CN107872451B - User identity authentication method and identity authentication device - Google Patents

User identity authentication method and identity authentication device Download PDF

Info

Publication number
CN107872451B
CN107872451B CN201710916000.XA CN201710916000A CN107872451B CN 107872451 B CN107872451 B CN 107872451B CN 201710916000 A CN201710916000 A CN 201710916000A CN 107872451 B CN107872451 B CN 107872451B
Authority
CN
China
Prior art keywords
user
authentication
biological characteristic
characteristic data
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710916000.XA
Other languages
Chinese (zh)
Other versions
CN107872451A (en
Inventor
刘中原
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN201710916000.XA priority Critical patent/CN107872451B/en
Publication of CN107872451A publication Critical patent/CN107872451A/en
Application granted granted Critical
Publication of CN107872451B publication Critical patent/CN107872451B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a user identity authentication method, which comprises the following steps: inputting user information and pre-stored biological characteristic data of the user; establishing connection with the terminal equipment; receiving the biological characteristic data currently input by a user; comparing the currently input biological characteristic data with the pre-stored biological characteristic data; and giving an identity verification result according to the comparison result, and sending the identity verification result to the terminal equipment. The invention also provides an identity authentication device and a computer readable storage medium. The user identity authentication method, the identity authentication device and the computer readable storage medium provided by the invention can facilitate the user to carry out biological characteristic input and identity authentication anytime and anywhere, and are safer as the exclusive identity authentication device for the user.

