WO2020029566A1 - Remote authorization method, device and equipment, and storage medium - Google Patents

Remote authorization method, device and equipment, and storage medium Download PDF

Info

Publication number
WO2020029566A1
WO2020029566A1 PCT/CN2019/074355 CN2019074355W WO2020029566A1 WO 2020029566 A1 WO2020029566 A1 WO 2020029566A1 CN 2019074355 W CN2019074355 W CN 2019074355W WO 2020029566 A1 WO2020029566 A1 WO 2020029566A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
mobile terminal
terminal
biometric feature
authorized
Prior art date
Application number
PCT/CN2019/074355
Other languages
French (fr)
Chinese (zh)
Inventor
顾宏超
Original Assignee
顾宏超
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 顾宏超 filed Critical 顾宏超
Publication of WO2020029566A1 publication Critical patent/WO2020029566A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • the present invention relates to the field of communications, and in particular, to a remote authorization method and device, device, and storage medium thereof.
  • the authentication method is one-way authentication, that is, the mobile terminal or other methods initiate authentication To apply, verify the identity of the applicant in the lock body or the cloud, and authorize the relevant implementing agencies to unlock, authenticate, and check attendance after the authentication is passed.
  • Most of the methods relying on the mobile Internet for one-way authentication have the problem of easily forging address information. In the case that the mobile terminal is stolen, compromised, or copied, an attacker can remotely operate the mobile terminal to authorize the terminal that requires authentication. .
  • An object of the present invention is to provide a remote authorization method, a device, a device and a storage medium thereof, which can ensure that it is a user who requests authentication and enjoys related services at a physical location, and effectively prevents the identity of the user or the theft of a mobile terminal, At the same time, the user's biometric characteristics are not stored to avoid the risk of leaking the user's biometric characteristics.
  • an embodiment of the present invention discloses a remote authorization method.
  • the method includes:
  • a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal sent by the mobile terminal are received, a first device ID, a first terminal ID, and a first user identifying the device to be authorized are sent to the server ID, the first device ID, the first terminal ID, and the first user ID are used to match the second device ID, the second terminal ID, and the second user ID received by the server from the mobile terminal, respectively;
  • the first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
  • the method after sending the first device ID, the first terminal ID, and the first user ID identifying the device to be authorized to the server, the method further includes:
  • authorization information is received from the server, the corresponding operation requested by the user is authorized on the device to be authorized.
  • the method after sending the first biometric feature to the mobile terminal, the method further includes:
  • the biometric feature is a fingerprint.
  • An embodiment of the present invention also discloses a remote authorization method.
  • the method includes:
  • the mobile terminal receives the first biometric feature of the user collected at the device to be authorized;
  • the mobile terminal matches the received first biometric feature with the stored second biometric feature of the user of the mobile terminal;
  • the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature, and
  • the second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
  • An embodiment of the present invention also discloses a remote authorization method.
  • the method includes:
  • the server receives the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receives the first device ID, the first terminal ID, and the first user ID from the detection device;
  • the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
  • the first biometric feature is collected at the place to be authorized and sent by the detection device to the mobile terminal, the first device ID is sent by the detection device to the mobile terminal, and
  • the mobile terminal When the first biometric feature matches the second biometric feature of the user stored in the mobile terminal, the mobile terminal sends the second device ID, the second terminal ID, and the second user ID to the server, and sends the first A terminal ID and a first user ID, and
  • the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
  • An embodiment of the present invention also discloses a remote authorization device.
  • the device includes:
  • An obtaining unit configured to obtain a first biometric feature of a user collected at a device to be authorized
  • a first sending unit configured to send a first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
  • the second sending unit is configured to send the first device ID, the first device ID identifying the device to be authorized to the server when the first terminal ID identifying the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received.
  • a terminal ID and a first user ID, the first device ID, the first terminal ID, and the first user ID are used to match the second device ID, the second terminal ID, and the second user ID received by the server from the mobile terminal, respectively ;
  • the first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
  • the remote authorization device further includes:
  • a deleting unit configured to delete the first biometric feature.
  • An embodiment of the present invention also discloses a mobile terminal.
  • the mobile terminal includes:
  • a first receiving unit configured to receive a first biometric feature of a user collected at a device to be authorized
  • a first matching unit configured to match the received first biometric feature with a stored second biometric feature of a user of the mobile terminal
  • a third sending unit configured to send a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature after the first matching unit is successfully matched
  • the second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
  • An embodiment of the present invention also discloses a server, including:
  • a second receiving unit configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
  • a second matching unit configured to match the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
  • a fourth sending unit configured to send authorization information after the second matching unit has successfully matched
  • the first biometric feature is collected at the place to be authorized and sent by the detection device to the mobile terminal, the first device ID is sent by the detection device to the mobile terminal, and
  • the mobile terminal When the first biometric feature matches the second biometric feature of the user stored in the mobile terminal, the mobile terminal sends the second device ID, the second terminal ID, and the second user ID to the server, and sends the first A terminal ID and a first user ID, and
  • the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
  • An embodiment of the present invention also discloses a device including a memory and a processor storing computer-executable instructions, and the processor is configured to execute the remote authorization method disclosed in the foregoing embodiment when the computer-executable instructions are executed.
  • An embodiment of the present invention also discloses a non-volatile computer storage medium encoded using a computer program, wherein the computer program includes instructions, and when the instructions are executed by one or more computers, the instructions cause the one or more computers to execute the foregoing embodiments.
  • Open remote authorization method when the instructions are executed by one or more computers, the instructions cause the one or more computers to execute the foregoing embodiments.
  • biometric feature of the user is not stored, and the biometric feature does not need to be transmitted remotely, so as to ensure the security of authorization while avoiding the leakage of the biometric feature of the user.
  • the existing electronic physical identity authentication mainly relies on the security of the mobile terminal to ensure the reliability and security of its authentication process. Therefore, the core security process of the security system is left to an external uncontrollable link, thereby seriously weakening the entire system. Safety, that is, the entire system is prone to single point failure. The centralized storage of user information will lead to a huge risk of information leakage.
  • the invention solves the single dependence of the existing electronic physical authentication on the security of the mobile terminal, thereby avoiding the failure of the authentication mechanism of the entire security system due to the failure of the mobile terminal, and there is no centralized storage user in the system constructed according to the invention The problem of biological information does not easily lead to large-scale user information leakage events.
  • FIG. 1 is a schematic flowchart of a remote authorization method according to a first embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a remote authorization method according to a second embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a remote authorization method according to a third embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a remote authorization method according to a fourth embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a remote authorization device according to a fourth embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a mobile terminal according to a sixth embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a server according to a seventh embodiment of the present invention.
  • FIG. 8 is a block diagram of a system according to an embodiment of the present invention.
  • FIG. 9 is a block diagram of a SoC (System On Chip) according to an embodiment of the present invention.
  • the mobile terminal includes various movable smart devices, such as a smart phone, a tablet computer, and the like.
  • the server can be a remote server or a cloud server.
  • the device ID refers to information that can uniquely identify the device to be authorized, such as an identification code or identification number set for the authorized device.
  • the terminal ID of a mobile terminal also refers to information that can uniquely identify the mobile terminal, such as a MAC address or an identifier set specifically for the terminal.
  • the user ID refers to identification information that can uniquely indicate the identity of the user, such as the machine code (SN code) of the user's mobile phone, mobile phone number, user name, and the like.
  • SN code machine code
  • this article distinguishes the above-mentioned various IDs with different transmission sources received by the server by adding a first or a second.
  • the first terminal ID and the second terminal ID both identify the mobile terminal. IDs are different because they are sent directly from different devices.
  • FIG. 1 is a schematic flowchart of the remote authorization method.
  • the method includes the following steps:
  • Step 101 Obtain a first biometric feature of a user collected at a device to be authorized.
  • a biometric feature refers to a biometric feature that can uniquely identify a user, such as a fingerprint, an iris, a facial feature, a sound, and the like.
  • step 102 the process proceeds to step 102.
  • a first biometric feature is sent to a mobile terminal, and the first biometric feature is used for matching with a second biometric feature of a user stored in the mobile terminal.
  • step 103 it is determined whether a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal sent by the mobile terminal are received.
  • step 104 If yes, go to step 104; otherwise, end this process.
  • step 104 a first device ID, a first terminal ID, and a first user ID identifying the device to be authorized are sent to the server, and the first device ID, the first terminal ID, and the first user ID are used to receive from the mobile terminal with the server.
  • the obtained second device ID, second terminal ID, and second user ID are respectively matched.
  • the server may directly send authorization information to the device to be authorized, and the device to be authorized authorizes the corresponding operation requested by the user after receiving the authorization information.
  • the server may also send authorization information to the device that obtains the first biometric feature (assuming the device does not belong to the device to be authorized, and is an additional auxiliary tool for the device to be authorized), and then the device controls the device to be authorized to perform the corresponding operation requested by the user.
  • the device to be authorized when the device to be authorized is a door lock or a car lock, unlock the door or car lock; when the device to be authorized is a vending machine, sell the goods; when the device to be authorized is a computer, the computer enters the user operation interface and allows the user to perform related operations. Operation, etc.
  • the second device ID is also sent along with the first biometric feature to the mobile terminal.
  • the second device ID may also be sent at other times, which is not limited herein.
  • the method further includes:
  • the collecting device for collecting biometric characteristics will also delete the collected biometric characteristics after sending the collected biometric characteristics. In this way, the user's biometric feature is not stored, and there is no need to send the biometric feature remotely, thereby ensuring the security of authorization while avoiding the leakage of the user's biometric feature.
  • the device that collects the first biometric feature is placed or integrated on the device to be authorized.
  • the collection device may also be an external device, and the collected biometric characteristic information is transmitted to the device to be authorized through a wireless or wired connection.
  • the first biometric feature and the second biometric feature are fingerprints.
  • FIG. 2 is a schematic flowchart of the method.
  • the method includes the following steps:
  • Step 201 The mobile terminal receives the first biometric feature of the user collected at the device to be authorized.
  • step 202 the process proceeds to step 202.
  • step 202 the mobile terminal matches the received first biometric feature with the stored second biometric feature of the user of the mobile terminal.
  • step 203 If the matching is successful, the process proceeds to step 203; otherwise, the process ends.
  • the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature, and
  • the server may directly send authorization information to the device to be authorized, and the device to be authorized authorizes the corresponding operation requested by the user after receiving the authorization information.
  • the server may also send authorization information to the device that obtains the first biometric feature (assuming the device does not belong to the device to be authorized, and is an additional auxiliary tool for the device to be authorized), and then the device controls the device to be authorized to perform the corresponding operation requested by the user.
  • the device to be authorized when the device to be authorized is a door lock or a car lock, unlock the door or car lock; when the device to be authorized is a vending machine, sell the goods; when the device to be authorized is a computer, the computer enters the user operation interface and allows the user to perform related operations Operation, etc.
  • the detection device may be a part of the device to be authorized, or may be an independent device, which is not limited herein.
  • FIG. 3 is a schematic flowchart of the method.
  • the method includes the following steps:
  • Step 301 The server receives the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receives the first device ID, the first terminal ID, and the first user ID from the detection device.
  • the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively.
  • step 303 If the matching is successful, the process proceeds to step 303; otherwise, the process ends.
  • step 303 authorization information is sent, and the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
  • the first biometric feature is collected at the place to be authorized and sent to the mobile terminal by the detection device, the first device ID is sent to the mobile terminal by the detection device, and the mobile terminal stores and stores the first biometric feature in the mobile terminal.
  • the second biometric feature of the user matches, the second device ID, the second terminal ID, and the second user ID are sent to the server, and the first terminal ID and the first user ID are sent to the detection device.
  • FIG. 4 is a schematic flowchart of the method.
  • the method includes the following steps:
  • step 401 the detection device acquires and sends to the mobile terminal a first biometric characteristic of the user collected at the device to be authorized and a second device ID identifying the device to be authorized.
  • step 402 the mobile terminal matches the received first biometric feature with the second biometric feature of the user stored in the mobile terminal.
  • step 403 is entered; otherwise, the process ends.
  • the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID identifying a user of the mobile terminal to the detection device, and sends a second device ID and a second terminal identifying the mobile terminal to the server.
  • the detection device sends a first device ID identifying the device to be authorized, and the received first terminal ID and first user ID to the server.
  • step 405 the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively.
  • step 406 is entered; otherwise, the process ends.
  • step 406 the server sends authorization information, and the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
  • the method embodiments of the present invention can be implemented in software, hardware, firmware, and the like. Regardless of whether the present invention is implemented in software, hardware, or firmware, the instruction code can be stored in any type of computer-accessible memory (such as permanent or modifiable, volatile or nonvolatile, solid state Or non-solid, fixed or replaceable media, etc.).
  • the memory may be, for example, Programmable Array Logic (PAL), Random Access Memory (RAM), Programmable Read Only Memory (PROM) "), Read-Only Memory (“ ROM “), Electrically Erasable Programmable ROM (“EEPROM “), magnetic disks, optical disks, digital Versatile Discs , “DVD” for short) and so on.
  • PAL Programmable Array Logic
  • RAM Random Access Memory
  • PROM Programmable Read Only Memory
  • ROM Read-Only Memory
  • EEPROM Electrically Erasable Programmable ROM
  • FIG. 5 is a schematic structural diagram of the remote authorization device.
  • the remote authorization device includes:
  • An obtaining unit configured to obtain a first biometric feature of a user collected at a device to be authorized
  • a first sending unit configured to send a first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
  • the second sending unit is configured to send the first device ID, the first device ID identifying the device to be authorized to the server when the first terminal ID identifying the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received.
  • a terminal ID and a first user ID, the first device ID, the first terminal ID, and the first user ID are used to match the second device ID, the second terminal ID, and the second user ID received by the server from the mobile terminal, respectively ;
  • the first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
  • the device further includes:
  • a deleting unit configured to delete the first biometric feature.
  • the first or fourth embodiment is a method embodiment corresponding to this embodiment, and this embodiment can be implemented in cooperation with the first or fourth embodiment. Relevant technical details mentioned in the first or fourth embodiment are still valid in this embodiment, and in order to reduce repetition, details are not repeated here. Accordingly, the related technical details mentioned in this embodiment can also be applied in the first or fourth embodiment.
  • FIG. 6 is a schematic structural diagram of the mobile terminal.
  • the mobile terminal includes:
  • a first receiving unit configured to receive a first biometric feature of a user collected at a device to be authorized
  • a first matching unit configured to match the received first biometric feature with a stored second biometric feature of a user of the mobile terminal
  • a third sending unit configured to send a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature after the first matching unit is successfully matched
  • the second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
  • the second or fourth embodiment is a method embodiment corresponding to this embodiment, and this embodiment can be implemented in cooperation with the second or fourth embodiment.
  • the related technical details mentioned in the second or fourth embodiment are still valid in this embodiment, and in order to reduce repetition, details are not repeated here. Accordingly, the related technical details mentioned in this embodiment can also be applied in the second or fourth embodiment.
  • FIG. 7 is a schematic diagram of the server.
  • the server includes:
  • a second receiving unit configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
  • a second matching unit configured to match the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
  • a fourth sending unit configured to send authorization information after the second matching unit has successfully matched
  • the first biometric feature is collected at the place to be authorized and sent by the detection device to the mobile terminal, the first device ID is sent by the detection device to the mobile terminal, and
  • the mobile terminal When the first biometric feature matches the second biometric feature of the user stored in the mobile terminal, the mobile terminal sends the second device ID, the second terminal ID, and the second user ID to the server, and sends the first A terminal ID and a first user ID, and
  • the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
  • the third or fourth embodiment is a method implementation corresponding to this embodiment, and this embodiment can be implemented in cooperation with the third or fourth embodiment. Relevant technical details mentioned in the third or fourth embodiment are still valid in this embodiment, and in order to reduce repetition, details are not repeated here. Accordingly, the related technical details mentioned in this embodiment can also be applied in the third or fourth embodiment.
  • An eighth embodiment of the present invention relates to a device.
  • the device includes a memory and a processor storing computer-executable instructions, and the processor is configured to execute the remote authorization method of any one of the first to fourth embodiments when the computer-executable instructions are executed.
  • a ninth embodiment of the present invention relates to a non-volatile computer storage medium encoded using a computer program, wherein the computer program includes instructions, and when the instructions are executed by more than one computer, the instructions cause more than one computer to execute the first The remote authorization method according to any one of the fourth embodiment.
  • the existing electronic physical identity authentication mainly relies on the security of the mobile terminal to ensure the reliability and security of its authentication process. Therefore, the core security process of the security system is left to an external uncontrollable link, thereby seriously weakening the security of the entire system. That is, the entire system is prone to single point failure.
  • the centralized storage of user information will lead to a huge risk of information leakage.
  • the invention solves the single dependence of the existing electronic physical authentication on the security of the mobile terminal, thereby avoiding the failure of the authentication mechanism of the entire security system due to the failure of the mobile terminal, and there is no centralized storage user in the system constructed according to the invention
  • the problem of biological information does not easily lead to large-scale user information leakage events.
  • the system 800 may be an implementation manner of a server, a detection device, a remote authorization device, or a device mentioned in this application. However, it can be understood that the server, detection device, remote authorization device, or device of the present application may also have other implementation manners, and is not limited to the system 800.
  • the system 800 may include one or more processors 801 coupled to a controller hub 803.
  • the controller hub 803 includes, but is not limited to, a graphics memory controller hub (GMCH) (not shown) and an input / output hub (IOH) (which may be on separate chips) (not shown) Out), where the GMCH includes a memory and a graphics controller and is coupled to the IOH.
  • the system 800 may also include a coprocessor 802 and a memory 804 coupled to a controller hub 803.
  • the memory 804 and the coprocessor 802 are directly coupled to the processor 801 and the controller hub 803, the controller hub 803 and IOH are in a single chip.
  • the memory 804 may be, for example, a dynamic random access memory (DRAM), a phase change memory (PCM), or a combination of the two.
  • the controller hub 803 communicates with the processor 801 via a multi-drop bus such as a front-side bus (FSB), a point-to-point interface such as a fast-path interconnect (QPI), or the like.
  • a multi-drop bus such as a front-side bus (FSB), a point-to-point interface such as a fast-path interconnect (QPI), or the like.
  • the coprocessor 802 is a dedicated processor, such as, for example, a high-throughput MIC processor, a network or communication processor, a compression engine, a graphics processor, a GPGPU, or an embedded processor, and so on.
  • the controller hub 803 may include an integrated graphics accelerator. The instruction execution method proposed in this application may be executed by the coprocessor 802.
  • the processor 801 executes instructions that control data processing operations of a general type. Coprocessor instructions can be embedded in these instructions. The processor 801 recognizes these coprocessor instructions as the type that should be executed by the attached coprocessor 802. Therefore, the processor 801 issues these coprocessor instructions (or control signals representing the coprocessor instructions) to the coprocessor 802 on a coprocessor bus or other interconnect. The coprocessor 802 accepts and executes the received coprocessor instructions.
  • FIG. 9 a block diagram of a SoC (System on Chip) 900 according to an embodiment of the present application is shown.
  • the SoC may be an implementation manner of a mobile terminal, a detection device, a remote authorization device, or a device mentioned in this application.
  • the mobile terminal, detection device, remote authorization device, or device of the present application may also have other implementation manners, and is not limited to the SoC 900.
  • similar components have the same reference numerals.
  • dashed boxes are optional features for more advanced SoCs.
  • the interconnect unit 950 is coupled to an application processor 910, which includes, but is not limited to, one or more core sets and shared cache units and registers; a system proxy unit 980; a bus controller Unit 990; integrated memory controller unit 940; one or more coprocessors 920, which may include integrated graphics logic, image processor, audio processor, and video processor; static random access memory (SRAM) unit 930; Direct Memory Access (DMA) unit 960.
  • the coprocessor 920 includes a dedicated processor, such as, for example, a network or communications processor, a compression engine, a GPGPU, a high-throughput MIC processor, or an embedded processor, and the like.
  • Embodiments of the mechanisms disclosed herein may be implemented in hardware, software, firmware, or a combination of these implementation methods.
  • Embodiments of the present application may be implemented as a computer program or program code executed on a programmable system, the programmable system including at least one processor, a storage system (including volatile and nonvolatile memory and / or storage elements) , At least one input device, and at least one output device.
  • Program code can be applied to input instructions to perform the functions described in this application and generate output information.
  • the output information can be applied to one or more output devices in a known manner.
  • a processing system includes any system having a processor such as, for example, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), or a microprocessor.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • the program code can be implemented in a high-level programming language or an object-oriented programming language to communicate with the processing system.
  • program code can also be implemented in assembly or machine language.
  • the mechanisms described in this application are not limited to the scope of any particular programming language. In either case, the language can be a compiled or interpreted language.
  • each unit mentioned in the embodiments of each device of the present invention is a logical unit.
  • a logical unit may be a physical unit, or a part of a physical unit, or multiple physical units.
  • the combined implementation of units, the physical implementation of these logical units themselves is not the most important, and the combination of the functions implemented by these logical units is the key to solving the technical problem proposed by the present invention.
  • the above-mentioned device embodiments of the present invention do not introduce units that are not closely related to solving the technical problems proposed by the present invention, which does not mean that there are no other existing device embodiments unit.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention relates to the field of communications, and disclosed thereby are a remote authorization method, device and equipment, and a storage medium. The remote authorization method according to the present invention comprises: acquiring a first biometric feature of a user collected at a device to be authorized; transmitting the first biometric feature to a mobile terminal; and if a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal are received from the mobile terminal, sending to a server a first device ID, the first terminal ID and the first user ID which identify the device to be authorized. The remote authorization method according to the present invention may ensure that only the user personally requests authentication and enjoys related services at a physical location, thereby effectively avoiding a situation where a user identity or a mobile terminal is misappropriated, and simultaneously avoiding the risk of revealing the biometric feature of the user.

Description

远程授权方法及其装置、设备和存储介质Remote authorization method, device, equipment and storage medium thereof 技术领域Technical field
本发明涉及通信领域,特别涉及一种远程授权方法及其装置、设备和存储介质。The present invention relates to the field of communications, and in particular, to a remote authorization method and device, device, and storage medium thereof.
背景技术Background technique
随着网络化生活方式的普及,在日常生活中出现了越来越多的需要用户进行网络认证,或者说鉴权的需求,比如移动支付,共享单车等。现有的基于互联网或蓝牙通讯等技术的联网设备,比如共享单车车锁,智能门锁等智能锁等相关产品其鉴权方式均为单向鉴权,即由移动终端或者其他方式发起鉴权申请,在锁体或者云端对申请者身份进行核实,并在鉴权通过后授权相关执行机构开锁、认证、考勤等目标操作。大部分依赖移动互联网进行单向鉴权的方式均存在容易伪造地址信息的问题,在移动终端被窃取、攻破、或者复制等情况下,攻击者可以远程操作移动终端对需要鉴权的终端进行授权。With the popularization of networked lifestyles, more and more demands for network authentication or authentication are required in daily life, such as mobile payment and bicycle sharing. Existing networked devices based on the Internet or Bluetooth communication technology, such as shared bicycle locks, smart door locks, and other related products such as smart locks, the authentication method is one-way authentication, that is, the mobile terminal or other methods initiate authentication To apply, verify the identity of the applicant in the lock body or the cloud, and authorize the relevant implementing agencies to unlock, authenticate, and check attendance after the authentication is passed. Most of the methods relying on the mobile Internet for one-way authentication have the problem of easily forging address information. In the case that the mobile terminal is stolen, compromised, or copied, an attacker can remotely operate the mobile terminal to authorize the terminal that requires authentication. .
由于互联网的特性导致这种异地的信息发送几乎无法察觉,从而无法判断移动终端是否在需要授权的终端(即本文所述的执行设备)附近,进而确认是否由经过授权的用户发起鉴权申请。Due to the characteristics of the Internet, this kind of remote information transmission is almost imperceptible, so it is impossible to determine whether the mobile terminal is near a terminal that needs authorization (that is, the execution device described herein), and then confirm whether an authorized user initiates an authentication application.
即只通过检查鉴权或者认证发起者的身份信息(手机SN,手机号码,移动终端OS内置的鉴权功能如锁屏密码)目前已经证实均是可以伪造/攻破的。在这种情况下需要较高安全性的场合就不能再依靠这些传统的身份认证方式和鉴权方法。That is, only by checking the identity information of the authentication or authentication initiator (mobile phone SN, mobile phone number, authentication functions built into the mobile terminal OS such as a lock screen password), it has been confirmed that they can be forged / hacked. In this case, you can no longer rely on these traditional identity authentication methods and authentication methods in situations where higher security is required.
而直接通过生物识别特征等用户唯一识别码的方式来进行认证则存在必须集中存储用户信息的问题。当相关服务是面向大众市场时会集中存储大量的用户信息,尤其是生物识别特征等无法变更的用户信息,一旦泄露将对客户造成重大的损失。也就是说任何集中存储用户信息的服务都是高风险的。采集与传输个人的生物识别特征信息在我国及世界各地都是一项高度涉及安全与法律的敏感行为。However, there is a problem that user information must be stored in a centralized manner to perform authentication by using a user's unique identification code such as a biometric feature. When the related services are for the mass market, a large amount of user information is stored in a centralized manner, especially user information that cannot be changed such as biometric characteristics. Once leaked, it will cause significant losses to customers. In other words, any service that centrally stores user information is high-risk. Collecting and transmitting personal biometric information is a sensitive act involving security and law in China and around the world.
发明内容Summary of the invention
本发明的目的在于提供一种远程授权方法及其装置、设备和存储介质,可在物理位置 上确保请求认证和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用的情况,同时不存储用户的生物识别特征从而避免泄露用户生物识别特征的风险。An object of the present invention is to provide a remote authorization method, a device, a device and a storage medium thereof, which can ensure that it is a user who requests authentication and enjoys related services at a physical location, and effectively prevents the identity of the user or the theft of a mobile terminal, At the same time, the user's biometric characteristics are not stored to avoid the risk of leaking the user's biometric characteristics.
为解决上述技术问题,本发明的实施方式公开了一种远程授权方法,该方法包括:In order to solve the above technical problems, an embodiment of the present invention discloses a remote authorization method. The method includes:
获取在待授权设备处采集的用户的第一生物识别特征;Acquiring a first biometric feature of a user collected at a device to be authorized;
向移动终端发送第一生物识别特征,第一生物识别特征用于与存储在该移动终端中的用户的第二生物识别特征进行匹配;Sending a first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
如果接收到移动终端发送的标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,则向服务器发送标识待授权设备的第一设备ID、第一终端ID和第一用户ID,第一设备ID、第一终端ID和第一用户ID用于与服务器从移动终端接收到的第二设备ID、第二终端ID和第二用户ID分别进行匹配;If a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal sent by the mobile terminal are received, a first device ID, a first terminal ID, and a first user identifying the device to be authorized are sent to the server ID, the first device ID, the first terminal ID, and the first user ID are used to match the second device ID, the second terminal ID, and the second user ID received by the server from the mobile terminal, respectively;
其中,第一终端ID和第一用户ID是移动终端在第一生物识别特征与第二生物识别特征匹配后发送的。The first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
在一示范例中,在该方法中,向服务器发送标识待授权设备的第一设备ID、第一终端ID和第一用户ID之后,还包括:In an exemplary embodiment, in the method, after sending the first device ID, the first terminal ID, and the first user ID identifying the device to be authorized to the server, the method further includes:
如果接收到来自服务器的授权信息,则在待授权设备上授权用户请求的相应操作。If authorization information is received from the server, the corresponding operation requested by the user is authorized on the device to be authorized.
在另一示范例中,在该方法中,向移动终端发送第一生物识别特征之后,还包括:In another exemplary embodiment, in the method, after sending the first biometric feature to the mobile terminal, the method further includes:
删除第一生物识别特征。Delete the first biometric feature.
在另一示范例中,生物识别特征为指纹。In another example, the biometric feature is a fingerprint.
本发明的实施方式还公开了一种远程授权方法,该方法包括:An embodiment of the present invention also discloses a remote authorization method. The method includes:
移动终端接收在待授权设备处采集的用户的第一生物识别特征;The mobile terminal receives the first biometric feature of the user collected at the device to be authorized;
移动终端将接收到的第一生物识别特征与存储的该移动终端的用户的第二生物识别特征进行匹配;The mobile terminal matches the received first biometric feature with the stored second biometric feature of the user of the mobile terminal;
如果匹配成功,则移动终端向发送第一生物识别特征的检测设备发送标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,并且If the matching is successful, the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature, and
向服务器发送标识该移动终端的第二终端ID和该移动终端的用户的第二用户ID以及接收到的标识待授权设备的第二设备ID;Sending to the server a second terminal ID identifying the mobile terminal and a second user ID of a user of the mobile terminal and the received second device ID identifying the device to be authorized;
其中,第二设备ID、第二终端ID和第二用户ID用于与服务器从检测设备接收到的第一设备ID、第一终端ID和第一用户ID分别进行匹配。The second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
本发明的实施方式还公开了一种远程授权方法,该方法包括:An embodiment of the present invention also discloses a remote authorization method. The method includes:
服务器从移动终端接收第二设备ID、第二终端ID和第二用户ID,并从检测设备接收第一设备ID、第一终端ID和第一用户ID;The server receives the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receives the first device ID, the first terminal ID, and the first user ID from the detection device;
服务器对接收到的第一设备ID、第一终端ID和第一用户ID与第二设备ID、第二终端ID和第二用户ID分别进行匹配;The server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
如果匹配成功,则发送授权信息;If the match is successful, the authorization information is sent;
其中,第一生物识别特征在待授权处被采集并由检测设备发送给移动终端,第一设备ID由检测设备发送给移动终端,并且The first biometric feature is collected at the place to be authorized and sent by the detection device to the mobile terminal, the first device ID is sent by the detection device to the mobile terminal, and
移动终端在第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征匹配时,向服务器发送第二设备ID、第二终端ID和第二用户ID,并向检测设备发送第一终端ID和第一用户ID,并且When the first biometric feature matches the second biometric feature of the user stored in the mobile terminal, the mobile terminal sends the second device ID, the second terminal ID, and the second user ID to the server, and sends the first A terminal ID and a first user ID, and
授权信息用于授权待授权设备上用户请求的相应操作。The authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
本发明的实施方式还公开了一种远程授权装置,该装置包括:An embodiment of the present invention also discloses a remote authorization device. The device includes:
获取单元,用于获取在待授权设备处采集的用户的第一生物识别特征;An obtaining unit, configured to obtain a first biometric feature of a user collected at a device to be authorized;
第一发送单元,用于向移动终端发送第一生物识别特征,第一生物识别特征用于与存储在该移动终端中的用户的第二生物识别特征进行匹配;A first sending unit, configured to send a first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
第二发送单元,用于在接收到移动终端发送的标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID时,向服务器发送标识待授权设备的第一设备ID、第一终端ID和第一用户ID,第一设备ID、第一终端ID和第一用户ID用于与服务器从移动终端接收到的第二设备ID、第二终端ID和第二用户ID分别进行匹配;The second sending unit is configured to send the first device ID, the first device ID identifying the device to be authorized to the server when the first terminal ID identifying the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received. A terminal ID and a first user ID, the first device ID, the first terminal ID, and the first user ID are used to match the second device ID, the second terminal ID, and the second user ID received by the server from the mobile terminal, respectively ;
其中,第一终端ID和第一用户ID是移动终端在第一生物识别特征与第二生物识别特征匹配后发送的。The first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
在一示范例中,该远程授权装置还包括:In an exemplary embodiment, the remote authorization device further includes:
删除单元,用于删除第一生物识别特征。A deleting unit, configured to delete the first biometric feature.
本发明的实施方式还公开了一种移动终端,该移动终端包括:An embodiment of the present invention also discloses a mobile terminal. The mobile terminal includes:
第一接收单元,用于接收在待授权设备处采集的用户的第一生物识别特征;A first receiving unit, configured to receive a first biometric feature of a user collected at a device to be authorized;
第一匹配单元,用于将接收到的第一生物识别特征与存储的该移动终端的用户的第二生物识别特征进行匹配;A first matching unit, configured to match the received first biometric feature with a stored second biometric feature of a user of the mobile terminal;
第三发送单元,用于在第一匹配单元匹配成功后,向发送第一生物识别特征的检测设备发送标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,并且A third sending unit, configured to send a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature after the first matching unit is successfully matched, and
向服务器发送标识该移动终端的第二终端ID和该移动终端的用户的第二用户ID以及接收到的标识待授权设备的第二设备ID;Sending to the server a second terminal ID identifying the mobile terminal and a second user ID of a user of the mobile terminal and the received second device ID identifying the device to be authorized;
其中,第二设备ID、第二终端ID和第二用户ID用于与服务器从检测设备接收到的第一设备ID、第一终端ID和第一用户ID分别进行匹配。The second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
本发明的实施方式还公开了一种服务器,包括:An embodiment of the present invention also discloses a server, including:
第二接收单元,用于从移动终端接收第二设备ID、第二终端ID和第二用户ID,并从检测设备接收第一设备ID、第一终端ID和第一用户ID;A second receiving unit, configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
第二匹配单元,用于对接收到的第一设备ID、第一终端ID和第一用户ID与第二设备ID、第二终端ID和第二用户ID分别进行匹配;A second matching unit, configured to match the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
第四发送单元,用于在第二匹配单元匹配成功后,发送授权信息;A fourth sending unit, configured to send authorization information after the second matching unit has successfully matched;
其中,第一生物识别特征在待授权处被采集并由检测设备发送给移动终端,第一设备ID由检测设备发送给移动终端,并且The first biometric feature is collected at the place to be authorized and sent by the detection device to the mobile terminal, the first device ID is sent by the detection device to the mobile terminal, and
移动终端在第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征匹配时,向服务器发送第二设备ID、第二终端ID和第二用户ID,并向检测设备发送第一终端ID和第一用户ID,并且When the first biometric feature matches the second biometric feature of the user stored in the mobile terminal, the mobile terminal sends the second device ID, the second terminal ID, and the second user ID to the server, and sends the first A terminal ID and a first user ID, and
授权信息用于授权待授权设备上用户请求的相应操作。The authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
本发明的实施方式还公开了一种设备,该设备包括存储有计算机可执行指令的存储器和处理器,处理器被配置为在执行计算机可执行指令时,执行上述实施方式公开的远程授权方法。An embodiment of the present invention also discloses a device including a memory and a processor storing computer-executable instructions, and the processor is configured to execute the remote authorization method disclosed in the foregoing embodiment when the computer-executable instructions are executed.
本发明的实施方式还公开了一种使用计算机程序编码的非易失性计算机存储介质,其中,计算机程序包括指令,当指令被一个以上的计算机执行时,指令使得一个以上的计算机执行上述实施方式公开的远程授权方法。An embodiment of the present invention also discloses a non-volatile computer storage medium encoded using a computer program, wherein the computer program includes instructions, and when the instructions are executed by one or more computers, the instructions cause the one or more computers to execute the foregoing embodiments. Open remote authorization method.
本发明实施方式与现有技术相比,主要区别及其效果在于:Compared with the prior art, the embodiments of the present invention have the following main differences and effects:
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
进一步地,不存储用户的生物识别特征,也无需远程发送生物识别特征,在保证授权安全性的同时避免用户生物识别特征的泄露。Further, the biometric feature of the user is not stored, and the biometric feature does not need to be transmitted remotely, so as to ensure the security of authorization while avoiding the leakage of the biometric feature of the user.
进一步地,目前现存的电子物理身份认证主要依赖移动终端的安全性来保障其认证过 程的可靠安全,故将安全系统的核心保障过程交给了外部不可控的环节,从而严重的削弱了整个系统的安全性,即容易出现单点失效导致的整个系统失效。而集中存储用户信息又会导致巨大的信息泄露风险。本发明解决了现存的电子物理认证对移动终端的安全的单一依赖,从而避免了因为移动终端失效导致的整个安全系统的鉴权机制失效,同时依据本发明所构建的系统中不存在集中存储用户生物信息的问题,不容易导致大规模的用户信息泄露事件。Further, the existing electronic physical identity authentication mainly relies on the security of the mobile terminal to ensure the reliability and security of its authentication process. Therefore, the core security process of the security system is left to an external uncontrollable link, thereby seriously weakening the entire system. Safety, that is, the entire system is prone to single point failure. The centralized storage of user information will lead to a huge risk of information leakage. The invention solves the single dependence of the existing electronic physical authentication on the security of the mobile terminal, thereby avoiding the failure of the authentication mechanism of the entire security system due to the failure of the mobile terminal, and there is no centralized storage user in the system constructed according to the invention The problem of biological information does not easily lead to large-scale user information leakage events.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是根据本发明第一实施方式的远程授权方法的流程示意图;1 is a schematic flowchart of a remote authorization method according to a first embodiment of the present invention;
图2是根据本发明第二实施方式的远程授权方法的流程示意图;2 is a schematic flowchart of a remote authorization method according to a second embodiment of the present invention;
图3是根据本发明第三实施方式的远程授权方法的流程示意图;3 is a schematic flowchart of a remote authorization method according to a third embodiment of the present invention;
图4是根据本发明第四实施方式的远程授权方法的流程示意图;4 is a schematic flowchart of a remote authorization method according to a fourth embodiment of the present invention;
图5是根据本发明第四实施方式的远程授权装置的结构示意图;5 is a schematic structural diagram of a remote authorization device according to a fourth embodiment of the present invention;
图6是根据本发明第六实施方式的移动终端的结构示意图;6 is a schematic structural diagram of a mobile terminal according to a sixth embodiment of the present invention;
图7是根据本发明第七实施方式的服务器的结构示意图;7 is a schematic structural diagram of a server according to a seventh embodiment of the present invention;
图8是根据本发明的一个实施例的系统的框图;8 is a block diagram of a system according to an embodiment of the present invention;
图9是根据本发明的一个实施例的SoC(System on Chip,片上系统)的框图。FIG. 9 is a block diagram of a SoC (System On Chip) according to an embodiment of the present invention.
具体实施方式detailed description
在以下的叙述中,为了使读者更好地理解本申请而提出了许多技术细节。但是,本领域的普通技术人员可以理解,即使没有这些技术细节和基于以下各实施方式的种种变化和修改,也可以实现本申请各权利要求所要求保护的技术方案。In the following description, many technical details are proposed in order to make the reader better understand this application. However, those of ordinary skill in the art can understand that even without these technical details and various changes and modifications based on the following embodiments, the technical solutions claimed in the claims of this application can be implemented.
此外,可以理解,在本发明中,移动终端包括各种可移动的智能设备,例如,智能手机、平板电脑等。服务器可以是远程服务器或者云端服务器。设备ID指能够唯一标识待授权设备的信息,如为授权设备设置的识别码或者识别号。移动终端的终端ID也是指能 够唯一标识移动终端的信息,如MAC地址或者为终端专门设置的标识符。用户ID指能够唯一表明用户身份的标识信息,如用户的手机的机器码(SN码)、手机号码、用户名等。值得注意的是,本文对服务器接收到的发送来源不同的上述各种ID采用在前加第一或第二的方式进行区分,例如,第一终端ID和第二终端ID均为标识移动终端的ID,只是直接发送的设备不同,所以将其进行区分。In addition, it can be understood that, in the present invention, the mobile terminal includes various movable smart devices, such as a smart phone, a tablet computer, and the like. The server can be a remote server or a cloud server. The device ID refers to information that can uniquely identify the device to be authorized, such as an identification code or identification number set for the authorized device. The terminal ID of a mobile terminal also refers to information that can uniquely identify the mobile terminal, such as a MAC address or an identifier set specifically for the terminal. The user ID refers to identification information that can uniquely indicate the identity of the user, such as the machine code (SN code) of the user's mobile phone, mobile phone number, user name, and the like. It is worth noting that this article distinguishes the above-mentioned various IDs with different transmission sources received by the server by adding a first or a second. For example, the first terminal ID and the second terminal ID both identify the mobile terminal. IDs are different because they are sent directly from different devices.
为使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明的实施方式作进一步地详细描述。To make the objectives, technical solutions, and advantages of the present invention clearer, the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
本发明第一实施方式涉及一种远程授权方法。图1是该远程授权方法的流程示意图。The first embodiment of the present invention relates to a remote authorization method. FIG. 1 is a schematic flowchart of the remote authorization method.
具体地,如图1所示,该方法包括以下步骤:Specifically, as shown in FIG. 1, the method includes the following steps:
步骤101,获取在待授权设备处采集的用户的第一生物识别特征。Step 101: Obtain a first biometric feature of a user collected at a device to be authorized.
可以理解,在本发明中,生物识别特征指能够唯一标识用户的生物识别特征,如指纹、虹膜、面部特征、声音等。It can be understood that, in the present invention, a biometric feature refers to a biometric feature that can uniquely identify a user, such as a fingerprint, an iris, a facial feature, a sound, and the like.
此后进入步骤102。Thereafter, the process proceeds to step 102.
在步骤102中,向移动终端发送第一生物识别特征,第一生物识别特征用于与存储在该移动终端中的用户的第二生物识别特征进行匹配。In step 102, a first biometric feature is sent to a mobile terminal, and the first biometric feature is used for matching with a second biometric feature of a user stored in the mobile terminal.
此后,进入步骤103。Thereafter, the process proceeds to step 103.
在步骤103中,判断是否接收到移动终端发送的标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID。In step 103, it is determined whether a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal sent by the mobile terminal are received.
如果是,则进入步骤104;否则,结束本流程。If yes, go to step 104; otherwise, end this process.
在步骤104中,向服务器发送标识待授权设备的第一设备ID、第一终端ID和第一用户ID,第一设备ID、第一终端ID和第一用户ID用于与服务器从移动终端接收到的第二设备ID、第二终端ID和第二用户ID分别进行匹配。In step 104, a first device ID, a first terminal ID, and a first user ID identifying the device to be authorized are sent to the server, and the first device ID, the first terminal ID, and the first user ID are used to receive from the mobile terminal with the server. The obtained second device ID, second terminal ID, and second user ID are respectively matched.
此后,结束本流程。After that, the process ends.
可以理解,在本发明中,服务器在将上述ID匹配成功后,可以直接向待授权设备发送授权信息,待授权设备在接收到授权信息后授权用户请求的相应操作。服务器也可以向获取第一生物识别特征的设备(假设该设备不属于待授权设备,为待授权设备的额外辅助工具)发送授权信息,然后由该设备控制待授权设备执行用户请求的相应操作,例如,待授权设备为门锁或者车锁时,打开门锁或者车锁;待授权设备是自动售货机时,售出货物; 待授权设备是计算机时,计算机进入用户操作界面,允许用户进行相关操作等。It can be understood that, in the present invention, after the ID is successfully matched, the server may directly send authorization information to the device to be authorized, and the device to be authorized authorizes the corresponding operation requested by the user after receiving the authorization information. The server may also send authorization information to the device that obtains the first biometric feature (assuming the device does not belong to the device to be authorized, and is an additional auxiliary tool for the device to be authorized), and then the device controls the device to be authorized to perform the corresponding operation requested by the user. For example, when the device to be authorized is a door lock or a car lock, unlock the door or car lock; when the device to be authorized is a vending machine, sell the goods; when the device to be authorized is a computer, the computer enters the user operation interface and allows the user to perform related operations. Operation, etc.
在一示范例中,在上述步骤102中,在向移动终端发送第一生物识别特征的同时,还发送第二设备ID。此外,也可以在其他时间发送第二设备ID,在此不做限制。In an exemplary embodiment, in step 102, the second device ID is also sent along with the first biometric feature to the mobile terminal. In addition, the second device ID may also be sent at other times, which is not limited herein.
为了防止用户生物识别特征的泄露,优选地,在一示范例中,在上述步骤102之后,该方法还包括:In order to prevent the leakage of the user's biometric characteristics, preferably, in an exemplary embodiment, after the above step 102, the method further includes:
删除获取的第一生物识别特征。其中,如果采集和获取生物识别特征的设备并非同一设备,则采集生物识别特征的采集设备在将采集到的生物识别特征发送之后,也会删除采集的生物识别特征。如此,不存储用户的生物识别特征,也无需远程发送生物识别特征,在保证授权安全性的同时避免用户生物识别特征的泄露。Delete the acquired first biometric feature. Wherein, if the devices for collecting and acquiring biometric characteristics are not the same device, the collecting device for collecting biometric characteristics will also delete the collected biometric characteristics after sending the collected biometric characteristics. In this way, the user's biometric feature is not stored, and there is no need to send the biometric feature remotely, thereby ensuring the security of authorization while avoiding the leakage of the user's biometric feature.
在一示范例中,采集第一生物识别特征的设备被安置或者集成在待授权设备上。In an exemplary embodiment, the device that collects the first biometric feature is placed or integrated on the device to be authorized.
此外,在本发明的其他示范例中,该采集设备也可以是外置设备,通过无线或者有线连接与待授权设备传输采集到的生物识别特征信息。In addition, in other exemplary embodiments of the present invention, the collection device may also be an external device, and the collected biometric characteristic information is transmitted to the device to be authorized through a wireless or wired connection.
在一示范例中,第一生物识别特征和第二生物识别特征为指纹。In an exemplary embodiment, the first biometric feature and the second biometric feature are fingerprints.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
本发明的第二实施方式涉及一种远程授权方法。图2是该方法的流程示意图。A second embodiment of the present invention relates to a remote authorization method. FIG. 2 is a schematic flowchart of the method.
具体地,如图2所示,该方法包括以下步骤:Specifically, as shown in FIG. 2, the method includes the following steps:
步骤201,移动终端接收在待授权设备处采集的用户的第一生物识别特征。Step 201: The mobile terminal receives the first biometric feature of the user collected at the device to be authorized.
此后,进入步骤202。Thereafter, the process proceeds to step 202.
在步骤202中,移动终端将接收到的第一生物识别特征与存储的该移动终端的用户的第二生物识别特征进行匹配。In step 202, the mobile terminal matches the received first biometric feature with the stored second biometric feature of the user of the mobile terminal.
如果匹配成功,则进入步骤203;否则,结束本流程。If the matching is successful, the process proceeds to step 203; otherwise, the process ends.
在步骤203中,移动终端向发送第一生物识别特征的检测设备发送标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,并且In step 203, the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature, and
向服务器发送标识该移动终端的第二终端ID和该移动终端的用户的第二用户ID以及接收到的标识待授权设备的第二设备ID;其中,第二设备ID、第二终端ID和第二用户ID用于与服务器从检测设备接收到的第一设备ID、第一终端ID和第一用户ID分别进行匹配。Sending to the server a second terminal ID identifying the mobile terminal and a second user ID of a user of the mobile terminal and a received second device ID identifying the device to be authorized; wherein the second device ID, the second terminal ID, and the first The two user IDs are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
此后,结束本流程。After that, the process ends.
可以理解,在本发明中,服务器在将上述ID匹配成功后,可以直接向待授权设备发送授权信息,待授权设备在接收到授权信息后授权用户请求的相应操作。服务器也可以向 获取第一生物识别特征的设备(假设该设备不属于待授权设备,为待授权设备的额外辅助工具)发送授权信息,然后由该设备控制待授权设备执行用户请求的相应操作,例如,待授权设备为门锁或者车锁时,打开门锁或者车锁;待授权设备是自动售货机时,售出货物;待授权设备是计算机时,计算机进入用户操作界面,允许用户进行相关操作等。It can be understood that, in the present invention, after the ID is successfully matched, the server may directly send authorization information to the device to be authorized, and the device to be authorized authorizes the corresponding operation requested by the user after receiving the authorization information. The server may also send authorization information to the device that obtains the first biometric feature (assuming the device does not belong to the device to be authorized, and is an additional auxiliary tool for the device to be authorized), and then the device controls the device to be authorized to perform the corresponding operation requested by the user. For example, when the device to be authorized is a door lock or a car lock, unlock the door or car lock; when the device to be authorized is a vending machine, sell the goods; when the device to be authorized is a computer, the computer enters the user operation interface and allows the user to perform related operations Operation, etc.
此外,可以理解,在本发明各实施方式中,检测设备可以是待授权设备的一部分,也可以是独立的设备,在此不做限制。In addition, it can be understood that, in the embodiments of the present invention, the detection device may be a part of the device to be authorized, or may be an independent device, which is not limited herein.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
本发明的第三实施方式涉及一种远程授权方法。图3是该方法的流程示意图。A third embodiment of the present invention relates to a remote authorization method. FIG. 3 is a schematic flowchart of the method.
具体地,如图3所示,该方法包括以下步骤:Specifically, as shown in FIG. 3, the method includes the following steps:
步骤301,服务器从移动终端接收第二设备ID、第二终端ID和第二用户ID,并从检测设备接收第一设备ID、第一终端ID和第一用户ID。Step 301: The server receives the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receives the first device ID, the first terminal ID, and the first user ID from the detection device.
此后进入步骤302。Thereafter, the process proceeds to step 302.
在步骤302中,服务器对接收到的第一设备ID、第一终端ID和第一用户ID与第二设备ID、第二终端ID和第二用户ID分别进行匹配。In step 302, the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively.
如果匹配成功,则进入步骤303;否则,结束本流程。If the matching is successful, the process proceeds to step 303; otherwise, the process ends.
在步骤303中,发送授权信息,授权信息用于授权待授权设备上用户请求的相应操作。In step 303, authorization information is sent, and the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
其中,第一生物识别特征在待授权处被采集并由检测设备发送给移动终端,第一设备ID由检测设备发送给移动终端,并且移动终端在第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征匹配时,向服务器发送第二设备ID、第二终端ID和第二用户ID,并向检测设备发送第一终端ID和第一用户ID。The first biometric feature is collected at the place to be authorized and sent to the mobile terminal by the detection device, the first device ID is sent to the mobile terminal by the detection device, and the mobile terminal stores and stores the first biometric feature in the mobile terminal. When the second biometric feature of the user matches, the second device ID, the second terminal ID, and the second user ID are sent to the server, and the first terminal ID and the first user ID are sent to the detection device.
此后,结束本流程。After that, the process ends.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
本发明的第四实施方式涉及一种远程授权方法。图4是该方法的流程示意图。A fourth embodiment of the present invention relates to a remote authorization method. FIG. 4 is a schematic flowchart of the method.
具体地,如图4所示,该方法包括以下步骤:Specifically, as shown in FIG. 4, the method includes the following steps:
在步骤401中,检测设备获取并向移动终端发送在待授权设备处采集的用户的第一生物识别特征和标识待授权设备的第二设备ID。In step 401, the detection device acquires and sends to the mobile terminal a first biometric characteristic of the user collected at the device to be authorized and a second device ID identifying the device to be authorized.
此后,进入步骤402。After that, it proceeds to step 402.
在步骤402中,移动终端将接收到的该第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征进行匹配。In step 402, the mobile terminal matches the received first biometric feature with the second biometric feature of the user stored in the mobile terminal.
如果匹配成功,则进入步骤403;否则,结束本流程。If the matching is successful, step 403 is entered; otherwise, the process ends.
在步骤403中,移动终端向检测设备发送标识该移动终端的第一终端ID和标识该移动终端的用户的第一用户ID,并向服务器发送第二设备ID、标识该移动终端的第二终端ID和标识该移动终端的用户的第二用户ID。In step 403, the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID identifying a user of the mobile terminal to the detection device, and sends a second device ID and a second terminal identifying the mobile terminal to the server. An ID and a second user ID identifying a user of the mobile terminal.
此后,进入步骤404。After that, it proceeds to step 404.
在步骤404中,检测设备向服务器发送标识待授权设备的第一设备ID、以及接收到的第一终端ID和第一用户ID。In step 404, the detection device sends a first device ID identifying the device to be authorized, and the received first terminal ID and first user ID to the server.
此后,进入步骤405。Thereafter, the process proceeds to step 405.
在步骤405,服务器对接收到的第一设备ID、第一终端ID和第一用户ID与第二设备ID、第二终端ID和第二用户ID分别进行匹配。In step 405, the server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively.
如果匹配成功,则进入步骤406;否则,结束本流程。If the match is successful, step 406 is entered; otherwise, the process ends.
在步骤406中,服务器发送授权信息,授权信息用于授权待授权设备上用户请求的相应操作。In step 406, the server sends authorization information, and the authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
此后,结束本流程。After that, the process ends.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
本发明的各方法实施方式均可以以软件、硬件、固件等方式实现。不管本发明是以软件、硬件、还是固件方式实现,指令代码都可以存储在任何类型的计算机可访问的存储器中(例如永久的或者可修改的,易失性的或者非易失性的,固态的或者非固态的,固定的或者可更换的介质等等)。同样,存储器可以例如是可编程阵列逻辑(Programmable Array Logic,简称“PAL”)、随机存取存储器(Random Access Memory,简称“RAM”)、可编程只读存储器(Programmable Read Only Memory,简称“PROM”)、只读存储器(Read-Only Memory,简称“ROM”)、电可擦除可编程只读存储器(Electrically Erasable Programmable ROM,简称“EEPROM”)、磁盘、光盘、数字通用光盘(Digital Versatile Disc,简称“DVD”) 等等。The method embodiments of the present invention can be implemented in software, hardware, firmware, and the like. Regardless of whether the present invention is implemented in software, hardware, or firmware, the instruction code can be stored in any type of computer-accessible memory (such as permanent or modifiable, volatile or nonvolatile, solid state Or non-solid, fixed or replaceable media, etc.). Similarly, the memory may be, for example, Programmable Array Logic (PAL), Random Access Memory (RAM), Programmable Read Only Memory (PROM) "), Read-Only Memory (" ROM "), Electrically Erasable Programmable ROM (" EEPROM "), magnetic disks, optical disks, digital Versatile Discs , "DVD" for short) and so on.
本发明第五实施方式涉及一种远程授权装置。图5是该远程授权装置的结构示意图。A fifth embodiment of the present invention relates to a remote authorization device. FIG. 5 is a schematic structural diagram of the remote authorization device.
具体地,如图5所示,该远程授权装置包括:Specifically, as shown in FIG. 5, the remote authorization device includes:
获取单元,用于获取在待授权设备处采集的用户的第一生物识别特征;An obtaining unit, configured to obtain a first biometric feature of a user collected at a device to be authorized;
第一发送单元,用于向移动终端发送第一生物识别特征,第一生物识别特征用于与存储在该移动终端中的用户的第二生物识别特征进行匹配;A first sending unit, configured to send a first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
第二发送单元,用于在接收到移动终端发送的标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID时,向服务器发送标识待授权设备的第一设备ID、第一终端ID和第一用户ID,第一设备ID、第一终端ID和第一用户ID用于与服务器从移动终端接收到的第二设备ID、第二终端ID和第二用户ID分别进行匹配;The second sending unit is configured to send the first device ID, the first device ID identifying the device to be authorized to the server when the first terminal ID identifying the mobile terminal and the first user ID of the user of the mobile terminal sent by the mobile terminal are received. A terminal ID and a first user ID, the first device ID, the first terminal ID, and the first user ID are used to match the second device ID, the second terminal ID, and the second user ID received by the server from the mobile terminal, respectively ;
其中,第一终端ID和第一用户ID是移动终端在第一生物识别特征与第二生物识别特征匹配后发送的。The first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
此外,在一示范例中,该装置还包括:In addition, in an exemplary embodiment, the device further includes:
删除单元,用于删除第一生物识别特征。A deleting unit, configured to delete the first biometric feature.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
第一或第四实施方式是与本实施方式相对应的方法实施方式,本实施方式可与第一或第四实施方式互相配合实施。第一或第四实施方式中提到的相关技术细节在本实施方式中依然有效,为了减少重复,这里不再赘述。相应地,本实施方式中提到的相关技术细节也可应用在第一或第四实施方式中。The first or fourth embodiment is a method embodiment corresponding to this embodiment, and this embodiment can be implemented in cooperation with the first or fourth embodiment. Relevant technical details mentioned in the first or fourth embodiment are still valid in this embodiment, and in order to reduce repetition, details are not repeated here. Accordingly, the related technical details mentioned in this embodiment can also be applied in the first or fourth embodiment.
本发明的第六实施方式涉及一种移动终端。图6是该移动终端的结构示意图。A sixth embodiment of the present invention relates to a mobile terminal. FIG. 6 is a schematic structural diagram of the mobile terminal.
具体地,如图6所示,该移动终端包括:Specifically, as shown in FIG. 6, the mobile terminal includes:
第一接收单元,用于接收在待授权设备处采集的用户的第一生物识别特征;A first receiving unit, configured to receive a first biometric feature of a user collected at a device to be authorized;
第一匹配单元,用于将接收到的第一生物识别特征与存储的该移动终端的用户的第二生物识别特征进行匹配;A first matching unit, configured to match the received first biometric feature with a stored second biometric feature of a user of the mobile terminal;
第三发送单元,用于在第一匹配单元匹配成功后,向发送第一生物识别特征的检测设备发送标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,并且A third sending unit, configured to send a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature after the first matching unit is successfully matched, and
向服务器发送标识该移动终端的第二终端ID和该移动终端的用户的第二用户ID以及接收到的标识待授权设备的第二设备ID;Sending to the server a second terminal ID identifying the mobile terminal and a second user ID of a user of the mobile terminal and the received second device ID identifying the device to be authorized;
其中,第二设备ID、第二终端ID和第二用户ID用于与服务器从检测设备接收到的第一设备ID、第一终端ID和第一用户ID分别进行匹配。The second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
第二或第四实施方式是与本实施方式相对应的方法实施方式,本实施方式可与第二或第四实施方式互相配合实施。第二或第四实施方式中提到的相关技术细节在本实施方式中依然有效,为了减少重复,这里不再赘述。相应地,本实施方式中提到的相关技术细节也可应用在第二或第四实施方式中。The second or fourth embodiment is a method embodiment corresponding to this embodiment, and this embodiment can be implemented in cooperation with the second or fourth embodiment. The related technical details mentioned in the second or fourth embodiment are still valid in this embodiment, and in order to reduce repetition, details are not repeated here. Accordingly, the related technical details mentioned in this embodiment can also be applied in the second or fourth embodiment.
本发明的第七实施方式涉及一种服务器。图7是该服务器的结构示意图。A seventh embodiment of the present invention relates to a server. FIG. 7 is a schematic diagram of the server.
具体地,如图7所示,该服务器包括:Specifically, as shown in FIG. 7, the server includes:
第二接收单元,用于从移动终端接收第二设备ID、第二终端ID和第二用户ID,并从检测设备接收第一设备ID、第一终端ID和第一用户ID;A second receiving unit, configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
第二匹配单元,用于对接收到的第一设备ID、第一终端ID和第一用户ID与第二设备ID、第二终端ID和第二用户ID分别进行匹配;A second matching unit, configured to match the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
第四发送单元,用于在第二匹配单元匹配成功后,发送授权信息;A fourth sending unit, configured to send authorization information after the second matching unit has successfully matched;
其中,第一生物识别特征在待授权处被采集并由检测设备发送给移动终端,第一设备ID由检测设备发送给移动终端,并且The first biometric feature is collected at the place to be authorized and sent by the detection device to the mobile terminal, the first device ID is sent by the detection device to the mobile terminal, and
移动终端在第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征匹配时,向服务器发送第二设备ID、第二终端ID和第二用户ID,并向检测设备发送第一终端ID和第一用户ID,并且When the first biometric feature matches the second biometric feature of the user stored in the mobile terminal, the mobile terminal sends the second device ID, the second terminal ID, and the second user ID to the server, and sends the first A terminal ID and a first user ID, and
授权信息用于授权待授权设备上用户请求的相应操作。The authorization information is used to authorize the corresponding operation requested by the user on the device to be authorized.
在远程授权过程中,能够在物理位置上确保请求授权和享用相关服务的都是用户本人,有效避免用户身份或者移动终端被盗用后相关资源被盗用的情况,提高远程授权的安全性。In the remote authorization process, it is possible to ensure that the user who requests authorization and enjoys related services is physically located at the physical location, which effectively prevents the identity of the user or the misappropriation of related resources after the mobile terminal is stolen, and improves the security of remote authorization.
