Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The flow chart of the register method of the real-name authentication that Fig. 1 provides for the embodiment of the present invention one.As shown in Figure 1, the register method of the present embodiment comprises:
The first image information of step 11, the ID card information that obtains registered user and registered user;
Concrete, user, use before real name identification method or instrument authenticate, the registration of real-name authentication be need to carry out to certificate server, and corresponding authentication means or authentication mode obtained; Certificate server, when user application is registered, requires registered user that he or she is provided identity card, and obtains the relevant information on identity card, i.e. ID card information, such as name, image, address, ID card No. etc.Wherein, certificate server can carry out read operation to registered user's identity card by card reader of ID card, to obtain ID card information; Certificate server also can be taken by equipment such as cameras registered user's identity card, and adopts image recognition technology to obtain ID card information.
Further, in the present embodiment, when user applies for the registration of, certificate server also needs to obtain this registered user's image information; Wherein, registered user's image information generally refers to that certificate server passes through image capture device (for example camera, make a video recording first-class) and registered user carried out to IMAQ obtains.
Step 12, according to the first image information and ID card information, registered user is carried out to identity legitimacy judgement;
Wherein, the ID card information that certificate server obtains by card reader of ID card reading identity card comprises the personal images information on identity card, i.e. the second image information.Certificate server is compared the second image information in the first image information of the registered user who obtains and ID card information; When comparison result is the first image information, when consistent, illustrate that the ID card information that registered user provides with it is consistent with the second image information, this identity card is registered user's identity card, and then explanation registered user identity is legal; Otherwise, when comparison result is the first image information and the second image information when inconsistent, illustrating that registered user and its ID card information providing do not meet, this identity card is not registered user's identity card, and then explanation registered user identity is illegal.
Wherein, certificate server can carry out image recognition to the first image information and the second image information by image recognition technology, and the result of image recognition is compared.
Step 13, when judgment result is that registered user's identity is legal, generate register account number corresponding to registered user.Concrete, when certificate server is determined registered user's identity when legal according to the first image information and the second image information, certificate server generates corresponding register account number for this registered user, be that registered user successfully registers wherein, when certificate server is determined registered user's identity when illegal according to the first image information and the second image information, can finish registered user's registration operation and send information to registered user, to inform that registered user must carry in person ID card information and register, not for this registered user generates corresponding register account number.
The register method of the real-name authentication of the present embodiment, user, carry out in the process of real-name authentication registration, by obtaining user's image information, image information in the image information of obtaining and ID card information is compared, judge that the ID card information whether registered user provides with it is consistent, when legal with the identity judging registered user, allow registered user's registration, the situation of having avoided registered user to use other users' ID card information to register, realized real-name authentication truly, thereby improved the fail safe while authenticating by real name identification method.
The flow chart of the register method of the real-name authentication that Fig. 2 provides for the embodiment of the present invention two.The present embodiment can be realized based on embodiment mono-, and as shown in Figure 2, the method for the present embodiment also comprises after generating register account number corresponding to registered user:
Step 14, obtain registered user's characteristic information;
Step 15, according to characteristic information, generate authentication information corresponding to registered user.
After registered user obtains register account number, certificate server also needs for this registered user provides corresponding authentication information, the foundation that registered user authenticates in follow-up business process of exchange.Wherein, on certificate server, be provided with level of security, and allow registered user to select.For example, when user selects lower security rank, certificate server can provide simple cipher authentication mode to registered user; When user selects high level of security, certificate server can obtain registered user's characteristic information, and is this registered user's producing authentication information according to characteristic information.
The present embodiment selects high level of security to implement based on registered user, and wherein, the registered user's who obtains characteristic information can be image information, acoustic information, finger print information or iris information etc.Concrete, certificate server can be taken pictures to registered user by camera etc., to obtain registered user's image information; Certificate server can be recorded by sound pick-up outfit, video capture device etc. registered user's language, to obtain registered user's acoustic information; Certificate server can obtain by fingerprint scanner registered user's finger print information; Certificate server can gather by iris capturing equipment registered user's iris information.Wherein, the characteristic information that certificate server adopts can be above-mentioned a kind of information, can be also the combination in any of above-mentioned information.
Based on different characteristic information, the authentication information that certificate server generates for registered user is not identical.Concrete, certificate server, according to characteristic information, generates authentication information corresponding to registered user and refers to that certificate server is that registered user generates the authentication information that comprises individual features information.For example: when characteristic information is image information, the image information that the authentication information that certificate server generates for registered user comprises registered user; When characteristic information is acoustic information, the voiceprint that the authentication information that certificate server generates for registered user comprises registered user; When characteristic information is finger print information, the finger print information that the authentication information that certificate server generates for registered user comprises registered user.
The register method of the real-name authentication of the present embodiment, after certificate server provides login account for registered user, by obtaining registered user's characteristic information, further generates the authentication information that registered user uses.Wherein, owing to characterizing registered user's characteristic information, there is uniqueness, therefore, there is higher fail safe, make the authentication information that comprises characteristic information in verification process, there is higher fail safe, registered user's fail safe in the time of can guaranteeing business transaction.
The flow chart of the register method of the real-name authentication that Fig. 3 provides for the embodiment of the present invention three.The present embodiment can be realized based on above-described embodiment, and as shown in Figure 3, the register method of the present embodiment also comprises after producing authentication information:
Step 16a, the generation authentication means associated with authentication information, and authentication means is handed down to registered user, for registered user, according to authentication means, carry out real-name authentication.
Wherein, after certificate server is registered user's producing authentication information, registered user can carry out real-name authentication according to this authentication information, but need to realize by certain carrier, therefore, the authentication means that certificate server is associated with authentication information for registered user's generation, and be handed down to registered user, so that registered user uses authentication information to complete real-name authentication by authentication means.
Wherein, the authentication means of the present embodiment and authentication information adapt.For example: when authentication information is password, this authentication means can be USB Key, certificate server is associated USB Key with registered user's password, registered user, require during by business transaction registered user to carry out real-name authentication by USB Key input password, and authentication by after just can carry out subsequent operation; When authentication information comprises image information, authentication means can be image capture device, such as camera, camera etc., for gather registered user's image information in registered user's business transaction process, and the image information of collection is reached to certificate server for carrying out real-name authentication, and real-name authentication by after just can carry out subsequent operation; When authentication information comprises acoustic information, authentication means can be sound collection equipment, for gather registered user's acoustic information in registered user's business transaction process, and the acoustic information of collection is reached to certificate server for carrying out real-name authentication, and real-name authentication by after just can carry out subsequent operation; When authentication information comprises finger print information, authentication means can be fingerprint collecting equipment, for gather registered user's finger print information in registered user's business transaction process, and the finger print information of collection is reached to certificate server for carrying out real-name authentication, and real-name authentication by after just can carry out subsequent operation; When authentication information comprises iris information, authentication means can be iris capturing equipment, for gather registered user's iris information in registered user's business transaction process, and the iris information of collection is reached to certificate server for carrying out real-name authentication, and real-name authentication by after just can carry out subsequent operation.
Wherein, above-mentioned authentication means only, for obtaining the required information of real-name authentication in registered user's business transaction process, then sends to certificate server by the information of obtaining, and completes real-name authentication operate by certificate server on backstage.In addition, certificate server carries out authentication information and authentication means when associated, authentication information can also be stored in corresponding authentication means, by authentication means, in registered user's business transaction process, obtain corresponding information, and the information of obtaining and the authentication information of storing are compared, to complete real-name authentication process.In this embodiment, authentication means has been shared the real-name authentication function of certificate server, can alleviate the burden of certificate server.
The register method of the real-name authentication of the present embodiment, certificate server, by generating authentication means and authentication means being handed down to registered user, makes registered user to use authentication information to carry out real-name authentication by authentication means, has improved the fail safe of business transaction.
The flow chart of the register method of the real-name authentication that Fig. 4 provides for the embodiment of the present invention four.The present embodiment can be realized based on above-described embodiment, and as shown in Figure 4, the register method of the present embodiment also comprises after producing authentication information:
Step 16b, authentication information and registered user's mobile terminal are carried out associated, for registered user, by mobile terminal, carry out real-name authentication.
Wherein, after certificate server is registered user's producing authentication information, registered user can carry out real-name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server is associated authentication information (claiming again binding) with registered user's mobile terminal, registered user can use authentication information to carry out real-name authentication by its mobile terminal like this.Certificate server specifically refers to sign, the authentication information of authentication server stores mobile terminal, the mapping relations between registered user's register account number by authentication information and registered user's mobile terminal binding.
Wherein, registered user's mobile terminal can be mobile phone, personal digital assistant, personal computer etc., and corresponding mobile terminal identification is phone number, personal digital assistant's factory serial number, personal computer factory serial number etc., as long as can unique identification mobile terminal.
Wherein, take mobile terminal as mobile phone, mobile terminal identification is that phone number is example, illustrates how registered user carries out real-name authentication by mobile terminal.Concrete, in registered user's business transaction process, when needs registered user carries out real-name authentication, registered user for example, proposes authentication request by the business device in business transaction process (carrying out the webpage of business transaction on traction equipment) to certificate server, or registered user also can send note to propose authentication request to certificate server by mobile phone, and wherein authentication request comprises the physical number that registered user binds; Certificate server according to authentication request to mobile phone transmitting short message, to provide authentication password to registered user; In relevant device or interface in the authentication password incoming traffic process of exchange that registered user receives mobile phone, for this relevant device, according to authentication password, by certificate server, registered user is carried out to real-name authentication, after authentication is passed through, relevant device allows registered user to carry out subsequent operation; Otherwise relevant device points out the illegal or checking of identity the information such as not pass through to registered user, and end operation, to guarantee the fail safe of business transaction, protection business transaction user's interests.
The register method of the real-name authentication of the present embodiment, certificate server passes through authentication information and registered user's mobile terminal binding, to registered user, provide a kind of approach that carries out real-name authentication, make registered user to use authentication information to carry out real-name authentication by its mobile terminal, improved the fail safe of business transaction.
The flow chart of the register method of the real-name authentication that Fig. 5 provides for the embodiment of the present invention five.The present embodiment can be realized based on above-described embodiment, and as shown in Figure 5, the register method of the present embodiment also comprises after producing authentication information:
Step 16c, authentication information and the service card of registered user's mobile terminal are carried out associated, the service card for registered user by mobile terminal carries out real-name authentication.
Wherein, after certificate server is registered user's producing authentication information, registered user can carry out real-name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server is associated authentication information (claiming again binding) with the service card of registered user's mobile terminal, the service card that registered user can use by its mobile terminal and mobile terminal is like this used authentication information to carry out real-name authentication.Certificate server specifically refers to sign, the authentication information of the service card of authentication server stores mobile terminal, the mapping relations between registered user's register account number by the service card binding of authentication information and registered user's mobile terminal.
Wherein, registered user's mobile terminal can be mobile phone, personal digital assistant, personal computer etc., the service card of corresponding mobile terminal can be SIM card or sticker, various storage cards etc., the sign of corresponding service card mainly refers to information that can unique identification service card, such as SIM card number etc.
Wherein, take mobile terminal as mobile phone, service card is that SIM card, service card are designated SIM card number for example, illustrates that how registered user carries out real-name authentication by the service card of mobile terminal.Concrete, in registered user's business transaction process, when needs registered user carries out real-name authentication, registered user proposes authentication request by the traction equipment in business transaction process or mobile phone to certificate server; Certificate server issues data SMS to SIM card, so that the authentication password after encryption to be provided to registered user; Registered user's SIM card receives the authentication password after encrypting, and is decrypted and gets authentication password, then by mobile phone, to registered user, shows this authentication password; Registered user is by the traction equipment in the authentication password incoming traffic process of exchange receiving, for this traction equipment, according to authentication password, by certificate server, registered user is carried out to real-name authentication, after authentication is passed through, traction equipment allows registered user to carry out subsequent operation; Otherwise traction equipment points out the illegal or checking of identity the information such as not pass through to registered user, and end operation, to guarantee the fail safe of business transaction, protection business transaction user's interests.
The register method of the real-name authentication of the present embodiment, certificate server is by binding the service card of authentication information and registered user's mobile terminal, to registered user, provide a kind of approach that carries out real-name authentication, make registered user to use authentication information to carry out real-name authentication by its mobile terminal, improved the fail safe of business transaction.
The flow chart of the register method of the real-name authentication that Fig. 6 provides for the embodiment of the present invention six.The present embodiment can be realized based on above-described embodiment, and as shown in Figure 6, the register method of the present embodiment also comprises after producing authentication information:
Step 16d, authentication information and registered user's password card are carried out associated, for registered user, by password card, carry out real-name authentication.
Wherein, after certificate server is registered user's producing authentication information, registered user can carry out real-name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server is associated authentication information (claiming again binding) with registered user's password card, registered user can use authentication information to carry out real-name authentication by its password card like this.Certificate server is bound authentication information and registered user's password card the mapping relations between the sign that specifically refers to authentication server stores password card, authentication information, registered user's register account number.
Wherein, the transaction system when password card that the present embodiment is used carries out business transaction with registered user is associated, and when user carries out business transaction, password card can dynamically provide one group of password information; In the password information incoming traffic transaction system that registered user provides password card or the traction equipment using, by transaction system or traction equipment, by certificate server, the password information of registered user's input is compared, while only having the password information of inputting as registered user correct, registered user could finishing service transaction.
Wherein, password card can produce password information based on time, event or challenging value; In addition, the present embodiment also provides a kind of password card based on business transaction information, to produce the execution mode of password information, and take which and by password card, carry out the process of real-name authentication as example describes registered user in detail.Concrete, in registered user's business transaction process, when needs registered user carries out real-name authentication, the mobile terminal of registered user by the traction equipment in business transaction process or registered user etc. proposes authentication request to certificate server, and this authentication request comprises that registered user's password card sign and business transaction identify; Certificate server, according to the password card sign in authentication request, identifies the ciphertext of corresponding business transaction information to registered user's password card transmission business transaction, this business transaction information can comprise trading object title, type of transaction, exchange hour etc.; Registered user's password card obtains the ciphertext of business transaction information, and according to the encipher-decipher method of making an appointment or pre-stored key, the ciphertext of this business transaction information is decrypted, and obtains business transaction information; The business transaction Information generation password information that registered user's password card basis is obtained, and offer registered user; Registered user inputs password information in traction equipment and by certificate server, registered user is carried out to real-name authentication for traction equipment.Wherein, on certificate server, can generate business transaction according to the password information generating algorithm of making an appointment with password card and identify corresponding password information; The password information that the password information that certificate server can generate itself and password card generate is compared, so that registered user is carried out to real-name authentication.
In the above-described embodiment, registered user's password card is decrypted processing to the ciphertext of business transaction information; If legal business transaction information is successfully deciphered and obtained to registered user's password card, generate correct password information; If registered user's password card Decryption failures or the business transaction information of obtaining are illegal, can not generate the password information of password information or generation error.As can be seen here: the execution mode that passes through business transaction Information generation password information that the present embodiment provides can further improve the fail safe of registered user's business transaction, guarantee registered user's legitimate interests.
In this explanation, owing to carrying out the process of real-name authentication by various authentication means or authentication mode, be prior art, therefore, the various embodiments described above are not elaborated to concrete verification process, specifically can implement with reference to prior art.
Further again, certificate server can also, according to the desired level of security of registered user, provide multiple authentication means or authentication mode to registered user simultaneously.For example can to registered user provide fingerprint collecting equipment, sound collection equipment and with the mode of handset binding; Now, in registered user's business transaction process, registered user can provide authentication request to certificate server by traction equipment or mobile terminal, obtain the authentication password that certificate server issues, and input respectively finger print information and acoustic information by fingerprint collecting equipment and sound collecting device, for certificate server, according to authentication password, finger print information and acoustic information, carry out real-name authentication, guaranteed greatly the fail safe of business transaction simultaneously.
The flow chart of the register method of the real-name authentication that Fig. 7 provides for the embodiment of the present invention seven.The present embodiment can be realized based on above-described embodiment, and as shown in Figure 7, the register method of the present embodiment also comprises after producing authentication information:
Step 17, ID card information, the first image information and register account number are shone upon, generate account information mapping relations, and account information mapping relations are stored in identity account data storehouse.
The register method of the real-name authentication of the present embodiment, is provided with identity account data storehouse on certificate server, can store each registered user's relevant information by this database certificate server, so that registered user is managed and safeguarded.
Further, based on the various embodiments described above, in order to guarantee the fail safe of authentication information, certificate server is generally each authentication information and is provided with useful life, and the useful life of authentication information is generally the useful life of authentication means or authentication mode.For example: certificate server brings into use the time for succeeding in registration day by what authentication means was set, and use end time of authentication means is set according to the useful life allowing, to realize the management to authentication information or authentication means useful life, but be not limited to this.Wherein, in order to guarantee authentication information or authentication means user's interests, certificate server allows user before the useful life of authentication information or authentication means finishes, to apply for extending the useful life of this authentication information or authentication means.Following examples of the present invention describe certificate server in detail according to registered user's the extension request flow process operating of delaying.
The method flow diagram that Fig. 8 is used for the authentication information extension that the embodiment of the present invention eight provides.The present embodiment can be realized based on above-described embodiment, and as shown in Figure 8, the method for the present embodiment comprises:
Step 18, reception registered user's extension request;
Concrete, interface or the interface of the request of delaying is obtained in certificate server setting.When registered user need to propose to delay request, the interface that can provide by certificate server or interface are submitted the request of delaying to.
Step 19, according to the request of delaying, obtain registered user's ID card information and the first image information of registered user;
Step 20, according to the first image information and ID card information, registered user is carried out to identity legitimacy judgement; When judgment result is that registered user's identity is legal, execution step 21; Otherwise, execution step 23.
Step 21, according to ID card information inquiry identity account data storehouse, and judge whether to inquire the register account number corresponding with ID card information; When inquiring the register account number corresponding with ID card information in identity account data storehouse, execution step 22; Otherwise, execution step 23.
Whether the user that this step proposes extension request specifically for judgement is registered users, owing to only having registered users just to have the authority that proposes extension request.
Step 22, according to specifying extension length to upgrade the useful life of authentication information;
When judgment result is that the registered user's who submits the request of delaying to register account number exists, revise the useful life of authentication means, for example by modification, use the end time, to allow user's phase to use.Wherein, while there is illegal result in above-mentioned judged result, all do not allow authentication means to delay, perform step 23.
Step 23, end delay to operate.
Wherein, above-mentioned to the extension process of authentication means in, certificate server is according to obtaining ID card information and the first image information, and all can, with reference to the description in the register method embodiment of above-mentioned real-name authentication, not repeat them here according to the process that the first image information and ID card information are verified registered user's identity legitimacy.The operation that authentication means is delayed that above-mentioned execution mode provides can guarantee the user's that asks for a postponement legitimacy, has improved authentication means the delay fail safe of using and then the fail safe that has improved subsequent authentication procedure.
The embodiment of the present invention nine provides a kind of certificate server, and this certificate server is mainly used in carrying out the flow process of said method embodiment.The certificate server of the present embodiment is by registered user's registration process, obtain registered user's image information, and the image information in image information and ID card information is compared, take and judge whether registered user is validated user, only when registered user's identity is legal, just allow registered user to register, the situation of having avoided registered user to use other users' ID card information to register, realize real-name authentication truly, thereby improved the fail safe while authenticating by real name identification method.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of program command, aforesaid program can be stored in a computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method embodiment; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.