Description

User identity authentication method and identity authentication device
Technical Field
The invention relates to the technical field of data analysis, in particular to a user identity authentication method and an identity authentication device.
Background
In the internet finance era, user identity authentication in online loan application is a persistent risk and threatens transaction security. The traditional identity authentication techniques such as static passwords, dynamic passwords and digital certificates in loan application have risks of being broken in different degrees, and the risks cannot be completely eliminated based on the traditional identity authentication method.
At present, some fields adopt biological characteristic data to carry out identity authentication, but the risk of being broken through still exists in the authentication process. Further, there is a limitation in the device for collecting biometric data, and for example, when a user applies for an online loan using a personal computer, fingerprint data cannot be collected conveniently. Therefore, it is necessary to provide an authentication method with high security, which is convenient for users to use and can effectively reduce risks.
Disclosure of Invention
In view of the above, the present invention provides a user authentication method and an authentication apparatus, so as to solve the problem of how to conveniently and effectively perform user authentication.
Firstly, in order to achieve the above object, the present invention provides a user identity authentication method, which comprises the steps of:
inputting user information and pre-stored biological characteristic data of the user;
establishing connection with the terminal equipment;
receiving the biological characteristic data currently input by a user;
comparing the currently input biological characteristic data with the pre-stored biological characteristic data; and
and giving an identity verification result according to the comparison result, and sending the identity verification result to the terminal equipment.
Optionally, the method further comprises the step of:
after the user information and the pre-stored biological characteristic data are input, the ID of the identity authentication device, the user information, the pre-stored biological characteristic data and the corresponding relation thereof are uploaded to an application server;
after comparing the currently input biological characteristic data with the pre-stored biological characteristic data, further judging whether the ID of the identity authentication device is abnormal;
and when the comparison result is that the ID is passed and the ID is normal, the identity authentication of the user is passed, otherwise, the authentication is failed.
Optionally, the method further comprises the step of:
receiving a loss report command for the authentication device and status information of the ID failure from the application server;
when the identity authentication device is triggered again after the loss is reported, an alarm is given;
receiving a deregistration command and a reassigned new ID for the authentication device from the application server.
Optionally, the step of comparing the currently input biometric data with the pre-stored biometric data specifically includes:
comparing the currently input biological characteristic data with the pre-stored biological characteristic data to obtain the similarity of the two biological characteristic data;
and obtaining a comparison result according to the similarity and a preset threshold, wherein when the similarity is greater than or equal to the preset threshold, the comparison result is passed, and when the similarity is smaller than the preset threshold, the comparison result is failed.
Optionally, the step of determining whether the ID of the identity authentication apparatus is abnormal specifically includes:
and acquiring the state information of the ID from the application server so as to judge whether the ID is in an effective state at present, wherein if the ID is in the effective state, the ID is normal, and otherwise, the ID is abnormal.
Optionally, the step of sending an alarm when the authentication apparatus is triggered again after a loss is reported specifically includes:
and when the identity authentication device receives the loss report command, if the identity authentication device is triggered again, automatically sending an alarm notification to the application server and/or the contact way of the user, wherein the alarm notification comprises the ID and the position reference information of the identity authentication device.
Optionally, when a positioning unit is located in the identity authentication device, the position reference information is positioning information;
when the terminal equipment currently connected with the identity authentication device is networked through a wired network or WIFI, the position reference information is a current IP address;
and when the terminal equipment currently connected with the identity authentication device is networked through data traffic, the position reference information is the telephone number corresponding to the currently connected terminal equipment.
Optionally, the identity authentication device is a portable device, and is connected to the terminal device in a wired or wireless manner.
In addition, in order to achieve the above object, the present invention further provides an authentication apparatus, which includes a memory and a processor, where the memory stores a user authentication system operable on the processor, and the user authentication system, when executed by the processor, implements the steps of the user authentication method as described above.
Further, to achieve the above object, the present invention also provides a computer-readable storage medium storing a user authentication system, which is executable by at least one processor to cause the at least one processor to perform the steps of the user authentication method as described above.
Compared with the prior art, the user identity authentication method, the identity authentication device and the computer readable storage medium provided by the invention can be used for pre-burning user information and unique biological characteristic data of the user, such as fingerprints, voiceprints, irises and the like, in the identity authentication device. When the user meets an online loan application or other scenes needing identity verification, the user is connected with the identity verification device, and the user inputs corresponding biological characteristic data on the identity verification device. The device or the terminal equipment compares the biological characteristic data input by the user with the biological characteristic data burnt in advance to verify the identity of the user so as to carry out the next operation. In addition, when the device is lost, the device can be reported and an alarm is given when the device is triggered again after the loss is reported. The device and the verification method can facilitate the user to input the biological characteristics and verify the identity at any time and any place, and the device and the verification method are safer as the exclusive identity verification device of the user, have the functions of loss reporting and alarming, and can greatly reduce the risk.
Drawings
FIG. 1 is a schematic diagram of an alternative application environment for various embodiments of the present invention;
FIG. 2 is a diagram of an alternative hardware architecture for the identity verification apparatus of FIG. 1;
FIG. 3 is a schematic diagram of program modules of a user authentication system according to a first embodiment of the present invention;
FIG. 4 is a schematic diagram of program modules of a second embodiment and a third embodiment of the user authentication system according to the present invention;
FIG. 5 is a flowchart illustrating a first embodiment of a method for authenticating a user according to the present invention;
FIG. 6 is a flowchart illustrating a second embodiment of a method for authenticating a user according to the present invention;
fig. 7 is a flowchart illustrating a user authentication method according to a third embodiment of the present invention.
Reference numerals:
Figure BDA0001425848530000041
Figure BDA0001425848530000051
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Fig. 1 is a schematic diagram of an alternative application environment according to various embodiments of the present invention.
In the embodiment, the present invention can be applied to an application environment including, but not limited to, the terminal device 1, the application server 2, and the authentication apparatus 3. The terminal device 1 may be a mobile device such as a mobile phone, a smart phone, a notebook computer, a PAD (tablet computer), or a fixed terminal such as a desktop computer. The application server 2 may be a rack server, a blade server, a tower server, or a rack server, and the application server 2 may be an independent server or a server cluster composed of a plurality of servers. The authentication device 3 is a portable mobile device, and is used for performing user authentication in cooperation with the terminal device 1. The terminal device 1, the application server 2 and the authentication device 3 can be in communication connection in a wired or wireless mode, so that data transmission and interaction are performed.
Fig. 2 is a schematic diagram of an alternative hardware architecture of the identity verification apparatus 3 in fig. 1. In this embodiment, the authentication device 3 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13, which may be communicatively connected to each other through a system bus. It is noted that fig. 2 only shows the authentication means 3 with components 11-13, but it is to be understood that not all shown components are required to be implemented, and that more or less components may be implemented instead.
The memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 11 may be an internal storage unit of the authentication device 3, such as a hard disk or a memory of the authentication device 3. In other embodiments, the memory 11 may also be an external storage device of the authentication apparatus 3, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the authentication apparatus 3. Of course, the memory 11 may also comprise both an internal storage unit of the authentication means 3 and an external storage device thereof. In this embodiment, the memory 11 is generally used for storing an operating system and various types of application software installed in the authentication device 3, such as program codes of the user authentication system 200. Furthermore, the memory 11 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 12 is generally configured to control the overall operation of the authentication apparatus 3, such as performing control and processing related to data interaction or communication with the terminal device 1 and the application server 2. In this embodiment, the processor 12 is configured to run the program code stored in the memory 11 or process data, for example, run the user authentication system 200.
The network interface 13 may comprise a wireless network interface or a wired network interface, and the network interface 13 is typically used for establishing a communication connection between the authentication means 3 and other electronic devices. In this embodiment, the network interface 13 is mainly used to connect with the terminal device 1 and the application server 2 in a wired or wireless manner, and establish a data transmission channel and a communication connection between the authentication apparatus 3 and the terminal device 1 and the application server 2.
The application environment and the hardware structure and function of the related devices of the various embodiments of the present invention have been described in detail so far. Hereinafter, various embodiments of the present invention will be proposed based on the above-described application environment and related devices.
First, the present invention provides a user authentication system 200.
Fig. 3 is a block diagram of a first embodiment of a user authentication system 200 according to the present invention. In this embodiment, the user authentication system 200 includes a series of computer program instructions stored in the memory 11, which when executed by the processor 12, can implement the user authentication operations of the embodiments of the present invention. In some embodiments, the user authentication system 200 may be divided into one or more modules based on the particular operations implemented by the portions of the computer program instructions. For example, in fig. 3, the user authentication system 200 may be divided into an entry module 201, a connection module 202, a receiving module 203, a comparison module 204, and a sending module 205. Wherein:
the entry module 201 is configured to enter user information and pre-stored biometric data of the user.
Specifically, the authentication device 3 is a portable device, and may be connected to a terminal device in a wired or wireless manner. The user information and the pre-stored biometric data of the user are pre-programmed into the authentication device 3. The user information comprises a name, an identification card number, a contact way and the like. The pre-stored biometric data is a unique biometric for each user, such as a fingerprint, voiceprint, iris, etc., and one or more of these may be selected. The authentication device 3 can be used as an exclusive authentication device for the user, and is safer.
The connection module 202 is configured to establish a connection with the terminal device 1.
Specifically, when the user encounters an online loan application or other scenes requiring authentication, the connection module 202 connects the authentication device 3 to the terminal apparatus 1 in a wired or wireless manner. When the user logs on the terminal device 1 to the online loan application system, the authentication device 3 is triggered.
The receiving module 203 is configured to receive biometric data currently input by a user.
In particular, the user enters corresponding biometric data on the authentication means 3. The identity authentication device 3 may have a function of acquiring one or more biometric characteristics such as a fingerprint, a voiceprint, an iris, and the like. Thus, the user can input one or more biometric data such as a fingerprint, a voiceprint, an iris, etc. on the authentication device 3.
The comparison module 204 is configured to compare the currently input biometric data with the pre-stored biometric data.
Specifically, when the receiving module 203 receives the biometric data currently input by the user, the comparing module 204 compares the currently input biometric data with the pre-stored biometric data pre-burned in the identity authentication apparatus to obtain the similarity between the two biometric data. And obtaining a comparison result according to the similarity and a preset threshold value. The preset threshold is a judgment index for the similarity, for example, 60%. When the similarity reaches (is greater than or equal to) the preset threshold, the comparison result is passed. And when the similarity does not reach (is smaller than) the preset threshold, the comparison result is failed.
The sending module 205 is configured to give an authentication result according to the comparison result, and send the authentication result to the terminal device 1.
Specifically, when the comparison result is passed, the identity authentication of the user is passed, and the next operation can be performed, otherwise, the authentication fails. The sending module 205 sends the authentication result to the terminal device 1.
Fig. 4 is a block diagram showing the program of the second and third embodiments of the user authentication system 200 according to the present invention. In the second and third embodiments, the user authentication system 200 includes a determination module 206 in addition to the entry module 201, the connection module 202, the receiving module 203, the comparison module 204, and the sending module 205 in the first embodiment.
In the second embodiment, the sending module 205 is further configured to upload the ID of the authentication device 3 and the user information, the pre-stored biometric data and the corresponding relationship thereof to the application server 2.
Specifically, each authentication device 3 corresponds to a unique ID. The identity authentication device 3 stores the corresponding relationship between the ID and the user information and the pre-stored biometric data, and uploads the ID and the user information, the pre-stored biometric data and the corresponding relationship to the application server 2. The authentication device 3 can be used as an exclusive authentication device for the user, and is safer.
The judging module 206 is configured to judge whether the ID of the authentication apparatus 3 is abnormal.
Specifically, the authentication apparatus 3 obtains the state information of its ID from the application server 2, thereby determining whether its ID is currently in an effective state, where if the ID is in the effective state, the ID is normal, and otherwise, the ID is abnormal.
The sending module 205 is further configured to give an authentication result according to the comparison and judgment result, and send the authentication result to the terminal device 1.
Specifically, when the comparison result is that the ID is normal and the ID passes, the user may pass the authentication and perform the next operation, otherwise the authentication fails. The authentication means 3 sends the authentication result to the terminal device 1.
In the third embodiment, the receiving module 203 is further configured to receive a loss report command for the authentication apparatus 3 and status information of the ID from the application server 2.
Specifically, when the user loses the authentication device 3, a loss can be reported to the authentication device 3. After the loss is reported, the application server 2 sets the ID corresponding to the authentication apparatus 3 to be in a failure state, and reallocates a new ID after subsequently subsidizing or retrieving the authentication apparatus 3. At the same time, the application server 2 sends a loss report command and status information of the ID to the lost authentication device 3. The authentication apparatus 3 receives a loss report command for the authentication apparatus 3 from the application server 2, and invalidates the ID of the authentication apparatus 3.
The sending module 205 is further configured to issue an alarm when the authentication apparatus 3 is triggered again after a loss is reported.
Specifically, after the authentication device 3 receives the loss report command, if the authentication device 3 is triggered again (for example, when the user who has picked up the authentication device 3 connects to the terminal device 1 and logs in the online loan application system), the authentication device 3 automatically sends an alarm notification to the application server 2 and/or the contact way of the user (original user) (burned in the authentication device). The alarm notification may include an ID (original ID) of the authentication device 3, location reference information, and the like. The location reference information may be location information (when a location unit is provided in the authentication apparatus), a current IP address (when the terminal device 1 to which the authentication apparatus 3 is currently connected is networked through a wired network or WIFI), or a phone number corresponding to the currently connected terminal device 1 (when the terminal device 1 to which the authentication apparatus 3 is currently connected is networked through data traffic), and the like.
The receiving module 203 is further configured to receive a release loss report command and a newly assigned new ID for the authentication apparatus 3 and status information of the new ID from the application server 2.
Specifically, after the user retrieves the authentication device 3, the user can be released from the authentication device 3. When the loss is released, the application server 2 assigns a new ID to the authentication device 3 and sets it to a valid state. At the same time, the application server 2 sends a loss report release command, the new ID, and status information of the new ID to the lost authentication device 3.
In addition, the invention also provides a user identity authentication method.
Fig. 5 is a schematic flow chart of a user authentication method according to a first embodiment of the present invention. In this embodiment, the execution order of the steps in the flowchart shown in fig. 5 may be changed and some steps may be omitted according to different requirements.
Step S600, inputting user information and pre-stored biological characteristic data of the user.
Specifically, the authentication device 3 is a portable device, and may be connected to the terminal apparatus 1 in a wired or wireless manner. The user information and the pre-stored biometric data of the user are pre-programmed into the authentication device 3. The user information comprises a name, an identification card number, a contact way and the like. The pre-stored biometric data is a unique biometric for each user, such as a fingerprint, voiceprint, iris, etc., and one or more of these may be selected. The authentication device 3 can be used as an exclusive authentication device for the user, and is safer.
Step S602, a connection is established with the terminal device 1.
Specifically, when the user encounters an online loan application or other scenes requiring authentication, the authentication device 3 is connected to the terminal device 1 in a wired or wireless manner. When the user logs on the terminal device 1 to the online loan application system, the authentication device 3 is triggered.
In step S604, the biometric data currently input by the user is received.
In particular, the user enters corresponding biometric data on the authentication means 3. The identity authentication device 3 may have a function of acquiring one or more biometric characteristics such as a fingerprint, a voiceprint, an iris, and the like. Thus, the user can input one or more biometric data such as a fingerprint, a voiceprint, an iris, etc. on the authentication device 3.
Step S606, comparing the currently input biometric data with the pre-stored biometric data.
Specifically, when the identity authentication apparatus 3 receives the biometric data currently input by the user, the identity authentication apparatus 3 compares the currently input biometric data with the pre-stored biometric data pre-recorded in the identity authentication apparatus 3 to obtain the similarity between the two. And obtaining a comparison result according to the similarity and a preset threshold value. The preset threshold is a judgment index for the similarity, for example, 60%. When the similarity reaches (is greater than or equal to) the preset threshold, the comparison result is passed. And when the similarity does not reach (is smaller than) the preset threshold, the comparison result is failed.
In other embodiments, the comparison may also be performed by the terminal device 1 connected to the authentication means 3. When the comparison is made by the terminal device 1, the authentication device 3 transmits the self ID, the currently input biometrics data, and the pre-stored biometrics data to the terminal device 1.
Step S608, an authentication result is given according to the comparison result, and the authentication result is sent to the terminal device 1.
Specifically, when the comparison result is passed, the identity authentication of the user is passed, and the next operation can be performed, otherwise, the authentication fails. The authentication means 3 sends the authentication result to the terminal device 1.
Fig. 6 is a schematic flow chart of a user authentication method according to a second embodiment of the present invention. In this embodiment, steps S700, S704 to S708, and S712 of the user authentication method are similar to steps S600 to S608 of the first embodiment, except that the method further includes steps S702 and S710.
The method comprises the following steps:
step S700, inputting user information and pre-stored biological characteristic data of the user.
Specifically, the authentication device 3 is a portable device, and may be connected to the terminal apparatus 1 in a wired or wireless manner. The user information and the pre-stored biometric data of the user are pre-programmed into the authentication device 3. The user information comprises a name, an identification card number, a contact way and the like. The pre-stored biometric data is a unique biometric for each user, such as a fingerprint, voiceprint, iris, etc., and one or more of these may be selected.
Step S702, uploading the ID of the authentication apparatus 3, the user information, the pre-stored biometric data and the corresponding relationship thereof to the application server 2.
Specifically, each authentication device 3 corresponds to a unique ID. The identity authentication device 3 stores the corresponding relationship between the ID and the user information and the pre-stored biometric data, and uploads the ID and the user information, the pre-stored biometric data and the corresponding relationship to the application server 2. The authentication device 3 can be used as an exclusive authentication device for the user, and is safer.
Step S704, a connection is established with the terminal apparatus 1.
Specifically, when the user encounters an online loan application or other scenes requiring authentication, the authentication device 3 is connected to the terminal device 1 in a wired or wireless manner. When the user logs on the terminal device 1 to the online loan application system, the authentication device 3 is triggered.
Step S706, receiving the biometric data currently input by the user.
In particular, the user enters corresponding biometric data on the authentication means 3. The identity authentication device 3 may have a function of acquiring one or more biometric characteristics such as a fingerprint, a voiceprint, an iris, and the like. Thus, the user can input one or more biometric data such as a fingerprint, a voiceprint, an iris, etc. on the authentication device 3.
Step S708, comparing the currently input biometric data with the pre-stored biometric data.
Specifically, when the identity authentication apparatus 3 receives the biometric data currently input by the user, the identity authentication apparatus 3 compares the currently input biometric data with the pre-stored biometric data pre-recorded in the identity authentication apparatus 3 to obtain the similarity between the two. And obtaining a comparison result according to the similarity and a preset threshold value. The preset threshold is a judgment index for the similarity, for example, 60%. When the similarity reaches (is greater than or equal to) the preset threshold, the comparison result is passed. And when the similarity does not reach (is smaller than) the preset threshold, the comparison result is failed.
In other embodiments, the comparison may also be performed by the terminal device 1 connected to the authentication means 3. When the comparison is made by the terminal device 1, the authentication device 3 transmits the self ID, the currently input biometrics data, and the pre-stored biometrics data to the terminal device 1.
In step S710, it is determined whether the ID of the authentication device 3 is abnormal.
Specifically, the authentication apparatus 3 obtains the state information of its ID from the application server 2, thereby determining whether its ID is currently in an effective state, where if the ID is in the effective state, the ID is normal, and otherwise, the ID is abnormal.
In other embodiments, the determination may be performed by the terminal device 1.
Step S712, an authentication result is given according to the comparison and judgment result, and is sent to the terminal device 1.
Specifically, when the comparison result is that the ID is normal and the ID passes, the user may pass the authentication and perform the next operation, otherwise the authentication fails. The authentication means 3 sends the authentication result to the terminal device 1.
Fig. 7 is a schematic flow chart of a user authentication method according to a third embodiment of the present invention. In this embodiment, steps S800 to S812 of the user authentication method are similar to steps S700 to S712 of the second embodiment, except that the method further includes steps S814 to S818.
The method comprises the following steps:
step S800, inputting user information and pre-stored biological characteristic data of the user.
Specifically, the authentication device 3 is a portable device, and may be connected to the terminal apparatus 1 in a wired or wireless manner. The user information and the pre-stored biometric data of the user are pre-programmed into the authentication device 3. The user information comprises a name, an identification card number, a contact way and the like. The pre-stored biometric data is a unique biometric for each user, such as a fingerprint, voiceprint, iris, etc., and one or more of these may be selected.
Step S802, the ID of the authentication device 3, the user information, the pre-stored biometric data, and the corresponding relationship thereof are uploaded to the application server 2.
Specifically, each authentication device 3 corresponds to a unique ID. The identity authentication device 3 stores the corresponding relationship between the ID and the user information and the pre-stored biometric data, and uploads the ID and the user information, the pre-stored biometric data and the corresponding relationship to the application server 2. The authentication device 3 can be used as an exclusive authentication device for the user, and is safer.
Step S804, a connection is established with the terminal device 1.
Specifically, when the user encounters an online loan application or other scenes requiring authentication, the authentication device 3 is connected to the terminal device 1 in a wired or wireless manner. When the user logs on the terminal device 1 to the online loan application system, the authentication device 3 is triggered.
In step S806, the biometric data currently input by the user is received.
In particular, the user enters corresponding biometric data on the authentication means 3. The identity authentication device 3 may have a function of acquiring one or more biometric characteristics such as a fingerprint, a voiceprint, an iris, and the like. Thus, the user can input one or more biometric data such as a fingerprint, a voiceprint, an iris, etc. on the authentication device 3.
And step S808, comparing the currently input biological characteristic data with the pre-stored biological characteristic data.
Specifically, when the identity authentication apparatus 3 receives the biometric data currently input by the user, the identity authentication apparatus 3 compares the currently input biometric data with the pre-stored biometric data pre-recorded in the identity authentication apparatus 3 to obtain the similarity between the two. And obtaining a comparison result according to the similarity and a preset threshold value. The preset threshold is a judgment index for the similarity, for example, 60%. When the similarity reaches (is greater than or equal to) the preset threshold, the comparison result is passed. And when the similarity does not reach (is smaller than) the preset threshold, the comparison result is failed.
In other embodiments, the comparison may also be performed by the terminal device 1 connected to the authentication means 3. When the comparison is made by the terminal device 1, the authentication device 3 transmits the self ID, the currently input biometrics data, and the pre-stored biometrics data to the terminal device 1.
In step S810, it is determined whether the ID of the authentication apparatus 3 is abnormal.
Specifically, the authentication apparatus 3 obtains the state information of its ID from the application server 2, thereby determining whether its ID is currently in an effective state, where if the ID is in the effective state, the ID is normal, and otherwise, the ID is abnormal.
In other embodiments, the determination may be performed by the terminal device 1.
Step S812, an authentication result is given according to the result of the comparison and judgment, and the authentication result is sent to the terminal device 1.
Specifically, when the comparison result is that the ID is normal and the ID passes, the user may pass the authentication and perform the next operation, otherwise the authentication fails. The authentication means 3 sends the authentication result to the terminal device 1.
In step S814, the loss report command for the authentication apparatus 3 and the status information of the ID are received from the application server 2.
Specifically, when the user loses the authentication device 3, a loss can be reported to the authentication device 3. After the loss is reported, the application server 2 sets the ID corresponding to the authentication apparatus 3 to be in a failure state, and reallocates a new ID after subsequently subsidizing or retrieving the authentication apparatus 3. At the same time, the application server 2 sends a loss report command and status information of the ID to the lost authentication device 3. The authentication apparatus 3 receives a loss report command for the authentication apparatus 3 from the application server 2, and invalidates the ID of the authentication apparatus 3.
In step S816, an alarm is issued when the authentication apparatus 3 is triggered again after a loss is reported.
Specifically, after the authentication apparatus 3 receives the loss report command, if the authentication apparatus 3 is triggered again (for example, when the user who has picked up the authentication apparatus 3 connects the terminal device 1 with the user and logs in the online loan application system), the authentication apparatus 3 automatically sends an alarm notification to the application server 2 and/or the contact way of the user (original user) (burned in the authentication apparatus 3). The alarm notification may include an ID (original ID) of the authentication device 3, location reference information, and the like. The location reference information may be location information (when there is a location unit in the authentication apparatus 3), a current IP address (when the terminal device 1 to which the authentication apparatus 3 is currently connected is networked through a wired network or WIFI), or a phone number corresponding to the currently connected terminal device 1 (when the terminal device 1 to which the authentication apparatus 3 is currently connected is networked through data traffic), or the like.
In step S818, the release loss report command for the authentication apparatus 3, the newly assigned ID, and the status information of the new ID are received from the application server 2.
Specifically, after the user retrieves the authentication device 3, the user can be released from the authentication device 3. When the loss is released, the application server 2 assigns a new ID to the authentication device 3 and sets it to a valid state. At the same time, the application server 2 sends a loss report release command, the new ID, and status information of the new ID to the lost authentication device 3.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A method for authenticating a user, the method being applied to an authentication device, the authentication device being a portable mobile device, the authentication device corresponding to a unique ID, the method comprising the steps of:
inputting user information and pre-stored biological characteristic data of the user, and uploading the ID of the identity authentication device, the user information, the pre-stored biological characteristic data and the corresponding relation thereof to an application server after inputting the user information and the pre-stored biological characteristic data;
establishing connection with a terminal device, wherein the function of the terminal device for collecting biological characteristic data is limited, and the terminal device triggers the identity verification device in a scene of identity verification between the terminal device and the application server;
receiving the biological characteristic data currently input by a user, wherein the identity verification device has a function of acquiring one or more biological characteristics of a fingerprint, a voiceprint and an iris, and the user inputs the one or more biological characteristic data of the fingerprint, the voiceprint and the iris on the identity verification device;
comparing the currently input biological characteristic data with the pre-stored biological characteristic data; and
and giving an identity verification result according to the comparison result, and sending the identity verification result to the terminal equipment.
2. The method for authenticating a user according to claim 1, further comprising the steps of:
after comparing the currently input biological characteristic data with the pre-stored biological characteristic data, further judging whether the ID of the identity authentication device is abnormal;
and when the comparison result is that the ID is passed and the ID is normal, the identity authentication of the user is passed, otherwise, the authentication is failed.
3. The method for authenticating a user according to claim 2, further comprising the steps of:
receiving a loss report command for the authentication device and status information of the ID failure from the application server;
when the identity authentication device is triggered again after the loss is reported, an alarm is given;
receiving a deregistration command and a reassigned new ID for the authentication device from the application server.
4. The method for authenticating a user according to claim 1, wherein the step of comparing the currently input biometric data with the pre-stored biometric data specifically comprises:
comparing the currently input biological characteristic data with the pre-stored biological characteristic data to obtain the similarity of the two biological characteristic data;
and obtaining a comparison result according to the similarity and a preset threshold, wherein when the similarity is greater than or equal to the preset threshold, the comparison result is passed, and when the similarity is smaller than the preset threshold, the comparison result is failed.
5. The method for authenticating a user according to claim 2, wherein the step of determining whether the ID of the authentication apparatus is abnormal specifically includes:
and acquiring the state information of the ID from the application server so as to judge whether the ID is in an effective state at present, wherein if the ID is in the effective state, the ID is normal, and otherwise, the ID is abnormal.
6. The method for authenticating a user according to claim 3, wherein the step of issuing an alarm when the authentication apparatus is triggered again after a loss is reported specifically comprises:
and when the identity authentication device receives the loss report command, if the identity authentication device is triggered again, automatically sending an alarm notification to the application server and/or the contact way of the user, wherein the alarm notification comprises the ID and the position reference information of the identity authentication device.
7. The user authentication method according to claim 6, wherein:
when a positioning unit is arranged in the identity authentication device, the position reference information is positioning information;
when the terminal equipment currently connected with the identity authentication device is networked through a wired network or WIFI, the position reference information is a current IP address;
and when the terminal equipment currently connected with the identity authentication device is networked through data traffic, the position reference information is the telephone number corresponding to the currently connected terminal equipment.
8. The user authentication method according to claim 1, wherein the authentication means is connected to the terminal device by wire or wirelessly.
9. An authentication means, wherein the authentication means is a portable mobile device, wherein the authentication means corresponds to a unique ID, and wherein the authentication means comprises a memory and a processor, wherein the memory stores a user authentication system operable on the processor, and wherein the user authentication system when executed by the processor implements the steps of the user authentication method according to any one of claims 1-8.
10. A computer-readable storage medium storing a user authentication system executable by at least one processor to cause the at least one processor to perform the steps of the user authentication method according to any one of claims 1-8.
CN201710916000.XA 2017-09-30 2017-09-30 User identity authentication method and identity authentication device Active CN107872451B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710916000.XA CN107872451B (en) 2017-09-30 2017-09-30 User identity authentication method and identity authentication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710916000.XA CN107872451B (en) 2017-09-30 2017-09-30 User identity authentication method and identity authentication device

Publications (2)

Publication Number Publication Date
CN107872451A CN107872451A (en) 2018-04-03
CN107872451B true CN107872451B (en) 2022-03-01

Family

ID=61752758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710916000.XA Active CN107872451B (en) 2017-09-30 2017-09-30 User identity authentication method and identity authentication device

Country Status (1)

Country Link
CN (1) CN107872451B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109740438A (en) * 2018-12-06 2019-05-10 航天信息股份有限公司 Auth method, device, system and storage medium
CN111885178A (en) * 2020-07-28 2020-11-03 北京中科麒麟信息工程有限责任公司 External terminal protection equipment and protection system including voice information verification

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794421A (en) * 2010-02-05 2010-08-04 中兴通讯股份有限公司 System, near field communication (NFC) terminal and method for realizing electronic payment security
CN102790674A (en) * 2011-05-20 2012-11-21 阿里巴巴集团控股有限公司 Authentication method, equipment and system
CN105323253A (en) * 2015-11-17 2016-02-10 腾讯科技(深圳)有限公司 Identity verification method and device
CN106888207A (en) * 2017-02-21 2017-06-23 中国联合网络通信集团有限公司 Authentication method, system and SIM
CN106910057A (en) * 2016-06-23 2017-06-30 阿里巴巴集团控股有限公司 The safety certifying method and device of mobile terminal and mobile terminal side
CN107153994A (en) * 2017-04-19 2017-09-12 深圳怡化电脑股份有限公司 A kind of method for authenticating user identity, fiscard and financial terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635743B (en) * 2009-04-02 2014-11-26 杭州亚泽信息科技有限公司 System and method using biologic characteristic certification result to validate identity of mobile terminal holder
JP2012008931A (en) * 2010-06-28 2012-01-12 Sharp Corp Biological information processing device, biological information display device, remote medical care system, remote medical care method, processing control program, display control program and recording medium
US10223696B2 (en) * 2014-04-25 2019-03-05 Avago Technologies International Sales Pte. Limited Adaptive biometric and environmental authentication system
CN105938526A (en) * 2016-03-07 2016-09-14 李明 Identity authentication method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794421A (en) * 2010-02-05 2010-08-04 中兴通讯股份有限公司 System, near field communication (NFC) terminal and method for realizing electronic payment security
CN102790674A (en) * 2011-05-20 2012-11-21 阿里巴巴集团控股有限公司 Authentication method, equipment and system
CN105323253A (en) * 2015-11-17 2016-02-10 腾讯科技(深圳)有限公司 Identity verification method and device
CN106910057A (en) * 2016-06-23 2017-06-30 阿里巴巴集团控股有限公司 The safety certifying method and device of mobile terminal and mobile terminal side
CN106888207A (en) * 2017-02-21 2017-06-23 中国联合网络通信集团有限公司 Authentication method, system and SIM
CN107153994A (en) * 2017-04-19 2017-09-12 深圳怡化电脑股份有限公司 A kind of method for authenticating user identity, fiscard and financial terminal

Also Published As

Publication number Publication date
CN107872451A (en) 2018-04-03

Similar Documents

Publication Publication Date Title
CN109842611B (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN110691085B (en) Login method, login device, password management system and computer readable medium
CN105279416A (en) Identity recognition method and system based on multi-biometric feature in combination with device fingerprint
US20140366107A1 (en) Methods and systems for enhancing the accuracy performance of authentication systems
CN104303483A (en) User-based identification system for social networks
CN114070583B (en) Information access control method, device, computer equipment and medium
CN109447297A (en) Reserve access method, system, computer equipment and storage medium
CN107872451B (en) User identity authentication method and identity authentication device
CN110635898A (en) Encryption method and encryption system
CN106203553B (en) Certificate identification method and device and equipment
US20210064854A1 (en) Object verification method, device and system
CN115102792B (en) Multi-system synchronous login method and system
TW201627920A (en) Method and apparatus for processing handwriting data
CN107656959B (en) Message leaving method and device and message leaving equipment
CN111241566A (en) Policy management method, electronic device, computer device, and storage medium
CN107294981B (en) Authentication method and equipment
CN109815669A (en) Authentication method and server based on recognition of face
CN111541692B (en) Identity verification method, system, device and equipment
CN112966249A (en) Multi-user account switching method and device, computer equipment and medium
CN105978867A (en) Fingerprint authentication method and cloud server
CN112669501B (en) Access control method, device and computer readable storage medium
WO2019223149A1 (en) Security authentication method, authentication server and computer readable storage medium
CN105447362A (en) Safety monitoring method and system
CN108804903A (en) Fileview method and apparatus and computer readable storage medium
CN112491893B (en) Block chain terminal equipment network access method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20180604

Address after: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant after: Shenzhen one ledger Intelligent Technology Co., Ltd.

Address before: 200030 Xuhui District, Shanghai Kai Bin Road 166, 9, 10 level.

Applicant before: Shanghai Financial Technologies Ltd

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant