes and binary data of the executable software in a binary form.
      Preferably, the logic of the key container file is encrypted and then stored in the dynamic link library, and the corresponding encryption key is managed by the user or the background.
      Preferably, only a designated process can access the key container file.
      Preferably, in the using process of the key container file, the related information is decrypted and then is placed in the memory or the cache for use, and after the use, the corresponding use area is covered by the junk data, so as to meet the requirements of quick and safe use.
      In the step (1), the user identity is verified in a voice calling number or voice calling number interception mode; or, the user identity is verified in the step (1) by broadcasting verification information in voice; or, the user identity is verified in the step (1) by adopting a short message mode.
      When the user identity is verified in the step (1) by adopting a voice calling number or a voice calling number interception mode, the step (1) comprises the following steps:
      (11) the client initiates a voice calling number or a voice calling number interception verification request to the server and submits user registration information; the server is used for sending a calling number to the client according to the user registration information, and then dialing the telephone number in the user registration information by the corresponding calling telephone;
      (12) the client receives a calling number sent by the server; if the client is a terminal with a public network voice communication function, going to step (13), otherwise going to step (14);
      (13) the client detects the incoming call of the server, if at the time TintervalIf the incoming call number is detected to be consistent with the calling number, stopping the ringing of the client, and sending the calling number to a server, and going to step (15); if at time TintervalIf no incoming call is detected, the client end initiates inquiry to the server to inquire whether the user number is dialed, if yes, the step (14) is carried out, and if no dialing is carried out, the next T is carried outintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalIf so, displaying that the time overtime verification fails; wherein, TintervalAnd n is a set value;
      (14) the client displays a dialog box, and requires the user to input a complete calling number or a partial interception of the calling number, and the client sends the calling number or the partial interception of the calling number to the server, and the step (15) is carried out;
      (15) if the calling number sent by the client to the server or the part of the interception of the calling number is consistent with the calling number sent by the server to the client, the client receives a message of successful user identity verification sent by the server; if not, the client receives the message of user authentication failure sent by the server; if the calling call sent by the client is not received by the server within a certain time, the client displays that the time overtime verification fails; the certain time is a set value.
      Preferably, the telephone number is a mobile phone number.
      Preferably, the step (11) of dialing the telephone number in the user registration information is through a public telephone network.
      And (3) downloading the key container file or the original key container file of the updated key system as the key container file through an internet encryption channel in the step (2).
      When the client performs bidirectional authentication based on the asymmetric key on the server, the step (3) comprises:
      (31) a client initiates an uplink verification request a to a server, generates a digital signature object of the uplink verification request a and sends the digital signature object to the server; the server is used for generating a digital signature object of the uplink verification request a and a digital signature object of the downlink verification request b by using a private key of the server, and replying to the client;
      (32) the client checks the digital signature of the uplink signature checking request a by using the public key of the server, and the step (33) is passed, and the step (35) is not passed;
      (33) the client generates a digital signature of the downlink verification request b according to a private key of the client and sends the digital signature to the server; the server is used for verifying the digital signature of the downlink verification request b by using the public key of the client, if the digital signature passes through the step (34), the digital signature does not pass through the step (36);
      (34) the client receives a verification result indicating that the bidirectional authentication passes from the server;
      (35) the client fails to verify the identity of the server;
      (36) the authentication of the client fails.
      Preferably, the digital signature object is a string of random numbers; the digital signature comprises a signature code and a check code.
      An information verification method comprising the steps of:
      (1) the server receives user registration information from the client and verifies the user identity of the client;
      (2) after the server successfully verifies the user identity, generating a key container file corresponding to the client according to the user registration information of the client;
      the client is used for downloading the key container file or updating the original key container file into the key container file from the server after receiving the message indicating that the user identity is successfully verified from the server, and initiating bidirectional authentication based on an asymmetric key or unidirectional authentication based on a symmetric key to the server after the key container file is successfully matched with the key container file; the key container file comprises information to be matched and a public-private key pair or a symmetric key of the asymmetric key, and the information to be matched and the public-private key pair or the symmetric key of the asymmetric key are bound with the key container to be used for authenticating a client;
      (3) and after the actual information in the client is successfully matched with the information to be matched, when the application service of the client needs to carry out user identity authenticity authentication, the server carries out bidirectional authentication based on the asymmetric key or unidirectional authentication based on the symmetric key on the client.
      The information to be matched is user name and client hardware system information; the key container file also contains the binary code of the key core algorithm.
      Preferably, the key container file is formed by: according to different CPUs and compilers, binary codes of compiled executable software are subjected to secondary transformation or partial information replacement, and keys or algorithms are mixed with the binary codes and binary data of the executable software in a binary form.
      Preferably, the logic of the key container file is encrypted and then stored in the dynamic link library, and the corresponding encryption key is managed by the user or the background.
      Preferably, only a designated process can access the key container file.
      Preferably, in the using process of the key container file, the related information is decrypted and then is placed in the memory or the cache for use, and after the use, the corresponding use area is covered by the junk data, so as to meet the requirements of quick and safe use.
      Verifying the user identity of the client based on the voice broadcast verification information in the step (1); or, the user identity of the client is verified based on the short message mode in the step (1); or, in the step (1), the user identity of the client is verified based on the voice calling number or the interception mode of the voice calling number, and the step (1) includes the following steps:
      (11) the server receives a verification request of a voice calling number or a voice calling number interception from a client and user registration information;
      (12) the server sends the calling number to the client, and then the corresponding calling phone dials the phone number in the user registration information;
      when the client has a public network voice communication function, the client is used for detecting an incoming call and: if at time TintervalIf the incoming call number is detected to be consistent with the calling number, stopping the ringing of the client and sending the calling number to a server; if at time TintervalIf no incoming call is detected, initiating inquiry to a server to inquire whether a user number is dialed, if yes, displaying a dialog box, requiring the user to input a complete calling number or a partial interception of the calling number, and sending the calling number or the partial interception of the calling number to the server; if no dialing-through is continued at the next TintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalIf so, displaying that the time overtime verification fails;
      wherein, TintervalAnd n is a set value;
      if the client is not the terminal with the public network voice communication function, the client is used for displaying a dialog box, requiring a user to input a complete calling number or a partial interception of the calling number, and sending the calling number or the partial interception of the calling number to a server;
      (13) the server compares the calling number sent by the client or the part of the interception of the calling number with the actually dialed calling number, if the calling number is consistent with the actually dialed calling number, the client is replied, and the user identity authentication is successful; if not, replying to the client, and failing to verify the user identity; if the calling call sent by the client is not received within a certain time, the client is used for displaying time overtime verification failure; the certain time is a set value.
      Preferably, the telephone number is a mobile phone number.
      Preferably, the telephone number in the user registration information is dialed in the step (12) through a public telephone network.
      When the server performs bidirectional authentication based on the asymmetric key on the client, the step (3) comprises:
      (31) the server receives the digital signature object of the uplink verification request a from the client, generates the digital signature of the uplink verification request a and the digital signature object of the downlink verification request b by using a private key of the server, and replies to the client;
      the client is used for verifying the digital signature of the uplink signature verification request a by using a public key of the server, and the client is further used for: when the verification request passes the verification request, generating a digital signature of the downlink verification request b according to a private key of a client, and sending the digital signature to a server;
      when the authentication fails, the authentication of the server is failed;
      (32) when the server receives the digital signature of the downlink verification request b from the client, the server verifies the digital signature of the downlink verification request b by using a public key of the client;
      if the authentication passes, sending a verification result indicating that the bidirectional authentication passes to the client;
      and if not, sending a verification result indicating that the client authentication fails to be carried out to the client.
      Preferably, the digital signature object is a string of random numbers; the digital signature comprises a signature code and a check code.
      Due to the adoption of the scheme, the invention has the beneficial effects that: the information verification method of the invention uses voice or short message verification only in the registration stage, and uses bidirectional authentication based on asymmetric key or one-way authentication based on symmetric key between the client and the server, thereby greatly improving the reliability and safety of verification, greatly simplifying the verification process and reducing the verification cost. The use of the key container file further greatly improves the reliability and safety of verification and the simplicity of the process, and also promotes the reduction of the verification cost.
    Drawings
      FIG. 1 is a schematic diagram of various stages in an embodiment of the present invention;
      FIG. 2 is a diagram illustrating a third phase, namely an asymmetric key-based mutual authentication phase, according to an embodiment of the present invention;
      FIG. 3 is an overall flow chart of an embodiment of the present invention;
      fig. 4 is a flowchart of the interception verification method of the voice calling number in this embodiment.
    Detailed Description
      The invention will be further described with reference to examples of embodiments shown in the drawings.
      The invention provides an information verification method, which comprises the following steps:
      (1) the client sends user registration information to the server to request for verifying the user identity;
      the server is used for verifying the user identity and generating a key container file corresponding to the client according to the user registration information after the user identity is successfully verified.
      (2) And after receiving the message indicating that the user identity is successfully verified from the server, the client downloads the key container file from the server or updates the original key container file into the key container file. The key container file contains information to be matched and a public-private key pair or a symmetric key of the asymmetric key, and the information to be matched and the public-private key pair or the symmetric key of the asymmetric key are bound with the key container file to be used for authenticating the client.
      (3) And when the actual information in the client is successfully matched with the information to be matched and the authenticity of the user identity is required to be authenticated in the application service of the client, the client performs bidirectional authentication based on the asymmetric key or unidirectional authentication based on the symmetric key on the server.
      Fig. 1 is a schematic diagram showing various stages of the information verification method, and the above steps correspond to the stages in fig. 1. Fig. 2 is a schematic diagram of the third phase as the asymmetric key based mutual authentication phase.
      In this embodiment, the information to be matched is a user name and client hardware system information. The key container file also contains the binary code of the key core algorithm. In this embodiment, the key container file is formed by: according to different CPUs and compilers, binary codes of compiled executable software are subjected to secondary transformation or partial information replacement, and keys or algorithms are mixed with the binary codes and binary data of the executable software in a binary form.
      The logic of the key container file is encrypted and then stored in a dynamic link library, and the corresponding encryption key is managed by a user or a background; in addition, only the specified process may access the key container file. In the using process of the key container file, the related information is decrypted and then is placed in the memory or the cache for use, and after the key container file is used, the corresponding use area is covered by the junk data so as to meet the requirements of quick and safe use.
      In the step (1), the user identity can be verified in a voice calling number or voice calling number interception mode, a voice verification information broadcasting mode or a short message mode.
      When the user identity is verified in a voice calling number or voice calling number interception mode, the step (1) specifically comprises the following steps:
      (11) the client initiates a verification request of a voice calling number or a voice calling number interception mode to the server and submits user registration information; the server is used for sending a calling number to the client according to the user registration information, and then dialing the telephone number in the user registration information by the corresponding calling telephone.
      (12) The client receives a calling number sent by the server; if the client is the terminal with the public network voice communication function, the step (13) is carried out, and if not, the step (14) is carried out.
      (13) The client detects the incoming call of the server, if at the time TintervalIf the incoming call number is detected to be consistent with the calling number, stopping the ringing of the client, and sending the calling number to the server, and going to step (15); if at time TintervalIf no incoming call is detected, the client end initiates inquiry to the server to inquire whether the telephone number of the user is dialed, if yes, the step (14) is carried out, and if no dialing is carried out, the next T is carried outintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalWhen the authentication fails, displaying time overtime authentication; wherein, TintervalAnd n is a set value.
      (14) The client displays a dialog box, requires the user to input the complete calling number or the partial truncation of the calling number, and sends the complete calling number or the partial truncation of the calling number to the server to step (15).
      (15) If the calling number sent by the client to the server or the part of the interception of the calling number is consistent with the calling number sent by the server to the client, the client receives a message of successful user identity verification sent by the server; if not, the client receives the message of user authentication failure sent by the server; if the calling number sent by the client or part of the interception of the calling number is not received by the server within a certain time, the client displays that the time overtime verification fails; the certain time is a set value.
      The user registration information includes a telephone number, such as a mobile phone number, of the user at the client; and (5) dialing the telephone number in the user registration information through the public telephone network in the step (11).
      And (3) downloading the key container file or the original key container file of the updated key system as the key container file through an internet encryption channel in the step (2).
      In this embodiment, when performing bidirectional authentication based on an asymmetric key, the step (3) specifically includes the following steps:
      (31) a client initiates an uplink verification request a to a server, generates a digital signature object of the uplink verification request a and sends the digital signature object to the server; the server is used for generating a digital signature object of the uplink verification request a and a digital signature object of the downlink verification request b by using a private key of the server, and replying to the client;
      (32) the client checks the digital signature of the uplink signature checking request a by using the public key of the server, and the step (33) is passed, and the step (35) is not passed;
      (33) the client generates a digital signature of the downlink verification request b according to a private key of the client and sends the digital signature to the server; the server is used for verifying the digital signature of the downlink verification request b by using the public key of the client, if the digital signature passes through the step (34), the digital signature does not pass through the step (36);
      (34) the client receives a verification result indicating that the bidirectional authentication passes from the server;
      (35) the client fails to verify the identity of the server;
      (36) the authentication of the client fails.
      In the above process, both the two digital signature objects can be a string of random numbers; both digital signatures may include a signature code and a check code.
      The invention also provides an information verification method, which comprises the following steps:
      (1) the server receives the user registration information from the client and verifies the user identity of the client.
      (2) And after the server successfully verifies the user identity, generating a key container file corresponding to the client according to the user registration information of the client. The client is used for downloading the key container file or updating the original key container file into the key container file from the server after receiving the message indicating that the user identity is successfully verified from the server, and initiating bidirectional authentication based on an asymmetric key or unidirectional authentication based on a symmetric key to the server after the key container file is successfully matched with the key container file. The key container file contains information to be matched and a public-private key pair or a symmetric key of an asymmetric key, and the information to be matched and the public-private key pair or the symmetric key of the asymmetric key are bound with the key container so as to be used for authenticating a client.
      (3) And after the actual information in the client is successfully matched with the information to be matched, when the application service of the client needs to carry out user identity authenticity authentication, the server carries out bidirectional authentication based on the asymmetric key or unidirectional authentication based on the symmetric key on the client.
      In this embodiment, the information to be matched is a user name and client hardware system information; the key container file also contains the binary code of the key core algorithm. In this embodiment, the key container file is formed by: according to different CPUs and compilers, binary codes of compiled executable software are subjected to secondary transformation or partial information replacement, and keys or algorithms are mixed with the binary codes and binary data of the executable software in a binary form.
      The logic of the key container file is encrypted and then stored in a dynamic link library, and the corresponding encryption key is managed by a user or a background; only the specified process can access the key container. In the using process of the key container file, the related information is decrypted and then is placed in the memory or the cache for use, and after the key container file is used, the corresponding use area is covered by the junk data so as to meet the requirements of quick and safe use.
      In the invention, the user identity of the client is verified in the step (1) based on the voice calling number or the interception mode of the voice calling number, the verification information broadcasting mode or the short message mode.
      When the user identity of the client is verified based on the voice calling number or the interception mode of the voice calling number in the step (1), the step (1) comprises the following specific steps:
      (11) the server receives a verification request of a voice calling number or a voice calling number interception mode from a client and user registration information.
      (12) The server sends the calling number to the client, and then the corresponding calling telephone dials the telephone number in the user registration information.
      When the client has a public network voice communication function, the client is used for detecting an incoming call and: if at time TintervalIf the incoming call number is detected to be consistent with the calling number, stopping the ringing of the client and sending the calling number to the server; if at time TintervalIf no incoming call is detected, initiating inquiry to the server to inquire whether the user number is dialed, if yes, displaying a dialog box, requiring the user to input a complete calling number or a partial interception of the calling number, and sending the calling number or the partial interception of the calling number to the server; if not, continuing to the next TintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalIf so, displaying that the time overtime verification fails; wherein, TintervalAnd n is a set value.
      If the client is not the terminal with the public network voice communication function, the client is used for displaying a dialog box, requiring the user to input a complete calling number or a partial interception of the calling number, and sending the calling number or the partial interception of the calling number to the server.
      (13) The server compares the calling number sent by the client or the part of the interception of the calling number with the actually dialed calling number, if the calling number is consistent with the actually dialed calling number, the client is replied, and the user identity authentication is successful; if not, replying to the client, and failing to verify the user identity; if the calling number or the part of the interception of the calling number sent by the client is not received within a certain time, the client is used for displaying time overtime verification failure; the certain time is a set value.
      The user registration information includes a telephone number, such as a mobile phone number, of the user at the client; and (12) dialing the telephone number in the user registration information through the public telephone network.
      In this embodiment, when performing bidirectional authentication based on an asymmetric key, the step (3) specifically includes the following steps:
      (31) the server receives the digital signature object of the uplink verification request a from the client, generates the digital signature of the uplink verification request a and the digital signature object of the downlink verification request b by using a private key of the server, and replies to the client.
      The client is used for verifying the digital signature of the uplink signature verification request a by using a public key of the server, and comprises the following steps: when the verification request passes through the server, generating a digital signature of a downlink verification request b according to a private key of the client, and sending the digital signature to the server; and when the authentication fails, the server authentication is displayed.
      (32) When the server receives the digital signature of the downlink verification request b from the client, the public key of the client is used for verifying the digital signature of the downlink verification request b; if the authentication passes, sending a verification result indicating that the bidirectional authentication passes to the client; and if not, sending a verification result indicating that the client authentication fails to be carried out to the client.
      In the above process, the digital signature object may be a string of random numbers; the digital signature may include a signature code and a check code.
      When the information verification method is implemented by a specific computer program in a system composed of a server and a client, based on the core technical idea of the information verification method, considering the actual operation situation, the following specific steps may be implemented, and fig. 3 is a flowchart thereof:
      (1) the client self-check, which checks the key container file of the asymmetric key system through the authentication application program of the client, comprises:
      (11) whether a key container file exists;
      (12) whether the cyclic redundancy check or the hash transformation check of the file content of the key container is correct or not;
      (13) reading the system information of the client hardware system information and the key container file, and comparing the system information of the key container file with the hardware information stored in the key container file to determine whether the system information of the key container file is matched with the hardware information stored in the key container file;
      (14) whether the user name needing identity authentication is matched with the user name stored in the key container file or not is judged;
      checking (11) for the purpose of confirming whether the client downloads the key container file;
      the purpose of the check (12) is to verify whether the key container file is damaged or tampered with, and if the check is passed, it can be confirmed that the key container file is fully available;
      the purpose of the check (13) is to check whether the key container file is illegally copied, and if the check is passed, it can be confirmed that the key container file is downloaded from a legal channel and not illegally copied;
      the purpose of the check (14) is to confirm whether the username is present in the key container file.
      If any of the above checks (11) - (14) fails, going to step (2); if (11) - (14) are all passed, go to step (5).
      (2) If the client does not have the key container file, or the key container file is damaged, or a new user name is added into the key container file, the client re-initiates the following steps to the verification server: and (3) verifying the authenticity of the user identity by using verification modes such as short message, telephone voice broadcast verification or telephone number interception, and the like, if the verification fails to reach the step (9), if the verification passes:
      (21) if any of the checks (11) to (13) in the step (1) fails, going to the step (3);
      (22) if the checks (11) - (13) in the step (11) pass, only the check (14) does not pass, and going to the step (4);
      (3) the client does not have the key container file, or the key container file is damaged, and the key container file needs to be reapplied. The authentication client sends the user registration information and the user terminal hardware information to the authentication server through an internet encryption channel, the authentication server records the user registration information, distributes the asymmetric key system identification and the public and private key pairs, generates a key container file of the asymmetric key system bound with the user registration name and the user terminal hardware information, and sends the key container file to the client. And (3) the client receives the key container file, saves the key container file in the local storage system, adds the system information stored by the current file into the key container file for the key container file check in the step (1), and goes to the step (9).
      (4) The client has a key container file, and the key container file is intact, only a new user name needs to be added. The authentication client sends the user registration information to the authentication server through the internet encryption channel, and the authentication server records the user registration information. The client adds the new user registration name to the key container file, proceeding to step (9).
      (5) The method comprises the steps that a client needing to be verified initiates an asymmetric key uplink verification request a (from the client to a server), the client generates a digital signature object (which can be a string of random numbers) of the uplink verification request a and sends the digital signature object to a verification server, the verification server generates a digital signature (a signature code and a check code) of the uplink verification request a and a digital signature object (which can be a string of random numbers) of a downlink verification request b (from the server to the client) by using a private key of the verification server, the verification server replies to the verification client, the verification client verifies the digital signature of the verification request a by using a public key of the verification server, and the verification client passes to the step (6) and does not pass to the step.
      (6) The verification client receives the signature object of the downlink verification request b, responds to the asymmetric key to verify the downlink verification request b, the client uses the digital signature object of the downlink verification request b provided by the verification server and a private key of the client to generate a digital signature (a signature code and a check code) of the downlink verification request b and sends the digital signature to the verification server, the verification server uses a public key of the verification client to verify the signature of the digital signature of the downlink verification request b, and the verification client passes the step (7) and does not pass the step (9).
      (7) And the verification result is replied to the verification client after the two-way authentication is passed.
      (8) The authentication server fails in authentication.
      (9) And the authentication of the client fails.
      And (3) during the program running process, after the step (9), entering the step (1) to perform a new cycle. Steps (3) and (4) are intended to prepare for the next cycle in case the key container file is not intact or, although intact, a new user name needs to be added.
      The hardware information of the key container file binding in the invention can be MAC address, IMSI number of the mobile phone SIM card, IMEI number of the mobile phone, etc., and the file system information of the key container file binding can be file creation timestamp, etc.
      When a telephone number verification mode, namely the voice number interception mode, is adopted, the step (2) specifically includes the following steps:
      and (2.1) the client authentication software initiates a telephone number interception authentication request to the authentication server and submits user registration information.
      (2.2) the authentication server dials the telephone number in the user registration information through the public telephone network, and before dialing the client number, the calling number is sent to the client authentication software, if the client is the terminal with the public network voice communication function, the step (2.3) is carried out, otherwise, the step (2.4) is carried out.
      (2.3) client-side verifies that software detects an incoming call, if at time TintervalIf the incoming call number is detected to be consistent with the calling number of the server, the calling number is sent to the verification server, and the step (2.5) is carried out; if at time TintervalIf not, the client-side verification software inquires the server whether the user number is dialed through, if yes, the step (2.4) is carried out, and if not, the next T is carried outintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalThen go to step (2.8);
      (2.4) the client verification software displays a dialog box, the user is required to input a complete calling number or a partial interception of the calling number, and the client verification software sends the complete calling number or the partial interception of the calling number to the server until the step (2.5);
      (2.5) the server compares the calling number sent by the client verification software or the partial truncation of the calling number with the actually dialed calling number, and if the calling number and the partial truncation of the calling number are consistent, the server goes to the step (2.6); if not, the step (2.7) is carried out; if the calling number or part of the calling number sent by the client verification software is not received within a certain time, intercepting to step (2.8); the certain time is a set value;
      and (2.6) replying to the client software, and the user identity authentication is successful.
      And (2.7) replying to the client software, and failing to verify the identity of the user.
      (2.8) time-out validation fails.
      Fig. 4 is a flowchart illustrating the above telephone number verification method, i.e. the method of intercepting the voice calling number.
      When a short message verification code mode is adopted, the step (2) specifically comprises the following steps:
      and (2.1) the client side sends a short message verification code verification request to the server and submits user registration information including a terminal number.
      (2.2) the server generates a verification code, and sends the short message verification code to the client through the short message server or the short message channel, if the client is the terminal with the short message automatic identification, the step (2.3) is carried out, and if not, the step (2.4) is carried out.
      (2.3) the client detects the short message verification code in the short message, if the short message verification code is in the time TintervalIf the short message sending number is detected to be consistent with the number of the short message server or the short message channel server, the obtained short message verification code is sent to the server, and the step (2.5) is carried out; if at time TintervalIf not, the client inquires whether the short message verification code corresponding to the user number is sent or not from the server, if so, the step (2.4) is carried out, and if not, the next T is carried outintervalDetecting the received short message within a time period, wherein the total detection time is more than nxTintervalThen go to step (2.8);
      (2.4) the client displays a dialog box, the user is required to input a complete short message verification code or a part of short message verification code interception, and the client verification software sends the short message verification code or the short message verification code interception number to the server until the step (2.5);
      (2.5) the server compares the short message verification code or the truncated number of the short message verification code sent by the client with the actually sent short message verification code, and if the short message verification code or the truncated number of the short message verification code is consistent with the actually sent short message verification code, the step (2.6) is carried out; if not, the step (2.7) is carried out; step (2.8) is that the short message verification code sent by the client verification software is not received within a certain time; the certain time is a set value;
      and (2.6) replying to the client software, and the user identity authentication is successful.
      And (2.7) replying to the client software, and failing to verify the identity of the user.
      (2.8) time-out validation fails.
      When the mode of voice broadcasting the verification information by the telephone is adopted, the step (2) specifically comprises the following steps:
      and (2.1) the client initiates a telephone voice broadcast verification request to the server and submits user registration information including a terminal number.
      And (2.2) the server generates a verification code, calls the terminal through a voice server or a voice service channel, and broadcasts voice verification information to the user through voice after the call is made, wherein the voice verification information can be a section of verification code.
      (2.3) the client displays a dialog box, the user is required to input the intercepted complete voice verification code or partial voice verification code, and the client verification software sends the voice verification code or the intercepted voice verification code number to the server until the step (2.4);
      (2.4) the server compares the voice verification code or the interception number of the voice verification code sent by the client with the voice verification code which is actually broadcasted, and if the voice verification code or the interception number of the voice verification code is consistent with the voice verification code which is actually broadcasted, the server goes to the step (2.5); if not, the step (2.6) is carried out; the voice verification code sent by the client verification software is not received within a certain time to the step (2.7); the certain time is a set value;
      and (2.5) replying to the client, wherein the user identity authentication is successful.
      And (2.6) replying to the client, wherein the user identity authentication fails.
      (2.7) time-out validation fails.
      The information verification method of the invention uses voice or short message verification only in the registration stage, and uses bidirectional authentication based on asymmetric key or one-way authentication based on symmetric key between the client and the server, thereby greatly improving the reliability and safety of verification, greatly simplifying the verification process and reducing the verification cost. The use of the key container file further greatly improves the reliability and safety of verification and the simplicity of the process, and also promotes the reduction of the verification cost.
      The embodiments described above are intended to facilitate one of ordinary skill in the art in understanding and using the present invention. It will be readily apparent to those skilled in the art that various modifications to these embodiments may be made, and the generic principles described herein may be applied to other embodiments without the use of the inventive faculty. Therefore, the present invention is not limited to the embodiments described herein, and those skilled in the art should make improvements and modifications within the scope of the present invention based on the disclosure of the present invention.
    Claims (9)
1. An information verification method, characterized by: the method comprises the following steps:
      (1) the client sends user registration information to the server to request for verifying the user identity;
      the server is used for verifying the user identity and generating a key container file corresponding to the client according to the user registration information after the user identity is successfully verified;
      (2) after receiving a message indicating that the user identity is successfully verified from a server, a client downloads the key container file or updates an original key container file to be the key container file from the server, wherein the key container file comprises information to be matched and a public-private key pair or a symmetric key of an asymmetric key, and the information to be matched and the public-private key pair or the symmetric key of the asymmetric key are bound with the key container file so as to be used for authenticating the client;
      (3) when the actual information in the client is successfully matched with the information to be matched and the user identity authenticity authentication is required to be carried out on the application service of the client, the client carries out bidirectional authentication based on an asymmetric key or unidirectional authentication based on a symmetric key on the server;
      in the step (1), the user identity is verified in a manner of intercepting the voice calling number or the voice calling number, and the step (1) comprises the following steps:
      (11) the server receives a verification request of a voice calling number or a voice calling number interception from a client and user registration information;
      (12) the server sends the calling number to the client, and then the corresponding calling phone dials the phone number in the user registration information;
      (13) the server compares the calling number sent by the client or the part of the interception of the calling number with the actually dialed calling number, if the calling number is consistent with the actually dialed calling number, the client is replied, and the user identity authentication is successful; if not, replying to the client, and failing to verify the user identity; if the calling call sent by the client is not received within a certain time, the client is used for displaying time overtime verification failure; the certain time is a set value.
    2. The information verification method according to claim 1, characterized in that: the information to be matched is user name and client hardware system information; the key container file also contains binary codes of a key core algorithm;
      preferably, the key container file is formed by: according to different CPUs and compilers, carrying out secondary transformation or partial information replacement on binary codes of compiled executable software, and obtaining a secret key or an algorithm by mixing the binary codes of the executable software and binary data in a binary form;
      preferably, the logic of the key container file is encrypted and then stored in a dynamic link library, and the corresponding encryption key is managed by a user or a background;
      preferably, only a specified process can access the key container file;
      preferably, in the using process of the key container file, the related information is decrypted and then is placed in the memory or the cache for use, and after the use, the corresponding use area is covered by the junk data, so as to meet the requirements of quick and safe use.
    3. The information verification method according to claim 1, characterized in that: when the user identity is verified in the step (1) by adopting a voice calling number or a voice calling number interception mode, the step (1) comprises the following steps:
      (11) the client initiates a voice calling number or a voice calling number interception verification request to the server and submits user registration information; the server is used for sending a calling number to the client according to the user registration information, and then dialing the telephone number in the user registration information by the corresponding calling telephone;
      (12) the client receives a calling number sent by the server; if the client is a terminal with a public network voice communication function, going to step (13), otherwise going to step (14);
      (13) the client detects the incoming call of the server, if at the time TintervalIf the incoming call number is detected to be consistent with the calling number, stopping the ringing of the client, and sending the calling number to a server, and going to step (15); if at time TintervalIf no incoming call is detected, the client end initiates inquiry to the server to inquire whether the user number is dialed, if yes, the step (14) is carried out, and if no dialing is carried out, the next T is carried outintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalIf so, displaying that the time overtime verification fails; wherein, TintervalAnd n is a set value;
      (14) the client displays a dialog box, and requires the user to input a complete calling number or a partial interception of the calling number, and the client sends the calling number or the partial interception of the calling number to the server, and the step (15) is carried out;
      (15) if the calling number sent by the client to the server or the part of the interception of the calling number is consistent with the calling number sent by the server to the client, the client receives a message of successful user identity verification sent by the server; if not, the client receives the message of user authentication failure sent by the server; if the calling call sent by the client is not received by the server within a certain time, the client displays that the time overtime verification fails; the certain time is a set value;
      preferably, the step (11) of dialing the telephone number in the user registration information is performed through a public telephone network;
      preferably, the telephone number is a mobile phone number.
    4. The information verification method according to claim 1, characterized in that: and (3) downloading the key container file or the original key container file of the updated key system as the key container file through an internet encryption channel in the step (2).
    5. The information verification method according to claim 1, characterized in that: when the client performs bidirectional authentication based on the asymmetric key on the server, the step (3) comprises:
      (31) a client initiates an uplink verification request a to a server, generates a digital signature object of the uplink verification request a and sends the digital signature object to the server; the server is used for generating a digital signature object of the uplink verification request a and a digital signature object of the downlink verification request b by using a private key of the server, and replying to the client;
      (32) the client checks the digital signature of the uplink signature checking request a by using the public key of the server, and the step (33) is passed, and the step (35) is not passed;
      (33) the client generates a digital signature of the downlink verification request b according to a private key of the client and sends the digital signature to the server; the server is used for verifying the digital signature of the downlink verification request b by using the public key of the client, if the digital signature passes through the step (34), the digital signature does not pass through the step (36);
      (34) the client receives a verification result indicating that the bidirectional authentication passes from the server;
      (35) the client fails to verify the identity of the server;
      (36) the authentication of the client fails;
      preferably, the digital signature object is a string of random numbers; the digital signature comprises a signature code and a check code.
    6. An information verification method, characterized by: the method comprises the following steps:
      (1) the server receives user registration information from the client and verifies the user identity of the client;
      (2) after the server successfully verifies the user identity, generating a key container file corresponding to the client according to the user registration information of the client;
      the client is used for downloading the key container file or updating the original key container file into the key container file from the server after receiving the message indicating that the user identity is successfully verified from the server, and initiating bidirectional authentication based on an asymmetric key or unidirectional authentication based on a symmetric key to the server after the key container file is successfully matched with the key container file; the key container file comprises information to be matched and a public-private key pair or a symmetric key of the asymmetric key, and the information to be matched and the public-private key pair or the symmetric key of the asymmetric key are bound with the key container to be used for authenticating a client;
      (3) when the actual information in the client is successfully matched with the information to be matched and the application service of the client needs to carry out user identity authenticity authentication, the server carries out bidirectional authentication based on an asymmetric key or unidirectional authentication based on a symmetric key on the client;
      verifying the user identity of the client based on the voice calling number or the interception mode of the voice calling number in the step (1); the step (1) comprises the following steps:
      (11) the server receives a verification request of a voice calling number or a voice calling number interception from a client and user registration information;
      (12) the server sends the calling number to the client, and then the corresponding calling phone dials the phone number in the user registration information;
      (13) the server compares the calling number sent by the client or the part of the interception of the calling number with the actually dialed calling number, if the calling number is consistent with the actually dialed calling number, the client is replied, and the user identity authentication is successful; if not, replying to the client, and failing to verify the user identity; if the calling call sent by the client is not received within a certain time, the client is used for displaying time overtime verification failure; the certain time is a set value.
    7. The information verification method according to claim 6, characterized in that: the information to be matched is user name and client hardware system information; the key container file also contains binary codes of a key core algorithm;
      preferably, the key container file is formed by: according to different CPUs and compilers, carrying out secondary transformation or partial information replacement on binary codes of compiled executable software, and obtaining a secret key or an algorithm by mixing the binary codes of the executable software and binary data in a binary form;
      preferably, the logic of the key container file is encrypted and then stored in a dynamic link library, and the corresponding encryption key is managed by a user or a background;
      preferably, only a specified process can access the key container file;
      preferably, in the using process of the key container file, the related information is decrypted and then is placed in the memory or the cache for use, and after the use, the corresponding use area is covered by the junk data, so as to meet the requirements of quick and safe use.
    8. The information verification method according to claim 6, characterized in that:
      when the client has a public network voice communication function in step (12), the method is used for detecting an incoming call, and: if at time TintervalIf the incoming call number is detected to be consistent with the calling number, stopping the ringing of the client and sending the calling number to a server; if at time TintervalIf no incoming call is detected, initiating inquiry to a server to inquire whether a user number is dialed, if yes, displaying a dialog box, requiring the user to input a complete calling number or a partial interception of the calling number, and sending the calling number or the partial interception of the calling number to the server; if no dialing-through is continued at the next TintervalDetecting incoming calls within a time period, the total time period being greater than nxtintervalIf so, displaying that the time overtime verification fails;
      wherein, TintervalAnd n is a set value;
      if the client is not the terminal with the public network voice communication function, the client is used for displaying a dialog box, requiring a user to input a complete calling number or a partial interception of the calling number, and sending the calling number or the partial interception of the calling number to a server;
      preferably, the telephone number in the user registration information is dialed in the step (12) through a public telephone network;
      preferably, the telephone number is a mobile phone number.
    9. The information verification method according to claim 6, characterized in that: when the server performs bidirectional authentication based on the asymmetric key on the client, the step (3) comprises:
      (31) the server receives the digital signature object of the uplink verification request a from the client, generates the digital signature of the uplink verification request a and the digital signature object of the downlink verification request b by using a private key of the server, and replies to the client;
      the client is used for verifying the digital signature of the uplink signature verification request a by using a public key of the server, and the client is further used for: when the verification request passes the verification request, generating a digital signature of the downlink verification request b according to a private key of a client, and sending the digital signature to a server;
      when the authentication fails, the authentication of the server is failed;
      (32) when the server receives the digital signature of the downlink verification request b from the client, the server verifies the digital signature of the downlink verification request b by using a public key of the client;
      if the authentication passes, sending a verification result indicating that the bidirectional authentication passes to the client;
      if not, sending a verification result indicating that the client authentication fails to the client;
      preferably, the digital signature object is a string of random numbers; the digital signature comprises a signature code and a check code.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN201610971327.2A CN106656992B (en) | 2016-11-03 | 2016-11-03 | Information verification method | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN201610971327.2A CN106656992B (en) | 2016-11-03 | 2016-11-03 | Information verification method | 
Publications (2)
| Publication Number | Publication Date | 
|---|---|
| CN106656992A CN106656992A (en) | 2017-05-10 | 
| CN106656992B true CN106656992B (en) | 2020-06-19 | 
Family
ID=58821957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN201610971327.2A Expired - Fee Related CN106656992B (en) | 2016-11-03 | 2016-11-03 | Information verification method | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN106656992B (en) | 
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN107547570B (en) * | 2017-09-30 | 2023-12-05 | 国信优易数据股份有限公司 | A data security service platform and data security transmission method | 
| CN110058967B (en) * | 2019-03-14 | 2021-03-26 | 郑州轻工业学院 | Multi-computer cooperation system and cooperation method based on star topology structure | 
| CN110365664B (en) * | 2019-06-27 | 2022-04-05 | 上海淇馥信息技术有限公司 | Mobile phone number registration method and device based on intelligent voice outbound call and electronic equipment | 
| CN114138399B (en) * | 2020-09-03 | 2025-01-28 | 中国电信股份有限公司 | Container security authentication method, system, device and computer-readable storage medium | 
| CN112954693B (en) * | 2021-02-10 | 2023-02-24 | 中国工商银行股份有限公司 | Identity authentication method, identity authentication server and terminal | 
| CN113965323B (en) * | 2021-10-26 | 2023-09-05 | 云南大学 | Certificate-free tamper-proof method and system for body measurement data | 
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN101043337A (en) * | 2007-03-22 | 2007-09-26 | 中兴通讯股份有限公司 | Interactive process for content class service | 
| CN101431415A (en) * | 2008-12-12 | 2009-05-13 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method | 
| CN102413132A (en) * | 2011-11-16 | 2012-04-11 | 北京数码视讯软件技术发展有限公司 | Two-way-security-authentication-based data downloading method and system | 
| CN103124269A (en) * | 2013-03-05 | 2013-05-29 | 桂林电子科技大学 | Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment | 
| CN104253806A (en) * | 2013-06-29 | 2014-12-31 | 华为终端有限公司 | Authentication method, client and server | 
| CN104901803A (en) * | 2014-08-20 | 2015-09-09 | 易兴旺 | Data interaction safety protection method based on CPK identity authentication technology | 
| CN104901935A (en) * | 2014-09-26 | 2015-09-09 | 易兴旺 | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | 
| CN105872848A (en) * | 2016-06-13 | 2016-08-17 | 北京可信华泰信息技术有限公司 | Credible two-way authentication method applicable to asymmetric resource environment | 
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CA2446304C (en) * | 2001-05-01 | 2012-03-20 | Vasco Data Security, Inc. | Use and generation of a session key in a secure socket layer connection | 
| US20030221126A1 (en) * | 2002-05-24 | 2003-11-27 | International Business Machines Corporation | Mutual authentication with secure transport and client authentication | 
- 
        2016
        - 2016-11-03 CN CN201610971327.2A patent/CN106656992B/en not_active Expired - Fee Related
 
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN101043337A (en) * | 2007-03-22 | 2007-09-26 | 中兴通讯股份有限公司 | Interactive process for content class service | 
| CN101431415A (en) * | 2008-12-12 | 2009-05-13 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method | 
| CN102413132A (en) * | 2011-11-16 | 2012-04-11 | 北京数码视讯软件技术发展有限公司 | Two-way-security-authentication-based data downloading method and system | 
| CN103124269A (en) * | 2013-03-05 | 2013-05-29 | 桂林电子科技大学 | Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment | 
| CN104253806A (en) * | 2013-06-29 | 2014-12-31 | 华为终端有限公司 | Authentication method, client and server | 
| CN104901803A (en) * | 2014-08-20 | 2015-09-09 | 易兴旺 | Data interaction safety protection method based on CPK identity authentication technology | 
| CN104901935A (en) * | 2014-09-26 | 2015-09-09 | 易兴旺 | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | 
| CN105872848A (en) * | 2016-06-13 | 2016-08-17 | 北京可信华泰信息技术有限公司 | Credible two-way authentication method applicable to asymmetric resource environment | 
Also Published As
| Publication number | Publication date | 
|---|---|
| CN106656992A (en) | 2017-05-10 | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| CN106656992B (en) | Information verification method | |
| CN103095662B (en) | A kind of online transaction safety certifying method and online transaction security certification system | |
| US9047444B2 (en) | Mobile application registration | |
| US7000117B2 (en) | Method and device for authenticating locally-stored program code | |
| JP4628468B2 (en) | Providing limited access to mobile device functions | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| EP1802155A1 (en) | System and method for dynamic multifactor authentication | |
| US20080003980A1 (en) | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof | |
| US7509119B2 (en) | Authentication method and device in a telecommunication network using a portable device | |
| CN109039652B (en) | Digital certificate generation and application method | |
| US20060095290A1 (en) | System and method for authenticating users for secure mobile electronic gaming | |
| NZ547903A (en) | A method of generating an authentication token and a method of authenticating an online transaction | |
| US11403633B2 (en) | Method for sending digital information | |
| CN101577917A (en) | Safe dynamic password authentication method based on mobile phone | |
| CN105357186A (en) | Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism | |
| CN109728896A (en) | A kind of incoming call certification and source tracing method and process based on block chain | |
| CN105701423A (en) | Data storage method and device applied to cloud payment transactions | |
| CN111970122B (en) | Official APP identification method, mobile terminal and application server | |
| CN114466353B (en) | App user ID information protection device, method, electronic device and storage medium | |
| CN114845301A (en) | Number verification method, terminal and system based on super SIM card | |
| CN114900577A (en) | Calling subscriber identity display method, terminal and system based on super SIM card | |
| CN110944300B (en) | Short message service system, forwarding interface device and defense server | |
| CN109981677A (en) | A kind of credit management method and device | |
| KR101321829B1 (en) | Method and system for site visitor authentication | |
| CN107864136A (en) | A kind of stolen method of anti-locking system short message service | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date: 20200619 Termination date: 20201103 |