CN105099704B - A kind of OAuth service based on bio-identification - Google Patents
A kind of OAuth service based on bio-identification Download PDFInfo
- Publication number
- CN105099704B CN105099704B CN201510493553.XA CN201510493553A CN105099704B CN 105099704 B CN105099704 B CN 105099704B CN 201510493553 A CN201510493553 A CN 201510493553A CN 105099704 B CN105099704 B CN 105099704B
- Authority
- CN
- China
- Prior art keywords
- user
- terminal
- oauth
- identification
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The OAuth service based on bio-identification that the invention discloses a kind of includes terminal module, system OAuth service, third-party application etc..User is in the system service platform registration for providing OAuth, register user account and biometric information and the terminal authorized, system service platform opens OAuth service to outside, user is when accessing third-party application, selection is logged in and is authorized by OAuth service, the logging request of user is routed to terminal that user specifies and user is reminded to authorize by system, user then carries out the biometric information that bio-identification obtains user in terminal if agreeing to authorization, judge whether it is the biometric information of user, refusal is then directly selected if refusal, after system service platform obtains the identification information of user or the information of refusal, whether instruction third-party application platform allows to log in or refuse.By the way that OAuth service is extended to heterogeneous terminals and using the biometric identification capabilities of heterogeneous device, a kind of convenient OAuth business experience is provided for user.
Description
Technical field
The present invention relates to internet and mobile communication terminal technical field, particularly relate to a kind of based on bio-identification
OAuth service.
Background technique
With the development of the development of Internet technology and mobile communication technology, especially internet and intelligent terminal technology,
Feasibility is provided for a kind of OAuth service based on bio-identification.
Currently, application is more and more with the development of wireless Internet and internet, user needs to step in different applications
Record needs to be registered in different applications under normal conditions, and very cumbersome and username and password is difficult to remember one by one.
And the development of OAuth technology, possibility is provided to improve user in third-party application login, user is logging in third
Side is logged in application, can choose using OAuth, may have access to third-party application by OAuth, without in third
Side carried out on registration can directly license third-party application obtain user information.
And OAuth is logged on OAuth service platform there is still a need for user, user still require every time
OAuth authorizes interface to input username and password, by using username and password still have certain security risk and
The step of hand filling username and password, safety coefficient and user experience still have the space that can be promoted, secondly, OAuth
Service is generally only to carry out in the same software environment on same terminal device, cannot the progress of cross-platform and software environment
Authorization service, can not be using mobile terminal the characteristics of portable and integrated biometric identification capabilities progress user's identification.
It as biological identification technology is increasingly mature, also can be integrated at the terminal, be the most apple known to user
The fingerprint recognition of mobile phone, user can be very easily unlocked by fingerprint recognition, and iris recognition, the biologies such as hand vein recognition
Identification technology also graduallys mature, and is gradually integrated on intelligent terminal, and most important application at present is only to carry out the solution of mobile phone
Lock, for biological identification technology, application range is excessively narrow, and could not apply the technology of bio-identification well.
It is transferred on the mobile intelligent terminal of isomery by the step of authorizing OAuth, and passes through intelligent terminal institute band
Bio-identification function, comprising fingerprint, vein, the various bio-identification modes such as iris obtain the biometric information of user, pass through
Biometric information identifies user, and using recognition result as authorization, so that user can reduce or exempt traditional
It is manually entered the number of username and password in OAuth mode and breaks through the shortcomings that OAuth is unable to the authorization of striding equipment, user
It can identify that the biological characteristic of oneself carries out the authorization of third-party application on mobile terminals, greatly facilitate user in third
The use of Fang Yingyong.
In view of this, a kind of simple and easy it is an object of the invention to propose, internet and intelligent terminal are merged
A kind of OAuth service based on bio-identification.
Summary of the invention
A kind of OAuth service based on bio-identification, comprises the following steps,
1) user registers in the system service platform of OAuth;
2) system service platform opens OAuth service to outside;
3) user accesses third-party application, and selection is authorized by OAuth system service platform;
4) OAuth system service platform, which determines, provides the Intelligent target terminal of authorization;
5) authorization requests of user are routed to Intelligent target terminal by OAuth system service platform;
6) user chooses whether to agree to authorization on intelligent terminal, such as agrees to, then in intelligent terminal acquisition bio-identification letter
Breath is refusal authorization if selecting to refuse or do not do any operation;
7) system according to acquisition and identification as a result, judge whether it is registration user biometric information, system service
After platform obtains the recognition result of user or the operation of refusal authorization, the corresponding platform Authorization result of instruction third-party application.
Further, by it is provided it is a kind of based on bio-identification OAuth service method be one kind easily answer
It is provided a strong guarantee with the business development of access and authorization, meets the requirement of user each side, promote user friendly experience.
To achieve the above object, one aspect of the present invention provides a kind of side of OAuth service based on bio-identification
Method, this method comprises:
Registration includes user's registration and endpoint to register;
Firstly, user registers user information and end message in the system service platform of OAuth, system saves user's registration
Information, includes user name, user password, the various userspersonal informations under user's gender and various conventional Registration modes, together
When system also generation system in unique User ID, user password can be used as the user of auxiliary and log in and equipment logs on to
The means of OAuth platform, the mode that traditional username and password still can be used in user log in OAuth service platform;
It include fingerprint, vein, iris and various secondly, acquiring the biometric information of user by client terminals
Terminal support is one or more with the biometric information that can be acquired, for the biometric information of acquisition, according to system
The setting of security level and user saves after handling these information, and save location can be in terminal device or upload
It is stored in terminal and system to system or simultaneously, the foundation as user's identification;
Endpoint to register is then user logs on to system platform using the user account of registration on the terminal device, acquisition and protects
The feature identification information of terminal is deposited to system, the description information of terminal is set, and user can register one or more for authorizing
Terminal device, the terminal device of user account and user's registration after registration bound, terminal device logs to system simultaneously
It operates under the account name of registration user.
In a kind of one embodiment of OAuth service based on bio-identification provided by the invention, this method further include:
The open OAuth service of system service platform, the OAuth service of third-party application access system service platform provide
The access option of OAuth service, the mode that user selects OAuth to service on the interface of third-party application request to authorize, third
Fang Yingyong jumps to the authorization interface of OAuth service platform offer, and in next step, OAuth service platform determines route request information
Purpose terminal device.
After user's selection is authorized by OAuth platform, third-party application jumps to the interface OAuth, determines that routing disappears
The target terminal of breath and offer authorization, method of determination include manual mode and automatic mode;
Manual mode includes text search and wireless search mode, and it includes target that text search, which is input descriptive matter in which there,
The access coding of the characterization information of terminal, associated account name information, terminal, and can be with GC group connector or user characteristics
Various description informations, terminal access coding be the uniqueness that system distributes to terminal digital coding, system by its
It is mapped to the uniqueness characteristic information of the terminal in system, user simply enters a digital coding and can find by system
The terminal, simplifies the discovery process of terminal with this, and system is scanned for by inputting text to user, finds out and meet input text
The terminal of description operates in the terminal list inputted under account name, and user selects in search result, or at used end
It is selected in the history list of end;
Wireless search mode includes the search based on NFC, bluetooth, WiFi or WiFi-Direct and DLNA, and terminal is not short
Away within the scope of wireless search or in the case where offline, will be unable to search out the terminal, the terminal in historical search record is presented
For down state, for the first time in use, user need to search out available terminal by way of wireless search or text search,
According to the security settings that terminal accesses, in the case where terminal profile needs to input access code, access code is inputted to connect the end
End, the information for the terminal being successfully connected can be stored in third-party application client, can be directly from going through when next time uses
It is selected in history terminal list;
Automated manner is user setting and the link information for saving target terminal, access code as the aforementioned, or setting search
As trusted terminal device, OAuth platform will automatically attempt to connect and verify the terminal to be set out or specified terminal
It is standby, meet terminal connection security setting and verify the terminal device be the terminal device in system registry in the case where, from
It is dynamic to connect and forward request message to the terminal.
The logging request of user is routed to the terminal that user specifies by system, and system is in the target for determining offer authorization function
After terminal, system attempts connection and forwarding authorization request message to the terminal, as failed in the forwarding validity period that system is specified
It successfully forwarded message in time, this retransmission failure, user can set the multiple terminals of selection, in first terminal retransmission failure
In the case where can be forwarded in order user selection multiple terminal lists next terminal, until message forward successfully or
It proves an abortion.
After authorization request message success routing forwarding to terminal set by user, terminal reminds user, includes display notice
Message vibrates terminal, plays the mode of sound, and user is reminded to operate, and chooses whether to agree to authorization, user is as agreed to award
Power then acquires in terminal and obtains the biometric information of user, after acquisition, according to the bio-identification to acquisition of default
The verification mode of information verifies and is sent to the verifying of server-side comprising terminal local, to the user biological identification information of acquisition
Verified, verify whether for the terminal it is corresponding registration user biometric information, such as in the effective of authorization request message
In phase, user does not carry out Authorized operation, directly refusal authorization, authentication failed at the terminal and obtains the mistake of user biological identification information
Then refuse to authorize if losing.
In a kind of one embodiment of OAuth service based on bio-identification provided by the invention, this method further include:
Setting according to system to data processing method, at the biometric data of collected registration user
Reason, processing mode include data Hash, data encryption, digital signature and various have irreversible and uniqueness processing side
Formula, data that treated are stored in the terminal of acquisition or upload to system platform preservation, as verifying user biological identification letter
The foundation of breath, and the ID users of the data of user biological identification and system are bound and mapped.
In a kind of one embodiment of OAuth service based on bio-identification provided by the invention, this method further include:
User can register and bind terminal of the single or multiple terminals as authorization, and the mode of binding is to obtain terminal
Hardware characteristics identification information, is mapped with user account, and whether setting allows the same user account same in multiple equipment
Shi Denglu, hardware characteristics identification information includes fuselage code, MAC Address, IMEI or MEID, on SIM card sequence number and terminal
The hardware identification information of various uniqueness, user is in the terminal for being successfully selected authorization and after being authorized by the terminal, the end
Client information can be stored in the client and system of third-party application, and when user needs to authorize next time, which will occur
In history terminal list, user can directly select the terminal as target terminal, and user can also delete the terminal letter of preservation
Breath.
Terminal acquires biometric information, verifies to biometric information, can be at end according to system security setting
End is verified in system, and whether the biometric information for verifying acquisition is the corresponding bio-identification for registering user of the terminal
Information, the mode of verifying are that identical data processing method carries out when the biometric information for the user that will be acquired is used with registration
After calculating and handling, it is compared with the verify data of preservation, obtains corresponding registration user information and then compare acquisition
Whether terminal device information is to register the terminal device bound under user name, and the two comparison unanimously is then thought to be verified, meanwhile,
The combination of multiple identification informations can also be verified, combination has order, passes through recognition result and the identification of biometric information
Precedence is as basis of characterization, and order is all consistent can just be verified for recognition result and identification, can be further improved with this
The safety of verifying.
Specifically have the advantage that
It is more convenient:
It will be passed by fusion mobile terminal using the portable of mobile terminal device and the recognition capability for having biological characteristic
The scope of authority of the OAuth of system expands on mobile terminal from traditional PC machine, as long as user registers on the platform of OAuth
Good user information can include fingerprint, vein, the bio-identifications mode such as iris, to third-party conveniently by bio-identification
It using OAuth authorization is carried out, is registered respectively so as to avoid different using upper, logs in and require to input user name every time
It is more convenient to use with the trouble of password.
It is safer:
The biometric information of user, after treatment, initial data no longer saves, what terminal or system saved be by
Biometric data that treated can not restore, and safety is guaranteed.
Secondly, user, which logs in, does not need input username and password, by way of bio-identification, such as fingerprint is awarded
Power and login, are reduced or avoided the stolen problem of username and password, user is obtained greatly using the safety of various applications
It is promoted.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is present system schematic network structure.
Fig. 2 is present system modular structure schematic diagram.
Fig. 3 is user's registration flow diagram of the present invention.
Fig. 4 is that terminal of the present invention selects flow diagram.
Fig. 5 is OAuth operation flow schematic diagram of the present invention.
Specific embodiment
With reference to the accompanying drawings to invention is more fully described, wherein illustrating exemplary embodiment of the present invention.
To achieve the above object, a kind of OAuth service based on bio-identification is proposed.
Below by way of in conjunction with attached drawing, embodiments of the present invention are described.
Realize that a kind of key point of OAuth service based on bio-identification is as follows:
Biometric data processing and mapping:
The user biological identification data of setting based on security level, reading usually do not save original reading
Data, but after treatment, it is stored in terminal or uploads the system saved, the uniqueness of data that treated and user are believed
Breath is mapped, i.e., maps one by one with user in the uniqueness recognition user information of system, includes User ID, user name.
The mode of data processing includes hash Hash, data encryption, the processing modes such as digital signature, it is characterized in that processing side
Formula needs to guarantee irreversible after data processing, i.e., cannot be reduced, while keeping uniqueness of the data in system.
User and endpoint to register:
User registers in system, provides and register user information, and acquire user terminal by client terminals and set
Standby characteristic information, includes fuselage code, IMEI, and the identification feature data of uniqueness, system verify user in the terminals such as termination number
After be stored in system and mapped and be associated with user information.
Determine target authorisation device:
Firstly, user needs to carry out the registration of equipment in system, system will acquire the feature identification letter of user's designated equipment
It ceases, the title of equipment, the user account information of binding, is stored in system after facility registration, terminal will operate in the user of binding
Under account name, meanwhile, system is bound the hardware characteristics identification information of terminal with user account information.
Before business, the delegatable terminal of user's registration, and be named for the terminal, it is unique for such as can be used
Property the titles, such as My_IPHONE_13900215678 such as phone number, which will be unique, similar user in system
Name, later user can search the terminal by searching the title of the terminal.
After endpoint to register success, system will be also the terminal distribution digital coding as the quick side for searching for the terminal
Formula, terminal coding and terminal name, the uniqueness characteristic identification information of terminal, such as MAC Address information are bound, are passed through
Input access coding, user can simply find terminal device.The process of user's designated equipment can be greatly simplified in this way.
After registering user and terminal success, if selection OAuth service authorizes, system comes from user in acquisition
After the authorization request message of third-party application platform, it is thus necessary to determine that the destination of route messages, i.e., it needs to be determined that target authorization is set
It is standby.
Determine that the mode of the target authorisation device of the destination of route messages has input text or account name to scan for, it is short
Away from wireless search, usage history search listing selects the mode of terminal.
It inputs under the mode of text, for the first time before use, user needs on the OAuth service interface that third-party application is embedded in
Text is inputted, comprising the facility information for authorization, such as device name, the user account information of mapping, terminal is assigned by system
Access coding, system can search the equipment for meeting search condition after input, and user is in the equipment for meeting search condition
Selection device request is connected to the equipment and by system forwards authorization request message.
In order to simplify the mode of search and connection, it can be accessed and be encoded with using terminal, the access coding of terminal is system
Distribute to a digital coding of terminal, the coding for each terminal, in system be it is unique, system is by itself and terminal
Various uniqueness characteristic information mapped and bound, such as the hardware mac address terminal uniqueness characteristic information of terminal, and
With the dynamic link information such as this IP address that can find terminal, finding can be to the end after the dynamic connection informations such as IP address
End initiates the connection or directly transmits message, simply enters a digitally coded mode by user, enormously simplifies manually
The process of discovery and the connection of terminal under connection type, improves the experience of user;
The mode of search can also search for user account, search for the terminal device being registered under the family account name, and different
It surely is search terminal information.
System can also include bluetooth, NFC, WIFI or WIFI-Direct by way of short-distance wireless, and DLNA etc. is each
It plants short-distance wireless or based on wireless equipment positioning and search technique, searches neighbouring equipment, selected in the equipment searched
Device request is connected to the equipment and by system forwards authorization request message.
According to the setting of user security rank, user can also specify the access code for accessing the terminal device, and access code is not
It is same as access coding, is equivalent to the password for being connected to the terminal, when system attempts to connect to the equipment, user needs in system
Service platform OAuth inputs access code on interface, and otherwise the terminal device will refuse the connection of system and receive message, can also be with
Setting is not necessarily to access code on mobile terminals, and system will can be directly connected to the terminal device without input access code, or
System saves the used access code of user, and access code will be automatically provided when system is again coupled to the equipment, defeated without user
Enter, or specify informed source trusty and destination, such as can specify the equipment of third-party application client where user with
And specific terminal device is trusted device, trust mode contains the hardware spy for comparing client device and terminal device
Value indicative carries out mode, client device and the system such as verifying and mobile terminal device trusts each other, and mobile terminal is receiving
It arrives after being originated from the message for the request that the equipment issues, regards the message as belief message, user is specified to be forwarded to the equipment
Message will be forwarded directly in mobile device without verifying access code.
By specified credible equipment and the modes such as access code are saved, terminal can automatically log into system, and keep system
The state logged in for a long time in specified validity period, without being logged in every time, in the case where terminal is online, system forwards
Message can be routed directly to the equipment, without being kept in system, be forwarded again after waiting system is online, this
A mode can be used as the mode of default, facilitate user with this in the case where the artificial equipment of user and environment are safely controllable
Use.
Information needed for the connection of used equipment will be stored on the client device of third-party application, and have one
Fixed validity period, in validity period, when user needs designated equipment again, user is just not necessarily to search and can directly select again
Select the equipment.
If user's selection carries out bio-identification progress OAuth by intelligent terminal, system searches user on platform
It is specified when registration specifically when can be carried out the terminal device of authorization, the side of the hardware device features data searched will be compared
Formula, or search operate in the terminal of currently assigned user account under one's name, and the end message that user selects every time, which will be all stored in, is
System and user access in the equipment of third-party application, the title comprising terminal, the characteristic information of terminal, user's use next time
The terminal is directly selected, if the equipment selected is not logged in, then cannot use the equipment.
Secondly, what only searching was online meets this if user specifies and can only authorize in particular terminal
The intelligent terminal of the feature of particular terminal is then given notice by offline mode and is disappeared if the system discovery terminal is not online
Breath, offline message send outbox for the message of transmission for system and keep in, and the temporary time limit specifies validity period by system,
In validity period, the message can be received after user terminal is online, or issue the modes such as short message to the termination number of registration and send out
Log messages prompt user logs on the terminal out, is not otherwise available the terminal.
After determining target terminal, system can be attempted to connect the terminal and routing forwarding message.
Message routing:
After successfully finding and being connected to the authorisation device that user specifies, system will carry out message forwarding, the i.e. road of message
By will be routed in the equipment from the forwarding of the authorization request message for the third-party application that user accesses, which, which receives, is
It unites after the authorization messages of push, will be prompted to the operation that user is authorized.
Notification message has validity period, and it is just effective that user, which carries out operation, within the validity period of default, if with
The specified terminal in family is not online before the deadline, and if causing message to be exceeded the time limit, message will fail, system by refuse user based on
The operation of the message.
User information verifying:
After terminal receives the authorization request message of system forwards, user is reminded to authorize in various ways in terminal,
Comprising vibration, the modes such as sound after user views message, such as determine authorization, then acquire the single or more of user by terminal
A biometric feature information, and according to the security setting of system, is identified and is compared in terminal, or upload to system into
Row identification and comparison, comparison can be the comparison of single biometric information or the comparison of multiple orderly recognition results, example
Such as, the identification information of single finger or the recognition result for having precedence of comparison index finger, thumbprint are compared, according to identification
As a result, verifying to terminal, the terminal device for the registration under registration user name belonging to recognition result is verified whether, according to
Verification result sending authorizes successfully or authorization failure message.
The structure of system and process are described below.
As shown in Figure 1, a kind of topology of the OAuth service based on bio-identification specifically includes that
Access terminal 100:
User accesses the terminal device that uses of third-party application, such as computer, plate, the equipment such as smart phone, and user is from visit
Ask that equipment accesses third-party application.
Mobile terminal 101:
Mobile terminal device is the intelligent terminal for the biological support feature identification that user specifies, and is commonly referred to as intelligence
The Portable intelligent terminal devices such as mobile phone.
Internet and communication network 102:
Comprising internet and communication network, the channel of data access and access and the carrying of communication service capabilities are provided,
Such as fixed broadband, WIFI data channel, mobile communication voice and short message channel transmit data and carrying industry by internet
Business.
Third-party application 103:
The third-party application of user's access needs the OAuth of embedded system to service in the present system.
OAuth service platform 104:
The OAuth service platform of system provides the OAuth service of system for each third-party application platform.
Fig. 2 is shown as present system modular structure schematic diagram.
Access equipment end:
Access client 200:
User accesses the client of third-party application in the equipment of access, can be the client of browser mode,
The client-side program that can be local runtime accesses third-party application by access client.
Mobile terminal side:
Acquisition module 201:
Terminal side acquires the functional module of user biological identification feature, includes fingerprint, vein, iris etc. can be with uniqueness area
The biological characteristic of other user.
Memory module 202:
Store user biological feature identification information functional module, the information of storage can be original acquisition data or
Living things feature recognition data after treatment.
Processing module 203:
The functional module for the user biological biometric data that processing on subscriber terminal equipment obtains, to the data of acquisition
It is handled, comprising encryption, signature, the processing modes such as hash guarantee that treated data are irreversible and uniqueness.
Identification module 204:
The living things feature recognition data that acquisition is identified on user terminal obtain the uniqueness of user with user information correlation
Which user identification is after identifying data.
Authorization module 205:
The functional module authorized to user in the authorization requests of third-party application platform on user terminal includes notice
User authorizes, and obtains the operation information of user's authorization, judges whether user's authorization is correct, if for user's authorization etc.
It is various to be related to the logical operation of authorization.
Line module 206:
User function module on user terminal includes user's registration.User information maintenance, user authority setting etc. and use
The related functional module of family account.
Internet and communication network 207:
Comprising internet and communication network, the channel of data access and access is provided.
Third-party application terrace part:
Authorize interface 208:
Authorization access interface between third-party application platform and third-party application client, third-party application client are logical
It crosses authorization interface and initiates authorization requests.
OAuth interface 209:
The request interface that the OAuth of third-party application and OAuth service platform is serviced, is initiated by OAuth service interface
The request serviced to the OAuth of OAuth service platform, and receive the response message of OAuth service platform.
OAuth service platform part:
Service access interface 210:
The interface that system service outwardly opens passes through service access interface and third-party application platform and mobile terminal
The interaction of calling and message that side is serviced.
Database 211:
The database of system end saves the various data of system end, includes user information, registration information, terminal feature number
It is believed that breath and various system ends need data to be saved.
Registration service 212:
The user's registration service of system end provides the function of registration for user, registers the letter of user information and user terminal
Breath.
Authorization service 213:
The authorization service of system end, according to user mobile terminal side Authorized operation, in system end to third-party application
Authorization requests authorized.
Management configuration module 214:
The management and configuration feature module of system end, management and configuration various businesses parameter.
Data processing module 215:
The data processing module of system end handles the function mould of the untreated user biological biometric data of acquisition
Block handles the data of acquisition, comprising encryption, signature, the processing modes such as hash, guarantee treated data it is irreversible and
Uniqueness.
System portal 216:
The portal interface of system carries the service logic of user and system and the channel of access.
Fig. 3 is shown as user's registration flow diagram of the present invention.
As shown, user equipment registration process comprises the following steps:
Step 301: user requests registration user account on mobile terminals;
Step 302: terminal acquires user biological identification information and facility information;
Step 303: whether the information that system verifying user provides, which meets registration, requires;
Step 304: saving user's registration data if meeting, generate user account and corresponding account data, binding
User biological identification information and user account information and terminal feature identification information;
Step 305: if being unsatisfactory for, reporting error message, this register flow path terminates;
Fig. 4 is shown as the operation flow of equipment search and connection, comprises the following steps:
Step 1, user select the acquisition modes of equipment, comprising information such as short-distance wireless search, input equipment titles, or
Select last time used equipment;
Step 2, system judge the equipment way of search of user, and for example short-distance wireless is searched for, then pass through third where user
The mode for the short-distance wireless that the access equipment of Fang Yingyong is supported includes bluetooth, NFC, WIFI, the technological scannings such as WIFI-Direct
Neighbouring equipment, the search of for example input text then search for user and input text, include user account information, and access encodes, if
Standby information, search meet the terminal device of condition, by system convert the access if encoding such as input access and be encoded to terminal setting
Corresponding equipment is found in standby registration and characteristic information, for example inputs the mode of account information, then search is currently operating at the account
Terminal device under one's name, if input equipment information, then search meets the equipment of facility information description, if equipment is in system
The device name of uniqueness as defined in interior directly selects the equipment, such as equipment if the list of devices that user selects system to provide
If not online, which will be in down state, and user can not select the equipment;
The corresponding equipment of step 3, systematic search, is such as successfully searched equipment, it tries is connected to the equipment, such as fails to look for
Any information is not inputted to any one equipment or user, or the list and search of any one equipment not saved
As a result in the case where being empty, then connection failure;
The equipment that the equipment of access third-party application where step 4, system attempt instruction user is connected to user's selection, quilt
The equipment of connection judges whether to need access code, such as needs access code according to the security setting of preservation, then user is prompted to be connected
It is inputted in the equipment connect, then allows to connect if not needing;
Step 5, if needing to input access code, user is after input, and terminal judges whether correctly, if correct then
The terminal device is allowed attachment to, can be forwarded after successful connection and route messages to the equipment;
It is given one example below to illustrate a kind of process for using of the OAuth service based on bio-identification of user of the present invention,
As shown in figure 5, in the embodiment, comprising the following steps:
Step 1. user accesses third-party application, and user is needed to carry out authorization access;
Step 2. third-party application is shown and instruction user selects authorization;
After step 3. user selects OAuth method of service, third-party application interface jumps to OAuth authorization of service interface;
Step 4.OAuth service system receives the authorization request message of user;
Step 5. system determines the target terminal equipment of forwarding message, by search, the side comprising text or short-distance wireless
Formula or user select the mode of history terminal, determine target terminal, if the terminal of the one or more registrations of discovery, prompt
User selects the terminal that can be authorized, and failure handling process is then transferred to if not finding any terminal that can be authorized and is returned
Authorization failure message, system will execute the process of refusal authorization;
Step 6. system is attempted connection terminal and is asked in the terminal forwarding authorization of the authorization of successful connection rear line selection
Seek message;
After step 7. terminal receives message, the operation that is authorized of user is prompted;
Step 8. user chooses whether progress Authorized operation and then carries out adopting for biological information if allowing Authorized operation
Collection, such as the acquisition of fingerprint, if refusing Authorized operation, terminal returns to refuse information, and system carries out failure handling process;
Step 9. carries out biology in terminal side or system end according to the identification method of the living things feature recognition data to acquisition
The identification of characteristic, and the result of identification and the information of terminal device are verified, judge that recognition result is set with terminal
Whether standby be same registration user.
Step 10. is according to verifying as a result, issuing Authorization result message to third-party application platform, third-party application is flat
Platform is accessed according to whether Authorization result successfully allows user to access or refuse user.
Description of the invention is provided for the sake of example and explanation, and is not exhaustively or will be of the invention
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.It selects and retouches
It states embodiment and is to more preferably illustrate the principle of the present invention and practical application, and those skilled in the art is enable to manage
The solution present invention is to design various embodiments suitable for specific applications with various modifications.
Claims (9)
1. a kind of method of the OAuth service based on bio-identification, which is characterized in that it comprises the following steps,
1) user registers in the system service platform of OAuth;
2) system service platform opens OAuth service to outside;
3) user accesses third-party application, and selection is authorized by OAuth system service platform;
4) OAuth system service platform, which determines, provides the Intelligent target terminal of authorization;
5) authorization requests of user are routed to Intelligent target terminal by OAuth system service platform;
6) user chooses whether to agree to authorization on intelligent terminal, such as agrees to, then acquires biometric information in intelligent terminal, such as
It selects to refuse or do not do any operation then to be refusal authorization;
7) system according to acquisition and identification as a result, judge whether it is registration user biometric information,
After system service platform obtains the recognition result of user or the operation of refusal authorization, the corresponding platform of instruction third-party application
Authorization result.
2. a kind of method of OAuth service based on bio-identification as described in claim 1, which is characterized in that Yong Hu
The system service platform of OAuth is registered, and registration includes user's registration and endpoint to register;
Firstly, user registers user information and end message in the system service platform of OAuth, system saves user's registration letter
Breath, comprising the various userspersonal informations under various conventional Registration modes, meanwhile, unique user in system also generation system
The user that ID, user password can be used as auxiliary logs in and equipment logs on to the means of OAuth platform, and user still can make
OAuth service platform is logged in the mode of traditional username and password;
Secondly, the biometric information of user is acquired by client terminals, the life supported and can acquired comprising various terminals
Object identification information it is one or more, it is not and the setting of user according to system safety strategy, right for the biometric information of acquisition
These information save after being handled, save location can be in terminal device upload to system or be stored in simultaneously terminal and
System, the foundation as user's identification;
Endpoint to register is then user logs on to system platform using the user account of registration on the terminal device, acquisition and saves eventually
The description information of terminal is arranged to system in the feature identification information at end, and user can register one or more ends for authorization
The terminal device of end equipment, user account and user's registration after registration is bound, and terminal device logs to system are simultaneously run
Under the account name of registration user.
3. a kind of method of the OAuth service based on bio-identification as described in claim 1, which is characterized in that system service is flat
The open OAuth service of platform, the OAuth service of third-party application access system service platform provide the access choosing of OAuth service
, the mode that user selects OAuth to service on the interface of third-party application requests to authorize, and third-party application jumps to OAuth
The authorization interface that service platform provides, in next step, OAuth service platform determines the purpose terminal device of route request information.
4. a kind of method of OAuth service based on bio-identification as described in claim 1, which is characterized in that user's selection
After being authorized by OAuth platform, third-party application jumps to the interface OAuth, determines route messages and provides the mesh of authorization
Terminal is marked, method of determination includes manual mode and automatic mode;
Manual mode includes text search and wireless search mode, and text search is input descriptive matter in which there, comprising that can represent
The various description informations of terminal or user characteristics, wherein the access coding of terminal is the uniqueness that system distributes to terminal
Digital coding, system maps it onto the uniqueness characteristic information of the terminal in system, and user simply enters a number
Coding can find the terminal by system, simplify the discovery process of terminal with this, and system is carried out by inputting text to user
Search finds out the terminal for meeting input verbal description or operates in the terminal list under input account name, and user is in search result
Middle selection, or selected in used terminal history list;
Wireless search mode include the search based on NFC, bluetooth, WiFi or WiFi-Direct and DLNA, terminal not short distance without
Within the scope of line search or in the case where offline, it will be unable to search out the terminal, the terminal in historical search record is rendered as not
Available mode, for the first time in use, user need to search out available terminal by way of wireless search or text search, according to
Terminal access security settings, in the case where terminal profile needs to input access code, input access code to connect the terminal, at
The information for the terminal that function connected can be stored in third-party application client, and next time can be directly from history terminal when using
It is selected in list;
Automated manner is user setting and saves the link information of target terminal or specified terminal is arranged as trusted terminal
Equipment, OAuth platform will automatically attempt to connect and verify the terminal device, be somebody's turn to do in the security setting and verifying for meeting terminal connection
Terminal device is to connect automatically in the case where the terminal device of system registry and forward request message to the terminal.
5. a kind of method of OAuth service based on bio-identification as described in claim 1, which is characterized in that system will be used
The logging request at family is routed to the terminal that user specifies, and system after determining the target terminal for providing authorization function, attempt by system
To the terminal, such as failing, which successfully forwarded within the time for the forwarding validity period that system is specified, disappears for connection and forwarding authorization request message
Breath, this retransmission failure, user can set the multiple terminals of selection, can be in due order in the case where first terminal retransmission failure
Sequence is forwarded to next terminal of multiple terminal lists of user's selection, until message forwards successfully or proves an abortion.
6. a kind of method of OAuth service based on bio-identification as described in claim 1, which is characterized in that authorization requests
After message success routing forwarding to terminal set by user, terminal reminds user, comprising display notification message, vibrates terminal, broadcasts
Raise one's voice to its utmost the mode of sound, remind user to operate, choose whether to agree to authorization, user such as agrees to authorize, then in terminal acquisition and
The biometric information for obtaining user, after acquisition, according to the verification mode of the biometric information to acquisition of default, packet
The verifying for verifying and being sent to server-side containing terminal local, verifies the user biological identification information of acquisition, verifies whether
For the biometric information of the corresponding registration user of the terminal, such as within the validity period of authorization request message, user is not in terminal
Then refuse to authorize if upper progress Authorized operation, directly refusal authorization, authentication failed and acquisition user biological identification information failure.
7. a kind of method of OAuth service based on bio-identification as claimed in claim 2, which is characterized in that according to system
Setting to data processing method handles the biometric data of collected registration user, and processing mode includes each
Kind has irreversible and uniqueness processing mode, and data that treated are stored in the terminal of acquisition or upload to system platform
Save, as verifying user biological identification information foundation, and by user biological identification data and system ID users into
Row binding and mapping.
8. a kind of method of OAuth service based on bio-identification as claimed in claim 2, which is characterized in that user can be with
Terminal of the single or multiple terminals as authorization is registered and binds, the mode of binding is the hardware characteristics identification letter for obtaining terminal
Breath, is mapped with user account, and whether setting allows the same user account in multiple equipment while logging in, hardware characteristics
Identification information includes the hardware identification information of the various uniqueness in terminal, and user is in the terminal for being successfully selected authorization and by being somebody's turn to do
After terminal is authorized, which can be stored in the client and system of third-party application, and need next time in user
When authorization, which will appear in history terminal list, and user can directly select the terminal as target terminal, and user can also
To delete the end message saved.
9. a kind of method of OAuth service based on bio-identification as claimed in claim 6, which is characterized in that terminal acquisition
Biometric information verifies biometric information, according to system security setting, can be tested in terminal or in system
Card, whether the biometric information for verifying acquisition is the corresponding biometric information for registering user of the terminal, the mode of verifying
It is after being used the biometric information of the user of acquisition and calculating and handle with identical data processing method when registration, with
The verify data of preservation is compared, and obtains corresponding registration user information, then, compare acquisition terminal device information whether
For the terminal device bound under registration user name, the two comparison unanimously is then thought to be verified, it is also possible to verify multiple knowledges
The combination of other information, combination have order, by the recognition result of biometric information and the precedence of identification as identification
Order is all consistent can just be verified for foundation, recognition result and identification, can be further improved the safety of verifying with this.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510493553.XA CN105099704B (en) | 2015-08-13 | 2015-08-13 | A kind of OAuth service based on bio-identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510493553.XA CN105099704B (en) | 2015-08-13 | 2015-08-13 | A kind of OAuth service based on bio-identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105099704A CN105099704A (en) | 2015-11-25 |
| CN105099704B true CN105099704B (en) | 2018-12-28 |
Family
ID=54579336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510493553.XA Active CN105099704B (en) | 2015-08-13 | 2015-08-13 | A kind of OAuth service based on bio-identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105099704B (en) |
Families Citing this family (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| MX2018008303A (en) * | 2016-02-10 | 2018-09-21 | Mefon Ventures Inc | Authenticating or registering users of wearable devices using biometrics. |
| CN107180177A (en) * | 2016-03-10 | 2017-09-19 | 阿里巴巴集团控股有限公司 | The method and apparatus for obtaining user profile |
| CN106068636A (en) * | 2016-04-08 | 2016-11-02 | 汤美 | Educational facilities method for limiting and system based on internet |
| CN105931498A (en) * | 2016-06-06 | 2016-09-07 | 杭州领课科技有限公司 | Operation method of mobile terminal-foreign language learning platform |
| CN106656952B (en) * | 2016-09-21 | 2020-11-20 | 北京神州绿盟信息安全科技股份有限公司 | Authentication method, device and system for login equipment |
| CN106778523A (en) * | 2016-11-25 | 2017-05-31 | 努比亚技术有限公司 | Fingerprint input method and device |
| CN106982221A (en) * | 2017-04-24 | 2017-07-25 | 上海斐讯数据通信技术有限公司 | A kind of network authentication method, system and intelligent terminal |
| CN109981804A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团安徽有限公司 | Generation, recognition methods, system, equipment and the medium of terminal device identification id |
| CN108650246A (en) * | 2018-04-25 | 2018-10-12 | 广州逗号智能零售有限公司 | A kind of third party's account logon method, apparatus and system |
| CN110119610A (en) * | 2019-05-23 | 2019-08-13 | 湖北东方星海科技实业有限公司 | A kind of multiple-biological characteristic information safety certification detection method |
| CN111352501A (en) * | 2019-12-09 | 2020-06-30 | 华为技术有限公司 | Service interaction method and device |
| CN111291358A (en) * | 2020-03-07 | 2020-06-16 | 深圳市中天网景科技有限公司 | Authority authentication method, system, equipment and medium |
| CN111654468A (en) * | 2020-04-29 | 2020-09-11 | 平安国际智慧城市科技股份有限公司 | Secret-free login method, device, equipment and storage medium |
| CN111753170B (en) * | 2020-07-04 | 2021-08-17 | 上海德吾信息科技有限公司 | Big data quick retrieval system and method |
| CN111784355B (en) * | 2020-07-17 | 2023-03-10 | 支付宝(杭州)信息技术有限公司 | Transaction security verification method and device based on edge calculation |
| CN111931160B (en) * | 2020-08-13 | 2024-03-29 | 企查查科技股份有限公司 | Authority verification method, authority verification device, terminal and storage medium |
| CN112600856A (en) * | 2020-12-28 | 2021-04-02 | 青岛海尔科技有限公司 | Equipment authorization method and device, storage medium and electronic device |
| CN113132362B (en) * | 2021-03-31 | 2022-03-22 | 青岛中瑞汽车服务有限公司 | Trusted authorization method, trusted authorization device, electronic equipment and storage medium |
| CN114724279A (en) * | 2022-03-21 | 2022-07-08 | 贵州卓霖科技有限公司 | Information acquisition method and device based on coded lock, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
| CN102761537A (en) * | 2012-03-29 | 2012-10-31 | 北京奇虎科技有限公司 | Method and system for authentication and authorization on basis of client-side plug-in |
| CN103888265A (en) * | 2014-04-11 | 2014-06-25 | 上海博路信息技术有限公司 | Login system and method based on mobile terminal |
| CN104601594A (en) * | 2015-02-04 | 2015-05-06 | 北京云安世纪科技有限公司 | Identity authentication device and method of OTP (one time password) token-based equipment based on two-dimension codes |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9043886B2 (en) * | 2011-09-29 | 2015-05-26 | Oracle International Corporation | Relying party platform/framework for access management infrastructures |
-
2015
- 2015-08-13 CN CN201510493553.XA patent/CN105099704B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
| CN102761537A (en) * | 2012-03-29 | 2012-10-31 | 北京奇虎科技有限公司 | Method and system for authentication and authorization on basis of client-side plug-in |
| CN103888265A (en) * | 2014-04-11 | 2014-06-25 | 上海博路信息技术有限公司 | Login system and method based on mobile terminal |
| CN104601594A (en) * | 2015-02-04 | 2015-05-06 | 北京云安世纪科技有限公司 | Identity authentication device and method of OTP (one time password) token-based equipment based on two-dimension codes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105099704A (en) | 2015-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105099704B (en) | A kind of OAuth service based on bio-identification | |
| CN105162777B (en) | A kind of wireless network login method and device | |
| CN103888265B (en) | A kind of application login system and method based on mobile terminal | |
| EP2651097B1 (en) | Method of authenticating a user at a service on a service server, application and system | |
| US8332919B2 (en) | Distributed authentication system and distributed authentication method | |
| DK2924944T3 (en) | Presence authentication | |
| KR101451359B1 (en) | User account recovery | |
| US20070162963A1 (en) | Method of providing a centralised login | |
| US20130178190A1 (en) | Mobile device identification for secure device access | |
| CN101014958A (en) | System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces | |
| US9787678B2 (en) | Multifactor authentication for mail server access | |
| US20110289567A1 (en) | Service access control | |
| US20100030346A1 (en) | Control system and control method for controlling controllable device such as peripheral device, and computer program for control | |
| US11848926B2 (en) | Network authentication | |
| US11523332B2 (en) | Cellular network onboarding through wireless local area network | |
| CN104580237B (en) | A kind of method and its server, client and peripheral hardware of Website login | |
| AU2006348737B2 (en) | Policy control architecture comprising an indepent identity provider | |
| CN101616414A (en) | Method, system and server that terminal is authenticated | |
| CN108495292B (en) | Intelligent household short-distance equipment communication method | |
| CN107302785A (en) | A kind of cut-in method, smart machine, gateway and access system | |
| CN109962897B (en) | Open platform authentication and access method and system based on two-dimensional code scanning | |
| US11849326B2 (en) | Authentication of a user of a software application | |
| CN112887982B (en) | Intelligent authority management method, system, terminal and storage medium based on network | |
| CN108769080B (en) | Method and system for logging in website by mobile terminal and website server | |
| CN107318112A (en) | Register method, mobile terminal and the system of mobile terminal user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |