WO2017152815A1 - 一种身份认证方法及系统 - Google Patents
一种身份认证方法及系统 Download PDFInfo
- Publication number
- WO2017152815A1 WO2017152815A1 PCT/CN2017/075725 CN2017075725W WO2017152815A1 WO 2017152815 A1 WO2017152815 A1 WO 2017152815A1 CN 2017075725 W CN2017075725 W CN 2017075725W WO 2017152815 A1 WO2017152815 A1 WO 2017152815A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- authentication
- authenticated
- data
- background server
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/33—Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
Definitions
- the present invention relates to the field of electronic technologies, and in particular, to an identity authentication method and system.
- biometrics are usually used with the user's password.
- the matching rate is set higher to avoid the user's account being illegally used, but in this case, since the user's biometrics are in different states.
- the information collected may be slightly different. For example, if the fingerprint of the user is dry and wet, the fingerprint data collected by the same fingerprint may be different, so that even the same user may need to enter the password. The real fingerprint is regarded as a fake fingerprint, thereby rejecting the user's request, and the user needs to input again.
- the user may need to input innumerable times, that is, the probability that the real legal user is recognized is high, and the probability is lowered.
- the user experience, in the related technology, the technical solution to solve the problem is mainly to optimize the fingerprint matching algorithm, but the premise of these solutions is that the collected fingerprint data is complete and accurate, and the collected fingerprint data and the stored fingerprint data are different. And can't work very well.
- the present invention is directed to solving one of the above problems.
- the main object of the present invention is to provide an identity authentication method.
- Another object of the present invention is to provide an identity authentication system.
- An aspect of the present invention provides an identity authentication method, including: a first device establishes a communication connection with a second device; the first device receives data to be authenticated transmitted by the second device by using a communication connection, where the data to be authenticated includes: digital authentication Information and identity; the first device collects biometric information; the first device sends the data to be authenticated and the biometric information to a background server; the background server receives the data to be authenticated and the biometric information; the background server obtains the pre-stored authentication factor and biometric verification information corresponding to the identity identifier; the background server authenticates the digital authentication information according to the authentication factor, and determines the biometric information.
- the matching rate with the biometric authentication information is greater than the first preset value; in the case that the digital authentication information is authenticated, and the matching rate of the biometric information and the biometric authentication information is greater than the first preset value, The identity authentication of the second device is passed.
- the biometric information includes: fingerprint information and/or vein information; and the collecting, by the first device, the biometric information of the biological limb includes: collecting the contact between the biological limb and the first device when the biological limb is in contact with the first device Biometric information of the site.
- the first device receives, by the communication connection, the to-be-authenticated data transmitted by the second device, where the first device receives the data to be authenticated broadcasted by the second device by using the communication connection, or sends the first device to the second device by using the communication connection.
- An authentication request the first device receives the data to be authenticated sent by the second device in response to the authentication request through the communication connection.
- the digital authentication information includes: signature information obtained by digitally signing the signature data by using the signature private key; the authentication factor includes: a signature public key corresponding to the signature private key; and the background server authenticates the digital authentication information according to the authentication factor, including The background server uses the signature public key and the data to be signed to perform verification on the digital authentication information; or the digital authentication information includes: encrypted information obtained by encrypting the encrypted information by using a symmetric key; the authentication factor includes: a symmetric key; The authentication factor authenticates the digital authentication information, including: the background server uses the symmetric key and the information to be encrypted to authenticate the encrypted information; or the digital authentication information includes: a dynamic password; the authentication factor includes: a seed key for verifying the dynamic password The background server authenticates the digital authentication information according to the authentication factor, including: the background server authenticates the dynamic password by using at least the seed key.
- the first preset value is smaller than the second preset value, where the second preset value is used to indicate that the two biometric information are the matching rate of the same biometric information.
- the first device establishes a communication connection with the second device, including: the first device establishes a communication connection with the second device by using the biological limb.
- Another aspect of the present invention provides an identity authentication system, including: a first device and a backend server, wherein the first device is configured to: establish a communication connection with the second device; and receive, by the communication connection, the to-be-authenticated transmission by the second device.
- the data to be authenticated includes: digital authentication information and an identity identifier; collecting biometric information of the biological limb; the first device sends the data to be authenticated and the biometric information to the background server; and the background server is configured to: receive the data to be authenticated And biometric information; acquiring pre-stored authentication factors and biometrics verification information corresponding to the identity identifier; authenticating the digital authentication information according to the authentication factor, and determining whether the matching rate of the biometric information and the biometric verification information is greater than the first pre- a value, wherein the first preset value is smaller than a second preset value, wherein the second preset value is a matching rate indicating that two biometric information are the same biometric information; In the case of certification, as well as biometric information and biometric verification information With the case where the rate is greater than a first predetermined value, determined by the second device authentication.
- the biometric information includes: fingerprint information and/or vein information; the first device collects the living in the following manner Biological characteristic information of the limb: in the case where the biological limb is in contact with the first device, the biometric information of the contact portion of the biological limb with the first device is collected.
- the first device receives the data to be authenticated transmitted by the second device by: the first device receives the data to be authenticated broadcast by the second device by using the communication connection; or the first device sends the authentication to the second device by using the communication connection. And requesting, by the communication connection, the data to be authenticated sent by the second device in response to the authentication request.
- the digital authentication information includes: signature information obtained by digitally signing the signature data by using the signature private key; the authentication factor includes: a signature public key corresponding to the signature private key; and the background server authenticates the digital authentication information by: The server uses the signature public key and the data to be signed to perform verification on the digital authentication information.
- the digital authentication information includes: encrypted information obtained by encrypting the encrypted information by using a symmetric key; the authentication factor includes: a symmetric key; the background server passes the following: The method performs authentication on the digital authentication information: the background server authenticates the encrypted information by using the symmetric key and the information to be encrypted; or the digital authentication information includes: a dynamic password; the authentication factor includes: a seed key for verifying the dynamic password; and a background server The digital authentication information is authenticated by the backend server authenticating the dynamic password using at least the seed key.
- the first device establishes a communication connection with the second device by the first device establishing a communication connection with the second device by the biological limb.
- the dual authentication of the digital authentication information and the biometric information by the background server can reduce the probability that the real and legitimate users are recognized and failed, and improve the probability. user experience.
- FIG. 1 is a flowchart of an identity authentication method according to Embodiment 1 of the present invention.
- FIG. 2 is a schematic structural diagram of an identity authentication system according to Embodiment 2 of the present invention.
