CN106506433B - Login authentication method, authentication server, authentication client and login client - Google Patents
Login authentication method, authentication server, authentication client and login client Download PDFInfo
- Publication number
- CN106506433B CN106506433B CN201510561123.7A CN201510561123A CN106506433B CN 106506433 B CN106506433 B CN 106506433B CN 201510561123 A CN201510561123 A CN 201510561123A CN 106506433 B CN106506433 B CN 106506433B
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- registration
- biological characteristic
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Abstract
The invention provides a login authentication method, an authentication server, an authentication client and a login client. The login authentication method is applied to an authentication server and comprises the following steps: acquiring an authentication request message generated by a login client in a terminal according to user identity identification information of a login user; triggering an authentication client to acquire the biological characteristic information of the user according to the authentication request message; receiving the biological characteristic information collected by the authentication client; and comparing the biological characteristic information with the pre-stored user biological characteristic registration information corresponding to the user identity identification information to generate an authentication result. According to the scheme, the authentication server is used for triggering the collection of the biological characteristic information, and when the terminal where the login client is located does not have the biological characteristic collection capacity, the user can also use the biological characteristic information for login operation, so that the flexibility of the user operation is improved.
Description
Technical Field
The present invention relates to the field of terminal technologies, and in particular, to a login authentication method, an authentication server, an authentication client, and a login client.
Background
Nowadays, smart terminals gradually start to have biometric identification capabilities, such as fingerprint identification, voiceprint identification, iris identification, and the like, and reach the commercial level. Compared with a user name and password mode, the method for authenticating the identity of the user through the biological characteristics has many advantages, the current biological characteristic identification function is mainly applied to an application program on an intelligent terminal, and the application program calls corresponding hardware equipment through a bottom layer interface to acquire the biological characteristic information of the user to identify the identity of the user.
If an application wants to log in using biometric authentication, it must satisfy: and a hardware device capable of acquiring the biological characteristic information of the user is arranged on the terminal for logging in the application program.
However, the existing biometric authentication generally has the following problems:
if a user accesses a website on a personal computer, the website is likely to be incapable of acquiring biological characteristic information such as user fingerprints;
in the case of an application on an intelligent terminal, a hardware device is generally required to be operated by calling a system interface to acquire the biometric information of the user. Unfortunately, to date, there is no such system interface in the smart terminal operating systems of google and apple, which increases the difficulty of developing the application to acquire the biometric features, and even if such system interface application is opened in the future to combine the user biometric features with the user authentication system, it is a work that needs a lot of effort, for example: the application program needs to identify whether the terminal has fingerprint identification capability, iris identification capability or not, and the like; and may result in reduced cross-device capabilities, even if such interfaces are available at the operating system level in the future, cross-platform problems remain for application development.
When the applications on the smart watch and the smart television need to log in by using the biological characteristics, the devices may not have the hardware for identifying the biological characteristics, so that the login operation of the applications cannot be realized, which brings great inconvenience to the user in operation.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a login authentication method, an authentication server, an authentication client and a login client, which are used for solving the problem that when the existing application program is set to adopt biological characteristics to log in a user, the user cannot log in because a terminal for operating the application program does not have hardware for collecting the biological characteristics, and great inconvenience is brought to the user operation.
In order to solve the above technical problem, an embodiment of the present invention provides a login authentication method, applied to an authentication server, including:
acquiring an authentication request message generated by a login client in a terminal according to user identity identification information of a login user;
triggering an authentication client to acquire the biological characteristic information of the user according to the authentication request message;
receiving the biological characteristic information collected by the authentication client;
and comparing the biological characteristic information with pre-stored registered biological characteristic information corresponding to the user identity identification information to generate an authentication result.
Further, the login authentication method further includes:
and sending the authentication result to the login client.
Further, the biometric information includes at least one of fingerprint information, face image information, iris information, and voiceprint information.
Further, the login authentication method further includes:
acquiring registration identification information and registration biological characteristic information of a user, which are acquired by an authentication client;
and generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
Further, the login authentication method further includes:
generating a registration result according to the user biological feature registration information;
and sending the registration result and the unique identity identification information of the user to an authentication client, so that the authentication client stores the identity identification information according to the registration result.
Further, the triggering, according to the authentication request message, the authentication client to acquire the biometric information of the user includes:
generating biological characteristic acquisition request information according to the user identity identification information in the authentication request message;
and sending the biological characteristic acquisition request information to the authentication client, so that the authentication client acquires the biological characteristic information of the user according to the biological characteristic acquisition request information.
Further, before the step of sending the biometric acquisition request information to the authentication client to enable the authentication client to acquire the biometric information of the user according to the biometric acquisition request information, the login authentication method further includes:
acquiring identity identification information stored by the authentication client;
and establishing a communication channel with the authentication client according to the identity identification information.
Further, the step of triggering the authentication client to acquire the biometric information of the user according to the authentication request message includes:
allocating a session identifier to the authentication session corresponding to the authentication request message;
sending the session identifier to the login client; wherein the content of the first and second substances,
the step of receiving the biometric information collected by the authentication client specifically comprises:
receiving the biometric information and the session identifier sent by the authentication client, wherein the biometric information is acquired by the authentication client based on the session identifier input by the user.
An embodiment of the present invention provides an authentication server, including:
the authentication request acquisition module is used for acquiring authentication request information generated by the login client according to the user identity identification information;
the triggering module is used for triggering the authentication client to acquire the biological characteristic information of the user according to the authentication request message;
the first receiving module is used for receiving the biological characteristic information collected by the authentication client;
and the comparison module is used for comparing the biological characteristic information with the pre-stored registered biological characteristic information corresponding to the user identity identification information to generate an authentication result.
