Security authentication method, system, storage medium and product based on authentication card
By combining a two-factor authentication method based on authentication cards with a telecommunications operator's management platform, the problem of privacy leaks caused by stolen user accounts is solved, achieving higher security and protection capabilities.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHINA MOBILE FINANCIAL TECHNOLOGY CO LTD
- Filing Date
- 2025-01-13
- Publication Date
- 2026-07-14
Smart Images

Figure CN122394821A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the fields of information security and network technology, and in particular to security authentication methods, systems, storage media and products based on authentication cards. Background Technology
[0002] Currently, user terminals such as smartphones, tablets, and personal computers have become an indispensable part of people's daily lives and work. These terminals run a wide variety of applications, greatly enriching users' digital life experiences. To ensure the security and privacy of personal information, most applications require users to create an account upon first use and protect account security by setting passwords or other forms of authentication mechanisms such as fingerprint recognition and facial recognition. However, although passwords are designed as an access control mechanism to restrict access to sensitive data or functions, with the advancement of technology and the frequent occurrence of information breaches, user information can be obtained through social engineering and other means, posing a risk of user account theft and subsequent privacy breaches. Summary of the Invention
[0003] The main purpose of this application is to provide a secure authentication method, system, storage medium, and product based on authentication cards, aiming to solve the technical problem of personal privacy leakage caused by stolen user accounts.
[0004] To achieve the above objectives, this application proposes a security authentication method based on an authentication card for application managers, comprising:
[0005] When a user requests access to the application corresponding to the application server, the current user information of the application to be accessed is obtained.
[0006] If the current user information passes verification, a verification code retrieval request is generated based on the application identifier of the application server and sent to the authentication card application on the user terminal.
[0007] The application obtains the first verification code from the verification code request and generates a second verification code based on the authentication card key associated with the application server.
[0008] If the first verification code and the second verification code match, it is determined that the user has access to the application to be accessed.
[0009] In one embodiment, generating a second verification code based on the authentication card key includes:
[0010] A dynamic factor is generated based on the current time, where the dynamic factor changes over time;
[0011] A second verification code is generated based on the dynamic factor and the authentication card key.
[0012] In one embodiment, before obtaining the current user information of the application to be accessed, when receiving a user's access request for an application corresponding to the application server, the method further includes:
[0013] When a registration request from the application to be accessed is received in the authentication card application, the initial user information of the application to be accessed is obtained;
[0014] If the initial user information is verified, the application identifier of the application server is sent to the authentication card application, so that the authentication card application generates an authentication card key acquisition request based on the application identifier and its own public key, and sends the authentication card key acquisition request to the authentication card management platform, so that the authentication card management platform generates the initial authentication card key based on the authentication card key acquisition request, and feeds back the initial authentication card key to the authentication card application and the application server.
[0015] The application obtains a first initial verification code determined based on the initial authentication card key, and a second initial verification code determined based on the initial authentication card key.
[0016] If the first initial verification code and the second initial verification code are the same, it is determined that the application to be accessed has been successfully registered, and the correspondence between the application identifier and the initial authentication card key is stored, so as to obtain the authentication card key associated with the application server based on the application identifier and the correspondence.
[0017] In one embodiment, the security authentication method based on the authentication card further includes:
[0018] When information leakage is detected, a reset request for the initial authentication card key stored on the application server is sent to the authentication card management platform, and the reset authentication card key is obtained from the authentication card management platform based on the reset request.
[0019] The initial authentication card key is updated using the reset authentication card key, and a second verification code is generated based on the reset authentication card key.
[0020] Furthermore, to achieve the above objectives, this application also proposes a security authentication method based on an authentication card for use in user terminals, comprising:
[0021] Based on the current user information of the application to be accessed, an access request for the application to be accessed is generated and sent to the application server corresponding to the application to be accessed, so that the application server can verify the current user information and send the application server's application identifier back to the user terminal's authentication card application.
[0022] Retrieve the authentication card key corresponding to the application identifier from the authentication card, and generate the first verification code based on the authentication card key;
[0023] Send the first verification code to the application server and receive the verification result from the application server based on the first verification code;
[0024] Based on the verification results, determine the user's access permissions to the application.
