A kind of identity authentication method, terminal device, certificate server and electronic equipment
Technical field
The present invention relates to field of computer technology, more particularly to a kind of identity authentication method, terminal device, certification clothes
Business device and electronic equipment.
Background technology
Mobile office refers to the office mode handled official business using terminal device wireless access mobile communications network.Due to moving
Time and place limitation are broken away from dynamic office, and company management and communication that clerical workforce can be changed with oneself at any time greatly improve and done
The efficiency of office attendants person, therefore, mobile office is well received.
For the higher field of safety requirements, for example:Financial field, if clerical workforce optionally enter by using terminal equipment
Row office, can increase the risk of financial concerning security matters.It is usually in need to move in order to improve the security of mobile office in financial field
Clerical workforce's configurating terminal device of dynamic office, and the account of terminal device, the fingerprint of clerical workforce and clerical workforce is entered
Row certification is bound, and only permits the clerical workforce to be handled official business using the terminal device and account of binding.But, in financial field,
The situation that supervisor is authenticated authorisation process to subordinate would generally be related to, if supervisor and subordinate go out, and supervisor does not carry
The terminal device of itself configuration, then can not realize and carry out authorisation process to subordinate, even the terminal of subordinate itself configuration is set
Standby is reliable equipment, but supervisor still can not use the terminal device that subordinate itself configures, and supervisor can only return to office
Or fetch itself configuration terminal device can just be authenticated authorisation process, largely effect on office efficiency.
The content of the invention
The present invention solves the technical problem of provide a kind of identity authentication method, terminal device, certificate server
And electronic equipment, its purpose aims to solve the problem that existing identity authentication method just for independent personal authentication, when needing certification people
Carry out authentication, and the terminal device of certification people not at one's side when, certification people can not pass through other-end equipment carry out identity
Certification or the technical problem of mandate.
In order to solve the above technical problems, one aspect of the present invention is:A kind of side for awarding authentication is provided
Method, including:The first biological characteristic of the first user inputted on the terminal device is received, and obtains the account of first user
The device identification of number information and the terminal device;According to the account information, device identification and the first biological characteristic, to recognizing
Demonstrate,prove server and send ID authentication request;Receive the certificate server and confirm that described first uses according to the ID authentication request
The identification information returned after the legal identity at family;Receive the second life of the second user inputted on the terminal device
Thing feature;According to second biological characteristic, checking request is sent to the certificate server;The certificate server is received to exist
The logging-in code for confirming to return after the legitimacy of second biological characteristic according to the checking request, so that the second user
Logged in reference to the logging-in code.
Alternatively, the ID authentication request is to account information, first according to the private key bound in the first biological characteristic
Generation is encrypted in biological characteristic and device identification.
Alternatively, the private key is examined by acquiring afterwards in first biological characteristic.
Alternatively, the checking request is that second biological characteristic is entered according to the private key bound in the first biological characteristic
Row encryption generation.
In order to solve the above technical problems, another technical solution used in the present invention is:A kind of side of authentication is provided
Method, including:The authentication information that receiving terminal apparatus is sent, the authentication information carries the account of first user
The device identification of information, the first biological characteristic of the first user and the terminal device;True according to the authentication information
After the legal identity for recognizing first user, identification information is returned to the terminal device;Receive the terminal device
The checking request of transmission, the checking request carries the second biological characteristic of second user;Confirm according to the checking request
After the legitimacy of second biological characteristic, logging-in code corresponding with the second user is generated;Sent out to the terminal device
The logging-in code is sent, so that the second user is logged in reference to the logging-in code.
Alternatively, the identification information is to determine the account information, the first biological characteristic of the first user and institute
State device identification and have what is generated during corresponding relation.
In order to solve the above technical problems, another technical solution used in the present invention is:A kind of terminal device is provided, wrapped
Include:Biological characteristic recognition module, for carrying out living things feature recognition;First receiving module, it is defeated on the terminal device for receiving
The first biological characteristic of the first user entered;First acquisition module, account information and institute for obtaining first user
State the device identification of terminal device;First sending module, for biological special according to the account information, device identification and first
Levy, ID authentication request is sent to certificate server;Second receiving module, for receiving the certificate server according to the body
Part certification request confirms the identification information returned after the legal identity of first user;3rd receiving module, is used for
Receive the second biological characteristic of the second user inputted on the terminal device;Second sending module, for according to described
Two biological characteristics, checking request is sent to the certificate server;4th receiving module, exists for receiving the certificate server
The logging-in code for confirming to return after the legitimacy of second biological characteristic according to the checking request, so that the second user
Logged in reference to the logging-in code.
Alternatively, the terminal device also includes:First encrypting module, for according to the private bound in the first biological characteristic
Account information, the first biological characteristic and device identification are encrypted key.
Alternatively, the terminal device also includes:Second acquisition module is logical for being examined in first biological characteristic
After crossing, the private key is obtained.
Alternatively, the terminal device also includes:Second encrypting module, for according to the private bound in the first biological characteristic
Second biological characteristic is encrypted key.
In order to solve the above technical problems, another technical solution used in the present invention is:A kind of certificate server is provided, wrapped
Include:First receiving module, the authentication information sent for receiving terminal apparatus, the authentication information carries described the
The device identification of the account information of one user, the first biological characteristic of the first user and the terminal device;First returns to module,
For after the legal identity of first user is confirmed according to the authentication information, body to be returned to the terminal device
Part confirmation;Second receiving module, for receiving the checking request that the terminal device is sent, the checking request carries the
The second biological characteristic of two users;Generation module, for confirming the conjunction of second biological characteristic according to the checking request
After method, logging-in code corresponding with the second user is generated;Second returns to module, for sending institute to the terminal device
Logging-in code is stated, so that the second user is logged in reference to the logging-in code.
In order to solve the above technical problems, another technical solution used in the present invention is:A kind of electronic equipment, bag are provided
Include:At least one processor;And, the memory being connected with least one described processor communication;Wherein, the memory is deposited
Containing can be by the instruction of at least one computing device, and the instruction is by least one described computing device, so that institute
State at least one processor and be able to carry out the above method.
In order to solve the above technical problems, another technical solution used in the present invention is:A kind of non-volatile calculating is provided
Machine readable storage medium storing program for executing, the computer-readable recording medium storage has computer executable instructions, and the computer is executable to be referred to
Order is executed by one or more processors, so that at least one described processor is able to carry out the above method.
In order to solve the above technical problems, another technical solution used in the present invention is:A kind of computer program production is provided
Product, the computer program product includes the computer program being stored on non-volatile computer readable storage medium storing program for executing, described
Computer program includes programmed instruction, and the programmed instruction is executed by one or more processors, so that at least one described processing
Device performs the above method.
The beneficial effects of the invention are as follows:The situation of prior art is different from, the present invention can be gathered formerly by terminal device
The first biological characteristic of first user, obtains the account information of the first user and the device identification of the terminal device, then
According to the first biological characteristic, account information and device identification, the legal identity of the first user is authenticated to, and determine terminal device
Belong to first user to own, so that it is determined that the reliability of the terminal device, and the first user is played to subsequent authentication
Play a part of guarantee during the identity of second user, second user makes the second biology of reliable mobile terminal collection second user
Feature, and be authenticated, the security of the data of second user is advantageously ensured that, the data for being effectively reduced second user are stolen
Risk surreptitiously, in addition, second user carries out biological identification by using reliable second party terminal device, can cause the second use
Family, which can depart from, forces the terminal device of configuration to carry out biological identification, facilitates the operation of second user.
Brief description of the drawings
Fig. 1 is a kind of application scenario diagram for authentication that the embodiment of the present invention one is provided;
Fig. 2 is the flow that the first user that the embodiment of the present invention one is provided is registered by terminal device to certificate server
Figure;
Fig. 3 is a kind of structural representation for terminal device embodiment that the embodiment of the present invention two is provided;
Fig. 4 is a kind of structural representation for certificate server embodiment that the embodiment of the present invention three is provided;
Fig. 5 is a kind of schematic flow sheet for identity identifying method that the embodiment of the present invention four is provided;
Fig. 6 is a kind of schematic flow sheet for identity identifying method that the embodiment of the present invention five is provided;
Fig. 7 is a kind of schematic flow sheet for identity identifying method that the embodiment of the present invention six is provided;
Fig. 8 is a kind of structural representation of the electronic equipment for execution identity identifying method that the embodiment of the present invention seven is provided.
Specific embodiment
The present invention is described in detail with reference to the accompanying drawings and examples.
Embodiment one
Referring to Fig. 1, Fig. 1 is a kind of application scenario diagram of authentication provided in an embodiment of the present invention.The authentication
System 20 includes terminal device 21 and certificate server 22, wherein, terminal device 21 is configured with biological characteristic recognition module, the life
Thing feature recognition module is used to recognize biological characteristic, wherein, biological characteristic refers to the feature that unique identification is carried out to user,
In the present embodiment, biological characteristic can include the features such as fingerprint, image surface, iris or palmmprint.Terminal device 21 can be intelligence
Mobile phone, tablet personal computer, PDA (Personal Digital Assistant, palm PC) etc..
Terminal device 21 receives the first biological characteristic of the first user of input, and obtains the account letter of first user
The device identification of breath and the terminal device 21.For example, the terminal device of this in the present embodiment 21 is configured with fingerprint identification module, should
Fingerprint identification module can recognize fingerprint.First user enters fingerprint recognition interface, biological characteristic first on terminal device 21
Identification module obtains finger print information by scanning the interface finger, and verifies the finger print information.The first of first user is biological special
Levy after i.e. finger print information is proved to be successful, terminal device 21 passes through the finger print information and obtains account letter corresponding with the finger print information
Breath, specific account information can be, the name of first user, sex, the age, the information such as job overall.Terminal device 21
The device identification of the equipment is further obtained, for example the terminal device 21 is smart mobile phone, then obtains the mobile phone of the smart mobile phone
Model, mobile phone title, the sequence number that dispatches from the factory, date of manufacture etc. prove the device identification of the smart mobile phone.In the present embodiment, first
The account information of user can also be acquired by directly inputting.
After the device identification of account information, biological characteristic and the equipment of the first user is got, terminal device 21 enters
One step to certificate server 22 send ID authentication request, wherein, the ID authentication request carry the first user account letter
The device identification of breath, biological characteristic and the terminal device.
Certificate server 22 is according to the device identification of the account information got, biological characteristic and terminal device 21 to verify
The identity of first user it is whether true and judge first user whether be the terminal device 21 owner, when the first user's
Identity is true and is the owner of the terminal device 21, then returning to authentication to terminal device 21 passes through message.
The authentication that terminal device 21 receives the return of certificate server 22 passes through message.By carrying out body to the first user
Part certification, it was demonstrated that the first user identity is true, and the first user is the owner of the terminal device 21, so as to ensure that terminal is set
Standby 21 reliability.
Terminal device 21 further receives the biological characteristic of the second user of input by biological characteristic recognition module, to obtain
Take the biological characteristic of second user, acquisition methods of the specific acquisition methods with the first user.Second in second user is biological
After feature is obtained successfully, checking request is sent to certificate server 22, wherein, the biology that the checking request carries second user is special
Levy, by the checking request, certificate server 22 is able to verify that the legitimacy of the second biological characteristic, to determine the body of second user
Whether part is true.
Further, after the legitimacy of the second biological characteristic is confirmed, the generation of certificate server 22 and second user pair
The logging-in code answered, and return to the logging-in code to terminal device 21.Terminal device 21 receives the logging-in code that certificate server 22 is returned,
Second user can then be logged in by the logging-in code on terminal device 21, specifically, the logging-in code can be Quick Response Code,
Can also be short message verification code etc..
The embodiment of the present invention is to the owner of terminal device 21, as the first user, carries out authentication, confirm this
The identity of one user is true and owner for the terminal device 21 after, then the biological characteristic of second user is received, according to the
The biological characteristic of two users carries out authentication to second user.Second user authentication after, second user
Further it can be logged in the terminal device as the equipment of login, to solve the terminal device of oneself not at one's side, nothing
The problem of method is logged in.By the user of priority certification first on the same device and second user identity, load is provided in the first user
On the premise of guarantor so that second user can be logged in smoothly, it is ensured that second user is logged in using safety means, so as to protect
Demonstrate,prove safety and reliability.
, can be to terminal device in order to improve the security for the data transmitted between terminal device 21 and certificate server 22
The data transmitted between 21 and certificate server 22 are encrypted.Specifically, terminal device 21 first verifies the first user's
First biological characteristic, after being verified, according to the private key bound in the first biological characteristic to the account information of the first user, first
The device identification of biological characteristic and terminal device 21 is encrypted, and generates the first encryption data, and according to the first encryption data
Generate ID authentication request.
Further, terminal device 21 is sending the ID authentication request to certificate server 22.Specifically, terminal device
21 include the step of sending ID authentication request to certificate server 22:Terminal device 21 sends to certificate server 22 and carries the
The ID authentication request of one encryption data;Certificate server 22 is after ID authentication request is received, to ID authentication request
Explain, obtain the first encryption data, then processing acquisition first first encryption data is decrypted by default public key and use
The device identification of the account information at family, the first biological characteristic and terminal device 21, then according to the account information of the first user,
The device identification of first biological characteristic and terminal device 21 carries out authentication to the identity of the first user.
Certainly, the biological characteristic of second user can also be tested by being sent after default key encryption to certificate server
Card.Specifically, the biological characteristic of second user is encrypted by default private key first for terminal device 21, generation second is encrypted
Data, and checking request is generated according to the second encryption data, and the checking request is sent to certificate server 22, wherein, should
Checking request carries the second encryption data.Certificate server 22 the second encryption data is decrypted acquisition according to default public key
The biological characteristic of two users.
It should be noted that:Public key and private key are just obtained when user registers in authentication service.The present embodiment institute
The public key and private key of finger are all default, wherein, it is pairing key to preset public key and default private key, and default private key is with recognizing
Card server 22 is matched, and default public key is matched with terminal device 21.Certificate server 22 is receiving authentication
During request, the default public key of pairing is selected according to the source address of ID authentication request.First user and second user have and it
The terminal device 21 of binding, the record of certificate server 22 has the binding relationship, the binding relationship that certificate server 22 is recorded
Certificate server 22 can be directly inputted into by manager with the default public key of pairing, can also the first user and second user from
Row carries out registration formation to certificate server 22, voluntarily arrives the process that certificate server 22 is registered to the first user below
It is specifically described, referring to Fig. 2, including:
Step S101:Receive device identification, account information and password that the first user inputs registration on terminal device 21;
Step S102:The device identification, account information and password are sent to certificate server 22;
Step S103:22 pairs of device identifications of certificate server, account information and password are verified;
Step S104:After being verified, the account for returning to terminal device 21 is verified message and transmission one
Individual random code;
Step S105:Receive the biological characteristic of the first user typing in terminal device 21;
Step S106:Terminal device 21 generates corresponding public key and private key according to the biological characteristic of the first user;
Step S107:The public key and biological characteristic value that first user is generated are sent to certificate server 22.
Step S108:Certificate server 22 sets up the first user and end according to the device identification and account information of the first user
The binding relationship of end equipment 21;Certificate server 22 sets up close corresponding with the first user according to the biological characteristic value of the first user
System.
As:The biological characteristic of the device identification of mobile device terminal equipment 21, user's mark of user and user is set up
Binding relationship, the device identification of mobile device terminal equipment 21 sets up corresponding relation with the public key received.
Alternatively, after the first user carries out successful registration to certificate server 22, terminal device 21 locally can also
Retain the biological characteristic of the first user, when receiving the biological characteristic of the first user of input, first judge the biology received
Whether feature matches with the biological characteristic that terminal device 21 is locally stored, if matching, local authentication passes through, if mismatching,
Prompting active user is not the prompt message of the owner of terminal device 21.
Alternatively, certificate server 22 according to checking request confirm the second biological characteristic legitimacy after, generation with
The corresponding logging-in code of second user, and the logging-in code is returned to terminal device 21, the logging-in code can also carry second user
Account information.Terminal device 21 can also show the account information of second user after logging-in code is received, so that first uses
Family knows that whom current second user is, and whether second user is reliable.
Alternatively, certificate server 22 according to checking request confirm the second biological characteristic legitimacy after, generation with
The corresponding logging-in code of second user, and the logging-in code is returned to terminal device 21, certificate server 22 can also be to terminal device
21 return to the information for being logged in the certification of terminal device 21 for second user.
Alternatively, terminal device 21 can send the log-on message of second user, certificate server to certificate server 22
22 to determine second user according to the log-on message logged in by the equipment oneself bound, but other by what is authenticated
Reliable terminal device 21 is logged in.
What deserves to be explained is:Performed each on each performed operation and certificate server 22 on terminal device 21
Operation all by log recording, with when facilitating that audit is reviewed afterwards, can view when, whose certification who, which is used
The operation such as process of whole authentication that equipment is carried out.
The embodiment of the present invention is to the owner of terminal device 21, as the first user, carries out authentication, confirm this
The identity of one user is true and owner for the terminal device 21 after, then the biological characteristic of second user is received, according to the
The biological characteristic of two users carries out authentication to second user.Second user authentication after, second user
Further it can be logged in the terminal device as the equipment of login, to solve the terminal device of oneself not at one's side, nothing
The problem of method is logged in.By the user of priority certification first on the same device and second user identity, load is provided in the first user
On the premise of guarantor so that second user can be logged in smoothly, it is ensured that the safety and reliability of whole verification process.
During ID authentication request and the checking request of second user entirely to the first user, certificate server profit
Logging-in code is encrypted the public key being previously sent with terminal device, is sent to terminal device, due to the private of terminal device
Key is existed only in terminal device, even if the logging-in code that this section is crossed by public key encryption is in plain text, is maliciously intercepted, interception side also without
Method parses this section of ciphertext by way of as parsing symmetric cryptography, it is ensured that the logging-in code ciphertext is capable of safety, is only gathered around
There is the terminal device of private key to parse correct logging-in code.Simultaneously for public key, either certificate server or terminal are set
All it is disclosed for standby, therefore reliable channel need not be considered as and carry out password distribution, greatly reduces development difficulty.
Embodiment two
Referring to Fig. 3, Fig. 3 is a kind of structural representation for terminal device that the embodiment of the present invention two is provided.Terminal device
30 include biological characteristic recognition module 301, the first receiving module 302, the first acquisition module 303, the first sending module 304, the
Two receiving modules 305, the 3rd receiving module 306, the second sending module 307 and the 4th receiving module 308.
Biological characteristic recognition module 301, for carrying out living things feature recognition.Wherein, biological characteristic refers to carry out user
The feature of unique identification, in the present embodiment, biological characteristic can include the features such as fingerprint, image surface, iris or palmmprint.Eventually
End equipment 21 can be smart mobile phone, tablet personal computer, PDA (Personal Digital Assistant, palm PC) etc..
First receiving module 302, it is special for receiving the biology of the first user of input by biological characteristic recognition module 301
Levy.
First acquisition module 303, for obtaining the account information of the first user and the device identification of terminal device.Specifically
Account information can be, the name of first user, sex, age, the information such as job overall.Terminal device, for example, intelligence
Can mobile phone, then obtain mobile phone model, mobile phone title, the sequence number that dispatches from the factory, date of manufacture of the smart mobile phone etc. prove the intelligent hand
The device identification of machine.
First sending module 304, for sending ID authentication request to certificate server, wherein, ID authentication request is taken
The device identification of biological characteristic, account information and terminal device with the first user.
Second receiving module 305, for receive certificate server the biological characteristic according to the first user, account information with
And the device identification of terminal device passes through message to the authentication returned after the identity success identity of the first user.
3rd receiving module 306, it is special for receiving the biology of second user of input by biological characteristic recognition module 301
Levy.
Second sending module 307, for sending checking request to certificate server, wherein, the checking request carries second
The biological characteristic of user.
4th receiving module 308, the conjunction of the second biological characteristic is being confirmed according to checking request for receiving certificate server
The logging-in code returned after method, second user can be logged in reference to the logging-in code.
In order to improve the security for the data transmitted between terminal device and certificate server, terminal device and authentication service
The data transmitted between device can be encrypted, and terminal device 30 can also include the first encrypting module 309, and second obtains
The encrypting module 311 of module 310 and second.
First encrypting module 309, for special to account information, the first biology according to the private key bound in the first biological characteristic
Device identification of seeking peace is encrypted.
Second acquisition module 310, after being examined and passing through in the first biological characteristic, obtains private key.
Second encrypting module 311, for being added according to the private key bound in the first biological characteristic to the second biological characteristic
It is close.
The terminal device that the present embodiment is provided, the identity that confirms first user is true and institute for the terminal device 21
After someone, then the biological characteristic of second user is received, carrying out identity to second user according to the biological characteristic of second user tests
Card.Second user authentication after, second user can further using the terminal device as login equipment
Logged in, to solve the terminal device of oneself not at one's side, it is impossible to the problem of logging in.Meanwhile, using private key to the first user
Account information, the first biological characteristic and device identification and the second biological characteristic of second user be encrypted, it is ensured that transmission
Security, when being sent to receiving terminal, file is maliciously intercepted, and also can guarantee that security.
Embodiment three
Referring to Fig. 4, Fig. 4 is a kind of schematic diagram for certificate server that the embodiment of the present invention three is provided.Certificate server
40, which include the first receiving module 401, first, returns to module 402, the second receiving module 403, the return mould of generation module 404, second
Block 405.
First receiving module 401, the authentication information sent for receiving terminal apparatus, authentication information is carried
The account information of first user, the first biological characteristic of the first user and the device identification of terminal device.
First returns to module 402, for after the legal identity of the first user is confirmed according to authentication information, to end
End equipment returns to identification information.
Second receiving module 403, the checking request sent for receiving terminal apparatus, checking request carries second user
The second biological characteristic.
Generation module 404, for after the legitimacy of second biological characteristic is confirmed according to checking request, generation with
The corresponding logging-in code of second user.
Second returns to module 405, for sending the logging-in code to the terminal device, so that the second user is combined
The logging-in code is logged in.
The certificate server that the present embodiment is provided is by carrying out authentication to the first user and second user being tested
Card, second user authentication after so that on the premise of the first user tenders guarantee, second user can be suitable
Profit is logged in, it is ensured that the safety and reliability of whole verification process.
Example IV
Referring to Fig. 5, Fig. 5 is a kind of schematic flow sheet for identity identifying method that the embodiment of the present invention four is provided, the party
Method includes:
Step S501:Receive the first biological characteristic of the first user inputted on the terminal device, and obtain described the
The device identification of the account information of one user and the terminal device;
Terminal device 21 is configured with biological characteristic recognition module, and the biological characteristic recognition module is used to recognize biological characteristic,
Wherein, biological characteristic refers to the feature that unique identification is carried out to user, in the present embodiment, and biological characteristic can include referring to
The features such as line, image surface, iris or palmmprint.Terminal device 21 can be smart mobile phone, tablet personal computer, PDA (Personal
Digital Assistant, palm PC) etc..Terminal device 21 receives the first biological characteristic of the first user of input, and
And obtain the account information of first user and the device identification of the terminal device 21.For example, the terminal of this in the present embodiment is set
Standby 21 are configured with fingerprint identification module, and the fingerprint identification module can recognize fingerprint.First user is first on terminal device 21
Into fingerprint recognition interface, biological characteristic recognition module obtains finger print information by scanning the interface finger, and verifies the fingerprint
Information.The first biological characteristic of first user is that after finger print information is proved to be successful, terminal device 21 is obtained by the finger print information
Account information corresponding with the finger print information, specific account information can be, the name of first user, sex, age, work
Make the information such as position.Terminal device 21 further obtains the device identification of the equipment, and such as terminal device 21 is smart mobile phone,
The equipment for then obtaining the proof such as mobile phone model, mobile phone title, the sequence number that dispatches from the factory, date of manufacture of the smart mobile phone smart mobile phone
Mark.In the present embodiment, the account information of the first user can also be acquired by directly inputting.
Step S502:According to the account information, device identification and the first biological characteristic, identity is sent to certificate server
Certification request;
After the device identification of account information, biological characteristic and the equipment of the first user is got, terminal device 21 enters
One step to certificate server 22 send ID authentication request, ID authentication request user be used for certificate server request pair
The identity of first user is authenticated.Wherein, the ID authentication request carries the account information of the first user, biological characteristic and should
The device identification of terminal device.Certificate server 22 is set according to the account information got, biological characteristic and terminal device 21
Standby mark with verify whether the identity of the first user true and judge first user whether be the terminal device 21 owner.
Step S503:Certificate server is received to be confirmed to return after the legal identity of the first user according to ID authentication request
Identification information;
Step S504:Receive the second biological characteristic of the second user inputted on the terminal device;
Terminal device 21 further receives the biological characteristic of the second user of input by biological characteristic recognition module, to obtain
Take the biological characteristic of second user, acquisition methods of the specific acquisition methods with the first user.
Step S505:According to the second biological characteristic, checking request is sent to certificate server;
After the second biological characteristic of second user is obtained successfully, checking request is sent to certificate server 22, wherein, should
Checking request carries the biological characteristic of second user, by the checking request, and certificate server 22 is able to verify that second is biological special
The legitimacy levied.
Step S506:Certificate server is received to return after the legitimacy of the second biological characteristic is confirmed according to checking request
Logging-in code so that second user is logged in reference to the logging-in code.
Specifically, the logging-in code can be Quick Response Code, or short message verification code etc..
The terminal device that the present embodiment is provided, the identity that confirms first user is true and institute for the terminal device 21
After someone, then the biological characteristic of second user is received, carrying out identity to second user according to the biological characteristic of second user tests
Card.Second user authentication after, second user can further using the terminal device as login equipment
Logged in, to solve the terminal device of oneself not at one's side, it is impossible to the problem of logging in.Meanwhile, using private key to the first user
Account information, the first biological characteristic and device identification and the second biological characteristic of second user be encrypted, it is ensured that transmission
Security, when being sent to receiving terminal, file is maliciously intercepted, and also can guarantee that security.
Embodiment five
Referring to Fig. 6, Fig. 6 is a kind of schematic flow sheet for identity identifying method that the embodiment of the present invention five is provided, it is above-mentioned
It is equally applicable in the present embodiment to the explanation of each step in embodiment, in the present embodiment, for identity authentication method with
Identical part is not described in above-described embodiment, and the emphasis part different to identity authentication method is illustrated, this method
Including:
Step S601:Receive the biological characteristic of the first user inputted on the mobile apparatus.
Step S602:Obtain the biological characteristic that mobile device is locally stored.
Step S603:Whether the biological characteristic that the biological characteristic and mobile device for judging the first user are locally stored matches,
Step S604 is performed if mismatching, if matching, step S605 is performed.
S604:First user does not have access right information alert.
When the biological characteristic of the first user matches with the biological characteristic that terminal device is locally stored, it was demonstrated that the first user
For the owner of terminal device, mismatch and do not have access right then.
S605:Obtain the account information of the first user and the device identification of terminal device.
S606:By presetting biological characteristic of the private key to the first user, the device identification of account information and terminal device is entered
Row encryption generation encryption data, ID authentication request is generated according to encryption data.
S607:ID authentication request is sent to certificate server.
The ID authentication request for carrying the first encryption data is sent to certificate server, is preset so that certificate server passes through
Public key the first encryption data is decrypted setting for biological characteristic, account information and the terminal device of processing the first user of acquisition
Standby mark, and according to the device identification of the biological characteristic of the first user, account information and terminal device to the first user's
Identity is authenticated processing, wherein, it is pairing key to preset public key and default private key, and default private key is stored in advance in terminal and set
Standby, default public key is stored in advance in certificate server, and be stored with default public key and terminal device of certificate server has pair
It should be related to, certificate server is after ID authentication request is received, by obtaining the source address of ID authentication request, and obtaining should
Which terminal device is ID authentication request derive from, and is decrypted so as to obtain default public key corresponding with the terminal device.
It should be noted that each first user and terminal device to certificate server before the use, it is necessary to first enter
Row registration, certificate server only permits the terminal device and the first user access authentication server of certification, it is ensured that terminal device and the
The reliability of one user, so as to improve security.Default private key and default public key can the first user by terminal device to
What certificate server was generated when registering, and default private key is stored in the local of terminal device, and default public key is stored in certification clothes
Business device.When the first user is registered by terminal device to certificate server, certificate server is by the biology of the first user
Bound, during follow-up progress authentication, mainly passed through between the device identification three of feature, account information and terminal device
Binding relationship between biological characteristic, account information and device identification three is carried out.
S608:Receive the body that certificate server confirms to return after the legal identity of the first user according to ID authentication request
Part confirmation.
S609:Receive the second biological characteristic of the second user inputted on the terminal device.
S610:According to the second biological characteristic, checking request is sent to certificate server.
The biological characteristic of the second user is encrypted by default private key, the second encryption data is generated, according to the
Two encryption datas generate checking request, and send malarial region request to certificate server, wherein, checking request carries described second
Encryption data.
S611:The certificate server is received to return after the legitimacy of the second biological characteristic is confirmed according to checking request
Logging-in code so that second user is logged in reference to the logging-in code.
The embodiment of the present invention is to the owner of terminal device, as the first user, carries out authentication, confirm this first
The identity of user is true and owner for the terminal device after, then receive the biological characteristic of second user, used according to second
The biological characteristic at family carries out authentication to second user.Second user authentication after, second user can
Further logged in the terminal device as the equipment of login, to solve the terminal device of oneself not at one's side, it is impossible to step on
The problem of record.By the user of priority certification first on the same device and second user identity, tendered guarantee in the first user
Under the premise of so that second user can be logged in smoothly, it is ensured that the safety and reliability of whole verification process.
During ID authentication request and the checking request of second user entirely to the first user, certificate server profit
Logging-in code is encrypted the public key being previously sent with terminal device, is sent to terminal device, due to the private of terminal device
Key is existed only in terminal device, even if the logging-in code that this section is crossed by public key encryption is in plain text, is maliciously intercepted, interception side also without
Method parses this section of ciphertext by way of as parsing symmetric cryptography, it is ensured that the logging-in code ciphertext is capable of safety, is only gathered around
There is the terminal device of private key to parse correct logging-in code.Simultaneously for public key, either certificate server or terminal are set
All it is disclosed for standby, therefore reliable channel need not be considered as and carry out password distribution, greatly reduces development difficulty.
Embodiment six
Referring to Fig. 7, Fig. 7 is a kind of schematic flow sheet for identity identifying method that the embodiment of the present invention five is provided, the party
Method includes:
Step S701:The authentication information that receiving terminal apparatus is sent, the authentication information carries the first user's
Account information, the first biological characteristic of the first user and the device identification of terminal device.
It should be noted that certificate server prestore the biological characteristic of each the first user, device identification and with
Binding relationship between the device identification three of terminal device, the binding relationship can from the first user by terminal device to recognizing
Generate during card server registration, can also administrative staff directly input.Certificate server is by judging the life of the first user
Whether thing feature, device identification and the device identification of terminal device there is binding relationship to realize is carried out to the identity of the first user
Certification.
Step S702:After the legal identity of the first user is confirmed according to authentication information, returned to terminal device
Identification information;
Step S703:The checking request that receiving terminal apparatus is sent, the checking request carries the second biology of second user
Feature;
Step S704:After the legitimacy of the second biological characteristic is confirmed according to the checking request, generation and second use
The corresponding logging-in code in family.
Step S705:Logging-in code is sent to terminal device, so that second user is logged in reference to the logging-in code.
The certificate server that the present embodiment is provided is by carrying out authentication to the first user and second user being tested
Card, second user authentication after so that on the premise of the first user tenders guarantee, second user can be suitable
Profit is logged in, it is ensured that the safety and reliability of whole verification process.
Embodiment seven
Fig. 8 is refer to, Fig. 8 is a kind of knot of the electronic equipment for execution identity identifying method that the embodiment of the present invention seven is provided
Structure schematic diagram.
Electronic equipment 80 includes:It is with a processor 81 in one or more processors 81 and memory 82, Fig. 8
Example.
Processor 81 and memory 82 can be connected by bus or other modes, to be connected as by bus in Fig. 8
Example.
Memory 82 is as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey
The corresponding program of identity identifying method in sequence, non-volatile computer executable program and module, such as embodiment of the present invention
Instruction/module (for example, module 301-311 shown in accompanying drawing 3, the module 401-405 shown in accompanying drawing 4).Processor 81 passes through fortune
Row is stored in non-volatile software program, instruction and module in memory 82, so that the various functions of execute server should
With and data processing, that is, realize above method embodiment file read method.
Memory 82 can include storing program area and storage data field, wherein, storing program area can storage program area,
Application program required at least one function;Storage data field can be stored uses created number according to data storage device
According to etc..In addition, memory 82 can include high-speed random access memory, nonvolatile memory can also be included, for example extremely
Few storage memory device, flush memory device or other non-volatile solid state memory parts.In certain embodiments, memory
82 is optional including the memory remotely located relative to processor 81, and these remote memories can pass through network connection to data
Storage device.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile radio communication and its group
Close.
One or more of modules are stored in the memory 82, when by one or more of processors 81
During execution, the identity identifying method in above-mentioned any means embodiment is performed, for example, performing the method in Fig. 5 described above
Method and step S701 to step S705 in method and step S601 to step S611 in step S501 to S506, Fig. 6, Fig. 7, it is real
The function of the module 401-405 in module 301-311, Fig. 4 in existing Fig. 3.
The said goods can perform the method that the embodiment of the present invention is provided, and possesses the corresponding functional module of execution method and has
Beneficial effect.Not ins and outs of detailed description in the present embodiment, reference can be made to the method that the embodiment of the present invention is provided.
The electronic equipment of the embodiment of the present invention can be server, that is, the equipment for providing the service of calculating.The composition of server
Including processor, hard disk, internal memory, system bus etc., server is similar with general computer architecture, but is due to need to provide
Highly reliable service, therefore required in terms of disposal ability, stability, reliability, security, scalability, manageability
It is higher.
The electronic equipment that the present embodiment is provided:The terminal can be set on the successful terminal device of the first user authentication
The standby equipment for being authenticated logging in as second user, passes through the user of priority certification first on the same device and second user body
Part, on the premise of the first user tenders guarantee so that second user can be logged in smoothly, it is ensured that the peace of whole verification process
Full property and reliability.
The embodiments of the invention provide a kind of non-volatile computer readable storage medium storing program for executing, the computer-readable storage medium
Matter is stored with computer executable instructions, and the computer executable instructions are executed by one or more processors, such as in Fig. 8
One processor 81, may be such that said one or multiple processors can perform what the file in above-mentioned any means embodiment was read
Method, for example, performing method and step S601 in the method and step S501 to S506 in Fig. 5 described above, Fig. 6 to step
Method and step S701 to step S705 in S611, Fig. 7, realizes the module 401-405 in module 301-311, Fig. 4 in Fig. 3
Function.
The embodiments of the invention provide a kind of computer program product, when computer program is performed, above-mentioned is realized
The method of data storage in embodiment of the method for anticipating, for example, method and step S501 in Fig. 5 described above is performed to S506,
Method and step S701 to step S705 in method and step S601 to step S611 in Fig. 6, Fig. 7, realizes the module in Fig. 3
The function of module 401-405 in 301-311, Fig. 4.
Device embodiment described above is only schematical, wherein the unit illustrated as separating component can
To be or may not be physically separate, the part shown as unit can be or may not be physics list
Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs
In some or all of module realize the purpose of this embodiment scheme.
The description of embodiment more than, those of ordinary skill in the art can be understood that each embodiment can be borrowed
The mode of software plus general hardware platform is helped to realize, naturally it is also possible to pass through hardware.Those of ordinary skill in the art can manage
Solution realizes that all or part of flow in above-described embodiment method can be by computer program to instruct the hardware of correlation
Complete, described program can be stored in a computer read/write memory medium, and the program is upon execution, it may include each as described above
The flow of the embodiment of method.Wherein, described storage medium can be magnetic disc, CD, read-only memory (Read-Only
Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;At this
Under the thinking of invention, it can also be combined between the technical characteristic in above example or non-be the same as Example, step can be with
Realized with random order, and there are many other changes of the different aspect of the present invention as described above, for simplicity, they do not have
Have and provided in details;Although the present invention is described in detail with reference to the foregoing embodiments, the ordinary skill people of this area
Member should be understood:It can still modify to the technical scheme described in foregoing embodiments, or to which part skill
Art feature carries out equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from each reality of the invention
Apply the scope of a technical scheme.
It should be noted that the preferred embodiment of the present invention is given in the specification and its accompanying drawing of the present invention, still,
The present invention can be realized by many different forms, however it is not limited to the embodiment described by this specification, these embodiments
There is provided the purpose of these embodiments it is to make the understanding to the disclosure not as the extra limitation to present invention
It is more thorough comprehensive.Also, above-mentioned each technical characteristic continues to be mutually combined, the various embodiments not being enumerated above are formed,
It is considered as the scope of description of the invention record;Further, for those of ordinary skills, can be according to the above description
Improved or converted, and all these modifications and variations should all belong to the protection domain of appended claims of the present invention.