Further, the authentication server further includes:
and the first sending module is used for sending the authentication result to the login client.
Further, the authentication server further includes:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user, which are acquired by the authentication client;
and the registration module is used for generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
Further, the authentication server further includes:
the registration result generating module is used for generating a registration result according to the user biological characteristic registration information;
and the second sending module is used for sending the registration result and the unique identity identification information of the user to the authentication client, so that the authentication client stores the identity identification information according to the registration result.
Further, the triggering module includes:
the acquisition request generating unit is used for generating biological characteristic acquisition request information according to the user identity identification information in the authentication request message;
and the first sending unit is used for sending the biological characteristic acquisition request information to the authentication client so that the authentication client acquires the biological characteristic information of the user according to the biological characteristic acquisition request information.
Further, the authentication server further includes:
the acquisition module is used for acquiring the identity identification information stored by the authentication client;
and the channel establishing module is used for establishing a communication channel with the authentication client according to the identity identification information.
Further, the triggering module includes:
the allocation unit is used for allocating a session identifier to the authentication session corresponding to the authentication request message;
a second sending unit, configured to send the session identifier to the login client; wherein the content of the first and second substances,
the first receiving module specifically comprises:
receiving the biometric information and the session identifier sent by the authentication client, wherein the biometric information is acquired by the authentication client based on the session identifier input by the user.
The embodiment of the invention provides a login authentication method, which is applied to an authentication client and comprises the following steps:
acquiring biological characteristic information according to the triggering of the authentication request message by the authentication server;
and sending the collected biological characteristic information to the authentication server, so that the authentication server compares the biological characteristic information with registered biological characteristic information corresponding to pre-stored user identity identification information to generate an authentication result.
Further, the login authentication method further includes:
collecting registration identification information and registration biological characteristic information of a user;
and sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
Further, the login authentication method further includes:
receiving a registration result and identity identification information sent by the authentication server;
and storing the identity identification information according to the registration result.
The embodiment of the invention provides an authentication client, which comprises:
the biological characteristic acquisition module is used for acquiring biological characteristic information according to the triggering of the authentication request message by the authentication server;
and the third sending module is used for sending the collected biological characteristic information to the authentication server, so that the authentication server compares the biological characteristic information with registered biological characteristic information corresponding to a pre-stored user identity identifier to generate an authentication result.
Further, the authenticating the client further comprises:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user;
and the fourth sending module is used for sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
Further, the authenticating the client further comprises:
the second receiving module is used for receiving the registration result and the identity identification information sent by the authentication server;
and the storage module is used for storing the identity identification information according to the registration result.
The embodiment of the invention provides a login authentication method, which is applied to a login client and comprises the following steps:
collecting user identity identification information when a user logs in;
generating authentication request information according to the user identity identification information;
and sending the authentication request information to an authentication server, so that the authentication server triggers an authentication client to acquire the biological characteristic information of the user according to the authentication request information.
Further, the login authentication method further includes:
and receiving an authentication result fed back by the authentication server.
Further, the login authentication method further includes:
and receiving the session identifier sent by the authentication server.
The embodiment of the invention provides a login client, which comprises:
the login information acquisition module is used for acquiring user identity identification information when a user logs in;
the authentication request generating module is used for generating authentication request information according to the user identity identification information;
and the fifth sending module is used for sending the authentication request information to an authentication server, so that the authentication server triggers an authentication client to acquire the biological characteristic information of the user according to the authentication request information.
Further, the login client further includes:
and the authentication result receiving module is used for receiving the authentication result fed back by the authentication server.
Further, the login client further includes:
and the session identifier receiving module is used for receiving the session identifier sent by the authentication server.
The invention has the beneficial effects that:
according to the scheme, the authentication server is used for triggering the collection of the biological characteristic information, so that the user can also use the biological characteristic information for login operation when the terminal where the login client is located has no biological characteristic collection capability, and the flexibility of the user operation is improved.
Drawings
FIG. 1 is a flowchart illustrating a login authentication method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a registration process according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a login authentication process according to a first embodiment of the present invention;
FIG. 4 is a diagram illustrating a registration process according to a second embodiment of the present invention;
FIG. 5 is a flowchart illustrating a login authentication process according to a second embodiment of the present invention;
FIG. 6 is a block diagram of an authentication server according to an embodiment of the present invention;
fig. 7 is a flowchart illustrating a login authentication method according to a fourth embodiment of the present invention;
FIG. 8 is a block diagram of an authentication client according to an embodiment of the present invention;
fig. 9 is a schematic diagram illustrating a login authentication process according to a sixth embodiment of the present invention;
fig. 10 is a block diagram of a login client according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
The invention provides a login authentication method, an authentication server, an authentication client and a login client, aiming at the problems that when the existing application program is set to adopt biological characteristics to log in a user, the user cannot log in due to the fact that a terminal for operating the application program does not have biological characteristic acquisition hardware, and great inconvenience is brought to the user operation.
Example one
As shown in fig. 1, the login authentication method according to the first embodiment of the present invention is applied to an authentication server, and includes:
the biometric information includes all feature information that can distinguish the user, such as fingerprint information, face image information, iris information, and voiceprint information.
It should be noted that the login client described in the present invention is usually embedded in an application program, and the application program is located on a terminal, for example, the application program may be an application program on a mobile phone, or a web application program on a computer; the authentication client is a device for collecting the biometric features required for the user to log in, and may be located on the same terminal as the application program or on a different terminal from the application program.
It should be noted that, in the embodiment of the present invention, by decoupling the user login and the user feature acquisition on the application program and associating the user login and the user feature acquisition with the authentication server, the biometric information of the user can be acquired without calling hardware devices by the local application program or the website application program on the terminal, so as to complete the capability of the user login authentication.
It should be noted that, after the authentication is completed, the authentication server generally needs to send the authentication result to the application program where the login client is located, so that the application program provides a subsequent operation function for the user according to the authentication result.
It should be noted that, in order to ensure that a user can normally operate according to a login client login application program, before the user logs in, the user usually needs to register, and the specific implementation steps are as follows:
acquiring registration identification information and registration biological characteristic information of a user, which are acquired by an authentication client;
and generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
It should be noted that the registered biometric information may be one of fingerprint information, face image information, iris information, and voiceprint information, or a combination of the above.
It should be noted that, when performing user registration, the authentication client may detect the registration identification information of the user when the user registers, for example, the authentication client specifies that the mobile phone number of the user is used as the unique identification information of the user, and when the mobile phone number input by the user is a registered number, the user cannot register with the mobile phone number, and at this time, the user needs to replace another mobile phone number for registration; some authentication clients may not recognize the registration identification information of the user, and the authentication server allocates a unique identification information to the user after the user is registered.
Only if the user registers, the registration information is stored in the authentication server, and the subsequent user can log in according to the login client when using the application program.
After the user registers, the user can log in by using the login client and then perform related operations of the application program.
In the first embodiment of the present invention, the specific implementation steps of the step 120 may be:
step 121, generating a biological characteristic acquisition request message according to the user identity identification information in the authentication request message;
and step 122, sending the biological characteristic acquisition request information to the authentication client, so that the authentication client acquires the biological characteristic information of the user according to the biological characteristic acquisition request information.
It should be noted that to implement the communication between the authentication server and the authentication client, a communication channel between the authentication server and the authentication client must be established before sending the biometric acquisition request information, and therefore, in this embodiment, the login authentication method further includes:
generating a registration result according to the user biological feature registration information;
and sending the registration result and the unique identity identification information of the user to an authentication client, so that the authentication client stores the identity identification information according to the registration result.
When the authentication client side stores the identity identification information of the registered user, when the biological characteristic acquisition request information needs to be sent to the authentication client side, if a communication channel is not established between the authentication client side and the authentication server, the authentication server side needs to realize the following steps:
acquiring identity identification information stored by the authentication client;
and establishing a communication channel with the authentication client according to the identity identification information.
It should be noted that, when the login user does not log in the authentication server by using the authentication client, the login user needs to log in the authentication client side first, and after the user logs in and establishes a communication channel with the authentication server, the authentication server can send the biometric acquisition request information to the corresponding authentication client used for logging in by the user; when the authentication client is disconnected with the authentication server due to shutdown or power failure of the terminal where the authentication client is located, after the authentication client is restarted, the user can automatically log in according to the identity identification information stored in the authentication client, a communication channel with the authentication server is established, and the authentication client waits for receiving the biological characteristic acquisition request information of the authentication server; meanwhile, the user can log in the authentication server by using other authentication clients, establish a communication channel with the authentication server and wait for receiving the biological characteristic acquisition request information of the authentication server.
As shown in fig. 2, in this embodiment, the process of registering by the user using the authentication client and the authentication server is as follows:
step S101, an authentication client collects user biological characteristic registration information, wherein the user biological characteristic registration information comprises user registration identification information (such as a user name and a mailbox address input by a user) and registration biological characteristic information of the user; meanwhile, the user biometric registration information may also include some other personal information used in the user registration, such as: information such as gender, home address, etc.;
step S102, the authentication client submits the user biological characteristic registration information to an authentication server, wherein the submission indicates that the authentication client sends the collected user biological characteristic registration information to the authentication server in an agreed format by using an interface or a protocol between the authentication client and the authentication server;
step S103, the authentication server generates the unique identity information of the user according to the user biological characteristic registration information, wherein the identity information is the only information representing the user identity, such as the email address and the mobile phone number of the user, or an identifier generated by the authentication server, and then the authentication service stores the user biological characteristic registration information;
step S104, the authentication server generates a registration result and sends the registration result and the identity identification information to the authentication client;
step S105, the authentication client stores the identity identification information according to the registration result; it should be noted that the authentication client only stores the identification information when the registration result indicates that the user is successfully registered.
It should be noted that the authentication client stores the identity information in step S205 to facilitate establishment of a communication channel between the authentication client and the authentication server, and it should be noted that the communication channel here may be an IP Push channel.
As shown in fig. 3, in this embodiment, the interaction flow of the authentication server, the authentication client, and the login client on the application program is as follows:
step 1.1, a login client in the application program acquires user identity identification information logged in by a user, wherein the acquisition mode can be various, such as manual input by the user, or the authentication client sends the user identity identification stored in the user registration step to the application program in a near field communication mode, and the specific acquisition mode depends on an application scene;
step 1.2, the login client sends a request authentication message to the authentication server after acquiring the user identity, wherein the request authentication message carries user identity information;
step 1.3, after receiving the request authentication message, the authentication server sends a biological characteristic acquisition request message to the authentication client, the realization mode of the step is to adopt the existing subscription and release technology, and in practical application, a subscription and release method based on IP Push can be adopted to inform the biological characteristic acquisition request message to the authentication client used by a login user for logging in the authentication server;
step 1.4, after receiving the request message of collecting biological characteristics, the authentication client end guides the user to finish collecting biological characteristics, for example: acquiring fingerprint information of a user by using a fingerprint identification technology;
step 1.5, the authentication client side returns the collected biological characteristic information of the user to the authentication server;
step 1.6, the authentication server performs login authentication of the user according to the biological characteristic information fed back by the authentication client, it should be noted that the authentication server can automatically identify user identity identification information corresponding to the biological characteristic information, then searches registered biological characteristic information corresponding to the user identity identification information in the user biological characteristic registration information, then compares the biological characteristic information with the registered biological characteristic information and generates an authentication result, if the biological characteristic information is consistent with the registered biological characteristic information, the authentication is passed, otherwise the authentication is not passed;
and step 1.7, the authentication server returns the authentication result to the application program where the login client is located, so that the application program provides subsequent operation for the user according to the authentication result.