第三或第四实施方式是与本实施方式相对应的方法实施方式,本实施方式可与第三或第四实施方式互相配合实施。第三或第四实施方式中提到的相关技术细节在本实施方式中依然有效,为了减少重复,这里不再赘述。相应地,本实施方式中提到的相关技术细节也可应用在第三或第四实施方式中。The third or fourth embodiment is a method implementation corresponding to this embodiment, and this embodiment can be implemented in cooperation with the third or fourth embodiment. Relevant technical details mentioned in the third or fourth embodiment are still valid in this embodiment, and in order to reduce repetition, details are not repeated here. Accordingly, the related technical details mentioned in this embodiment can also be applied in the third or fourth embodiment.
本发明的第八实施方式涉及一种设备。具体地,该设备包括存储有计算机可执行指令 的存储器和处理器,处理器被配置为在执行计算机可执行指令时,执行第一至第四实施方式中任一个的远程授权方法。An eighth embodiment of the present invention relates to a device. Specifically, the device includes a memory and a processor storing computer-executable instructions, and the processor is configured to execute the remote authorization method of any one of the first to fourth embodiments when the computer-executable instructions are executed.
本发明的第九实施方式涉及一种使用计算机程序编码的非易失性计算机存储介质,其中,计算机程序包括指令,当指令被一个以上的计算机执行时,指令使得一个以上的计算机执行执行第一至第四实施方式中任一个的远程授权方法。A ninth embodiment of the present invention relates to a non-volatile computer storage medium encoded using a computer program, wherein the computer program includes instructions, and when the instructions are executed by more than one computer, the instructions cause more than one computer to execute the first The remote authorization method according to any one of the fourth embodiment.
目前现存的电子物理身份认证主要依赖移动终端的安全性来保障其认证过程的可靠安全,故将安全系统的核心保障过程交给了外部不可控的环节,从而严重的削弱了整个系统的安全性,即容易出现单点失效导致的整个系统失效。而集中存储用户信息又会导致巨大的信息泄露风险。本发明解决了现存的电子物理认证对移动终端的安全的单一依赖,从而避免了因为移动终端失效导致的整个安全系统的鉴权机制失效,同时依据本发明所构建的系统中不存在集中存储用户生物信息的问题,不容易导致大规模的用户信息泄露事件。At present, the existing electronic physical identity authentication mainly relies on the security of the mobile terminal to ensure the reliability and security of its authentication process. Therefore, the core security process of the security system is left to an external uncontrollable link, thereby seriously weakening the security of the entire system. That is, the entire system is prone to single point failure. The centralized storage of user information will lead to a huge risk of information leakage. The invention solves the single dependence of the existing electronic physical authentication on the security of the mobile terminal, thereby avoiding the failure of the authentication mechanism of the entire security system due to the failure of the mobile terminal, and there is no centralized storage user in the system constructed according to the invention The problem of biological information does not easily lead to large-scale user information leakage events.
现在参考图8,所示为根据本申请的一个实施例的系统800的框图。该系统800可以是本申请中提到的服务器、检测设备、远程授权装置或者设备的一种实现方式。但是可以理解,本申请的服务器、检测设备、远程授权装置或者设备也可以有其他实现方式,并不限于该系统800。系统800可以包括耦合到控制器中枢803的一个或多个处理器801。在一个实施例中,控制器中枢803包括,但不局限于,图形存储器控制器中枢(GMCH)(未示出)和输入/输出中枢(IOH)(其可以在分开的芯片上)(未示出),其中GMCH包括存储器和图形控制器并与IOH耦合。系统800还可包括耦合到控制器中枢803的协处理器802和存储器804。或者,存储器和GMCH中的一个或两者可以被集成在处理器内(如本申请中所描述的),存储器804和协处理器802直接耦合到处理器801以及控制器中枢803,控制器中枢803与IOH处于单个芯片中。Referring now to FIG. 8, a block diagram of a system 800 according to one embodiment of the present application is shown. The system 800 may be an implementation manner of a server, a detection device, a remote authorization device, or a device mentioned in this application. However, it can be understood that the server, detection device, remote authorization device, or device of the present application may also have other implementation manners, and is not limited to the system 800. The system 800 may include one or more processors 801 coupled to a controller hub 803. In one embodiment, the controller hub 803 includes, but is not limited to, a graphics memory controller hub (GMCH) (not shown) and an input / output hub (IOH) (which may be on separate chips) (not shown) Out), where the GMCH includes a memory and a graphics controller and is coupled to the IOH. The system 800 may also include a coprocessor 802 and a memory 804 coupled to a controller hub 803. Alternatively, one or both of the memory and the GMCH may be integrated in the processor (as described in this application), the memory 804 and the coprocessor 802 are directly coupled to the processor 801 and the controller hub 803, the controller hub 803 and IOH are in a single chip.
附加处理器802的任选性质用虚线表示在图7中。The optional nature of the additional processor 802 is indicated in FIG. 7 by dashed lines.
存储器804可以是例如动态随机存取存储器(DRAM)、相变存储器(PCM)或这两者的组合。对于至少一个实施例,控制器中枢803经由诸如前端总线(FSB)之类的多分支总线、诸如快速通道互连(QPI)之类的点对点接口、或者类似的连接806与处理器801进行通信。The memory 804 may be, for example, a dynamic random access memory (DRAM), a phase change memory (PCM), or a combination of the two. For at least one embodiment, the controller hub 803 communicates with the processor 801 via a multi-drop bus such as a front-side bus (FSB), a point-to-point interface such as a fast-path interconnect (QPI), or the like.
在一个实施例中,协处理器802是专用处理器,诸如例如高吞吐量MIC处理器、网络或通信处理器、压缩引擎、图形处理器、GPGPU、或嵌入式处理器等等。在一个实施例中,控制器中枢803可以包括集成图形加速器。本申请所提出的指令执行方法可以由协处理器 802执行。In one embodiment, the coprocessor 802 is a dedicated processor, such as, for example, a high-throughput MIC processor, a network or communication processor, a compression engine, a graphics processor, a GPGPU, or an embedded processor, and so on. In one embodiment, the controller hub 803 may include an integrated graphics accelerator. The instruction execution method proposed in this application may be executed by the coprocessor 802.
在一个实施例中,处理器801执行控制一般类型的数据处理操作的指令。协处理器指令可嵌入在这些指令中。处理器801将这些协处理器指令识别为应当由附连的协处理器802执行的类型。因此,处理器801在协处理器总线或者其他互连上将这些协处理器指令(或者表示协处理器指令的控制信号)发布到协处理器802。协处理器802接受并执行所接收的协处理器指令。In one embodiment, the processor 801 executes instructions that control data processing operations of a general type. Coprocessor instructions can be embedded in these instructions. The processor 801 recognizes these coprocessor instructions as the type that should be executed by the attached coprocessor 802. Therefore, the processor 801 issues these coprocessor instructions (or control signals representing the coprocessor instructions) to the coprocessor 802 on a coprocessor bus or other interconnect. The coprocessor 802 accepts and executes the received coprocessor instructions.
现在参考图9,所示为根据本申请的一实施例的SoC(System on Chip,片上系统)900的框图。该SoC可以是本申请中提到的移动终端、检测设备、远程授权装置或者设备的一种实现方式。但是可以理解,本申请的移动终端、检测设备、远程授权装置或者设备也可以有其他实现方式,并不限于该SoC 900。在图9中,相似的部件具有同样的附图标记。另外,虚线框是更先进的SoC的可选特征。在图9中,互连单元950被耦合至应用处理器910,该应用处理器包括,但不局限于,一个或多个核集合以及共享高速缓存单元和寄存器;系统代理单元980;总线控制器单元990;集成存储器控制器单元940;一组或一个或多个协处理器920,其可包括集成图形逻辑、图像处理器、音频处理器和视频处理器;静态随机存取存储器(SRAM)单元930;直接存储器存取(DMA)单元960。在一个实施例中,协处理器920包括专用处理器,诸如例如网络或通信处理器、压缩引擎、GPGPU、高吞吐量MIC处理器、或嵌入式处理器等等。Referring now to FIG. 9, a block diagram of a SoC (System on Chip) 900 according to an embodiment of the present application is shown. The SoC may be an implementation manner of a mobile terminal, a detection device, a remote authorization device, or a device mentioned in this application. However, it can be understood that the mobile terminal, detection device, remote authorization device, or device of the present application may also have other implementation manners, and is not limited to the SoC 900. In FIG. 9, similar components have the same reference numerals. In addition, dashed boxes are optional features for more advanced SoCs. In FIG. 9, the interconnect unit 950 is coupled to an application processor 910, which includes, but is not limited to, one or more core sets and shared cache units and registers; a system proxy unit 980; a bus controller Unit 990; integrated memory controller unit 940; one or more coprocessors 920, which may include integrated graphics logic, image processor, audio processor, and video processor; static random access memory (SRAM) unit 930; Direct Memory Access (DMA) unit 960. In one embodiment, the coprocessor 920 includes a dedicated processor, such as, for example, a network or communications processor, a compression engine, a GPGPU, a high-throughput MIC processor, or an embedded processor, and the like.
本申请公开的机制的各实施例可以被实现在硬件、软件、固件或这些实现方法的组合中。本申请的实施例可实现为在可编程系统上执行的计算机程序或程序代码,该可编程系统包括至少一个处理器、存储系统(包括易失性和非易失性存储器和/或存储元件)、至少一个输入设备以及至少一个输出设备。Embodiments of the mechanisms disclosed herein may be implemented in hardware, software, firmware, or a combination of these implementation methods. Embodiments of the present application may be implemented as a computer program or program code executed on a programmable system, the programmable system including at least one processor, a storage system (including volatile and nonvolatile memory and / or storage elements) , At least one input device, and at least one output device.
可将程序代码应用于输入指令,以执行本申请描述的各功能并生成输出信息。可以按已知方式将输出信息应用于一个或多个输出设备。为了本申请的目的,处理系统包括具有诸如例如数字信号处理器(DSP)、微控制器、专用集成电路(ASIC)或微处理器之类的处理器的任何系统。Program code can be applied to input instructions to perform the functions described in this application and generate output information. The output information can be applied to one or more output devices in a known manner. For the purposes of this application, a processing system includes any system having a processor such as, for example, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), or a microprocessor.
程序代码可以用高级程序化语言或面向对象的编程语言来实现,以便与处理系统通信。在需要时,也可用汇编语言或机器语言来实现程序代码。事实上,本申请中描述的机制不限于任何特定编程语言的范围。在任一情形下,该语言可以是编译语言或解释语言。The program code can be implemented in a high-level programming language or an object-oriented programming language to communicate with the processing system. When required, program code can also be implemented in assembly or machine language. In fact, the mechanisms described in this application are not limited to the scope of any particular programming language. In either case, the language can be a compiled or interpreted language.
需要说明的是,本发明各设备实施方式中提到的各单元都是逻辑单元,在物理上,一个逻辑单元可以是一个物理单元,也可以是一个物理单元的一部分,还可以以多个物理单元的组合实现,这些逻辑单元本身的物理实现方式并不是最重要的,这些逻辑单元所实现的功能的组合才是解决本发明所提出的技术问题的关键。此外,为了突出本发明的创新部分,本发明上述各设备实施方式并没有将与解决本发明所提出的技术问题关系不太密切的单元引入,这并不表明上述设备实施方式并不存在其它的单元。It should be noted that each unit mentioned in the embodiments of each device of the present invention is a logical unit. Physically, a logical unit may be a physical unit, or a part of a physical unit, or multiple physical units. The combined implementation of units, the physical implementation of these logical units themselves is not the most important, and the combination of the functions implemented by these logical units is the key to solving the technical problem proposed by the present invention. In addition, in order to highlight the innovative part of the present invention, the above-mentioned device embodiments of the present invention do not introduce units that are not closely related to solving the technical problems proposed by the present invention, which does not mean that there are no other existing device embodiments unit.
需要说明的是,在本专利的权利要求和说明书中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that in the claims and description of this patent, relational terms such as first and second are used only to distinguish one entity or operation from another entity or operation, and do not necessarily require or Imply any such actual relationship or order between these entities or operations. Moreover, the terms "including", "comprising", or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, method, article, or device that includes a series of elements includes not only those elements but also those that are not explicitly listed Or other elements inherent to such a process, method, article, or device. Without more restrictions, an element limited by the sentence "including one" does not exclude that there are other identical elements in the process, method, article, or device including the element.
虽然通过参照本发明的某些优选实施方式,已经对本发明进行了图示和描述,但本领域的普通技术人员应该明白,可以在形式上和细节上对其作各种改变,而不偏离本发明的精神和范围。Although the present invention has been illustrated and described with reference to certain preferred embodiments of the present invention, those skilled in the art should understand that various changes can be made in form and detail without departing from the present invention. The spirit and scope of the invention.

Claims (12)

  1. 一种远程授权方法,其特征在于,包括:A remote authorization method, comprising:
    获取在待授权设备处采集的用户的第一生物识别特征;Acquiring a first biometric feature of a user collected at a device to be authorized;
    向移动终端发送所述第一生物识别特征,所述第一生物识别特征用于与存储在该移动终端中的用户的第二生物识别特征进行匹配;Sending the first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
    如果接收到所述移动终端发送的标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,则向服务器发送标识所述待授权设备的第一设备ID、所述第一终端ID和第一用户ID,所述第一设备ID、第一终端ID和第一用户ID用于与所述服务器从所述移动终端接收到的第二设备ID、第二终端ID和第二用户ID分别进行匹配;If a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal sent by the mobile terminal are received, sending to the server a first device ID identifying the device to be authorized, the first A terminal ID and a first user ID, and the first device ID, the first terminal ID, and the first user ID are used to communicate with the second device ID, the second terminal ID, and the second device that the server receives from the mobile terminal; User IDs are matched separately;
    其中,所述第一终端ID和第一用户ID是移动终端在所述第一生物识别特征与第二生物识别特征匹配后发送的。The first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
  2. 根据权利要求1所述的远程授权方法,其特征在于,向服务器发送标识所述待授权设备的第一设备ID、所述第一终端ID和第一用户ID之后,还包括:The remote authorization method according to claim 1, after sending the first device ID, the first terminal ID, and the first user ID identifying the device to be authorized to the server, further comprising:
    如果接收到来自服务器的授权信息,则在所述待授权设备上授权所述用户请求的相应操作。If authorization information is received from the server, the corresponding operation requested by the user is authorized on the device to be authorized.
  3. 根据权利要求1或2所述的远程授权方法,其特征在于,向移动终端发送所述第一生物识别特征之后,还包括:The remote authorization method according to claim 1 or 2, further comprising: after sending the first biometric feature to a mobile terminal:
    删除所述第一生物识别特征。Deleting the first biometric feature.
  4. 根据权利要求3所述的远程授权方法,其特征在于,所述第一生物识别特征和第二生物识别特征为指纹。The remote authorization method according to claim 3, wherein the first biometric feature and the second biometric feature are fingerprints.
  5. 一种远程授权方法,其特征在于,包括:A remote authorization method, comprising:
    移动终端接收在待授权设备处采集的用户的第一生物识别特征;The mobile terminal receives the first biometric feature of the user collected at the device to be authorized;
    移动终端将接收到的所述第一生物识别特征与存储的该移动终端的用户的第二生物识别特征进行匹配;Matching, by the mobile terminal, the received first biometric feature with a stored second biometric feature of a user of the mobile terminal;
    如果匹配成功,则移动终端向发送所述第一生物识别特征的检测设备发送标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,并且If the matching is successful, the mobile terminal sends a first terminal ID identifying the mobile terminal and a first user ID of a user of the mobile terminal to the detection device that sends the first biometric feature, and
    向服务器发送标识该移动终端的第二终端ID和该移动终端的用户的第二用户ID以及接收到的标识所述待授权设备的第二设备ID;Sending to the server a second terminal ID identifying the mobile terminal and a second user ID of a user of the mobile terminal and the received second device ID identifying the device to be authorized;
    其中,所述第二设备ID、第二终端ID和第二用户ID用于与所述服务器从所述检测设 备接收到的第一设备ID、第一终端ID和第一用户ID分别进行匹配。The second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
  6. 一种远程授权方法,其特征在于,包括:A remote authorization method, comprising:
    服务器从移动终端接收第二设备ID、第二终端ID和第二用户ID,并从检测设备接收第一设备ID、第一终端ID和第一用户ID;The server receives the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receives the first device ID, the first terminal ID, and the first user ID from the detection device;
    服务器对接收到的所述第一设备ID、第一终端ID和第一用户ID与所述第二设备ID、第二终端ID和第二用户ID分别进行匹配;The server matches the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
    如果匹配成功,则发送授权信息;If the match is successful, the authorization information is sent;
    其中,所述第一生物识别特征在待授权处被采集并由检测设备发送给所述移动终端,所述第一设备ID由所述检测设备发送给所述移动终端,并且The first biometric feature is collected at a place to be authorized and sent to the mobile terminal by a detection device, the first device ID is sent to the mobile terminal by the detection device, and
    所述移动终端在第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征匹配时,向所述服务器发送所述第二设备ID、第二终端ID和第二用户ID,并向所述检测设备发送第一终端ID和第一用户ID,并且Sending, by the mobile terminal, the second device ID, the second terminal ID, and the second user ID to the server when the first biometric feature matches a second biometric feature of a user stored in the mobile terminal, Sending a first terminal ID and a first user ID to the detection device, and
    所述授权信息用于授权待授权设备上所述用户请求的相应操作。The authorization information is used to authorize a corresponding operation requested by the user on the device to be authorized.
  7. 一种远程授权装置,其特征在于,包括:A remote authorization device, comprising:
    获取单元,用于获取在待授权设备处采集的用户的第一生物识别特征;An obtaining unit, configured to obtain a first biometric feature of a user collected at a device to be authorized;
    第一发送单元,用于向移动终端发送所述第一生物识别特征,所述第一生物识别特征用于与存储在该移动终端中的用户的第二生物识别特征进行匹配;A first sending unit, configured to send the first biometric feature to a mobile terminal, where the first biometric feature is used to match a second biometric feature of a user stored in the mobile terminal;
    第二发送单元,用于在接收到所述移动终端发送的标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID时,向服务器发送标识所述待授权设备的第一设备ID、所述第一终端ID和第一用户ID,所述第一设备ID、第一终端ID和第一用户ID用于与所述服务器从所述移动终端接收到的第二设备ID、第二终端ID和第二用户ID分别进行匹配;A second sending unit, configured to send a first identifier identifying the device to be authorized to the server when the first terminal ID identifying the mobile terminal and the first user ID of a user of the mobile terminal are received and sent by the mobile terminal; A device ID, the first terminal ID, and a first user ID, the first device ID, the first terminal ID, and the first user ID are used for a second device ID received by the server from the mobile terminal, Matching the second terminal ID and the second user ID, respectively;
    其中,所述第一终端ID和第一用户ID是移动终端在所述第一生物识别特征与第二生物识别特征匹配后发送的。The first terminal ID and the first user ID are sent by the mobile terminal after the first biometric feature matches the second biometric feature.
  8. 根据权利要求1所述的远程授权装置,其特征在于,还包括The remote authorization device according to claim 1, further comprising:
    删除单元,用于删除所述第一生物识别特征。A deleting unit, configured to delete the first biometric feature.
  9. 一种移动终端,其特征在于,包括:A mobile terminal, comprising:
    第一接收单元,用于接收在待授权设备处采集的用户的第一生物识别特征;A first receiving unit, configured to receive a first biometric feature of a user collected at a device to be authorized;
    第一匹配单元,用于将接收到的所述第一生物识别特征与存储的该移动终端的用户的第二生物识别特征进行匹配;A first matching unit, configured to match the received first biometric feature with a stored second biometric feature of a user of the mobile terminal;
    第三发送单元,用于在所述第一匹配单元匹配成功后,向发送所述第一生物识别特征的检测设备发送标识该移动终端的第一终端ID和该移动终端的用户的第一用户ID,并且A third sending unit, configured to send a first terminal ID identifying the mobile terminal and a first user of the user of the mobile terminal to a detection device that sends the first biometric feature after the first matching unit is successfully matched ID, and
    向服务器发送标识该移动终端的第二终端ID和该移动终端的用户的第二用户ID以及接收到的标识所述待授权设备的第二设备ID;Sending to the server a second terminal ID identifying the mobile terminal and a second user ID of a user of the mobile terminal and the received second device ID identifying the device to be authorized;
    其中,所述第二设备ID、第二终端ID和第二用户ID用于与所述服务器从所述检测设备接收到的第一设备ID、第一终端ID和第一用户ID分别进行匹配。The second device ID, the second terminal ID, and the second user ID are used to match the first device ID, the first terminal ID, and the first user ID received by the server from the detection device, respectively.
  10. 一种服务器,其特征在于,包括:A server is characterized in that it includes:
    第二接收单元,用于从移动终端接收第二设备ID、第二终端ID和第二用户ID,并从检测设备接收第一设备ID、第一终端ID和第一用户ID;A second receiving unit, configured to receive the second device ID, the second terminal ID, and the second user ID from the mobile terminal, and receive the first device ID, the first terminal ID, and the first user ID from the detection device;
    第二匹配单元,用于对接收到的所述第一设备ID、第一终端ID和第一用户ID与所述第二设备ID、第二终端ID和第二用户ID分别进行匹配;A second matching unit, configured to match the received first device ID, first terminal ID, and first user ID with the second device ID, second terminal ID, and second user ID, respectively;
    第四发送单元,用于在所述第二匹配单元匹配成功后,发送授权信息;A fourth sending unit, configured to send authorization information after the second matching unit is successfully matched;
    其中,所述第一生物识别特征在待授权处被采集并由检测设备发送给所述移动终端,所述第一设备ID由所述检测设备发送给所述移动终端,并且The first biometric feature is collected at a place to be authorized and sent to the mobile terminal by a detection device, the first device ID is sent to the mobile terminal by the detection device, and
    所述移动终端在第一生物识别特征与存储在该移动终端中的用户的第二生物识别特征匹配时,向所述服务器发送所述第二设备ID、第二终端ID和第二用户ID,并向所述检测设备发送第一终端ID和第一用户ID,并且Sending, by the mobile terminal, the second device ID, the second terminal ID, and the second user ID to the server when the first biometric feature matches a second biometric feature of a user stored in the mobile terminal, Sending a first terminal ID and a first user ID to the detection device, and
    所述授权信息用于授权待授权设备上所述用户请求的相应操作。The authorization information is used to authorize a corresponding operation requested by the user on the device to be authorized.
  11. 一种设备,其特征在于,包括存储有计算机可执行指令的存储器和处理器,所述处理器被配置为在执行所述计算机可执行指令时,执行如权利要求1至6中任一项所述的远程授权方法。An apparatus, comprising a memory and a processor storing computer-executable instructions, and the processor is configured to, when executing the computer-executable instructions, execute the device according to any one of claims 1 to 6. The remote authorization method described above.
  12. 一种使用计算机程序编码的非易失性计算机存储介质,其特征在于,所述计算机程序包括指令,当所述指令被一个以上的计算机执行时,所述指令使得所述一个以上的计算机执行如权利要求1至6中任一项所述的远程授权方法。A non-volatile computer storage medium encoded using a computer program, characterized in that the computer program includes instructions, and when the instructions are executed by more than one computer, the instructions cause the more than one computer to execute such instructions as The remote authorization method according to any one of claims 1 to 6.
PCT/CN2019/074355 2018-08-09 2019-02-01 Remote authorization method, device and equipment, and storage medium WO2020029566A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810902415.6 2018-08-09
CN201810902415.6A CN109067881B (en) 2018-08-09 2018-08-09 Remote authorization method, device, equipment and storage medium thereof

Publications (1)

Publication Number Publication Date
WO2020029566A1 true WO2020029566A1 (en) 2020-02-13

Family

ID=64678871

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/074355 WO2020029566A1 (en) 2018-08-09 2019-02-01 Remote authorization method, device and equipment, and storage medium

Country Status (2)

Country Link
CN (1) CN109067881B (en)
WO (1) WO2020029566A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067881B (en) * 2018-08-09 2020-08-21 顾宏超 Remote authorization method, device, equipment and storage medium thereof
CN109617898B (en) * 2018-12-28 2021-10-29 顾宏超 Remote authentication method, device, equipment and storage medium thereof
CN109547484A (en) * 2018-12-28 2019-03-29 芜湖机智智能科技有限公司 Remote authentication method and device thereof, equipment and storage medium
CN109561428B (en) * 2018-12-28 2021-10-29 顾宏超 Remote authentication method, device, equipment and storage medium thereof
CN110070014A (en) * 2019-04-12 2019-07-30 顾宏超 Recognition methods and its device, equipment and storage medium based on biometric feature
CN111750493B (en) * 2020-06-24 2021-08-13 珠海格力电器股份有限公司 Control method, control device and cloud control system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
WO2011077613A1 (en) * 2009-12-24 2011-06-30 株式会社日立製作所 Biometric authentication system
CN106453311A (en) * 2016-10-11 2017-02-22 掌握科技无锡有限公司 Register and login system and method for biological characteristic distributed identity authentication
CN107548059A (en) * 2016-06-28 2018-01-05 中兴通讯股份有限公司 A kind of authentication method and system
CN109067881A (en) * 2018-08-09 2018-12-21 顾宏超 Remote-authorization method and its device, equipment and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2942517B2 (en) * 1997-05-06 1999-08-30 株式会社ミディシティ Prepaid centralized settlement system and method
US7409543B1 (en) * 2000-03-30 2008-08-05 Digitalpersona, Inc. Method and apparatus for using a third party authentication server
US8412947B2 (en) * 2006-10-05 2013-04-02 Ceelox Patents, LLC System and method of secure encryption for electronic data transfer
ES2549104T1 (en) * 2012-04-01 2015-10-23 Authentify, Inc. Secure authentication in a multi-part system
CN104753953A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Access control system
US10069824B2 (en) * 2015-05-12 2018-09-04 Branch Banking And Trust Company Biometric signature authentication and centralized storage system
CN106485103A (en) * 2016-11-28 2017-03-08 中国工商银行股份有限公司 A kind of Wearable mobile authorization device, system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
WO2011077613A1 (en) * 2009-12-24 2011-06-30 株式会社日立製作所 Biometric authentication system
CN107548059A (en) * 2016-06-28 2018-01-05 中兴通讯股份有限公司 A kind of authentication method and system
CN106453311A (en) * 2016-10-11 2017-02-22 掌握科技无锡有限公司 Register and login system and method for biological characteristic distributed identity authentication
CN109067881A (en) * 2018-08-09 2018-12-21 顾宏超 Remote-authorization method and its device, equipment and storage medium

Also Published As

Publication number Publication date
CN109067881B (en) 2020-08-21
CN109067881A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
WO2020029566A1 (en) Remote authorization method, device and equipment, and storage medium
US11664997B2 (en) Authentication in ubiquitous environment
US10650167B2 (en) Trusted computing
JP4433472B2 (en) Distributed authentication processing
US11763305B1 (en) Distributed ledger for device management
JP6239788B2 (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
US20180336359A1 (en) Security systems and methods with identity management for access to restricted access locations
CN108476404A (en) Safety equipment matches
US9948668B2 (en) Secure host communications
WO2017036310A1 (en) Authentication information update method and device
WO2016109153A1 (en) Secure host interactions
CN114556356B (en) User authentication framework
US20220255929A1 (en) Systems and methods for preventing unauthorized network access
WO2016109152A1 (en) Secure event log management
WO2018045916A1 (en) Authorization method, system, and card
EP3794485B1 (en) Method and network node for managing access to a blockchain
CN114241631A (en) Control method and registration method of intelligent door lock and related devices
CN109561428B (en) Remote authentication method, device, equipment and storage medium thereof
CN115809453A (en) Fingerprint mouse based authentication method and electronic equipment thereof
TWI816017B (en) Method and apparatus for processing authentication information
WO2018109014A1 (en) Authentication systems and methods
CN109067880B (en) Remote unlocking method of shared equipment, device, equipment and storage medium thereof
KR101635278B1 (en) Multi-factor authentication with dynamic handshake quick-response code
WO2011006295A1 (en) Authentication method for user identification equipment
KR102310912B1 (en) Biometric Identification System and its operating method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19846811

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19846811

Country of ref document: EP

Kind code of ref document: A1