[0025] In one embodiment, generating a first verification code based on the authentication card key includes:
[0026] A dynamic factor is generated based on the current time, where the dynamic factor changes over time;
[0027] The first verification code is generated based on the dynamic factor and the authentication card key.
[0028] Furthermore, to achieve the above objectives, this application also proposes a security authentication method based on authentication cards for use in an authentication card management platform, comprising:
[0029] When a reset request is received for the authentication card key pre-stored in the application server or the authentication card key pre-stored in the user terminal's authentication card, a reset authentication card key is generated.
[0030] The reset authentication card key is sent to the application server and the authentication card to update the authentication card key stored in the application server and the authentication card itself.
[0031] Furthermore, to achieve the above objectives, this application also proposes a security authentication system based on an authentication card, comprising: a user terminal, a user server, and an authentication card management platform. Each of the user terminal, user server, and authentication card management platform has a corresponding memory, processor, and corresponding computer program. The computer program in the user server is configured to implement the steps of the above-described security authentication method based on the authentication card; the computer program in the user terminal is configured to implement the steps of the above-described security authentication method based on the authentication card; and the computer program in the authentication card management platform is configured to implement the steps of the above-described security authentication method based on the authentication card.
[0032] In addition, to achieve the above objectives, this application also proposes a storage medium, which is a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, it implements the steps of the security authentication method based on the authentication card as described above.
[0033] In addition, to achieve the above objectives, this application also provides a computer program product, which includes a computer program that, when executed by a processor, implements the steps of the authentication card-based security authentication method described above.
[0034] When this application receives a user's access request for an application corresponding to an application server, it obtains the current user information of the application. If the current user information passes verification, it generates a verification code retrieval request based on the application identifier of the application server and sends the verification code retrieval request to the authentication card application on the user's terminal. It obtains the first verification code returned by the authentication card application based on the verification code retrieval request and generates a second verification code based on the authentication card key associated with the application server. If the first verification code and the second verification code match, it determines that the user has access rights to the application. By performing a first layer of verification using user information and a second layer of verification using the first verification code returned by the authentication card application and the second verification code generated by the application server, this two-factor authentication method can prevent user account theft and privacy leaks, thus improving user account security. Attached Figure Description
[0035] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0036] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0037] Figure 1 This is a flowchart illustrating the authentication card-based security authentication method applied to an application server according to this application.
[0038] Figure 2 This is another flowchart illustrating the authentication card-based security authentication method applied to application servers in this application.
[0039] Figure 3 This is a schematic diagram illustrating the process of the application server registering with the authentication card application in this application;
[0040] Figure 4 This is another flowchart illustrating the authentication card-based security authentication method applied to application servers in this application.
[0041] Figure 5 This is a schematic diagram of the timing process of the authentication card-based security authentication method applied to an application server in this application.
[0042] Figure 6 This is another timing flowchart of the authentication card-based security authentication method applied to application servers in this application;
[0043] Figure 7This is a flowchart illustrating the authentication card-based security authentication method applied to a user terminal according to this application.
[0044] Figure 8 This is a flowchart illustrating the authentication card-based security authentication method applied to the authentication card management platform in this application.
[0045] The purpose, features, and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0046] It should be understood that the specific embodiments described herein are merely illustrative of the technical solutions of this application and are not intended to limit this application.
[0047] To better understand the technical solution of this application, a detailed description will be provided below in conjunction with the accompanying drawings and specific implementation methods.
[0048] Currently, user terminals such as smartphones, tablets, and personal computers have become an indispensable part of people's daily lives and work. These terminals run a wide variety of applications, greatly enriching users' digital life experiences. To ensure the security and privacy of personal information, most applications require users to create an account upon first use and protect account security by setting passwords or other forms of authentication mechanisms such as fingerprint recognition and facial recognition. However, although passwords are designed as an access control mechanism to restrict access to sensitive data or functions, with the advancement of technology and the frequent occurrence of information breaches, user information can be obtained through social engineering and other means, posing a risk of user account theft and subsequent privacy breaches.
[0049] To address the aforementioned issues, this application proposes a security authentication method based on an authentication card. The main technical solution includes: upon receiving a user's access request for an application corresponding to an application server, obtaining the current user information of the application; if the current user information passes verification, generating a verification code retrieval request based on the application server's application identifier, and sending the verification code retrieval request to the authentication card application on the user's terminal; obtaining the first verification code returned by the authentication card application based on the verification code retrieval request, and generating a second verification code based on the authentication card key associated with the application server; if the first and second verification codes match, confirming that the user has access rights to the application. By performing a first layer of verification using user information and a second layer of verification using the first verification code returned by the authentication card application and the second verification code generated by the application server, this two-factor authentication method can prevent user account theft and subsequent privacy leaks, thereby improving user account security.
[0050] Furthermore, this application enhances login security by adding the role of a telecommunications operator. The operator's authentication card management platform remotely transmits the authentication card key to both the authentication card and the application server. Whether a user's phone is lost or the application server's private key is leaked, the authentication card key can be changed by contacting the telecommunications operator to strengthen protection. This improved two-factor authentication method, based on authentication cards, cleverly incorporates the role of the telecommunications operator, enabling a rapid response to both physical security incidents (such as a lost phone) and logical security incidents (such as application server vulnerabilities), thereby improving the overall security of the system.
[0051] Furthermore, this application designs an improved ECC (Elliptic Curve Cryptography) algorithm with time-factor perturbation to calculate the first and second verification codes. When using ECC, this application abandons the constraints of public and private keys, instead incorporating the time factor into the algorithm. Thus, the generated first and second verification codes change over time, achieving dynamic changes in the verification codes and improving the overall security of the system.
[0052] It should be noted that the authentication card application in this application is installed on the authentication card of the user terminal. The authentication card application can be a SIM (Subscriber Identity Module) card application with two-factor authentication functionality. This authentication card stores an authentication card key, which is used to generate dynamic verification codes.
[0053] The authentication card management platform (i.e., SIM management platform) of this application is a centralized service platform maintained by a telecommunications operator. It is responsible for managing the authentication card keys of all users, as well as the interaction and information synchronization with the application server.
[0054] The application server is the core backend system for users to access various online services. It is responsible for storing and verifying users' login credentials and working in conjunction with the authentication card management platform and user terminals to implement a two-factor authentication mechanism based on authentication cards.
[0055] The smart contract is used to authenticate the user based on the private key during abnormal logins. Once the authentication is successful, it triggers the operation of resetting the authentication card key.
[0056] Based on this, some embodiments of this application provide a security authentication method based on an authentication card for application servers, referring to... Figure 1 , Figure 1 This is a flowchart illustrating some embodiments of the security authentication method based on an authentication card according to this application. The security authentication method based on an authentication card includes:
[0057] Step S10: When a user's access request for the application to be accessed corresponding to the application server is received, the current user information of the application to be accessed is obtained.
[0058] Multiple applications can be installed on a user terminal, and users can access any application on the user terminal. However, when a user accesses an application installed on the user terminal, it is necessary to verify whether the user has the right to access the application to improve the security of access to the application.
[0059] The application to be accessed is the application that the user wants to access, and this application is installed on the user's terminal. Each application to be accessed can be associated with one or more application servers.
[0060] The current user information is the user information entered by the user on the login screen of the application to be accessed when accessing the application. This user information can be the username and password.
[0061] By triggering the icon of the application to be accessed on the user's terminal, the user sends an access request to the application server of the application to be accessed. When the application server receives the access request from the user, it retrieves the user information entered by the user on the login page of the application to be accessed.
[0062] Step S20: If the current user information passes verification, generate a verification code retrieval request based on the application identifier of the application server, and send the verification code retrieval request to the authentication card application of the user terminal.
[0063] Different application servers have different application identifiers. This application identifier is a unique identifier for the application server and is used to identify which specific application server it is.
[0064] After receiving the current user information, the application server verifies it. If the verification is successful, the application server generates a verification code retrieval request based on its application identifier and sends this request to the authentication card application on the user terminal. The authentication card pre-stores the mapping between application identifiers of different application servers and their corresponding authentication card keys; different application server identifiers are associated with different authentication card keys. Upon receiving the verification code retrieval request, the authentication card application parses it to obtain the application identifier, which is used to determine which application server sent the request. After obtaining the application identifier, the authentication card application retrieves the corresponding authentication card key from the authentication card, calculates the first verification code based on the authentication card key, and sends this first verification code to the authentication card key corresponding to the application identifier.
[0065] Step S30: Obtain the first verification code from the authentication card application based on the verification code acquisition request, and generate the second verification code based on the authentication card key associated with the application server.
[0066] The application server also pre-stores the authentication card key associated with its own application identifier. The application server can generate a second verification code based on its own associated authentication card key, and at the same time receive the first verification code returned by the authentication card application based on the verification code request.
[0067] Step S40: If the first verification code and the second verification code are consistent, it is determined that the user has access rights to the application to be accessed.
[0068] The application server compares the second verification code it calculates with the first verification code returned by the authentication card application. If the first and second verification codes match, it determines that the user has access to the application to be accessed, and the user can then access the application services related to that application.
[0069] In this embodiment, when a user requests access to an application corresponding to an application server, the system obtains the current user information of the application. If the current user information passes verification, a verification code retrieval request is generated based on the application identifier of the application server and sent to the authentication card application on the user's terminal. The system obtains the first verification code returned by the authentication card application based on the verification code retrieval request and generates a second verification code based on the authentication card key associated with the application server. If the first and second verification codes match, it is determined that the user has access to the application. By performing a first layer of verification using user information and a second layer of verification using the first verification code returned by the authentication card application and the second verification code generated by the application server, this two-factor authentication method effectively prevents user account theft and privacy leaks, improving user account security. Furthermore, this application uses the authentication card key to increase the complexity of the hash algorithm and calculates the verification code accordingly. If a user's phone is lost or the application service provider leaks the authentication card key, the user can contact the operator to remotely change the key in the authentication card, ensuring that the verification code on the user's phone is different from the one on the application server, thus preventing criminals from logging in.
[0070] In some embodiments of this application, an ECC elliptic curve encryption algorithm improved with time factor perturbation is designed to calculate the first verification code and the second verification code. When using ECC, this application abandons the constraints of public and private keys, instead incorporating the time factor as one of the considerations in the algorithm. Specifically, generating the second verification code based on the authentication card key includes: generating a dynamic factor based on the current time, wherein the dynamic factor changes over time; and generating the second verification code based on the dynamic factor and the authentication card key.
[0071] In this embodiment of the application, since the dynamic factor changes over time, the second verification code generated based on the dynamic factor and the authentication card key also changes dynamically, thereby improving the overall security of the system.
[0072] Reference Figure 2 and Figure 3 In some embodiments of this application, before obtaining the current user information of the application to be accessed, when receiving a user's access request for the application corresponding to the application server, the method further includes:
[0073] Step S01: When a registration request from the application to be accessed to the authentication card application is received, the initial user information of the application to be accessed is obtained.
[0074] Before accessing the application, the application needs to be registered with the authentication card application. The application server obtains the initial user information corresponding to the application to be accessed, which includes the username and password, as entered by the user for the first time.
[0075] Step S02: If the initial user information passes verification, the application identifier of the application server is sent to the authentication card application, so that the authentication card application generates an authentication card key acquisition request based on the application identifier and its own public key, and sends the authentication card key acquisition request to the authentication card management platform, so that the authentication card management platform generates an initial authentication card key based on the authentication card key acquisition request, and feeds back the initial authentication card key to the authentication card application and the application server.
[0076] After obtaining the initial user information for the application to be accessed, the application server verifies the initial user information. If the initial user information passes verification (e.g., regular expression verification), the application server's application identifier is sent to the authentication card application. Upon receiving the application server's application identifier, the authentication card application generates an authentication card key retrieval request based on its own public key and the application server's application identifier, and sends the request to the authentication card management platform. Upon receiving the authentication card key retrieval request, the authentication card management platform parses the request to obtain the public key and the application server's application identifier. The platform compares the parsed public key with a pre-stored public key to verify the user's identity. If the user authentication is successful, an initial authentication card key is generated. Simultaneously, the authentication card management platform determines which application server to send the generated initial authentication card key to based on the parsed application server's application identifier, and then sends the initial authentication card key back to the authentication card application and the corresponding application server.
[0077] It should be noted that the authentication card application generates a public key, private key, and mnemonic phrase based on the user's registration request. The public key is sent to the authentication card management platform, while the private key and mnemonic phrase are displayed on the user's terminal interface. When a user registers for the first time using the authentication card application, the application displays a password input box, requiring the user to enter a password. Based on the entered password, the application generates a public key, private key, and mnemonic phrase, sending the public key to the authentication card management platform for backup. The private key and mnemonic phrase are then displayed on the user's terminal interface. The authentication card management platform notifies the application that the public key has been successfully backed up. At this point, the user can log out or use the application normally.
[0078] It should be noted that if a user's terminal has different applications installed, it can request different authentication card keys from the application servers corresponding to each application. The authentication card management platform will then issue different authentication card keys to the different application servers.
[0079] Step S03: Obtain the first initial verification code determined by the authentication card application based on the initial authentication card key, and determine the second initial verification code based on the initial authentication card key.
[0080] After receiving the initial authentication card key, the authentication card application generates a dynamic factor based on the current time, and then generates a first initial verification code based on the dynamic factor and the initial authentication card key, and sends the first initial verification code back to the application server. Simultaneously, after receiving the initial authentication card key, the application server generates a dynamic factor based on the current time, and then generates a second initial verification code based on the dynamic factor and the initial authentication card key. The dynamic factor changes over time.
[0081] Step S04: If the first initial verification code and the second initial verification code are consistent, it is determined that the application to be accessed has been successfully registered, and the correspondence between the application identifier and the initial authentication card key is stored, so as to obtain the authentication card key associated with the application server based on the application identifier and the correspondence.
[0082] The application server compares the first initial verification code and the second initial verification code. If the first and second initial verification codes match, the application server notifies the authentication card application that the registration for the application to be accessed has been successful. Simultaneously, if the first and second initial verification codes match, the initial user information is stored on the application server, along with the mapping between the application server's application identifier and the initial authentication card key. Subsequent accesses can retrieve the authentication card key associated with the application server based on the application identifier of the accessed application server and the established mapping.
[0083] In this embodiment, upon receiving a registration request from an application to be accessed on an authentication card application, the initial user information of the application to be accessed is obtained. If the initial user information passes verification, the application identifier of the application server is sent to the authentication card application, causing the authentication card application to generate an authentication card key acquisition request based on the application identifier and its own public key, and send the authentication card key acquisition request to the authentication card management platform. The authentication card management platform then generates an initial authentication card key based on the authentication card key acquisition request and sends the initial authentication card key back to the authentication card application and the application server. A first initial verification code determined by the authentication card application based on the initial authentication card key is obtained, and a second initial verification code is determined based on the initial authentication card key. If the first and second initial verification codes match, the registration of the application to be accessed is confirmed as successful, and the correspondence between the application identifier and the initial authentication card key is stored. Based on the application identifier and the correspondence, the authentication card key associated with the application server is obtained. This method achieves the registration of the application to be accessed on the authentication card application, establishes the association between the application to be accessed and the authentication card application, and facilitates subsequent verification of user access permissions to the application to be accessed.
[0084] Reference Figure 4 and Figure 5 In some embodiments of this application, when a user accesses an application, two abnormal situations may occur: first, the user's mobile phone is lost, rendering the authentication card key insecure; second, the application server experiences information leakage, rendering the authentication card key insecure. Targeted handling can be implemented according to the different abnormal situations.
[0085] For the second abnormal situation, namely, the application server experiencing information leakage leading to insecure authentication card keys, this application can resolve the issue using the following steps:
[0086] Step S110: When information leakage is detected, a reset request for the initial authentication card key stored on the application server is sent to the authentication card management platform, and the reset authentication card key is obtained from the authentication card management platform based on the reset request.
[0087] The application server detects information leakage, generates a reset request based on its application identifier, and sends a reset request for the initial authentication card key stored on the application server to the authentication card management platform. Upon receiving the reset request, the authentication card management platform obtains the reset authentication card key and sends it along with the application server's application identifier to the corresponding application server.
[0088] Step S120: Update the initial authentication card key with the reset authentication card key to generate a second verification code based on the reset authentication card key.
[0089] After receiving the reset authentication card key from the authentication card management platform, the application server updates the initial authentication card key pre-stored on the application server. It then regenerates the corresponding second verification code based on the reset authentication card key.
[0090] Simultaneously, the authentication card management platform sends the reset authentication card key to the authentication card. This reset key is used to update the initial authentication card key associated with the application identifier in the authentication card. The authentication card application then regenerates the corresponding first verification code based on the reset key and sends it to the application server. The application server compares the regenerated first verification code with the regenerated second verification code to determine if the user has access to the corresponding application. Specific access and login operations can be found in the above embodiment and will not be detailed here.
[0091] In this embodiment of the application, in the event of application server information leakage, the authentication card key in the user terminal's authentication card can be remotely reset through the authentication card management platform, which enhances security.
[0092] Reference Figure 6 To address the first abnormal situation, where the user's mobile phone is lost, rendering the authentication card key insecure, this application employs the following method to achieve security: After losing their original mobile phone, the user requests an authentication card application installation package from the operator via a new device. The operator's server responds to the request, sending the verified authentication card application installation package to the new terminal. The new terminal completes the installation and configuration of the authentication card application. The user logs into the authentication card application on the new device using a pre-saved mnemonic phrase for identity verification. Since there was no username during registration, the password set by the user is only recorded in the lost terminal, so login can only be done using the mnemonic phrase. Within the authentication card application, a smart contract login interface pops up, and the user enters their private key through the UI to initiate a public key verification request. The smart contract system receives and verifies the private key, successfully signing it, and then calls a function to trigger the authentication card management platform to execute the authentication card key reset process. The authentication card management platform generates a new authentication card key and sends the reset authentication card key to both the application server and the authentication card application. Subsequently, the reset authentication card key is used to repeat the operations described in the above embodiment for login. At this point, potential criminals can use the lost user terminal to read the old authentication card key from the authentication card, generate a verification code, and send it to the application server to attempt to log in. The application server generates a verification code using the new authentication card key, which is different from the one sent by the user terminal, and refuses the login, thus ensuring security.
[0093] It should be noted that, regardless of whether it is the first or the second abnormal situation, the system ensures that after the authentication card key is updated, potential attackers holding the old authentication card key will not be able to generate a valid verification code, thereby effectively preventing unauthorized login attempts.
[0094] It should be noted that, Figure 5 and Figure 6 SC in this context is an abbreviation for SIM secret, which stands for SIM secret key.
[0095] Based on the same inventive concept, some embodiments of this application provide a security authentication method based on an authentication card applied to a user terminal, wherein the user terminal has an authentication card and a corresponding authentication card application installed. (See also...) Figure 7 , Figure 7 This is a flowchart illustrating some embodiments of the security authentication method based on an authentication card according to this application. The security authentication method based on an authentication card includes:
[0096] Step S210: Based on the current user information of the application to be accessed, generate an access request for the application to be accessed and send the access request to the application server corresponding to the application to be accessed, so that the application server can verify the current user information and send the application server's application identifier back to the user terminal's authentication card application.
[0097] Step S220: Query the authentication card key corresponding to the application identifier from the authentication card, and generate the first verification code based on the authentication card key.
[0098] Step S230: Send the first verification code to the application server and receive the verification result fed back by the application server based on the first verification code.
[0099] The verification result includes either the first verification code and the second verification code being the same, or the first verification code and the second verification code being different.
[0100] Step S240: Based on the verification result, determine the user's access permissions to the application to be accessed.
[0101] If the first verification code and the second verification code match, it is determined that the user has access to the application to be accessed.
[0102] The specific implementation methods for each of the above steps can be referred to the above embodiments, and will not be repeated here.
[0103] In some embodiments of this application, generating a first verification code based on the authentication card key includes: generating a dynamic factor based on the current time, wherein the dynamic factor changes over time; and generating the first verification code based on the dynamic factor and the authentication card key.
[0104] Based on the same inventive concept, some embodiments of this application provide a security authentication method based on an authentication card applied to an authentication card management platform, referring to... Figure 8 , Figure 8This is a flowchart illustrating some embodiments of the security authentication method based on an authentication card according to this application. The security authentication method based on an authentication card includes:
[0105] Step S310: When a reset request is received for the authentication card key pre-stored in the application server or the authentication card key pre-stored in the user terminal's authentication card, a reset authentication card key is generated.
[0106] Step S320: Send the reset authentication card key to the application server and the authentication card, so as to update the authentication card key pre-stored on the application server and the authentication card pre-stored on the authentication card using the reset authentication card key.
[0107] The specific implementation methods for each of the above steps can be referred to the above embodiments, and will not be repeated here.
[0108] It should be noted that the above examples are only for understanding this application and do not constitute a limitation on the security authentication method based on authentication cards in this application. Any simple modifications based on this technical concept are within the protection scope of this application.
[0109] Based on the same inventive concept, this application provides a security authentication system based on an authentication card, including: a user terminal, a user server, and an authentication card management platform. Each of the user terminal, user server, and authentication card management platform has a corresponding memory, processor, and corresponding computer program. The computer program in the user server is configured to implement the steps of the corresponding security authentication method based on the authentication card; the computer program in the user terminal is configured to implement the steps of the corresponding security authentication method based on the authentication card; and the computer program in the authentication card management platform is configured to implement the steps of the corresponding security authentication method based on the authentication card.
[0110] The authentication card-based security authentication system provided in this application, employing the authentication card-based security authentication method described in the above embodiments, can solve the technical problem of personal privacy leakage caused by stolen user accounts. Compared with the prior art, the beneficial effects of the authentication card-based security authentication system provided in this application are the same as those of the authentication card-based security authentication method provided in the above embodiments, and other technical features of this authentication card-based security authentication system are the same as those disclosed in the previous embodiment method, and will not be repeated here.
[0111] It should be understood that the various parts disclosed in this application can be implemented using hardware, software, firmware, or a combination thereof. In the description of the above embodiments, specific features, structures, materials, or characteristics can be combined in any suitable manner in one or more embodiments or examples.
[0112] Based on the same inventive concept, this application provides a computer-readable storage medium having computer-readable program instructions (i.e., a computer program) stored thereon, which are used to execute the security authentication method based on the authentication card in the above embodiments.
[0113] The computer-readable storage medium provided in this application may be, for example, a USB flash drive, but is not limited to, electrical, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof. In this embodiment, the computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, system, or device. The program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (Radio Frequency), etc., or any suitable combination thereof.
[0114] The aforementioned computer-readable storage medium may be included in a card-based security authentication system, or it may exist independently and not be assembled into a card-based security authentication system.
[0115] The aforementioned computer-readable storage medium carries one or more programs. When the aforementioned one or more programs are executed by the authentication card-based security authentication system, the authentication card-based security authentication system performs a first-level verification using user information and a second-level verification using a first verification code returned by the authentication card application and a second verification code generated by the application server. Through the aforementioned two-factor authentication method, the system can prevent the theft of user accounts from leading to the leakage of personal privacy and improve the security of user accounts.
[0116] Computer program code for performing the operations of this application can be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, and C++, and conventional procedural programming languages such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a Local Area Network (LAN) or a Wide Area Network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0117] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0118] The modules described in the embodiments of this application can be implemented in software or hardware. The names of the modules do not necessarily limit the functionality of the unit itself.
[0119] The readable storage medium provided in this application is a computer-readable storage medium that stores computer-readable program instructions (i.e., a computer program) for executing the aforementioned authentication card-based security authentication method, thereby solving the technical problem of personal privacy leakage caused by stolen user accounts. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided in this application are the same as those of the authentication card-based security authentication method provided in the above embodiments, and will not be repeated here.
[0120] Based on the same inventive concept, this application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the security authentication method based on the authentication card as described above.
[0121] The computer program product provided in this application can solve the technical problem of personal privacy leakage caused by stolen user accounts. Compared with the prior art, the beneficial effects of the computer program product provided in this application are the same as those of the security authentication method based on authentication cards provided in the above embodiments, and will not be repeated here.
[0122] The above are only some embodiments of this application and do not limit the patent scope of this application. All equivalent structural transformations made under the technical concept of this application and using the contents of the specification and drawings of this application, or direct / indirect applications in other related technical fields, are included in the patent protection scope of this application.
Claims
1. A security authentication method based on an authentication card, characterized in that, The authentication card-based security authentication method, applied to application servers, includes: When a user requests access to an application corresponding to the application server, the current user information of the application to be accessed is obtained. If the current user information passes verification, a verification code retrieval request is generated based on the application identifier of the application server, and the verification code retrieval request is sent to the authentication card application of the user terminal. The application obtains a first verification code based on the verification code and generates a second verification code according to the authentication card key associated with the application server. If the first verification code and the second verification code are the same, it is determined that the user has access to the application to be accessed.
2. The security authentication method based on authentication cards as described in claim 1, characterized in that, The step of generating a second verification code based on the authentication card key includes: A dynamic factor is generated based on the current time, wherein the dynamic factor changes over time; The second verification code is generated based on the dynamic factor and the authentication card key.
3. The security authentication method based on authentication cards as described in claim 1, characterized in that, Before obtaining the current user information of the application to be accessed when receiving a user's access request for the application corresponding to the application server, the method further includes: Upon receiving a registration request from the application to be accessed on the authentication card application, the initial user information of the application to be accessed is obtained; If the initial user information passes verification, the application identifier of the application server is sent to the authentication card application, so that the authentication card application generates an authentication card key acquisition request based on the application identifier and its own public key, and sends the authentication card key acquisition request to the authentication card management platform, so that the authentication card management platform generates an initial authentication card key based on the authentication card key acquisition request, and feeds back the initial authentication card key to the authentication card application and the application server; The authentication card application obtains a first initial verification code determined based on the initial authentication card key, and determines a second initial verification code based on the initial authentication card key. If the first initial verification code and the second initial verification code are consistent, it is determined that the application to be accessed has been successfully registered, and the correspondence between the application identifier and the initial authentication card key is stored, so as to obtain the authentication card key associated with the application server according to the application identifier and the correspondence.
4. The security authentication method based on an authentication card as described in claim 3, characterized in that, The authentication card-based security authentication method further includes: When information leakage is detected, a reset request for the initial authentication card key stored on the application server is sent to the authentication card management platform, and the reset authentication card key is obtained from the authentication card management platform based on the reset request. The initial authentication card key is updated using the reset authentication card key to generate the second verification code based on the reset authentication card key.
5. A security authentication method based on an authentication card, characterized in that, Applied to a user terminal, wherein the user terminal has an authentication card and a corresponding authentication card application installed, the authentication card-based security authentication method includes: Based on the current user information of the application to be accessed, an access request for the application to be accessed by the user is generated, and the access request is sent to the application server corresponding to the application to be accessed, so that the application server can verify the current user information and feed back the application identifier of the application server to the authentication card application of the user terminal. The authentication card key corresponding to the application identifier is retrieved from the authentication card, and a first verification code is generated based on the authentication card key; Send the first verification code to the application server and receive the verification result fed back by the application server based on the first verification code; Based on the verification results, the user's access permissions to the application to be accessed are determined.
6. The security authentication method based on an authentication card as described in claim 5, characterized in that, The step of generating the first verification code based on the authentication card key includes: A dynamic factor is generated based on the current time, wherein the dynamic factor changes over time; The first verification code is generated based on the dynamic factor and the authentication card key.
7. A security authentication method based on an authentication card, characterized in that, The authentication card-based security authentication method, applied to an authentication card management platform, includes: When a reset request is received for the authentication card key pre-stored in the application server or the authentication card key pre-stored in the user terminal's authentication card, a reset authentication card key is generated. The reset authentication card key is sent to the application server and the authentication card to update the authentication card key pre-stored in the application server and the authentication card pre-stored in the authentication card.
8. A security authentication system based on an authentication card, characterized in that, The authentication card-based security authentication system includes: a user terminal, a user server, and an authentication card management platform. Each of the user terminal, the user server, and the authentication card management platform has a corresponding memory, a processor, and a corresponding computer program. Wherein, the computer program in the user server is configured to implement the steps of the security authentication method based on the authentication card as described in any one of claims 1 to 4; the computer program in the user terminal is configured to implement the steps of the security authentication method based on the authentication card as described in claim 5 or 6; and the computer program in the authentication card management platform is configured to implement the steps of the security authentication method based on the authentication card as described in claim 7.
9. A storage medium, characterized in that, The storage medium is a computer-readable storage medium, and a computer program is stored on the storage medium. When the computer program is executed by a processor, it implements the steps of the security authentication method based on an authentication card as described in any one of claims 1 to 7.
10. A computer program product, characterized in that, The computer program product includes a computer program that, when executed by a processor, implements the steps of the security authentication method based on an authentication card as described in any one of claims 1 to 7.