Background technology
Along with the developing rapidly of universal, mobile device network equipment software and hardware of ecommerce, people have started to get used to the emerging affairs such as shopping online, Web bank and E-Payment, and network security is a Main Bottleneck of restriction electronic transaction all the time.The identity verification scheme only having security performance high could obtain the trust of user, also could expand its application market fast.
In order to improve the reliability of Electronic dicrimination, static password frequency of utilization significantly reduces, and what replace him is dynamic password.The main thought of dynamic password is in process of user login, add some uncertain factors, as time, random number etc., makes the information that transmits in each process of user login all different, thus resists retry and attack, and improves the fail safe in login process.Dynamic-password technique mainly divides two kinds, i.e. synchronous password technology and asynchronous password technology, and wherein asynchronous password technology have employed challenge response mode, and synchronous password technology is divided into time synchronized password and event synchronization password.Current, the dynamic password that above three kinds of main generating modes generate is widely used in the multiple network services such as ecommerce, Email, wireless access, network equipment login, Web bank, by the token of validated user and the cooperation of far-end server, complete the Electronic dicrimination to user.
Asynchronous password technology is a kind of password technology that security performance is higher, which employs challenge response mode, do not need to carry out synchronous condition between token and server except identical algorithm, therefore effectively can solve the problem of token step-out, reduce the impact on application, significantly increase the reliability of system simultaneously.Challenge code is the key generating challenge response type dynamic password, generate challenge code by checking static password mode in prior art, reliability is not high, easily be cracked, therefore, how generating a challenge code being difficult to crack, is current each macroreticular security firm technical problem in the urgent need to address.
Therefore, need a kind of new electronic transaction identification method, increase the complexity of the forming factors of the challenge code generating challenge response type dynamic password, that fundamentally improves dynamic password cracks difficulty, for user and businessman provide safety guarantee.
Summary of the invention
In order to solve the problem, the invention provides a kind of electronic transaction identification method based on face recognition, by extracting the facial characteristics of user, digitized facial feature data is applied in the generative process of challenge code, only need increase the reliability that a small amount of miniaturized electronics can increase challenge response type dynamic password, even if the Conduce Disciplinarian making disabled user collect a large amount of dynamic password to be also difficult to analyze dynamic password, thus be difficult to the economic interests invading user and businessman, improve the use confidence of user and businessman, widen the application market of dynamic password Related product.
According to an aspect of the present invention, provide a kind of electronic transaction identification method based on face recognition, described electronic transaction identification method comprises:
Step 1: the face-image using video camera shooting user;
Step 2: image processor carries out sharpening process to described face-image, obtains the process image that definition is strengthened, carries out facial feature extraction, obtain digitized real-time facial feature to described process image;
Step 3: send to certificate server by communication network together with the user ID that described real-time facial feature and user input by certification display;
Step 4: described certificate server judges whether the real-time facial feature that receives and user ID mate, if do not mated, authentication window to certification display returns the authentication result of failure, terminate electronic transaction verification, if coupling, random challenge code is generated based on real-time facial feature and user ID according to random algorithm, store challenge code and challenge code returned to the authentication window of certification display, certification display goes to search the token serial number of the token device having distributed to this user based on user ID simultaneously;
Step 5: the challenge code that certification display shows manually is input in the input frame of token display of token device by user;
Step 6: token device uses RSA Algorithm to be encrypted calculating based on the token serial number of token device and described challenge code, generate the first secret value, HASH algorithm is used to produce the digest value of the first secret value, the digest value of the first secret value is split successively, XOR and get right position process, generate the first dynamic password, and be presented in the dialog box of token display of token device by described first dynamic password, so that user is entered in described certificate server;
Step 7: described certificate server receives described first dynamic password, and carries out certification according to described first dynamic password to user identity;
Wherein, described certification terminal comprises certification display, video camera and image processor, and described certification display is for showing the authentication window corresponding with described certificate server, and described authentication window inputs user ID for pointing out user and carries out face image capture, described certificate server carries out certification according to described first dynamic password to user identity and comprises further, described certificate server uses RSA Algorithm to be encrypted calculating based on the token serial number of token device and the challenge code of certificate server end storage, generate the second secret value, HASH algorithm is used to produce the digest value of the second secret value, the digest value of the second secret value is split successively, XOR and get right position process, generate the second dynamic password, first dynamic password and the second dynamic password are compared, if equal, return successful authentication result, if unequal, return the authentication result of failure.
More specifically, also comprise in described certificate server judges the real-time facial feature that receives and whether user ID mates, described certificate server searches the prestore facial characteristics corresponding with user ID in facial feature database, and the facial characteristics that will prestore mates with real-time facial feature.
More specifically, described facial feature database is stored in described certificate server end, or is stored in the memory device that is connected with described certificate server by communication network.
More specifically, described certificate server goes to search the token device having distributed to this user token serial number based on user ID also comprises, and certificate server searches the token serial number of the token device having distributed to this user in token database.
More specifically, described token database is stored in described certificate server end, or is stored in the memory device that is connected with described certificate server by communication network.
More specifically, certification display is liquid crystal display or light-emitting diode display, and token display is liquid crystal display or light-emitting diode display.
More specifically, resolution for the liquid crystal display of certification display is the one in 160 × 128,384 × 320,400 × 240,640 × 480 or 800 × 480, and the resolution for the liquid crystal display of token display is the one in 160 × 128,384 × 320,400 × 240,640 × 480 or 800 × 480.
More specifically, the length of described challenge code is within 40, and described communication network is computer communication network or mobile communications network.
More specifically, described certification terminal and described token device are integrated in the intelligent mobile terminal of user.
More specifically, described intelligent mobile terminal is smart mobile phone, personal digital assistant PDA, panel computer or portable computer.
Embodiment
Below with reference to accompanying drawings the embodiment of the electronic transaction identification method based on face recognition of the present invention is described in detail.
Authentication, also known as " checking ", " authentication ", refers to by certain means, completes the confirmation to user identity.The method of authentication has a lot, substantially can be divided into: the authentication based on shared key, the authentication based on biological property and the authentication based on public key encryption algorithm.The object of authentication confirms current the user claimed as certain identity, is claimed user really.In daily life, authentication is unrare; Such as, by checking the certificate of the other side, we generally can be sure of the identity of the other side.Although the way of this confirmation the other side identity in daily life also belongs to " authentication " of broad sense, " authentication " one word be used in the field such as computer, communication more.
When authentication is applied to E-Payment field, again can referred to as Electronic dicrimination, for carrying out user authentication to electronic transaction.From initial static password to time synchronous dynamic password, event synchronization dynamic password and even challenge response type dynamic password, the development of password is always towards the direction that security performance is more and more higher, and in challenge response type dynamic password, the generation of challenge code is most important, he is related to the difficulty that dynamic password is cracked, in prior art, the mode of authentication of users static password is used to generate challenge code, reliability is not high, in order to improve the complexity of challenge code, the present invention uses for reference the uniqueness of user's face feature, the mode of authentication of users facial information is used to generate challenge code, thus improve the security performance of challenge response type dynamic password largely.
In order to extract the face feature information of user, need to carry out face recognition to user.Face recognition, be also called recognition of face, face recognizing, face identification etc., face recognition can use general video camera as identifying information acquisition device, obtain the face-image identifying object in a non-contact manner, then the preliminary treatment before identifying face-image, such as, deepen definition, filtering etc., and computer system is to the face-image characteristic information extraction after process, the characteristic information of extraction is mated with the characteristics of image in pre-stored image data storehouse, thus completes identifying.Face recognition is the RM based on biological characteristic, compared with the RM that fingerprint recognition etc. is traditional, have in real time, accurately, high accuracy, be easy to use, stability is high, cost performance high.
Fig. 1 is the method flow diagram of the electronic transaction identification method based on face recognition illustrated according to an embodiment of the present invention, and described electronic transaction identification method comprises the following steps:
Step 101: the face-image using video camera shooting user;
Step 102: image processor carries out sharpening process to described face-image, obtains the process image that definition is strengthened, carries out facial feature extraction, obtain digitized real-time facial feature to described process image;
Step 103: send to certificate server by communication network together with the user ID that described real-time facial feature and user input by certification display;
Step 104: described certificate server judges whether the real-time facial feature that receives and user ID mate, if do not mated, authentication window to certification display returns the authentication result of failure, terminate electronic transaction verification, if coupling, random challenge code is generated based on real-time facial feature and user ID according to random algorithm, store challenge code and challenge code returned to the authentication window of certification display, certification display goes to search the token serial number of the token device having distributed to this user based on user ID simultaneously;
Step 105: the challenge code that certification display shows manually is input in the input frame of token display of token device by user;
Step 106: token device uses RSA Algorithm to be encrypted calculating based on the token serial number of token device and described challenge code, generate the first secret value, HASH algorithm is used to produce the digest value of the first secret value, the digest value of the first secret value is split successively, XOR and get right position process, generate the first dynamic password, and be presented in the dialog box of token display of token device by described first dynamic password, so that user is entered in described certificate server;
Step 107: described certificate server receives described first dynamic password, and carries out certification according to described first dynamic password to user identity;
In addition, described certification terminal comprises certification display, video camera and image processor, and described certification display is for showing the authentication window corresponding with described certificate server, and described authentication window inputs user ID for pointing out user and carries out face image capture; Also can comprise further in step 107, described certificate server uses RSA Algorithm to be encrypted calculating based on the token serial number of token device and the challenge code of certificate server end storage, generate the second secret value, HASH algorithm is used to produce the digest value of the second secret value, the digest value of the second secret value is split successively, XOR and get right position process, generate the second dynamic password, first dynamic password and the second dynamic password are compared, if equal, return successful authentication result, if unequal, return the authentication result of failure.
In addition, also comprise in described certificate server judges the real-time facial feature that receives and whether user ID mates, described certificate server searches the prestore facial characteristics corresponding with user ID in facial feature database, and the facial characteristics that will prestore mates with real-time facial feature; Described facial feature database is stored in described certificate server end, or is stored in the memory device that is connected with described certificate server by communication network; Described certificate server goes to search the token device having distributed to this user token serial number based on user ID also comprises, and certificate server searches the token serial number of the token device having distributed to this user in token database; Described token database is stored in described certificate server end, or is stored in the memory device that is connected with described certificate server by communication network.
In addition, certification display is liquid crystal display or light-emitting diode display, and token display is liquid crystal display or light-emitting diode display; Resolution for the liquid crystal display of certification display is the one in 160 × 128,384 × 320,400 × 240,640 × 480 or 800 × 480, and the resolution for the liquid crystal display of token display is the one in 160 × 128,384 × 320,400 × 240,640 × 480 or 800 × 480; The length of described challenge code is within 40, and described communication network is computer communication network or mobile communications network; Can be integrated in the intelligent mobile terminal of user by described certification terminal and described token device, described intelligent mobile terminal is smart mobile phone, personal digital assistant PDA, panel computer or portable computer.
Wherein, RSA Algorithm, being also called RSA public key encryption algorithm, is proposed together by Peter Lonard Lee Vista (Ron Rivest), A Di Shamir (Adi Shamir) and Leonard A Deman (LeonardAdleman) for 1977.Three of them worked in the Massachusetts Institute of Technology at that time.RSA is exactly the alphabetical compositions that are stitched together of their three people's surname beginnings.RSA is the most influential current public key encryption algorithm, and he can resist up to the present known most cryptographic attacks, is recommended as public key data encryption standard by ISO.Current only have short RSA key just may be broken by brute force approach solution.To 2008, in the world also without any the mode of attacking RSA Algorithm reliably.As long as the length long enough of its key, with the information of rsa encryption be actually can not be separated broken.But in today that Distributed Calculation and quantum computer theory reach its maturity, rsa encryption fail safe receives challenge.RSA Algorithm is true based on a foolproof number theory: be multiplied by two Big prime very easy, but it is extremely difficult to want to carry out factorization to its product at that time, therefore can using open for product as encryption key.
Wherein, HASH algorithm, is also called hash algorithm, and the binary value of random length is mapped as the binary value of shorter regular length by hash algorithm, and this little binary value is called cryptographic Hash.Cryptographic Hash be one piece of data uniquely and extremely compact numeric representation form.If hash one section of plaintext and even only change a letter of this paragraph, Hash subsequently all will produce different values.Finding hash to be the input that two of same value are different, is computationally impossible, so the cryptographic Hash of data can the integrality of check data.Be generally used for fast finding and cryptographic algorithm.
Then, with reference to figure 2, the present invention will be described in continuation, Fig. 2 is the block diagram of the electronic transaction verification system based on face recognition illustrated according to an embodiment of the present invention, described electronic transaction verification system comprises token device 201, certification terminal 202, certificate server 203 and communication network 204, described token device 201 comprises token display, described certification terminal 202 comprises certification display, video camera and image processor, described certificate server 203 can be Cloud Server, described communication network 204 can be computer communication network or mobile communications network, certification terminal 202 manually will be input in the input frame of token display of token device 201 in the challenge code that user's face feature generates at certificate server 203 end group, so that token device 201 generates challenge response type dynamic password, dynamic password sends to certificate server 203 place to complete checking by communication network 204 by user, communication network 204 receives the result that certificate server 203 returns, wherein certification terminal 202 is also bi-directionally connected with communication network 204, with the user ID of the real-time facial feature and user's input that send user to certificate server 203, and the challenge code of certificate server 203 generation is received from certificate server 203.
Adopt the electronic transaction identification method based on face recognition of the present invention, for the not high technical problem being easy to be cracked of challenge code complexity in existing challenge response dynamic password generate pattern, user's face feature is incorporated in the generation of challenge code, thus the difficulty that raising challenge code is cracked, improve the security performance of electronic transaction verification scheme, for the fund of user and trade company provides better safety curtain.
Be understandable that, although the present invention with preferred embodiment disclose as above, but above-described embodiment and be not used to limit the present invention.For any those of ordinary skill in the art, do not departing under technical solution of the present invention ambit, the technology contents of above-mentioned announcement all can be utilized to make many possible variations and modification to technical solution of the present invention, or be revised as the Equivalent embodiments of equivalent variations.Therefore, every content not departing from technical solution of the present invention, according to technical spirit of the present invention to any simple modification made for any of the above embodiments, equivalent variations and modification, all still belongs in the scope of technical solution of the present invention protection.