- This embodiment provides an identity authentication method.
- FIG. 1 is a flowchart of an identity authentication method provided by this embodiment. As shown in FIG. 1 , the method mainly includes the following steps S102 to S116.
- Step S102 the first device establishes a communication connection with the second device.
- the first device may be connected by wireless or wired, for example, NFC, Bluetooth, or the like.
- the first device may establish a communication connection with the second device through the biological limb through a wireless or wired connection, that is, the first device communicates with the second device through the human body (intra-body) Communication, IBC) is established through links, where biological limbs include, but are not limited to, the human body.
- the first device may be a POS machine, an Alipay application, etc., a scanning terminal, a mobile terminal, a PDA, a desktop computer, a notebook, an access control, etc.
- the second device may be a device implanted in the human body or worn on the human body, implanted.
- the device in the human body can be, for example, a blood flow sensor, a pulse sensor, a body temperature sensor or the like implanted in the human body, and the device worn on the human body can be, for example, a wristband, a wristwatch, a necklace, a ring, a belt, etc., which can be worn on the user.
- Electronic equipment for example, a blood flow sensor, a pulse sensor, a body temperature sensor or the like implanted in the human body
- the device worn on the human body can be, for example, a wristband, a wristwatch, a necklace, a ring, a belt, etc.
- the first device establishes a communication connection with the first device by using the biological limb, and the first device detects that the biological limb is within a preset range from the second device and the first The device contacts and establishes a communication connection with the second device through the biological limb. For example, it is detected that a finger of a human body wearing a wristband touches the first device, thereby establishing a communication connection with the wristband through the human body.
- the second device can be worn on the user's body or placed in the user's body, or loaded in the clothing or accessories worn by the user, thereby being communicatively coupled to the second device, for example, on the user's wrist. Or installed in the pocket of the user's clothing, when the user needs to log in to the network, open the access control, and pay for operations such as authentication, the user can access the first device through his own limb (such as the arm, face) (ie, verify Device), when the limb approaches the first device a certain distance (eg, a few millimeters), the first device establishes a communication connection with the second device through the limb of the user. Since the human body communication has a certain range, for example, 3 to 5 meters, the human body communication connection can be established only when the human body enters the preset range of the first device.
- the human body communication has a certain range, for example, 3 to 5 meters, the human body communication connection can be established only when the human body enters the preset range of the first device.
- the first device establishes a communication connection with the second device by using the biological device, and may be in a wired manner and a wireless manner.
- the first device and the second device may be at least used in the following two manners.
- the first device and the second device are each provided with an electrode, and the first device is in contact with a biological limb (human body) implanted in the human body or the second device worn on the human body (for example, a user wearing the wristwatch contacts the finger with the POS)
- a biological limb human body
- the human body is used as a conductor, and the electrodes of both sides are connected to form a passage in the human body, that is, a so-called wired communication connection.
- the first device needs to be in contact with a human body wearing the second device.
- the first device and the second device can detect whether the surrounding electric field changes. If the other party enters the range allowed by the human body communication, the field strength can be detected, and The other party establishes a communication connection.
- the second device is worn or built in the human body, and the oscillation of the transmitter of the second device causes the body to generate an electric field, and the distance between the second device and the first device is within the range allowed by the human body communication.
- the receiver of the first device detects a change in the electric field and establishes a communication connection with the second device. In this manner, the first device does not need to be in contact with a human body wearing the second device.
- the human body is used as a transmission medium of an electrical signal to realize information interaction between the body surface, the body, and the device around the human body (3 to 5 meters).
- traditional wireless communication technologies such as Bluetooth, WIFI, radio frequency and infrared
- the signal is transmitted through the human body during human communication, so electromagnetic noise has little influence on it, and has low power consumption, high confidentiality and lower human damage. advantage.
- the redundant connection problem of the wired communication method can be eliminated.
- Step S104 The first device receives the data to be authenticated transmitted by the second device by using a communication connection, where the data to be authenticated includes: digital authentication information and an identity identifier.
- the digital authentication information may include at least one of the following: signature information, encryption information, and dynamic password.
- the electronic signature information may be a signature information obtained by digitally signing the signature data by using a signature private key (which may be a signature private key of the second device or a private key of a security device (for example, KEY) connected to the second device,
- a signature private key which may be a signature private key of the second device or a private key of a security device (for example, KEY) connected to the second device
- the signature public key corresponding to the signature private key is obtained, and the electronic signature information is verified by the signature public key. If the verification is passed, the authentication is passed.
- the data to be signed may be the above-mentioned identity identifier, or may be a random number generated by the second device or the security device connected to the second device. In this case, the data to be authenticated may further include the second device. a random number. In addition, the data to be signed may also be a random number generated by the first device.
- the first device may send a verification request to the second device after establishing a communication connection with the second device.
- the request carries the random number generated by the first device, and after receiving the random number, the second device signs the random number by using the signature private key to obtain the signature information, and uses the random number as the data to be signed, which can prevent the playback. attack.
- the digital authentication information is signature information such that the identity of the user of the second device can be ensured at the time of authentication.
- the encrypted information may be a MAC value calculated by the second device by using the symmetric key negotiated with the first device to encrypt the data, and when the encrypted information is authenticated, the symmetric MAC address is also used to calculate the verified MAC value. Comparing the ciphertext information with the verification MAC value, if the agreement is the same, the authentication is passed; or the encryption information may also be the ciphertext data obtained by the second device using the symmetric key negotiated with the first device to the encrypted data, in the encrypted information. When the authentication is performed, the ciphertext data is decrypted by using the symmetric key, and the information obtained by the decryption is compared with the data to be encrypted. If the data is consistent, the authentication is passed.
- the dynamic password may be a dynamic password generated based on the seed key.
- the verification value is calculated by using the seed key, and the dynamic password and the verification value are compared. If they are consistent, the authentication is passed.
- the password may be time-based, or may be an event-based event, and may be a dynamic challenge code, which is not limited in this embodiment.
- the authentication of the digital authentication information may be implemented by any of the foregoing to ensure the legitimacy of the second device.
- the second device may calculate the digital authentication information by itself, or may interact with another device (for example, an electronic device having a signature function, an encryption function, or a dynamic password function) to obtain the data authentication information.
- another device for example, an electronic device having a signature function, an encryption function, or a dynamic password function.
- the specific embodiment is not limited.
- the identity identifier may be a device identifier, a user ID, and the like of the second device.
- Information that can uniquely identify the identity of the user, and the identity identifier can be uniquely associated with the authentication factor used by the second user for authenticating the digital authentication information and the biometric authentication information to perform dual authentication on the digital authentication information and the biometric information, thereby After the two-factor authentication is passed, it can be determined that the biometric information and the digital authentication information are all from the same user, thereby ensuring the legitimacy of the user.
- the second device may send the foregoing data to be authenticated to the first device after the communication connection is established.
- a switch may be set on the second device, and the user opens the switch. After the switch, the second device starts to broadcast the data to be authenticated.
- the first device receives the data to be authenticated broadcasted by the second device, or the second device can actively detect whether The first device establishes a communication connection, and if yes, actively sends the data to be authenticated to the first device.
- the process can be simplified and the certification speed can be improved.
- the second device may also send the data to be authenticated after receiving the request of the first device.
- the first device may send an authentication request to the second device after establishing a communication connection with the second device, and after receiving the authentication request, the second device sends the authentication request to the second device.
- the data to be authenticated may be sent to the second device.
- the first device may send the transaction information to the second device in the authentication request, and after receiving the authentication request, the second device sends the data to be authenticated to the first device in response to the authentication request, where After receiving the transaction information, the second device may extract the key information and display the key information, and after receiving the user confirmation, send the to-be-authentication request to the first device to ensure the security of the transaction.
- the authentication request may further carry the to-be-calculated information determined by the first device, for example, a random number, etc., after receiving the authentication request, the second device may sign the to-be-calculated information, Encrypt or generate a dynamic password.
- Step S106 the first device collects biometric information of the biological limb.
- the biometric information includes at least one of the following: fingerprint information, iris information, face information, and vein information.
- the first device collects biometric information of the biological limb when the biological limb in close contact with the second device approaches, for example, in a short period of time when the user's finger touches the touch component of the POS machine (eg, 3 Second), the touch component of the POS machine collects fingerprint information.
- the touch component of the POS machine collects fingerprint information.
- the face information is collected by the payment terminal.
- the biological limb needs to be in contact with the first device to collect the biometric information
- collecting The biometric information of the biological limb may include: collecting biometric information of the contact portion of the biological limb with the first device in the case where the biological limb is in contact with the first device.
- the user's finger touches the fingerprint collection portion of the first device, or the user's wrist contacts the vein information collection portion of the first device.
- the current authentication can be maintained by the user, thereby avoiding the inadvertent proximity of the first device and the second device. The situation that triggers the authentication process.
- Step S108 The first device sends the data to be authenticated and the biometric information to the background server.
- Step S110 the background server receives the data to be authenticated and the biometric information.
- Step S112 The background server acquires the pre-stored authentication factor and biometric verification information corresponding to the identity identifier.
- the background server is pre-identified according to the identity (which may be the second device, or the user of the second device, or may be a security device connected to the second device (for example, KEY, dynamic port token, etc.) Storing the user's authentication factor and biometric authentication information, for example, when the second device or the second device is connected to the security device, or when the second device or the second device is connected to the user,
- the identity which may be the second device, or the user of the second device, or may be a security device connected to the second device (for example, KEY, dynamic port token, etc.)
- Storing the user's authentication factor and biometric authentication information for example, when the second device or the second device is connected to the security device, or when the second device or the second device is connected to the user.
- Step S114 The background server authenticates the digital authentication information according to the authentication factor, and determines whether the matching rate of the biometric information and the biometric verification information is greater than a first preset value.
- the background server obtains the authentication factor and the biometric verification information according to the authentication identifier information, and uses the authentication factor and the biometric verification information to authenticate the digital authentication information and the biometric information.
- the authentication factor and the biometric verification information are uniquely associated with the authentication identification information. Therefore, the authentication factor and the biometric verification information corresponding to the user can be uniquely queried according to the authentication identification information, so as to use the digital authentication information and the biometric information to pass the dual authentication. , can guarantee the legitimacy of the user.
- the manner in which the background server authenticates the digital authentication information by using the authentication factor is related to the specific form according to the digital authentication information.
- the digital authentication information is a signature private key (which may be a private key of the second device, or may be a private key of a security device (eg, KEY) connected to the second device)
- the signature information obtained by signing the signature data is obtained.
- the authentication factor is the signature public key corresponding to the signature private key.
- the signature data is calculated by using the signature public key, and the verification value is obtained, and the verification value is compared with the received signature information. If the agreement is the same, the authentication is passed. Otherwise, the authentication fails.
- the authentication factor is a symmetric key.
- the digital authentication information is authenticated, the symmetric information is used to encrypt the encrypted information, and the encrypted information is obtained.
- the encrypted authentication information is compared with the received encrypted information. If the authentication is consistent, the authentication is passed, otherwise the authentication fails; or the received encrypted information may be decrypted by using the symmetric key, and the decrypted plaintext information is to be encrypted.
- the information is compared. If they are consistent, the authentication is passed, otherwise the authentication fails.
- the digital authentication information is a dynamic password
- the authentication factor is a seed key for verifying the dynamic password. When authenticating the digital authentication information, the seed key is used to generate a dynamic password, and the generated dynamic password is received and received. Dynamic passwords are compared. If they are consistent, the authentication is passed. Otherwise, the authentication fails.
- the first preset value of the matching rate between the biometric information and the biometric verification information is compared with the matching ratio used to measure whether the two biometric information is the same biometric information in the actual application (ie, the second pre- Set value). For example, suppose that in actual application, when the matching rate of two fingerprint information reaches 99% (that is, the ratio of the two fingerprint information is the same), the two fingerprint information is considered to be the fingerprint information of the same fingerprint (ie, the second preset value). 99%), otherwise, the two fingerprint information is not the fingerprint information of the same fingerprint, and the first preset value in this embodiment may be 80%, that is, the biometric information received in the present embodiment is judged Whether the matching rate of biometric authentication information reaches 80% instead of 99%.
- step S116 in the case that the digital authentication information is authenticated, and the matching rate between the biometric information and the biometric authentication information is greater than a preset value, the identity authentication of the second device is determined to pass.
- the background server may further return the authentication result to the first device.
- the background server may perform subsequent operations after the identity authentication of the second device is passed, for example, granting the second device authorization, opening the access control, etc., or performing the payment process in the payment process, specifically the implementation.
- the example is not limited.
- biometric information authentication technology there is a probability that a real and legitimate user is recognized to be failed and an illegal user is recognized successfully.
- fingerprint recognition as an example, in many cases, the user's fingerprint is real, but the background system is Identifying the error, mistakenly identifying the user's fingerprint as a fake fingerprint, and thus failing to pass the authentication, unable to implement the payment transaction; sometimes, the fingerprint of the illegal user is false, but the background is also authenticated, causing the legitimate user Economic losses, the probability of these occurrences is very high.
- the double authentication of the digital authentication information and the biometric information can circumvent the situation that the “illegal user is successfully identified”, and can reduce the situation in which the real legitimate user is identified as failed.
- the background can reduce the similarity of the matching of the two biometric information to reduce the probability that the real legitimate user is recognized, for example, in theory
- the two biometric information should be matched exactly, and the similarity should be at least 99% (the second preset value). If the background finds that the similarity is only 90%, it will be identified as mismatch and the authentication will not pass.
- the similarity of the perfect match can be reduced to 80% (the first preset value), that is, Say, as long as the similarity reaches 80% (the first preset value), it is considered to be a match. Therefore, when the similarity of the two biometric information is 90%, Certified, thus, would not be a real legitimate user is identified case of failure, and thereby reducing the probability of biometric authentication technology information in real legitimate user is identified failures.
- the dual authentication of the digital authentication information and the biometric information by the background server can reduce the probability that the real and legitimate users are recognized and fail, and improve the user experience.
- This embodiment provides an identity authentication system, which can be used to implement the method of Embodiment 1.
- FIG. 2 is a schematic structural diagram of an identity authentication system according to the embodiment. As shown in FIG. 2, the system mainly includes: a first device 100 and a background server 200.
- the first device 100 is configured to: establish a communication connection with the second device, and receive, by the communication connection, data to be authenticated transmitted by the second device, where the data to be authenticated includes: digital authentication information and an identity identifier;
- the biological limb enters the preset range of the first device 100, and collects the biometric information of the biological limb; the first device 100 sends the data to be authenticated and the biometric information to the background server 200;
- the background server 200 is configured to: receive data to be authenticated and biometric information; obtain pre-stored authentication factors and biometrics verification information corresponding to the identity identifier; authenticate the digital authentication information according to the authentication factor, and determine the health Whether the matching rate between the feature information and the biometric verification information is greater than the first preset value; in the case that the digital authentication information is authenticated, and the matching rate between the biometric information and the biometric verification information is greater than the first preset value And determining that the identity authentication of the second device is passed, where the first preset value is smaller than the second preset value, where the second preset value is that the two biometric information is the same biometric information. Match rate.
- the first device 100 may establish a communication connection with the second device by using the biological limb.
- the first device 100 may be a POS terminal, an Alipay application, or the like, and a mobile terminal.
- PDA, desktop, notebook, access control, etc. the second device can be implanted in the human body or worn on the human body.
- the device implanted in the human body can be, for example, a blood flow sensor, a pulse sensor, and a body temperature implanted in the human body.
- the sensor or the like, the device worn on the human body can be, for example, a wristband, a wristwatch, a necklace, a ring, a waistband, or the like, which can be worn on the user.
- the first device 100 establishes a communication connection with the first device 100 through the biological limb.
- the first device 100 may detect that the distance from the second device is within a preset range.
- a communication connection is established with the second device through the biological limb. For example, it is detected that the finger of the human body wearing the wristband touches the first device 100, thereby establishing a communication connection with the wristband through the human body.
- the second device can be worn on the user's body or placed in the user's body, or loaded in the clothing or accessories worn by the user, thereby being communicatively coupled to the second device, for example, on the user's wrist.
- the user can approach the first device 100 through his own limb (such as an arm or a face) (ie, The verification device), when the limb approaches the first device 100 by a certain distance (for example, a few millimeters), the first device 100 establishes a communication connection with the second device through the limb of the user. Since the human body communication has a certain range, for example, 3 to 5 meters, the human body communication connection can be established only when the human body enters the preset range of the first device 100.
- the first device 100 can establish a communication connection with the second device by using the biological device, and can be wired and wireless.
- the first device 100 and the second device can pass at least the following two. One way to achieve:
- the first device 100 and the second device are each provided with an electrode, and the first device 100 is in contact with a biological limb (human body) implanted in the human body or the second device worn on the human body (for example, a user wearing the wristwatch has a finger
- a biological limb human body
- the human body is used as a conductor, and the electrodes of both sides are connected to form a passage in the human body, that is, a so-called wired communication connection.
- the first device 100 needs to be in contact with a human body wearing the second device.
- the first device 100 and the second device can detect whether the surrounding electric field changes, and if the other party enters the range allowed by the human body communication, the field strength can be detected to be changed. Establish a communication connection with the other party.
- the second device is worn or built in the human body, and the oscillation of the transmitter of the second device causes the body to generate an electric field, and when the distance between the second device and the first device 100 is in a human body communication permitting Within the scope
- the receiver of the first device 100 detects a change in the electric field and establishes a communication connection with the second device. In this manner, the first device 100 does not need to be in contact with a human body wearing the second device.
- the human body is used as a transmission medium of an electrical signal to realize information interaction between the body surface, the body, and the device around the human body (3 to 5 meters).
- traditional wireless communication technologies such as Bluetooth, WIFI, radio frequency and infrared
- the signal is transmitted through the human body during human communication, so electromagnetic noise has little influence on it, and has low power consumption, high confidentiality and lower human damage. advantage.
- the redundant connection problem of the wired communication method can be eliminated.
- the identity identifier may be a device identifier of the second device, a user ID, and the like, which may uniquely identify the identity of the user, and the identity identifier may be uniquely associated with the second user for authenticating the digital authentication.
- the authentication factor of the information and the biometric verification information are used to double-authenge the digital authentication information and the biometric information, thereby, after the two-factor authentication is passed, it can be determined that the biometric information and the digital authentication information are all from the same user, and the user is guaranteed legality.
- the second device may send the foregoing to-be-authenticated data to the first device 100 after the communication connection is established.
- the first device 100 passes the following.
- the mode receives the data to be authenticated transmitted by the second device: the first device 100 receives the data to be authenticated broadcast by the second device by using the communication connection.
- a switch can be set on the second device. After the user turns on the switch, the second device starts to broadcast the data to be authenticated. After the first device 100 establishes a communication connection with the second device, the first device 100 receives the second device.
- the broadcasted data to be authenticated, or the second device may also actively detect whether to establish a communication connection with the first device 100, and if yes, actively send the data to be authenticated to the first device 100.
- the process can be simplified and the certification speed can be improved.
- the second device may also send the data to be authenticated after receiving the request of the first device 100.
- the first device 100 receives the data to be authenticated transmitted by the second device by: the first device 100 sends an authentication request to the second device by using the communication connection, and the second device responds to the authentication request by using the communication connection.
- the data to be authenticated sent For example, in the payment process, the first device 100 may carry the transaction information in the authentication request and send it to the second device. After receiving the authentication request, the second device sends the data to be authenticated to the first device 100 in response to the authentication request.
- the second device may extract the key information from the transaction information after receiving the transaction information, and display the key information, and send the to-be-authentication request to the first device 100 after receiving the user confirmation to ensure the security of the transaction.
- the authentication request may further carry the information to be calculated determined by the first device 100, for example, a random number, etc., after receiving the authentication request, the second device may sign the to-be-calculated information. , encrypt or generate a dynamic password.
- the biometric information includes at least one of the following: fingerprint information, iris information, face information, and vein information.
- the first device 100 collects biometric information of the biological limb when the biological limb in close contact with the second device approaches, for example, in a short period of time when the user's finger touches the touch component of the POS machine (eg, 3 seconds), the touch component of the POS machine collects fingerprint information during the touch time.
- the touch component of the POS machine collects fingerprint information during the touch time.
- the user's wristwatch and the Alipay payment terminal the payment terminal has a photographing function, which can be used to collect face information
- the face is collected through the payment terminal. information.
- the biometric information includes: fingerprint information and/or vein information; in the optional embodiment, the first device 100 collects biometric information of the biological limb by: In the case where the biological limb is in contact with the first device 100, biometric information of the contact portion of the biological limb with the first device 100 is acquired. For example, the user's finger contacts the fingerprint collection portion of the first device 100, or the user's wrist contacts the vein information collection portion of the first device 100. With this optional implementation, since the user's limb needs to be in contact with the first device 100 to collect the biometric information, the current authentication can be maintained by the user, thereby avoiding the inadvertent situation between the first device 100 and the second device. Approaching and triggering the certification process.
- the background server 200 is pre-identified according to the identity (which may be the second device, or the user of the second device, or may be a security device connected to the second device (for example, a KEY, a dynamic port token) And storing the user's authentication factor and biometric authentication information, for example, when the second device or the second device is connected to the security device, or when the second device or the second device is connected to the user.
- the identity which may be the second device, or the user of the second device, or may be a security device connected to the second device (for example, a KEY, a dynamic port token)
- biometric authentication information for example, when the second device or the second device is connected to the security device, or when the second device or the second device is connected to the user.
- the background server 200 acquires the authentication factor and the biometrics verification information according to the authentication identification information, and uses the authentication factor and the biometric verification information to authenticate the digital authentication information and the biometric information.
- the authentication factor and the biometric verification information are uniquely associated with the authentication identification information. Therefore, the authentication factor and the biometric verification information corresponding to the user can be uniquely queried according to the authentication identification information, so as to use the digital authentication information and the biometric information to pass the dual authentication. , can guarantee the legitimacy of the user.
- the digital authentication information includes: signature information obtained by digitally signing the signature data using the signature private key; the authentication factor includes: a signature public key corresponding to the signature private key; and the background server 200 passes The digital authentication information is authenticated in the following manner: the background server 200 performs verification on the digital authentication information by using the signature public key and the data to be signed; that is, when authenticating the digital authentication information, the background server 200 uses the signature public key to calculate the signature data, and obtains The verification value is compared with the received signature information. If they are consistent, the authentication is passed; otherwise, the authentication fails.
- the digital authentication information includes: encrypted information obtained by encrypting the encrypted information by using a symmetric key; the authentication factor includes: a symmetric key; and the background server 200 performs digital authentication by:
- the information is authenticated: the background server 200 authenticates the encrypted information by using the symmetric key and the information to be encrypted; that is, the background server 200 encrypts the encrypted information using the symmetric key when authenticating the digital authentication information, and encrypts the encrypted authentication.
- the information is compared with the received encrypted information. If the information is consistent, the authentication is passed, otherwise the authentication fails; or the received encrypted information may be decrypted by using the symmetric key, and the decrypted plaintext information and the information to be encrypted are performed. Comparison, if they are consistent, the certification is passed, otherwise the certification will not pass.
- the digital authentication information includes: a dynamic password; the authentication factor includes: a seed key for verifying the dynamic password; and the background server 200 authenticates the digital authentication information by: The server 200 authenticates the dynamic password using at least the seed key. That is, when the background server 200 authenticates the digital authentication information, the background key is used to generate a dynamic password, and the generated dynamic password and the received dynamic password are entered. If the line is consistent, the authentication is passed. Otherwise, the authentication fails.
- the first preset value of the matching rate between the biometric information and the biometric verification information is compared with the matching ratio used to measure whether the two biometric information is the same biometric information in the actual application (ie, the second pre- Set value). For example, suppose that in actual application, when the matching rate of two fingerprint information reaches 99% (that is, the ratio of the two fingerprint information is the same), the two fingerprint information is considered to be the fingerprint information of the same fingerprint (ie, the second preset value). 99%), otherwise, the two fingerprint information is not the fingerprint information of the same fingerprint, and the first preset value in this embodiment may be 80%, that is, the biometric information received in the present embodiment is judged Whether the matching rate of biometric authentication information reaches 80% instead of 99%.
- biometric information authentication technology there is a probability that a real and legitimate user is recognized to be failed and an illegal user is recognized successfully.
- fingerprint recognition as an example, in many cases, the user's fingerprint is real, but the background system is Identifying the error, mistakenly identifying the user's fingerprint as a fake fingerprint, and thus failing to pass the authentication, unable to implement the payment transaction; sometimes, the fingerprint of the illegal user is false, but the background is also authenticated, causing the legitimate user Economic losses, the probability of these occurrences is very high.
- the double authentication of the digital authentication information and the biometric information can circumvent the situation that the “illegal user is successfully identified”, and can reduce the situation in which the real legitimate user is identified as failed.
- the background can reduce the similarity of the matching of the two biometric information to reduce the probability that the real legitimate user is recognized, for example, two theoretically The biometric information needs to be completely matched, and its similarity should be at least 99% (the second preset value). If the background finds that its similarity is only 90%, it will be identified as a mismatch, and the authentication will not pass.
- the similarity of the perfect match can be reduced to 80% (the first preset value), that is, As long as the similarity reaches 80% (the first preset value), it is considered to be a match, so when the similarity of the two biometric information is 90%, it is also possible to pass Authentication, whereby the user who is not genuine and legitimate is identified as having failed, thereby reducing the probability that the authentic and legitimate user in the biometric information authentication technology is recognized.
- the dual authentication of the digital authentication information and the biometric information by the background server 200 can reduce the probability that the real and legitimate users are recognized and fail, and improve the user experience.
- Embodiments of the present invention provide a computer program that, when run on a processor, performs the identity authentication method described above.
- modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
- the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
- all combinations of the features disclosed in the specification, as well as any methods or devices disclosed herein may be employed in any combination, unless otherwise It is expressly stated that each feature disclosed in this specification can be replaced by an alternative feature that provides the same, equivalent or similar purpose.
- the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
- Collating Specific Patterns (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims (11)
- 一种身份认证方法,其特征在于,包括:第一设备与所述第二设备建立通信连接;所述第一设备通过所述通信连接接收所述第二设备传输的待认证数据,其中,所述待认证数据包括:数字认证信息和身份标识;所述第一设备采集生物特征信息;所述第一设备将所述待认证数据和所述生物特征信息发送给后台服务器;所述后台服务器接收所述待认证数据和所述生物特征信息;所述后台服务器获取预先存储的与所述身份标识对应的认证因子和生物特征验证信息;所述后台服务器根据所述认证因子对所述数字认证信息进行认证,以及判断所述生物特征信息与所述生物特征验证信息的匹配率是否大于第一预设值,其中,所述第一预设值小于第二预设值,其中,所述第二预设值为指示两个生物特征信息为同一个生物特征信息的匹配率;在对所述数字认证信息认证通过的情况下,且所述生物特征信息与所述生物特征验证信息的匹配率大于所述第一预设值的情况下,确定对所述第二设备的身份认证通过。
- 根据权利要求1所述的方法,其特征在于,所述生物特征信息包括:指纹信息和/或静脉信息;所述第一设备采集所述生物肢体的生物特征信息包括:在生物肢体与所述第一设备接触的情况下,采集所述生物肢体与所述第一设备的接触部位的所述生物特征信息。
- 根据权利要求1或2所述的方法,其特征在于,所述第一设备通过所述通信连接接收所述第二设备传输的待认证数据,包括:所述第一设备通过所述通信连接接收所述第二设备广播的所述待认证数据;或者所述第一设备通过所述通信连接向所述第二设备发送认证请求;所述第一设备通过所述通信连接接收所述第二设备响应所述认证请求发送的所述待认证数据。
- 根据权利要求1至3任一项所述的方法,其特征在于,所述数字认证信息包括:使用签名私钥对待签名数据进行数字签名得到的签名信息;所述认证因子包括:所述签名私钥对应的签名公钥;所述后台服务器根据所述认证因子对所述数字认证信息进行认证,包括:所述后台服务器利用所述签名公钥和所述待签名数据对所述数字认证信息进行验签;或者所述数字认证信息包括:利用对称密钥对待加密信息进行加密得到的加密信息;所述认 证因子包括:所述对称密钥;所述后台服务器根据所述认证因子对所述数字认证信息进行认证,包括:所述后台服务器利用所述对称密钥和所述待加密信息对所述加密信息进行认证;或者,所述数字认证信息包括:动态口令;所述认证因子包括:对所述动态口令进行验证的种子密钥;所述后台服务器根据所述认证因子对所述数字认证信息进行认证,包括:所述后台服务器至少利用所述种子密钥对所述动态口令进行认证。
- 根据权利要求1至4任一项所述的方法,其特征在于,第一设备与所述第二设备建立通信连接,包括:所述第一设备通过所述生物肢体与所述第二设备建立通信连接。
- 一种身份认证系统,其特征在于,包括:第一设备和后台服务器,其中,所述第一设备,用于:与第二设备建立通信连接;通过所述通信连接接收所述第二设备传输的待认证数据,其中,所述待认证数据包括:数字认证信息和身份标识;采集生物肢体的生物特征信息;所述第一设备将所述待认证数据和所述生物特征信息发送给所述后台服务器;所述后台服务器,用于:接收所述待认证数据和所述生物特征信息;获取预先存储的与所述身份标识对应的认证因子和生物特征验证信息;根据所述认证因子对所述数字认证信息进行认证,以及判断所述生物特征信息与所述生物特征验证信息的匹配率是否大于第一预设值,其中,所述第一预设值小于第二预设值,其中,所述第二预设值为指示两个生物特征信息为同一个生物特征信息的匹配率;在对所述数字认证信息认证通过的情况下,以及所述生物特征信息与所述生物特征验证信息的匹配率大于所述第一预设值的情况下,确定对所述第二设备的身份认证通过。
- 根据权利要求6所述的系统,其特征在于,所述生物特征信息包括:指纹信息和/或静脉信息;所述第一设备通过以下方式采集所述生物肢体的生物特征信息:在所述生物肢体与所述第一设备接触的情况下,采集所述生物肢体与所述第一设备的接触部位的所述生物特征信息。
- 根据权利要求6或7所述的系统,其特征在于,所述第一设备通过以下方式接收所 述第二设备传输的待认证数据:所述第一设备通过所述通信连接接收所述第二设备广播的所述待认证数据;或者,所述第一设备通过所述通信连接向所述第二设备发送认证请求,通过所述通信连接接收所述第二设备响应所述认证请求发送的所述待认证数据。
- 根据权利要求6至8任一项所述的系统,其特征在于,所述数字认证信息包括:使用签名私钥对待签名数据进行数字签名得到的签名信息;所述认证因子包括:所述签名私钥对应的签名公钥;所述后台服务器通过以下方式对所述数字认证信息进行认证:所述后台服务器利用所述签名公钥和所述待签名数据对所述数字认证信息进行验签;或者,所述数字认证信息包括:利用对称密钥对待加密信息进行加密得到的加密信息;所述认证因子包括:所述对称密钥;所述后台服务器通过以下方式对所述数字认证信息进行认证:所述后台服务器利用所述对称密钥和所述待加密信息对所述加密信息进行认证;或者,所述数字认证信息包括:动态口令;所述认证因子包括:对所述动态口令进行验证的种子密钥;所述后台服务器通过以下方式对所述数字认证信息进行认证:所述后台服务器至少利用所述种子密钥对所述动态口令进行认证。
- 根据权利要求6至9任一项所述的系统,其特征在于,第一设备通过以下方式与所述第二设备建立通信连接:所述第一设备通过所述生物肢体与所述第二设备建立通信连接。
- 一种计算机程序,当其在处理器上运行时,执行如权利要求1-5中任一项所述的身份认证方法方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG11201807605UA SG11201807605UA (en) | 2016-03-07 | 2017-03-06 | Identity authentication method and system |
EP17762501.9A EP3428818B1 (en) | 2016-03-07 | 2017-03-06 | Identity authentication method and system |
US16/083,273 US20200167450A1 (en) | 2016-03-07 | 2017-03-06 | Identity authentication method and system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610127887.XA CN105938526A (zh) | 2016-03-07 | 2016-03-07 | 一种身份认证方法及系统 |
CN201610127887.X | 2016-03-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017152815A1 true WO2017152815A1 (zh) | 2017-09-14 |
Family
ID=57151907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/075725 WO2017152815A1 (zh) | 2016-03-07 | 2017-03-06 | 一种身份认证方法及系统 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20200167450A1 (zh) |
EP (1) | EP3428818B1 (zh) |
CN (1) | CN105938526A (zh) |
SG (1) | SG11201807605UA (zh) |
WO (1) | WO2017152815A1 (zh) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105938526A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种身份认证方法及系统 |
CN106418757B (zh) * | 2016-09-29 | 2018-06-12 | 华中科技大学 | 一种ecg身份验证智慧衣 |
CN107967417A (zh) * | 2016-10-19 | 2018-04-27 | 宏碁股份有限公司 | 动态验证方法及相关电脑系统 |
CN106656983A (zh) * | 2016-10-28 | 2017-05-10 | 李国兴 | 商务账户网络系统用户身份认证方法及装置与系统 |
CN106850201B (zh) * | 2017-02-15 | 2019-11-08 | 济南晟安信息技术有限公司 | 智能终端多因子认证方法、智能终端、认证服务器及系统 |
CN107391983B (zh) * | 2017-03-31 | 2020-10-16 | 创新先进技术有限公司 | 一种基于物联网的信息处理方法及装置 |
WO2018218541A1 (zh) * | 2017-05-31 | 2018-12-06 | 华为技术有限公司 | 一种连接建立方法及设备 |
CN107872451B (zh) * | 2017-09-30 | 2022-03-01 | 深圳壹账通智能科技有限公司 | 用户身份验证方法及身份验证装置 |
JP7020901B2 (ja) * | 2017-12-21 | 2022-02-16 | トヨタ自動車株式会社 | 認証システムおよび認証装置 |
CN108921563A (zh) * | 2018-06-01 | 2018-11-30 | 珠海格力电器股份有限公司 | 一种基于人体通信的安全验证方法及设备 |
TWI687838B (zh) * | 2018-12-10 | 2020-03-11 | 宏碁股份有限公司 | 檔案保護方法及其檔案處理系統 |
CN109919597B (zh) * | 2019-02-01 | 2022-03-15 | Oppo广东移动通信有限公司 | 支付信息处理方法、装置、移动终端及系统 |
CN109886670B (zh) * | 2019-02-01 | 2022-04-19 | Oppo广东移动通信有限公司 | 支付方法、装置、系统、移动终端、支付机具及服务器 |
CN109934976A (zh) * | 2019-02-01 | 2019-06-25 | Oppo广东移动通信有限公司 | 门禁管理方法、装置、系统、电子设备及存储介质 |
CN110535649B (zh) * | 2019-04-15 | 2020-11-03 | 清华大学 | 数据流通方法、系统及服务平台、第一终端设备 |
US11151542B2 (en) * | 2019-05-07 | 2021-10-19 | Paypal, Inc. | Wearable payment device |
US11113383B2 (en) * | 2019-07-17 | 2021-09-07 | Lenovo (Singapore) Pte. Ltd. | Permitting login with password having dynamic character(s) |
CN110457882B (zh) * | 2019-07-18 | 2020-10-30 | 创新先进技术有限公司 | 一种身份识别预处理、身份识别方法及系统 |
CN112578763B (zh) * | 2019-09-30 | 2023-01-17 | 北京国双科技有限公司 | 安全授权方法、故障诊断方法、系统及相关产品 |
CN111259346A (zh) * | 2020-01-09 | 2020-06-09 | 深圳市东深电子股份有限公司 | 一种水利rtu的信息验证方法 |
CN111292484A (zh) * | 2020-01-15 | 2020-06-16 | 深圳耀宇信息技术有限公司 | 一种基于安卓的智能POS机防止root及应用权限管控的方法 |
CN111444491B (zh) * | 2020-04-20 | 2021-09-14 | 维沃移动通信(杭州)有限公司 | 一种信息处理方法和电子设备 |
CN113660670B (zh) * | 2020-05-12 | 2024-02-06 | 哈尔滨工程大学 | 基于射频指纹的无线设备身份认证方法及其装置 |
CN113672890A (zh) * | 2020-05-15 | 2021-11-19 | 中移(上海)信息通信科技有限公司 | 身份认证方法、装置、电子设备及计算机存储介质 |
CN112287319A (zh) * | 2020-11-02 | 2021-01-29 | 刘高峰 | 一种基于生物特征的身份验证方法、客户端、服务端及系统 |
CN112509204A (zh) * | 2020-11-20 | 2021-03-16 | 鲁班长(深圳)科技有限公司 | 用户通行控制方法及装置、设备、存储介质 |
CN112995998B (zh) * | 2020-11-30 | 2023-02-21 | 中国银联股份有限公司 | 提供安全认证机制的方法、计算机系统和计算机可读介质 |
CN112422587B (zh) * | 2021-01-21 | 2021-04-13 | 腾讯科技(深圳)有限公司 | 身份校验方法、装置、计算机设备及存储介质 |
WO2023108635A1 (zh) * | 2021-12-17 | 2023-06-22 | 华为技术有限公司 | 一种认证方法、装置、设备及系统 |
CN115150072A (zh) * | 2022-06-20 | 2022-10-04 | 中国联合网络通信集团有限公司 | 云网签发认证方法、设备、装置及存储介质 |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296080A (zh) * | 2007-04-29 | 2008-10-29 | 晨星半导体股份有限公司 | 授权使用者确认方法及其相关装置 |
CN102930436A (zh) * | 2012-10-23 | 2013-02-13 | 江苏乐买到网络科技有限公司 | 一种移动支付的方法和装置 |
CN103679453A (zh) * | 2013-12-06 | 2014-03-26 | 金硕澳门离岸商业服务有限公司 | 基于生物认证的支付系统及支付方法 |
CN105245341A (zh) * | 2015-09-07 | 2016-01-13 | 天地融科技股份有限公司 | 远程身份认证方法和系统以及远程开户方法和系统 |
CN105939195A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种交易方法及系统 |
CN105939336A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种身份认证方法及系统 |
CN105938526A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种身份认证方法及系统 |
CN105956844A (zh) * | 2016-03-18 | 2016-09-21 | 李明 | 一种支付方法及系统 |
CN105989496A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种交易方法及设备 |
CN105989498A (zh) * | 2016-03-18 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105989497A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105991653A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种身份认证方法及装置 |
CN105989495A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105991654A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种授权认证方法、装置和系统 |
CN105989488A (zh) * | 2016-03-18 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105991652A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种身份认证方法及系统 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070168671A1 (en) * | 2006-01-16 | 2007-07-19 | Fujitsu Limited | Digital document management system, digital document management method, and digital document management program |
US20100242102A1 (en) * | 2006-06-27 | 2010-09-23 | Microsoft Corporation | Biometric credential verification framework |
CN103873244B (zh) * | 2012-12-13 | 2017-05-10 | 航天信息股份有限公司 | 基于指纹识别的移动支付中的身份认证方法和系统 |
CN103995997B (zh) * | 2014-05-15 | 2017-09-12 | 华为技术有限公司 | 一种用户权限的分配方法和设备 |
CN204796894U (zh) * | 2015-06-19 | 2015-11-25 | 曹淼 | 智能手环 |
-
2016
- 2016-03-07 CN CN201610127887.XA patent/CN105938526A/zh active Pending
-
2017
- 2017-03-06 WO PCT/CN2017/075725 patent/WO2017152815A1/zh active Application Filing
- 2017-03-06 EP EP17762501.9A patent/EP3428818B1/en active Active
- 2017-03-06 SG SG11201807605UA patent/SG11201807605UA/en unknown
- 2017-03-06 US US16/083,273 patent/US20200167450A1/en not_active Abandoned
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296080A (zh) * | 2007-04-29 | 2008-10-29 | 晨星半导体股份有限公司 | 授权使用者确认方法及其相关装置 |
CN102930436A (zh) * | 2012-10-23 | 2013-02-13 | 江苏乐买到网络科技有限公司 | 一种移动支付的方法和装置 |
CN103679453A (zh) * | 2013-12-06 | 2014-03-26 | 金硕澳门离岸商业服务有限公司 | 基于生物认证的支付系统及支付方法 |
CN105245341A (zh) * | 2015-09-07 | 2016-01-13 | 天地融科技股份有限公司 | 远程身份认证方法和系统以及远程开户方法和系统 |
CN105989496A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种交易方法及设备 |
CN105939336A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种身份认证方法及系统 |
CN105938526A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种身份认证方法及系统 |
CN105939195A (zh) * | 2016-03-07 | 2016-09-14 | 李明 | 一种交易方法及系统 |
CN105989497A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105991653A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种身份认证方法及装置 |
CN105989495A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105991654A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种授权认证方法、装置和系统 |
CN105991652A (zh) * | 2016-03-07 | 2016-10-05 | 李明 | 一种身份认证方法及系统 |
CN105956844A (zh) * | 2016-03-18 | 2016-09-21 | 李明 | 一种支付方法及系统 |
CN105989498A (zh) * | 2016-03-18 | 2016-10-05 | 李明 | 一种支付方法及系统 |
CN105989488A (zh) * | 2016-03-18 | 2016-10-05 | 李明 | 一种支付方法及系统 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3428818A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP3428818B1 (en) | 2020-11-25 |
EP3428818A1 (en) | 2019-01-16 |
SG11201807605UA (en) | 2018-10-30 |
EP3428818A4 (en) | 2019-07-24 |
CN105938526A (zh) | 2016-09-14 |
US20200167450A1 (en) | 2020-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017152815A1 (zh) | 一种身份认证方法及系统 | |
US11012438B2 (en) | Biometric device pairing | |
JP6703151B2 (ja) | ブルートゥースインタフェースを備える認証装置 | |
US7725717B2 (en) | Method and apparatus for user authentication | |
EP3138265B1 (en) | Enhanced security for registration of authentication devices | |
JP6130044B2 (ja) | ワイヤレスネットワーキングがイネーブルされた個人識別システム | |
US20140380445A1 (en) | Universal Authentication and Data Exchange Method, System and Service | |
US11086978B2 (en) | Transaction authentication by a token, contingent on personal presence | |
WO2017152818A1 (zh) | 一种支付方法及系统 | |
WO2012042775A1 (ja) | 生体認証システム、通信端末装置、生体認証装置、および生体認証方法 | |
US20190174304A1 (en) | Universal Authentication and Data Exchange Method, System and Service | |
TWI770422B (zh) | 用於操作物聯網設備的方法和系統 | |
JP2016506101A (ja) | 近傍ベースのマルチファクタ認証 | |
CN105939336A (zh) | 一种身份认证方法及系统 | |
WO2017152819A1 (zh) | 一种授权认证方法、装置和系统 | |
CN105991654A (zh) | 一种授权认证方法、装置和系统 | |
CN105991652A (zh) | 一种身份认证方法及系统 | |
US9294921B2 (en) | Device for mobile communication | |
EP2959420B1 (en) | Methods, apparatus and computer programs for entity authentication | |
KR101652966B1 (ko) | Rf 카드와 스마트 폰의 페어링을 이용한 스마트 인증 시스템 및 스마트 인증 방법 | |
KR102339949B1 (ko) | 인증 정보 처리 방법 및 장치와 인증 정보 처리 방법 장치를 포함한 사용자 단말 | |
CN107026732A (zh) | 一种通过可穿戴设备减少密码输入次数的系统 | |
KR101814078B1 (ko) | 본인 부인 방지 인증 서비스 제공 방법, 인증 서비스 장치 및 인증 어플리케이션이 탑재된 사용자 모바일 단말기 | |
CN111259362A (zh) | 一种硬件数字证书载体的身份鉴别方法 | |
CN109005158B (zh) | 基于模糊保险箱的动态手势认证系统的认证方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 11201807605U Country of ref document: SG |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2017762501 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2017762501 Country of ref document: EP Effective date: 20181008 |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17762501 Country of ref document: EP Kind code of ref document: A1 |