[go: up one dir, main page]

CN114398600A - Identity authentication method, system, electronic device and computer-readable storage medium - Google Patents

Identity authentication method, system, electronic device and computer-readable storage medium Download PDF

Info

Publication number
CN114398600A
CN114398600A CN202111544044.7A CN202111544044A CN114398600A CN 114398600 A CN114398600 A CN 114398600A CN 202111544044 A CN202111544044 A CN 202111544044A CN 114398600 A CN114398600 A CN 114398600A
Authority
CN
China
Prior art keywords
target
terminal authorization
authorization key
client
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202111544044.7A
Other languages
Chinese (zh)
Inventor
李祖南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yihi Car Rental Service Management Shanghai Co ltd
Shanghai Yihi Information Technology Service Co ltd
Original Assignee
Yihi Car Rental Service Management Shanghai Co ltd
Shanghai Yihi Information Technology Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yihi Car Rental Service Management Shanghai Co ltd, Shanghai Yihi Information Technology Service Co ltd filed Critical Yihi Car Rental Service Management Shanghai Co ltd
Priority to CN202111544044.7A priority Critical patent/CN114398600A/en
Publication of CN114398600A publication Critical patent/CN114398600A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0645Rental transactions; Leasing transactions

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an identity authentication method, an identity authentication system, electronic equipment and a computer readable storage medium, wherein the method applied to a server comprises the following steps: receiving a login request sent by a client, wherein the login request comprises a target user name and a target password of a user requesting login and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the program to be logged in different clients are different; judging whether a binding relationship exists between the target user name and the target terminal authorization key; if not, not allowing the user to pass the identity authentication; and if the target password exists, allowing the user to pass the authentication if the target password is correct. The invention can realize the dual authentication of the user identity and the equipment identity in the login process, makes up the defect of identity authentication only and improves the security of identity authentication.

Description

Identity authentication method, system, electronic device and computer-readable storage medium
Technical Field
The present invention relates to the field of computer network security technologies, and in particular, to an identity authentication method, an identity authentication system, an electronic device, and a computer-readable storage medium.
Background
Currently, with the development of mobile internet, more and more service enterprises abandon the original pure offline service mode and adopt the online and offline hybrid service mode. For example, an enterprise may receive customer orders online and service customers offline. Taking the automobile leasing industry as an example, for automobile leasing companies chained nationwide, the stores may be distributed throughout provincial, urban and district administrative areas nationwide, and there may be multiple stores in the same administrative area. Thus, a service enterprise typically employs a distributed store system to manage all stores.
The identity authentication of the existing distributed store system generally adopts a user name plus password authentication mode, and in addition, some identity authentication modes can also add a mobile phone authentication code due to safety considerations, namely, two-factor authentication is realized through the user name plus password plus mobile phone authentication code.
However, after the user is authenticated by the user name/password/mobile phone verification code, any terminal equipment can log in the system at will, and for enterprises, the risk of information leakage exists.
Disclosure of Invention
The invention aims to provide an identity verification method, an identity verification system, electronic equipment and a computer readable storage medium, which improve the security of identity authentication.
In order to achieve the above purpose, the invention is realized by the following technical scheme:
an identity authentication method applied to a server includes:
receiving a login request sent by a client, wherein the login request comprises a target user name and a target password of a user requesting login and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the program to be logged in different clients are different;
judging whether a binding relationship exists between the target user name and the target terminal authorization key;
if not, not allowing the user to pass the identity authentication;
and if the target password exists, allowing the user to pass the authentication if the target password is correct.
Further, the identity authentication method further comprises:
if the target user name does not exist in the binding relationship with the target terminal authorization key, judging whether the user is initially logged in;
if the login is the initial login, establishing a binding relationship between the target user name and the target terminal authorization key, and allowing the user to pass identity authentication;
and if the login is not the initial login, not allowing the user to pass the authentication.
Further, a binding relationship between the user name and the terminal authorization key is stored in the server in advance;
the judging whether a binding relationship exists between the target user name and the target terminal authorization key includes:
and judging whether a binding relationship exists between the target user name and the target terminal authorization key or not according to the pre-stored binding relationship between the user name and the terminal authorization key.
Further, the target terminal authorization key is calculated in the following manner:
and acquiring the ID data of the CPU of the client, the ID data of an operating system, the ID data of the Bios, all Mac addresses and the id data of the program to be logged in, and generating the target terminal authorization key by adopting an encryption algorithm.
An identity authentication method is applied to a client and comprises the following steps:
responding to a login operation of a user requesting login, and sending a login request to a server, wherein the login request comprises a target user name and a target password of the user and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the program to be logged in different clients are different;
and receiving an authentication result returned by the server.
Further, the target terminal authorization key is calculated in the following manner:
and acquiring the ID data of the CPU of the client, the ID data of an operating system, the ID data of the Bios, all Mac addresses and the id data of the program to be logged in, and generating the target terminal authorization key by adopting an encryption algorithm.
An identity verification system comprises a client and a server, wherein,
the client is used for responding to login operation of a user requesting login and sending a login request to a server, wherein the login request comprises a target user name and a target password of the user and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the programs to be logged in different clients are different; receiving an authentication result returned by the server;
the server is used for receiving a login request sent by the client and judging whether a binding relationship exists between the target user name and the target terminal authorization key; if not, not allowing the user to pass the identity authentication; if the target password exists, allowing the user to pass the identity authentication under the condition that the target password is correct; and returning the authentication result to the client.
Further, the client calculates the target terminal authorization key in the following manner:
and acquiring the ID data of the CPU of the client, the ID data of an operating system, the ID data of the Bios, all Mac addresses and the id data of the program to be logged in, and generating the target terminal authorization key by adopting an encryption algorithm.
An electronic device, comprising:
at least one processing unit; and
at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit, cause the electronic device to perform steps according to the identity verification method described above.
A computer readable storage medium having stored therein computer program code which when executed performs the steps of the authentication method according to the above.
Compared with the prior art, the invention has the following advantages:
the invention can help the distributed store system to realize the double authentication of the user identity and the equipment identity in the login process, makes up the defect of identity authentication only, and simultaneously does not need to invest complicated network equipment such as VPN and the like, thereby greatly reducing the cost of the distributed store identity authentication and simplifying the identity authentication operation process.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description will be briefly introduced, and it is obvious that the drawings in the following description are an embodiment of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts according to the drawings:
fig. 1 is a schematic diagram of an authentication system according to an embodiment of the present invention;
fig. 2 is a flowchart of an authentication method according to an embodiment of the present invention;
fig. 3 is a flowchart of an authentication method according to another embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and the detailed description. The advantages and features of the present invention will become more apparent from the following description. It is to be noted that the drawings are in a very simplified form and are all used in a non-precise scale for the purpose of facilitating and distinctly aiding in the description of the embodiments of the present invention. To make the objects, features and advantages of the present invention comprehensible, reference is made to the accompanying drawings. It should be understood that the structures, ratios, sizes, and the like shown in the drawings and described in the specification are only used for matching with the disclosure of the specification, so as to be understood and read by those skilled in the art, and are not used to limit the implementation conditions of the present invention, so that the present invention has no technical significance, and any structural modification, ratio relationship change or size adjustment should still fall within the scope of the present invention without affecting the efficacy and the achievable purpose of the present invention.
As described in the background art, the conventional authentication method focuses on the identification of a user no matter a user name + a password or a user name + a password + a mobile phone authentication code, and confirms that a login user is the user through the password, the mobile phone authentication code and other methods. However, this method ignores the authentication of the device, cannot identify whether the login device belongs to an accessible device, and has a security risk of unauthorized access to the system. Based on this, the invention provides an identity verification method, an identity verification system, an electronic device and a computer-readable storage medium.
Fig. 1 is a schematic diagram illustrating an authentication system according to an embodiment of the present invention, which includes a plurality of clients 10 and a server 20 in communication with the plurality of clients 10, and both of which perform authentication of users and devices. Here, each client may be a mobile or fixed terminal such as a tablet computer, a notebook computer, a desktop computer, or the like, equipped with a store or a car inspection point of an enterprise such as a car rental company or a used car trading company. The client 10 may communicate with the server 20 of the enterprise to send information to the server 20 and/or to receive information from the server 20. The client 10 and the server 20 can communicate with each other through various communication means, such as a fiber optic network, a mobile internet, and the like. The specific structure of the client 10 and the server 20 may be described below in conjunction with fig. 4, for example.
The plurality of clients 10 and the server 20 also form a distributed store system, when a store is deployed, terminal management software (i.e. a program to be logged in) is usually installed in the clients 10 of the store, the terminal management software refers to management software installed on a company computer by an enterprise and is used for realizing functions such as software installation management, operation audit and the like, all computers purchased by the enterprise are pre-installed with the software, and the software id is generated when the software is pre-installed in the computer and is used for distinguishing the software in different computers.
First, the identity authentication method provided by the present invention will be described in detail from the perspective of the server.
As shown in fig. 2, the identity authentication method provided in an embodiment of the present invention is applied to a server, and includes the following steps:
s110, receiving a login request sent by a client, wherein the login request comprises a target user name and a target password of a user requesting login and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the program to be logged in different clients are different;
s120, judging whether a binding relationship exists between the target user name and the target terminal authorization key; if not, performing step S130, and if so, performing step S140;
s130, not allowing the user to pass identity authentication;
and S140, allowing the user to pass identity authentication under the condition that the target password is correct.
In step S110, when a user attempts to log in to the system through a client, the client sends a user name and a password input by the user as a target user name and a target password to the server together with a target terminal authorization key of a program to be logged in the client.
And the terminal authorization keys of the programs to be logged in different clients are different. In one implementation, a specific terminal authorization key may be given to the program to be logged in different clients in advance, for example, each client is numbered according to a specific rule, and the number of the client is used as the terminal authorization key, or the number of the client is specifically processed and then used as the terminal authorization key, and the terminal authorization key of the program to be logged in is recorded in each client and the terminal authorization key of the program to be logged in is recorded in the server.
In another implementation manner, for each client, the id data of the CPU of the client, the id data of the operating system, the id data of the Bios, all Mac addresses, and the id data of the program to be logged in the client may be obtained, and a terminal authorization key of the program to be logged in the client is generated by using an encryption algorithm. In practical application, the client automatically collects the information and encrypts the information to generate the terminal authorization key each time the user starts the client, or the client collects the information in advance and encrypts the information to generate the terminal authorization key and then stores the terminal authorization key locally, and then the user automatically inquires the terminal authorization key each time the user logs in. The invention preferably adopts an encryption algorithm to generate the terminal authorization key, and aims to: 1. the method comprises the following steps that data of a plurality of information ids are captured, if the data are not encrypted, local data are easy to intercept, and information used as a judgment condition is deduced according to the format of the id, the encryption can help the information confusion of the plurality of ids, and even if the data are intercepted, a data object for realizing algorithm verification cannot be deduced; 2. the terminal equipment of the store is used in the public network, and the transmission process is not safe, so that the information transmission safety is ensured by encryption transmission.
In step S120, after the server receives the login request, it needs to determine whether a binding relationship exists between the target user name and the target terminal authorization key, if no binding relationship exists, it indicates that the user is logged in by using an unauthorized device, and if a binding relationship exists, it indicates that the user is logged in legally.
Specifically, in an implementation manner, the binding relationship between each user name and each terminal authorization key may be stored in the server in advance, so that whether the binding relationship exists between the target user name and the target terminal authorization key may be determined according to the binding relationship between the pre-stored user name and the terminal authorization key. That is, from the binding relationship between the pre-stored user name and the terminal authorization key, the user name is searched, whether the terminal authorization key corresponding to the target user name exists or not is judged, and whether the terminal authorization key is consistent with the target terminal authorization key or not is judged. If the target user name is consistent with the target terminal authorization key, determining that a binding relationship exists between the target user name and the target terminal authorization key, and if the target user name is not found or is inconsistent with the target terminal authorization key, determining that the binding relationship does not exist between the target user name and the target terminal authorization key.
In another implementation manner, if it is determined that a binding relationship does not exist between the target user name and the target terminal authorization key, it is further determined whether the user is a primary login, and the manner of determining whether the user is a primary login may refer to the prior art, which is not described herein again. If the login is the initial login, establishing a binding relationship between the target user name and the target terminal authorization key, and allowing the user to pass the identity authentication, and if the login is not the initial login, not allowing the user to pass the identity authentication. By the method, the user and the terminal authorization key of the client which logs in for the first time can be bound under the condition that the server does not pre-store the binding relationship between the user names and the terminal authorization keys, so that the binding relationship between the user names and the terminal authorization keys is gradually established.
In step S130, since there is no binding relationship, that is, the user is logged in by using an unauthorized device, the user is not allowed to pass the authentication, and at this time, a result of failing to pass the authentication may be returned to the client.
In step S140, since there is a binding relationship, that is, the user logs in by using the authorization device, it is further verified whether the target password input by the user is correct, if so, the user is allowed to pass the authentication, and if not, the user is also not allowed to pass the authentication. And simultaneously returning a result of failing to pass the identity authentication to the client.
In conclusion, in the user login process, the server simultaneously verifies the information such as the terminal authorization key, the user name, the password and the like, and only when the user name and the password are correct and the binding relationship between the user name and the terminal authorization key is also correct, the user is allowed to pass the identity verification, so that the security of the identity authentication is improved, and the risk of information leakage is avoided.
The identity authentication method provided by the invention is described in detail below from the perspective of the client.
As shown in fig. 3, the identity authentication method provided in an embodiment of the present invention is applied to a client, and includes the following steps:
s210, responding to a login operation of a user requesting login, and sending a login request to a server, wherein the login request comprises a target user name and a target password of the user and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the programs to be logged in different clients are different;
s220, receiving the authentication result returned by the server.
In step S210, when a user attempts to log in to the system through the client, the client sends the user name and password input by the user as the target user name and target password, together with the target terminal authorization key of the program to be logged in the client, to the server.
And the terminal authorization keys of the programs to be logged in different clients are different. In one implementation, a specific terminal authorization key may be given to the program to be logged in different clients in advance, for example, each client is numbered according to a specific rule, and the number of the client is used as the terminal authorization key, or the number of the client is specifically processed and then used as the terminal authorization key, and the terminal authorization key of the program to be logged in is recorded in each client and the terminal authorization key of the program to be logged in is recorded in the server.
In another implementation manner, for each client, the id data of the CPU of the client, the id data of the operating system, the id data of the Bios, all Mac addresses, and the id data of the program to be logged in the client may be obtained, and a terminal authorization key of the program to be logged in the client is generated by using an encryption algorithm. In practical application, the client automatically collects the information and encrypts the information to generate the terminal authorization key each time the user starts the client, or the client collects the information in advance and encrypts the information to generate the terminal authorization key and then stores the terminal authorization key locally, and then the user automatically inquires the terminal authorization key each time the user logs in. The invention preferably adopts an encryption algorithm to generate the terminal authorization key, and aims to: 1. the method comprises the following steps that data of a plurality of information ids are captured, if the data are not encrypted, local data are easy to intercept, and information used as a judgment condition is deduced according to the format of the id, the encryption can help the information confusion of the plurality of ids, and even if the data are intercepted, a data object for realizing algorithm verification cannot be deduced; 2. the terminal equipment of the store is used in the public network, and the transmission process is not safe, so that the information transmission safety is ensured by encryption transmission.
And after receiving the login request, the server performs authentication according to the manner described above based on the target user name, the target password and the target terminal authorization key in the login request, and finally returns an authentication result to the client.
In step S220, the client receives the authentication result returned by the server. The identity verification result comprises the following three conditions:
if the binding relationship does not exist between the target user name and the target terminal authorization key, the identity authentication result is that the user is not allowed to pass the identity authentication;
if the target user name and the target terminal authorization key have a binding relationship, but the target password is incorrect, the identity authentication result is that the user is not allowed to pass the identity authentication;
and if the binding relationship exists between the target user name and the target terminal authorization key and the target password is correct, the identity authentication result is that the user is not allowed to pass the identity authentication.
In conclusion, in the user login process, the server simultaneously verifies the information such as the terminal authorization key, the user name, the password and the like, and only when the user name and the password are correct and the binding relationship between the user name and the terminal authorization key is also correct, the user is allowed to pass the identity verification, so that the security of the identity authentication is improved, and the risk of information leakage is avoided.
Fig. 4 illustrates a block diagram of an electronic device 1000 suitable for implementing embodiments of the present invention. The electronic device 1000 may be, for example, a client 10 or a server 20 as described above.
As shown in fig. 4, electronic device 1000 may include one or more Central Processing Units (CPUs) 1010 (only one shown schematically) that may perform various suitable actions and processes in accordance with computer program instructions stored in Read Only Memory (ROM)1020 or loaded from storage unit 1080 into Random Access Memory (RAM) 1030. In the RAM 1030, various programs and data required for the operation of the electronic apparatus 1000 can also be stored. The CPU1010, ROM 1020, and RAM 1030 are connected to each other via a bus 1040. An input/output (I/O) interface 1050 is also connected to bus 1040.
A number of components in the electronic device 1000 are connected to the I/O interface 1050, including: an input unit 1060 such as a keyboard, a mouse, or the like; an output unit 1070 such as various types of displays, speakers, and the like; a storage unit 1080, such as a magnetic disk, optical disk, or the like; and a communication unit 1090 such as a network card, modem, wireless communication transceiver, or the like. The communication unit 1090 allows the electronic device 1000 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The above-described methods may be performed, for example, by the CPU1010 of the electronic device 1000 (e.g., the client 10 or the server 20). For example, in some embodiments, the methods may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 1080. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 1000 via the ROM 1020 and/or the communication unit 1090. When the computer program is loaded into RAM 1030 and executed by CPU1010, one or more operations of the methods described above may be performed. Further, the communication unit 1090 may support wired or wireless communication functions.
Those skilled in the art will appreciate that the electronic device 1000 shown in FIG. 4 is merely illustrative. In some embodiments, the client 10 or server 20 may contain more or fewer components than the electronic device 1000.
The method, system and electronic device 1000 that can be used as the client 10 and the server 20 for authentication according to the present invention are described above with reference to the drawings. However, it will be appreciated by a person skilled in the art that the execution of the steps of the method is not limited to the order shown in the figures and described above, but may be executed in any other reasonable order. In addition, the electronic device 1000 does not necessarily include all the components shown in fig. 4, it may include only some of the components necessary to perform the functions described in the present invention, and the connection manner of the components is not limited to the form shown in the drawings.
The present invention may be methods, apparatus, systems and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied therein for carrying out aspects of the present invention.
In one or more exemplary designs, the functions described herein may be implemented in hardware, software, firmware, or any combination thereof. For example, if implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The units of the apparatus disclosed herein may be implemented using discrete hardware components, or may be integrally implemented on a single hardware component, such as a processor. For example, the various illustrative logical blocks, modules, and circuits described in connection with the invention may be implemented or performed with a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both.
While the present invention has been described in detail with reference to the preferred embodiments, it should be understood that the above description should not be taken as limiting the invention. Various modifications and alterations to this invention will become apparent to those skilled in the art upon reading the foregoing description. Accordingly, the scope of the invention should be determined from the following claims.

Claims (10)

1. An identity authentication method applied to a server includes:
receiving a login request sent by a client, wherein the login request comprises a target user name and a target password of a user requesting login and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the program to be logged in different clients are different;
judging whether a binding relationship exists between the target user name and the target terminal authorization key;
if not, not allowing the user to pass the identity authentication;
and if the target password exists, allowing the user to pass the authentication if the target password is correct.
2. The authentication method of claim 1, further comprising, after receiving the login request:
if the target user name does not exist in the binding relationship with the target terminal authorization key, judging whether the user is initially logged in;
if the login is the initial login, establishing a binding relationship between the target user name and the target terminal authorization key, and allowing the user to pass identity authentication;
and if the login is not the initial login, not allowing the user to pass the authentication.
3. The identity authentication method according to claim 1, wherein a binding relationship between a user name and a terminal authorization key is stored in the server in advance;
the judging whether a binding relationship exists between the target user name and the target terminal authorization key includes:
and judging whether a binding relationship exists between the target user name and the target terminal authorization key or not according to the pre-stored binding relationship between the user name and the terminal authorization key.
4. The identity verification method of claim 1, wherein the target terminal authorization key is calculated in the following manner:
and acquiring the ID data of the CPU of the client, the ID data of an operating system, the ID data of the Bios, all Mac addresses and the id data of the program to be logged in, and generating the target terminal authorization key by adopting an encryption algorithm.
5. An identity authentication method applied to a client side comprises the following steps:
responding to a login operation of a user requesting login, and sending a login request to a server, wherein the login request comprises a target user name and a target password of the user and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the program to be logged in different clients are different;
and receiving an authentication result returned by the server.
6. The identity verification method of claim 5, wherein the target terminal authorization key is calculated in the following manner:
and acquiring the ID data of the CPU of the client, the ID data of an operating system, the ID data of the Bios, all Mac addresses and the id data of the program to be logged in, and generating the target terminal authorization key by adopting an encryption algorithm.
7. An identity verification system, comprising a client and a server, wherein,
the client is used for responding to login operation of a user requesting login and sending a login request to a server, wherein the login request comprises a target user name and a target password of the user and a target terminal authorization key of a program to be logged in the client, and the terminal authorization keys of the programs to be logged in different clients are different; receiving an authentication result returned by the server;
the server is used for receiving a login request sent by the client and judging whether a binding relationship exists between the target user name and the target terminal authorization key; if not, not allowing the user to pass the identity authentication; if the target password exists, allowing the user to pass the identity authentication under the condition that the target password is correct; and returning the authentication result to the client.
8. The authentication system according to claim 7, wherein the client calculates the target terminal authorization key by:
and acquiring the ID data of the CPU of the client, the ID data of an operating system, the ID data of the Bios, all Mac addresses and the id data of the program to be logged in, and generating the target terminal authorization key by adopting an encryption algorithm.
9. An electronic device, comprising:
at least one processing unit; and
at least one memory coupled to the at least one processing unit and storing instructions for execution by the at least one processing unit, the instructions when executed by the at least one processing unit, cause the electronic device to perform the steps of the method of any of claims 1-6.
10. A computer-readable storage medium, having computer program code stored therein, which when executed performs the method of any of claims 1-6.
CN202111544044.7A 2021-12-16 2021-12-16 Identity authentication method, system, electronic device and computer-readable storage medium Withdrawn CN114398600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111544044.7A CN114398600A (en) 2021-12-16 2021-12-16 Identity authentication method, system, electronic device and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111544044.7A CN114398600A (en) 2021-12-16 2021-12-16 Identity authentication method, system, electronic device and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN114398600A true CN114398600A (en) 2022-04-26

Family

ID=81226677

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111544044.7A Withdrawn CN114398600A (en) 2021-12-16 2021-12-16 Identity authentication method, system, electronic device and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN114398600A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208581A (en) * 2022-07-14 2022-10-18 中国银行股份有限公司 Application information processing method and device, electronic equipment and storage medium
CN115514547A (en) * 2022-09-16 2022-12-23 北京天融信网络安全技术有限公司 Identity authentication method and device, computer program product and electronic equipment
CN115834077A (en) * 2022-11-11 2023-03-21 北京深盾科技股份有限公司 Control method, control system, electronic device, and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115208581A (en) * 2022-07-14 2022-10-18 中国银行股份有限公司 Application information processing method and device, electronic equipment and storage medium
CN115514547A (en) * 2022-09-16 2022-12-23 北京天融信网络安全技术有限公司 Identity authentication method and device, computer program product and electronic equipment
CN115834077A (en) * 2022-11-11 2023-03-21 北京深盾科技股份有限公司 Control method, control system, electronic device, and storage medium

Similar Documents

Publication Publication Date Title
US7904952B2 (en) System and method for access control
US7380129B2 (en) Method and apparatus for detecting grid intrusions
US10212151B2 (en) Method for operating a designated service, service unlocking method, and terminal
CN110909379B (en) A method, device, device and storage medium for determining authority of storage cluster
CN108416589A (en) Blockchain node connection method, system and computer-readable storage medium
US12321436B2 (en) Method and apparatus for data acquisition, device and storage medium
CN114398600A (en) Identity authentication method, system, electronic device and computer-readable storage medium
CN117882337A (en) Certificate Revocation as a Service at Data Centers
CN110958119A (en) Identity verification method and device
CN113360868A (en) Application program login method and device, computer equipment and storage medium
CN111786996B (en) Cross-domain synchronous login state method and device and cross-domain synchronous login system
CN114579951B (en) Service access method, electronic device and storage medium
US8261336B2 (en) System and method for making accessible a set of services to users
US7308578B2 (en) Method and apparatus for authorizing execution for applications in a data processing system
CN116248351A (en) Resource access method, device, electronic device and storage medium
JP2004070814A (en) Server security management method, device and program
CN113395289A (en) Authentication method, authentication device, electronic equipment and storage medium
CN114614998A (en) Account identity verification method and device, computer device and storage medium
CN119652526A (en) A blockchain-based information authentication method and related equipment
CN114090996A (en) Multi-party system mutual trust authentication method and device
CN114500025B (en) Account identifier acquisition method, device, server and storage medium
CN113849802A (en) Equipment authentication method and device, electronic equipment and storage medium
CN115828309B (en) Service calling method and system
CN111740836A (en) Secure login method and device, electronic equipment and computer storage medium
US12425229B2 (en) Offline decentralized identity-based communication for applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20220426

WW01 Invention patent application withdrawn after publication