It should be noted that, in the first embodiment of the present invention, the authentication server is used to associate the authentication client for collecting the biometric features with the login client in the application program, so that when the terminal where the application program is located has the biometric feature collection capability, the application program may not directly call its own communication interface to communicate with the hardware for collecting the biometric features, thereby reducing the development difficulty of the application program; when the terminal where the application program is located does not have the biological characteristic acquisition capability, the authentication server can realize the biological characteristic acquisition capability through the cooperation with the application program and the authentication client, so that the user can log in the application program by using the biological characteristic information.
Example two
The second embodiment of the present invention provides another login authentication method, which is applied to an authentication server, and includes:
It should be noted that, in order to ensure that a user can normally operate according to a login client login application program, before the user logs in, the user usually needs to register, and the specific implementation steps are as follows:
acquiring registration identification information and registration biological characteristic information of a user, which are acquired by an authentication client;
and generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
It should be noted that the registered biometric information may be one of fingerprint information, face image information, iris information, and voiceprint information, or a combination of the above.
Only if the user registers, the registration information is stored in the authentication server, and the subsequent user can log in according to the login client when using the application program.
After the user registers, the user can log in by using the login client and then perform related operations of the application program.
In the first embodiment of the present invention, the specific implementation steps of the step 120 may be:
step 123, assigning a session identifier to the authentication session corresponding to the authentication request message;
step 124, sending the session identifier to the login client; wherein the content of the first and second substances,
the step 130 specifically includes:
receiving the biometric information and the session identifier sent by the authentication client, wherein the biometric information is acquired by the authentication client based on the session identifier input by the user.
It should be noted that, in the second embodiment of the present invention, the authentication client is not triggered to acquire the biometric information in the IP Push manner in the first embodiment, but the authentication server generates a session identifier according to the authentication request message, where the session identifier is an instruction for triggering the authentication client to acquire the biometric information; the authentication client acquires the session identifier in a specific manner, and then collects the biometric information.
In the second embodiment, a communication channel between the authentication server and the authentication client does not need to be established, so that the authentication client side does not need to store the identity information of the user registration, as shown in fig. 4, in the second embodiment, the user registration process specifically includes:
in step S201, the authentication client collects user biometric registration information, where the user biometric registration information includes user registration identification information (e.g., a user name and a mailbox address input by a user) and registration biometric information of the user. Meanwhile, the user biometric registration information may also include some other personal information used in the user registration, such as: information such as gender, home address, etc.;
step S202, the authentication client submits the user biological characteristic registration information to the authentication server, wherein the submission indicates that the authentication client sends the collected user biological characteristic registration information to the authentication server in an agreed format by using an interface or a protocol between the authentication client and the authentication server;
step S203, the authentication server generates unique identification information of the user according to the user biometric registration information, it should be noted that the identification information is information uniquely representing the user identity, for example, the identification may be an email address or a mobile phone number of the user, or an identifier generated by the authentication server itself, and the authentication service stores the user biometric registration information.
As shown in fig. 5, in the second embodiment, the interaction flow of the authentication server, the authentication client, and the login client on the application program is as follows:
step 2.1, a login client in the application program acquires user identity identification information of user login;
step 2.2, the login client sends a request authentication message to the authentication server after acquiring the user identity, wherein the request authentication message carries user identity information;
step 2.3, the authentication server generates a session identifier according to the request authentication message, and it should be noted that the session identifier is used for uniquely identifying a user authentication process;
step 2.4, the login client sends an authentication session identifier request message to the authentication server;
step 2.5, the authentication server feeds back the session identifier to the login client;
step 2.6, the login client exposes the received session identifier to the user, for example, the session identifier can be directly displayed on a login interface, or the login client generates the session identifier into a two-dimensional code image for the user to use;
step 2.7, the user inputs the session identifier to the authentication client, the user can adopt a mode of directly inputting the session identifier or adopt a mode of operating the authentication client to scan the two-dimensional code, and then the authentication client obtains the session identifier by analyzing the two-dimensional code;
step 2.8, the authentication client guides the user to finish the collection of the biological characteristics according to the session identifier;
step 2.9, the authentication client side returns the collected biological characteristic information of the user and the session identifier to the authentication server together;
step 3.0, the authentication server searches for user identity identification information corresponding to the session identifier according to the session identifier fed back by the authentication client, then searches for registered biological characteristic information corresponding to the user identity identification information in the user biological characteristic registration information, then compares the biological characteristic information with the registered biological characteristic information, generates an authentication result, if the biological characteristic information is consistent with the registered biological characteristic information, the authentication is passed, otherwise, the authentication is not passed;
step 3.1, the login client requests a user authentication result from the authentication server, and the step can be triggered by a certain mechanism, such as timed polling, user operation and the like, and queries the authentication result from the authentication server, wherein the query carries a session identifier;
and 3.2, the authentication server returns the authentication result to the application program where the login client is located according to the request of the login client, so that the application program provides subsequent operation for the user according to the authentication result.
It should be noted that, compared with the first embodiment, the second embodiment of the present invention reduces the development difficulty of the authentication server; meanwhile, in the second embodiment, the application program and the biometric feature acquisition authentication are decoupled, so that the login process of the user according to the biometric feature can be realized when the terminal where the application program is located cannot perform biometric feature acquisition.
EXAMPLE III
Corresponding to the login authentication method, as shown in fig. 6, a third embodiment of the present invention provides an authentication server, including:
an authentication request obtaining module 11, configured to obtain authentication request information generated by a login client according to user identity information;
the triggering module 12 is configured to trigger the authentication client to acquire biometric information of the user according to the authentication request message;
a first receiving module 13, configured to receive biometric information collected by the authentication client;
a comparison module 14, configured to compare the biometric information with pre-stored registered biometric information corresponding to the user identity information, and generate an authentication result.
Further, the authentication server further includes:
and the first sending module is used for sending the authentication result to the login client.
Further, the authentication server further includes:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user, which are acquired by the authentication client;
and the registration module is used for generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
Optionally, the authentication server further comprises:
the registration result generating module is used for generating a registration result according to the user biological characteristic registration information;
and the second sending module is used for sending the registration result and the unique identity identification information of the user to the authentication client, so that the authentication client stores the identity identification information according to the registration result.
Optionally, in a first implementation manner, the triggering module 12 includes:
the acquisition request generating unit is used for generating biological characteristic acquisition request information according to the user identity identification information in the authentication request message;
and the first sending unit is used for sending the biological characteristic acquisition request information to the authentication client so that the authentication client acquires the biological characteristic information of the user according to the biological characteristic acquisition request information.
Optionally, the authentication server further comprises:
the acquisition module is used for acquiring the identity identification information stored by the authentication client;
and the channel establishing module is used for establishing a communication channel with the authentication client according to the identity identification information.
Optionally, in a second implementation manner, the triggering module 12 includes:
the allocation unit is used for allocating a session identifier to the authentication session corresponding to the authentication request message;
a second sending unit, configured to send the session identifier to the login client; wherein the content of the first and second substances,
the first receiving module 13 specifically includes:
receiving the biometric information and the session identifier sent by the authentication client, wherein the biometric information is acquired by the authentication client based on the session identifier input by the user.
Example four
As shown in fig. 7, a fourth embodiment of the present invention provides a login authentication method, which is applied to an authentication client, and includes:
Specifically, the login authentication method further includes:
collecting registration identification information and registration biological characteristic information of a user;
and sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
Specifically, the login authentication method further includes:
receiving a registration result and identity identification information sent by the authentication server;
and storing the identity identification information according to the registration result.
In the first and second embodiments, all descriptions about the authentication client are applied to the embodiment of the login authentication method for the application authentication client, and the same technical effects as those of the embodiment can be achieved.
EXAMPLE five
Corresponding to the login authentication method, as shown in fig. 8, an authentication client according to the fifth embodiment of the present invention includes:
the acquisition request acquisition module 21 is configured to acquire biometric information according to triggering of the authentication server according to the authentication request message;
a third sending module 22, configured to send the collected biometric information to the authentication server, so that the authentication server compares the biometric information with registered biometric information corresponding to a pre-stored user identity, and generates an authentication result.
Specifically, the authenticating client further includes:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user;
and the fourth sending module is used for sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
Specifically, the authenticating client further includes:
the second receiving module is used for receiving the registration result and the identity identification information sent by the authentication server;
and the storage module is used for storing the identity identification information according to the registration result.
EXAMPLE six
As shown in fig. 9, a sixth embodiment of the present invention provides a login authentication method, applied to a login client, including:
Specifically, the login authentication method further includes:
and receiving an authentication result fed back by the authentication server.
Specifically, when the implementation manner of the second embodiment is adopted, the login authentication method further includes:
and receiving the session identification information sent by the authentication server.
In the first and second embodiments, all the descriptions about the login client are applied to the embodiment of the login authentication method of the application login client, and the same technical effects as those of the first and second embodiments can be achieved.
EXAMPLE seven
Corresponding to the login authentication method, as shown in fig. 10, a login client according to a seventh embodiment of the present invention includes:
a login information collecting module 31, configured to collect user identification information when a user logs in;
an authentication request generation module 32, configured to generate authentication request information according to the user identity information;
a fifth sending module 33, configured to send the authentication request information to an authentication server, so that the authentication server generates biometric acquisition request information according to the authentication request information.
Further, the login client further includes:
and the authentication result receiving module is used for receiving the authentication result fed back by the authentication server.
Optionally, the login client further includes:
and the session identification receiving module is used for receiving the session identification information sent by the authentication server.
It should be noted that, by using the authentication server to trigger the biometric information collection, when there is no biometric collection capability on the login client side, the user can also use the biometric information to perform login operation, thereby improving the flexibility of user operation.
While the preferred embodiments of the present invention have been described, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims.
Claims (32)
1. A login authentication method, comprising:
the authentication server acquires an authentication request message from a login client in a terminal, wherein the terminal does not operate a system interface for collecting biological characteristic information by being called by an application program;
the authentication server generates biological characteristic acquisition request information according to the user identity identification information in the authentication request message;
the authentication server sends the biological characteristic acquisition request information to the authentication client through a communication channel between the authentication server and the authentication client, so that the authentication client acquires the biological characteristic information of the user according to the biological characteristic acquisition request information;
the authentication server receives the biological characteristic information collected by the authentication client through a communication channel between the authentication server and the authentication client so as to compare the biological characteristic information with the pre-stored registered biological characteristic information corresponding to the user identity identification information and generate an authentication result.
2. The login authentication method according to claim 1, further comprising:
and sending the authentication result to the login client.
3. The login authentication method of claim 1, wherein the biometric information comprises at least one of fingerprint information, iris information, and voiceprint information.
4. The login authentication method according to claim 1, further comprising:
acquiring registration identification information and registration biological characteristic information of a user, which are acquired by an authentication client;
and generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
5. The login authentication method according to claim 4, further comprising:
generating a registration result according to the user biological feature registration information;
and sending the registration result and the unique identity identification information of the user to an authentication client, so that the authentication client stores the identity identification information according to the registration result.
6. The login authentication method of claim 1, wherein before the authentication server sends the biometric acquisition request message to the authentication client through a communication channel with the authentication client, the login authentication method further comprises:
acquiring identity identification information stored by the authentication client;
and establishing a communication channel with the authentication client according to the identity identification information.
7. A login authentication method, comprising:
the authentication server acquires an authentication request message carrying user identity identification information from a login client in a terminal, wherein the terminal does not operate a system interface for collecting biological characteristic information by being called by an application program;
the authentication server allocates a session identifier to the authentication session corresponding to the authentication request message;
the authentication server sends the session identifier to the login client;
the authentication server receives the biological characteristic information and the session identifier sent by the authentication client through a communication channel between the authentication server and the authentication client so as to compare the biological characteristic information with pre-stored registered biological characteristic information corresponding to the user identity identification information and generate an authentication result; wherein the biometric information is collected by the authentication client based on the session identifier entered by the user.
8. The login authentication method according to claim 7, further comprising:
and sending the authentication result to the login client.
9. The login authentication method of claim 7, wherein the biometric information comprises at least one of fingerprint information, iris information, and voiceprint information.
10. The login authentication method according to claim 7, further comprising:
acquiring registration identification information and registration biological characteristic information of a user, which are acquired by an authentication client;
and generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
11. The login authentication method according to claim 10, further comprising:
generating a registration result according to the user biological feature registration information;
and sending the registration result and the unique identity identification information of the user to an authentication client, so that the authentication client stores the identity identification information according to the registration result.
12. An authentication server, comprising:
the trigger module is used for acquiring an authentication request message from a login client in a terminal, generating biological characteristic acquisition request information according to user identity identification information in the authentication request message, and sending the biological characteristic acquisition request information to an authentication client through a communication channel between the trigger module and the authentication client so that the authentication client acquires the biological characteristic information of a user according to the biological characteristic acquisition request information;
the first receiving module is used for receiving the biological characteristic information collected by the authentication client through a communication channel between the first receiving module and the authentication client;
the comparison module is used for comparing the biological characteristic information with pre-stored registered biological characteristic information corresponding to the user identity identification information to generate an authentication result;
wherein the terminal has no system interface called by an application program to operate the authentication client to collect the biometric information.
13. The authentication server according to claim 12, wherein the authentication server further comprises:
and the first sending module is used for sending the authentication result to the login client.
14. The authentication server according to claim 12, wherein the authentication server further comprises:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user, which are acquired by the authentication client;
and the registration module is used for generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
15. The authentication server of claim 14, further comprising:
the registration result generating module is used for generating a registration result according to the user biological characteristic registration information;
and the second sending module is used for sending the registration result and the unique identity identification information of the user to the authentication client, so that the authentication client stores the identity identification information according to the registration result.
16. The authentication server according to claim 12, wherein the authentication server further comprises:
the acquisition module is used for acquiring the identity identification information stored by the authentication client;
and the channel establishing module is used for establishing a communication channel with the authentication client according to the identity identification information.
17. An authentication server, comprising:
the system comprises a triggering module, a login client and a terminal, wherein the triggering module is used for acquiring an authentication request message carrying user identity identification information from the login client in the terminal, allocating a session identifier to an authentication session corresponding to the authentication request message, and sending the session identifier to the login client;
the first receiving module is used for receiving the biometric information and the session identifier sent by the authentication client through a communication channel with the authentication client;
the comparison module is used for comparing the biological characteristic information with pre-stored registered biological characteristic information corresponding to the user identity identification information to generate an authentication result;
wherein the terminal is absent of a system interface that is invoked by an application to operate the authentication client to collect biometric information that the authentication client collects based on the session identifier input by the user.
18. The authentication server of claim 17, further comprising:
and the first sending module is used for sending the authentication result to the login client.
19. The authentication server of claim 17, further comprising:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user, which are acquired by the authentication client;
and the registration module is used for generating unique identity identification information of the user according to the registration identification information, and correspondingly storing the identity identification information and the registration biological characteristic information to generate the biological characteristic registration information of the user.
20. The authentication server of claim 19, further comprising:
the registration result generating module is used for generating a registration result according to the user biological characteristic registration information;
and the second sending module is used for sending the registration result and the unique identity identification information of the user to the authentication client, so that the authentication client stores the identity identification information according to the registration result.
21. A login authentication method, comprising:
the method comprises the steps that an authentication client receives biological characteristic acquisition request information sent by an authentication server through a communication channel between the authentication client and the authentication server, wherein the biological characteristic acquisition request information is generated according to user identity identification information in an authentication request message after the authentication server acquires the authentication request message from a login client in a terminal, and the terminal does not pass through a system interface called by an application program to operate the authentication client to acquire the biological characteristic information;
the authentication client side collects the biological characteristic information according to the biological characteristic collection request information sent by the authentication server;
and the authentication client sends the acquired biological characteristic information to the authentication server through a communication channel between the authentication client and the authentication server, so that the authentication server compares the biological characteristic information with registered biological characteristic information corresponding to pre-stored user identity identification information to generate an authentication result.
22. The login authentication method of claim 21, further comprising:
collecting registration identification information and registration biological characteristic information of a user;
and sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
23. The login authentication method of claim 22, further comprising:
receiving a registration result and identity identification information sent by the authentication server;
and storing the identity identification information according to the registration result.
24. A login authentication method, comprising:
the method comprises the steps that an authentication client side obtains a session identifier input by a user, wherein the session identifier is distributed to an authentication session corresponding to an authentication request message and sent to a login client side after the authentication server obtains the authentication request message from the login client side in a terminal, and the terminal does not pass through a system interface called by an application program to operate the authentication client side to collect biological characteristic information;
the authentication client acquires the biological characteristic information based on the session identifier;
and the authentication client sends the biological characteristic information and the session identifier to an authentication server through a communication channel between the authentication client and the authentication server, so that the authentication server obtains user identity identification information according to the session identifier, and compares the biological characteristic information with pre-stored registered biological characteristic information corresponding to the user identity identification information to generate an authentication result.
25. The login authentication method of claim 24, further comprising:
collecting registration identification information and registration biological characteristic information of a user;
and sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
26. The login authentication method of claim 25, further comprising:
receiving a registration result and identity identification information sent by the authentication server;
and storing the identity identification information according to the registration result.
27. An authentication client, comprising:
the biological characteristic acquisition module is used for receiving biological characteristic acquisition request information sent by the authentication server through a communication channel between the authentication client and the authentication server and acquiring the biological characteristic information according to the biological characteristic acquisition request information sent by the authentication server;
the third sending module is used for sending the acquired biological characteristic information to the authentication server through a communication channel between the authentication client and the authentication server, so that the authentication server compares the biological characteristic information with registered biological characteristic information corresponding to pre-stored user identity identification information to generate an authentication result;
the biometric acquisition request information is generated by the authentication server according to the user identity identification information in the authentication request information after the authentication server acquires the authentication request information from a login client in a terminal, and the terminal does not operate a system interface which is called by an application program to acquire the biometric information by the authentication client.
28. The authentication client of claim 27, further comprising:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user;
and the fourth sending module is used for sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
29. The authentication client according to claim 28, further comprising:
the second receiving module is used for receiving the registration result and the identity identification information sent by the authentication server;
and the storage module is used for storing the identity identification information according to the registration result.
30. An authentication client, comprising:
the system comprises a biological characteristic acquisition module, a conversation identification code generation module and a biological characteristic information acquisition module, wherein the biological characteristic acquisition module is used for acquiring a conversation identification code input by a user and acquiring biological characteristic information based on the conversation identification code;
a third sending module, configured to send the biometric information and the session identifier to an authentication server through a communication channel with the authentication server, so that the authentication server compares the biometric information with pre-stored registered biometric information corresponding to user identity information to generate an authentication result;
the session identifier is allocated to an authentication session corresponding to an authentication request message by the authentication server after the authentication server acquires the authentication request message from a login client in a terminal and is sent to the login client, and the terminal does not pass through a system interface which is called by an application program to operate the authentication client to collect biological characteristic information.
31. The authentication client according to claim 30, further comprising:
the registration information acquisition module is used for acquiring registration identification information and registration biological characteristic information of the user;
and the fourth sending module is used for sending the registration identification information and the registration biological characteristic information to the authentication server, so that the authentication server generates the user biological characteristic registration information according to the registration identification information and the registration biological characteristic information.
32. The authentication client according to claim 31, further comprising:
the second receiving module is used for receiving the registration result and the identity identification information sent by the authentication server;
and the storage module is used for storing the identity identification information according to the registration result.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510561123.7A CN106506433B (en) | 2015-09-06 | 2015-09-06 | Login authentication method, authentication server, authentication client and login client |
| PCT/CN2016/087485 WO2017036243A1 (en) | 2015-09-06 | 2016-06-28 | Login authentication method, authentication server, authentication client and login client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510561123.7A CN106506433B (en) | 2015-09-06 | 2015-09-06 | Login authentication method, authentication server, authentication client and login client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106506433A CN106506433A (en) | 2017-03-15 |
| CN106506433B true CN106506433B (en) | 2021-04-20 |
Family
ID=58186606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510561123.7A Active CN106506433B (en) | 2015-09-06 | 2015-09-06 | Login authentication method, authentication server, authentication client and login client |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN106506433B (en) |
| WO (1) | WO2017036243A1 (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108876385B (en) * | 2017-05-11 | 2020-06-16 | 创新先进技术有限公司 | Identity authentication method, device and system |
| CN107896208B (en) * | 2017-10-23 | 2020-09-25 | 国政通科技股份有限公司 | Identity authentication method and system |
| CN108683684B (en) * | 2018-06-13 | 2021-03-09 | 北京云中融信网络科技有限公司 | Method, device and system for logging in target instant messaging application |
| CN108766442B (en) * | 2018-06-15 | 2020-11-06 | 清华大学 | Identity authentication method and device based on voiceprint graphic identification |
| CN110634478A (en) * | 2018-06-25 | 2019-12-31 | 百度在线网络技术(北京)有限公司 | Method and apparatus for processing speech signal |
| CN110166417B (en) * | 2018-08-01 | 2021-10-01 | 腾讯科技(深圳)有限公司 | Task execution method and device, computer equipment and storage medium |
| CN108881301A (en) * | 2018-08-02 | 2018-11-23 | 珠海宏桥高科技有限公司 | A kind of identity identifying method based on block chain |
| CN111104657A (en) * | 2018-10-25 | 2020-05-05 | 中国电信股份有限公司 | Identity authentication method and system, authentication platform, user terminal and application terminal |
| CN109992680A (en) * | 2018-12-13 | 2019-07-09 | 阿里巴巴集团控股有限公司 | Information processing method, device, electronic equipment and computer readable storage medium |
| CN112291188B (en) * | 2019-09-23 | 2023-02-10 | 中建材信息技术股份有限公司 | Registration verification method and system, registration verification server and cloud server |
| CN111309131A (en) * | 2020-01-18 | 2020-06-19 | 东莞肯博尔电子科技有限公司 | Safety guarantee system for storage of micro server of electronic computer |
| CN111371755B (en) * | 2020-02-24 | 2023-01-10 | 平安科技(深圳)有限公司 | Voiceprint data processing method and device, computer equipment and storage medium |
| CN111343080B (en) * | 2020-02-28 | 2020-12-04 | 北京芯盾时代科技有限公司 | Agent-based mail service method, server, client and system |
| CN114731289A (en) * | 2020-02-28 | 2022-07-08 | 华为技术有限公司 | User identification verification method and related equipment |
| CN111581624B (en) * | 2020-05-18 | 2023-06-20 | 中科美络科技股份有限公司 | Intelligent terminal user identity authentication method |
| CN111475793A (en) * | 2020-06-19 | 2020-07-31 | 支付宝(杭州)信息技术有限公司 | Access control method, user registration method, user login method, device and equipment |
| CN112422575B (en) * | 2020-11-24 | 2023-05-12 | 中国农业银行股份有限公司东莞分行 | Control method and system for network access based on remote identity authentication |
| CN112199663B (en) * | 2020-12-03 | 2021-04-06 | 飞天诚信科技股份有限公司 | Authentication method and system for no user name |
| CN112685716A (en) * | 2021-03-18 | 2021-04-20 | 北京远鉴信息技术有限公司 | Decentralized identity authentication system and authentication method |
| CN116599764B (en) * | 2023-06-28 | 2023-09-19 | 央广云听文化传媒有限公司 | Application login method, application login device, storage medium and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174948A (en) * | 2006-11-02 | 2008-05-07 | 上海银晨智能识别科技有限公司 | Network login system and method with face authentication |
| CN103095454A (en) * | 2012-12-07 | 2013-05-08 | 大连奥林匹克电子城咨信商行 | Online login identification authentication method based on human face matching |
| US20130336637A1 (en) * | 2012-06-15 | 2013-12-19 | Sony Corporation | Information processing device and information processing method, computer program, and information communication system |
| CN104765998A (en) * | 2015-04-16 | 2015-07-08 | 国家电网公司 | User identity reliably-verifying system based on face identification and using method thereof |
-
2015
- 2015-09-06 CN CN201510561123.7A patent/CN106506433B/en active Active
-
2016
- 2016-06-28 WO PCT/CN2016/087485 patent/WO2017036243A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174948A (en) * | 2006-11-02 | 2008-05-07 | 上海银晨智能识别科技有限公司 | Network login system and method with face authentication |
| US20130336637A1 (en) * | 2012-06-15 | 2013-12-19 | Sony Corporation | Information processing device and information processing method, computer program, and information communication system |
| CN103095454A (en) * | 2012-12-07 | 2013-05-08 | 大连奥林匹克电子城咨信商行 | Online login identification authentication method based on human face matching |
| CN104765998A (en) * | 2015-04-16 | 2015-07-08 | 国家电网公司 | User identity reliably-verifying system based on face identification and using method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106506433A (en) | 2017-03-15 |
| WO2017036243A1 (en) | 2017-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106506433B (en) | Login authentication method, authentication server, authentication client and login client | |
| CN109525990B (en) | Wireless screen projection method and device, computer equipment and storage medium | |
| KR102095687B1 (en) | Two-dimensional code information query method, server, client and system | |
| US10065119B2 (en) | Game accessing method and processing method, server, terminal, and system | |
| WO2019019644A1 (en) | Push server allocation method and apparatus, and computer device and storage medium | |
| KR101096939B1 (en) | Authentication terminal and authentication method | |
| TWI778296B (en) | Information processing method, device, electronic device, and computer-readable storage medium | |
| CN110266658B (en) | Information updating method and device, electronic equipment and storage medium | |
| CN113615141B (en) | Account association method, device, system, server and storage medium | |
| CN103401907A (en) | Synchronous processing method and system for login information of application program | |
| CN104156246A (en) | Method and device for gray scale upgrade | |
| CN106657625B (en) | Terminal paging method and system | |
| CN109067883B (en) | Information pushing method and device | |
| CN105704133A (en) | Method, terminal and server for data synchronism | |
| CN109729346B (en) | Remote debugging method and system for television, debugging terminal and television terminal | |
| CN111338971A (en) | Application testing method and device, electronic equipment and storage medium | |
| JP5061991B2 (en) | Browser-mounted device / phone linkage method, browser-mounted device / phone linkage system, and browser-mounted device / phone linkage device | |
| CN112507731A (en) | Conference information processing method and device and readable storage medium | |
| CN111181832B (en) | Account creating method, device, system, server and storage medium | |
| CN111930482A (en) | Task processing method, device and equipment based on node cluster and storage medium | |
| CN108924145B (en) | Network transmission method, device and equipment | |
| CN111581624A (en) | Intelligent terminal user identity authentication method | |
| CN109040331B (en) | Electronic business card processing method and device, computing equipment and storage medium | |
| CN107018140B (en) | Authority control method and system | |
| CN114268445A (en) | Authentication method, device and system for cloud mobile phone application, authentication module and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |