CN106789918A - Give account number, protection account number safety, the method and apparatus of account anti-theft for change - Google Patents
Give account number, protection account number safety, the method and apparatus of account anti-theft for change Download PDFInfo
- Publication number
- CN106789918A CN106789918A CN201611060402.6A CN201611060402A CN106789918A CN 106789918 A CN106789918 A CN 106789918A CN 201611060402 A CN201611060402 A CN 201611060402A CN 106789918 A CN106789918 A CN 106789918A
- Authority
- CN
- China
- Prior art keywords
- information
- account number
- biological characteristic
- authentication
- identity document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Collating Specific Patterns (AREA)
Abstract
The present invention relates to a kind of method of account anti-theft, the method for protection account number safety, the method and apparatus for giving account number for change.The method of the account anti-theft, comprises the following steps:Receive the sensitive operation request to account number mark;If the equipment for initiating request is authorisation device, then the level of security according to sensitive operation obtains corresponding verification mode, and the checking information is carried out into checking to the checking information for uploading by the checking information for having stored corresponding to the verification mode is verified result;If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this sensitive operation;The verification mode is verified including user biological characteristic information;If the equipment is not authorisation device, the prompt message that sensitive operation is carried out in authorisation device is returned.It is authenticated by user biological characteristic information and identity document information, improves the security of account number.
Description
Patent Office of the People's Republic of China, Application No. 201510900205.X, invention name are submitted to this application claims on December 8th, 2015
The priority of the Chinese patent application for referred to as " giving account number, protection account number safety, the method and apparatus of account anti-theft for change ", its whole
Content is hereby incorporated by reference in the application.
Technical field
The present invention relates to information security field, more particularly to a kind of method and apparatus for giving account number for change, protection account number peace
Full method and apparatus, the method and apparatus of account anti-theft.
Background technology
With the popularization of computer and Internet technology, increasing user is engaged in various affairs and lives using internet
It is dynamic., it is necessary to register various account numbers when user is engaged in activity by internet, and password is set, but password is easily forgotten
Or it is easily stolen.
In order to ensure cryptosecurity, there is provided there are various cryptoguard instruments, safety problem is such as set, user is being changed
It is close, when giving the sensitive operations such as account number for change, it is necessary to answer correct option.But the ratio that the answer of the safety problem of password is typically set
It is relatively early, easily forget, and be easy to be stolen by other people, security is low.Another way is, by account number binding phone number, to pass through
Dynamic secret order is sent to phone number to be verified, if phone number is changed, have forgotten the phone number of binding, then will be unable to test
Demonstrate,prove, and dynamic secret order is easily stolen by other people using fishing mode, its security is low.
The content of the invention
Based on this, it is necessary to for the low problem of traditional account number safeguard protection, there is provided a kind of method of account anti-theft and
Device, can improve the security of account number.
Additionally, there is a need to providing a kind of method and apparatus for protecting account number safety, the security of account number can be improved.
Additionally, there is a need to a kind of method and apparatus for giving account number for change of offer, the security of account number can be improved.
A kind of method of account anti-theft, comprises the following steps:
The sensitive operation request to account number mark is received, is included in the sensitive operation request and is initiated sensitive operation request
Facility information;
If the equipment represented by the facility information for initiating the sensitive operation request is authorisation device, according to described
The level of security of sensitive operation obtains corresponding verification mode in sensitive operation request, and the verification mode is sent into initiation institute
State the requestor of sensitive operation request;
Receive the checking information uploaded according to the verification mode;
The checking information is believed the checking for uploading by the checking information for having stored corresponding to the verification mode
Breath carries out checking and is verified result;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;
The verification mode is verified including user biological characteristic information;The checking information is corresponding with the verification mode.
A kind of method of account anti-theft, comprises the following steps:
The sensitive operation request to account number mark is initiated, is included in the sensitive operation request and initiated to the quick of account number mark
Feel the facility information of operation requests;
If equipment is authorisation device, the level of security according to sensitive operation in sensitive operation request for returning is received
Corresponding verification mode;
Obtain the checking information gathered according to the verification mode;
The checking information of collection is uploaded into certificate server;
The certificate server is received to test upload by the checking information for having stored corresponding to the verification mode
Card information verify the result for obtaining;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;
The verification mode includes user biological characteristic information and/or identity document Information Authentication;The checking information with
The verification mode correspondence.
A kind of method for protecting account number safety, comprises the following steps:
Receive upload account number mark and corresponding authentication information, the authentication information include user biological characteristic information and
Identity document information;
By the user biological characteristic information and biological characteristic in the identity document information or the biological characteristic for having stored
Compare and obtain the first Similarity value in storehouse;
The authentication result to the authentication information is obtained according to first Similarity value;
If authentication result is certification success, account number mark, user biological characteristic information and identity document information are set up
Corresponding real name archives.
A kind of method for protecting account number safety, comprises the following steps:
Collection user biological characteristic information and identity document information;
Obtain account number mark and user's usage behavior data;
The account number mark and corresponding authentication information are uploaded to certificate server, the authentication information includes user biological
Characteristic information, identity document information and user's usage behavior data;
So that the certificate server extracts face from the identity document information, by the user biological characteristic information
Compare with biological characteristic in the biological characteristic or identity document information for having stored and obtain the first Similarity value;By the user
The usage behavior data user's history behavioral data corresponding with account number mark is compared, and obtains the second Similarity value;
The authentication result to the authentication information is determined according to first Similarity value and the second Similarity value;If authentication result is to recognize
Demonstrate,prove successfully, then account number mark, user biological characteristic information and identity document information are set up into corresponding real name archives.
A kind of method for giving account number for change, comprises the following steps:
Account number request is given in reception for change;
Account number mark and corresponding user biological characteristic information and identity document letter are obtained from described giving for change during account number is asked
Breath;
According to user biological characteristic information corresponding with account number mark and identity document information in real name archives to institute
The user biological characteristic information and identity document information for stating upload verified, is verified result;
Transmit verification result to the requestor for initiating to give account number request for change;
If the result gives account number success for change to be verified, if the result is authentication failed, account number gives mistake for change
Lose.
A kind of method for giving account number for change, comprises the following steps:
Obtain in the user biological characteristic information and the identity document information of scanning for giving the collection of account number interface for change;
The account number of giving for change comprising account number mark and user biological characteristic information and identity document information is initiated to ask;
Receive and give the result that account number request is returned for change according to, the result is certificate server according to
User biological feature in the real name archives of certification and the account number mark, user biological characteristic information and the identity document information that store
Information and identity document information carry out verifying what is obtained to the user biological characteristic information and identity document information of the upload;
If the result gives account number success for change to be verified, if the result is authentication failed, account number mistake is given for change
Lose.
A kind of device of account anti-theft, including:
Operation requests receiver module, for receiving the sensitive operation request to account number mark, in the sensitive operation request
Comprising the facility information for initiating sensitive operation request;
Verification mode returns to module, if for the equipment represented by the facility information for initiating the sensitive operation request
It is authorisation device, then the level of security according to sensitive operation in sensitive operation request obtains corresponding verification mode, by institute
State verification mode and be sent to the corresponding user of the account number mark;
Checking information receiver module, for receiving the checking information uploaded according to the verification mode;
Antitheft authentication module, for the checking information to be believed by the checking for having stored corresponding to the verification mode
Breath carries out checking and is verified result to the checking information for uploading;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking letter
Breath is corresponding with the verification mode.
A kind of device of authentication, including:
Operation requests initiation module, for initiating the sensitive operation request to account number mark, in the sensitive operation request
Comprising the facility information initiated to the sensitive operation request of account number mark;
Verification mode receiver module, if being authorisation device for equipment, receives being asked according to the sensitive operation for return
Seek the verification mode corresponding to the level of security of sensitive operation;
Checking information acquisition module, for obtaining the checking information gathered according to the verification mode;
Checking information uploading module, for the checking information of collection to be uploaded into certificate server;
The result receiver module, for receiving the certificate server by the storage corresponding to the verification mode
Checking information to upload checking information verify the result for obtaining;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking letter
Breath is corresponding with the verification mode.
A kind of device for protecting account number safe, including:
Receiver module, for receiving the account number for uploading mark and corresponding authentication information, the authentication information includes user
Biological information and identity document information;
Comparing module, for by the user biological characteristic information and biological characteristic in the identity document information or having deposited
Compare and obtain the first Similarity value in the biological characteristic storehouse of storage;
Authentication result obtains module, for obtaining the certification knot to the authentication information according to first Similarity value
Really;
Relation sets up module, if for authentication result be certification success, by account number mark, user biological characteristic information and
Identity document information sets up corresponding real name archives.
A kind of device for protecting account number safe, including:
Acquisition module, for gathering user biological characteristic information and identity document information;
Data obtaining module, for obtaining account number mark and user's usage behavior data;
Uploading module, for uploading the account number mark and corresponding authentication information to certificate server, the certification letter
Breath includes user biological characteristic information, identity document information and user's usage behavior data;So that the certificate server is by institute
User biological characteristic information is stated to compare with biological characteristic in the identity document information or the biological characteristic storehouse for having stored
To the first Similarity value;User's usage behavior data user's history behavioral data corresponding with account number mark is entered
Row compares, and obtains the second Similarity value;Determined to the authentication information according to first Similarity value and the second Similarity value
Authentication result;If authentication result is certification success, account number mark, user biological characteristic information and identity document information are built
Found corresponding real name archives.
A kind of device for giving account number for change, including:
Give account number request receiving module for change, account number request is given for change for receiving;
Extraction module, for obtaining account number mark and corresponding user biological characteristic information from described giving for change during account number is asked
With identity document information;
Authentication module, for according to certification and the account number mark for storing, user biological characteristic information and identity document letter
User biological characteristic information and identity document information in the real name archives of breath to the user biological characteristic information of the upload and
Identity document information verified, is verified result;
Sending module, for the requestor for transmitting verification result to initiate to give account number request for change;
If the result gives account number success for change to be verified, if the result is authentication failed, account number mistake is given for change
Lose.
A kind of device for giving account number for change, including:
Give account acquisition module for change, giving the user biological characteristic information of account number interface collection for change and sweeping for obtaining
The identity document information retouched;
Account number request initiation module is given for change, for initiating comprising account number mark and user biological characteristic information and identity document
The account number of giving for change of information is asked;
Give account number result receiver module for change, the result that account number request is returned is given for change according to for receiving, it is described
The result be certificate server identified according to the account number of certification and storage, user biological characteristic information and identity document information
Real name archives in user biological characteristic information and identity document information to the user biological characteristic information and body of the upload
Part certificate information carries out verifying what is obtained;
If the result gives account number success for change to be verified, if the result is authentication failed, account number mistake is given for change
Lose.
Whether the method and apparatus of above-mentioned account anti-theft, be that mandate sets by the equipment for judging to initiate sensitive operation request
Standby, if authorisation device, then the level of security according to sensitive operation provides corresponding verification mode, according to corresponding to verification mode
Checking information to upload checking information verify, after being verified, it is allowed to this sensitive operation, authentication failed, then
Refuse this sensitive operation, if equipment is not authorisation device, send prompt message, prompting carries out sensitivity in authorisation device
Operation, shields unsafe entrance, improves the security of account number, prevents account number to be stolen.
The method and apparatus of above-mentioned protection account number safety, are carried out by by user biological characteristic information, identity document information
Certification, after certification passes through, establishes account number mark, user biological characteristic information and the corresponding real name shelves of identity document information
Case, the safety that user account number is identified can be effectively protected by the real name archives, improve the security of account number, user's accounting checking
, it is necessary to carry out the checking of face and/or identity document information when number being operated, there is provided the security of account number.
The above-mentioned method and apparatus for giving account number for change, by will receive user biological characteristic information and identity document information with
User biological characteristic information and identity card in the user biological characteristic information and the real name archives of identity document information that have stored
Part information is compared, and is verified, then give account number for change, has recovered account number, by user biological characteristic information and identity document
Information gives account number for change, it is not necessary to remember cost, can quickly give account number for change, and because of user biological characteristic information and identity document information
Belong to the voucher of people belonging to account number mark, it is safe.
Brief description of the drawings
Fig. 1 is the method for protection account number safety in one embodiment, gives the method for account number and the method for authentication for change
Applied environment schematic diagram;
Fig. 2 is the process schematic that face and identity document information are gathered by terminal;
Fig. 3 is the process schematic being authenticated to authentication information;
Fig. 4 is that the successful schematic diagram of certification is determined whether after being authenticated to authentication information;
Fig. 5 is by the authority information for showing the feedback information after certification success in terminal and obtain;
Fig. 6 A give the process schematic of account number for change for traditional approach;
Fig. 6 B are the process schematic for giving account number for change by face and identity document information;
Fig. 7 A are the schematic diagram of various verification modes;
Fig. 7 B are the process schematic of Modify password;
Fig. 8 is the schematic diagram that prompting carries out sensitive operation in authorisation device;
The schematic diagram that Fig. 9 is authenticated for collection user fingerprints and identity document information in one embodiment;
Figure 10 is the flow chart of the method for protection account number safety in one embodiment;
Figure 11 is the particular flow sheet processed sensitive operation;
Figure 12 is the flow chart of the method for protection account number safety in another embodiment;
Figure 13 is the particular flow sheet processed sensitive operation on the basis of Figure 12;
Figure 14 be one embodiment in give for change account number method flow chart;
Figure 15 is the flow chart of the method for giving account number in another embodiment for change;
Figure 16 is the flow chart of the method for account anti-theft in one embodiment;
Figure 17 is the flow chart of the method for account anti-theft in another embodiment;
Figure 18 is the structured flowchart of the device of protection account number safety in one embodiment;
Figure 19 is the structured flowchart of the device of protection account number safety in another embodiment;
Figure 20 be one embodiment in give for change account number device structured flowchart;
Figure 21 is the structured flowchart of the device for giving account number in another embodiment for change;
Figure 22 is the structured flowchart of the device of account anti-theft in one embodiment;
Figure 23 is the structured flowchart of the device of account anti-theft in another embodiment;
Figure 24 is the internal structure schematic diagram of terminal in one embodiment;
Figure 25 is the internal structure schematic diagram of certificate server in one embodiment.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
It is appreciated that term " first " used in the present invention, " second " etc. can be used to describe various elements herein,
But these elements should not be limited by these terms.These terms are only used for distinguishing first element and another element.
Fig. 1 be one embodiment in protect account number safety method, give account number for change method and account anti-theft method should
Use environment schematic.As shown in figure 1, the applied environment includes terminal 110, certificate server 120 and Third Party Authentication system
130.Terminal 110 is communicated with certificate server 120, and certificate server 120 is communicated with Third Party Authentication system 130.
Terminal 110 provides client, and user is connected to certificate server 120 by client, defeated at account registration interface
Enter account.Account information includes that account number is identified and password, and account number mark and password are submitted to certificate server 120 and are entered
Row checking, after being verified, in the information that the return of certificate server 120 is succeeded in registration to terminal 110.Terminal 110 can be individual
Computer, smart mobile phone, panel computer or personal digital assistant etc..Account number mark can be account number name or E-mail address or mobile phone
Number etc..Account number name can be one or more combination in numeral, letter and character.
In order to protect account number safety, certificate server 120 sends carrying for face and identity document authentification of message to terminal 110
Show information.Client displaying prompt message or offer in terminal 110 carry out the entrance of face and identity document authentification of message.
Client can be business application (App) or browser client etc..
Terminal 110 is obtained by collection user biological characteristic information and the identity document information such as camera or sensor
Account number is identified and user's usage behavior data, and account number mark and authentication information are uploaded into certificate server 120.Wherein, certification
Information includes user biological characteristic information, identity document information and user's usage behavior data.User biological characteristic information can be wrapped
Include at least one of face characteristic information, fingerprint feature information, iris feature information, palm print characteristics information etc..Terminal 110 passes through
Fingerprint collecting sensor gathers user fingerprints characteristic information, face, palmprint image is shot by camera, by iris sensor
Collection iris feature information etc..
Identity document information is including certificate numbering, name, date of birth, issuing authority, period of validity etc..Identity document is believed
Ceasing can be shown using image format, such as direct picture and verso images of identity card, or the driver's license image comprising face, or
The passport image of person comprising face etc..User's usage behavior data may include upload user biological information and identity document letter
The facility information and network environment used during breath.Facility information may include device type, unit type, device identification etc..Net
Network environment may include used network type, geographical position etc..User biological characteristic information includes face characteristic information, then may be used
Collection facial image, what facial image was mainly gathered is the face feature of face, face feature may include face's organ shape,
The relative position relation of face's organ, the size relation of face's organ are specific as between eyes size, two eyes
Away from, eye shape, the shape of nose, the shape of lip, the size of lip, the height of cheekbone, forehead height, face's decree line etc.
Patterned feature.Fig. 2 is the process schematic that face and identity document information are gathered by terminal.As shown in Fig. 2 user passes through hand
Machine is autodyned and obtains facial image, is shot identity card and is obtained identity document information, and facial image and ID Card Image are uploaded to
Certificate server 120.
Before the collection user biological characteristic information of terminal 110, the picker for providing user biological characteristic information can be carried out
Live body is verified.The picker of 110 pairs of offer user biological characteristic informations of terminal carries out activity checking and specifically includes:Export from action
The motion guiding information chosen in guidance information storehouse, gathers corresponding motion images, the motion images and motion guiding that will be gathered
Information carries out matching detection, if matching, illustrates there is live body, or the motion images of collection are carried out with motion guiding information
Matching obtains matching value, and when matching value exceedes matching value threshold value, then explanation has live body, otherwise in the absence of live body.Motion guiding
Information includes the action indicator sequence that multiple action indicating members are constituted.Action indicating member is minimum motion guiding unit,
One action indicating member represents an action, such as " blink ", " opening one's mouth " or " rotary head " represent that an action indicates list respectively
Unit, arrangement form acts indicator sequence to multiple action indicating member in order.Matching value can use motion images and motion guiding
The similarity of the motion images corresponding to information represents, or, with that similarity is carried out the value after positive correlation computing come
Represent.
Account number mark and corresponding authentication information in the receiving terminal 110 of certificate server 120, by user biological feature letter
Breath is compared with biological characteristic in identity document information or the biological characteristic storehouse for having stored and obtains the first Similarity value;By user
The usage behavior data user's history behavioral data corresponding with account number mark is compared, and obtains the second Similarity value;To use
The data stored in family biological information and/or identity document information and Third Party Authentication system 130 are compared, and obtain the
Three Similarity values;When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is like angle value
During more than three threshold values, to authentication information certification success, otherwise authentification failure.If authentication result is certification success, certification
Server 120 identifies account number, user biological characteristic information and identity document information set up corresponding real name archives.Identity document
Information may include name, passport NO., date of birth, issuing authority, period of validity and identity document image etc..
When user biological characteristic information includes face characteristic information, face can be extracted from identity document information, will extracted
Face and face characteristic information compare and obtain the first Similarity value;Also can be by facial image and the facial image for having stored
Compare and obtain the first Similarity value.User biological characteristic information includes fingerprint feature information, iris feature information or palmmprint
During characteristic information, by fingerprint feature information, iris feature information or palm print characteristics information and the biological characteristic storehouse middle finger for having stored
Line characteristic information, iris feature information or palm print characteristics information carry out corresponding comparison and obtain the first Similarity value.
Further, user biological characteristic information includes face characteristic information.Can be shot by imaging first-class collecting device
Live body facial image, using facial image as face characteristic information.Facial image is extracted from identity document information, will be clapped
The facial image taken the photograph is compared with the facial image of extraction in identity document information, obtains the first Similarity value.Specifically, body
Part certificate information may include name, passport NO., date of birth, issuing authority, period of validity and identity document image etc..Can be from
Facial image is extracted in identity document image in identity document information.
User biological characteristic information includes face characteristic information, fingerprint feature information, iris feature information and palm print characteristics
When two or more in information, by face characteristic information, fingerprint feature information, iris feature information and palm print characteristics information respectively with
Characteristic information is compared respective Similarity value in the biological characteristic storehouse for having stored, and respective Similarity value is carried out into arithmetic and is put down
Equal or weighted average obtains the first Similarity value.First Similarity value, the second Similarity value and third phase can be used like angle value
Unified scoring value is represented, can also calculated using respective numerical computations mode.Such as the first Similarity value, the second Similarity value
Adopted like angle value with third phase and be expressed as a percentage, i.e., identical, then Similarity value is 1;Not same, then Similarity value is
0;There is half identical, then Similarity value is 50%.First Similarity value, the second Similarity value and third phase can also be used like angle value
Hundred-mark system score value is represented, i.e., identical, then Similarity value is 100 points;Not same, then Similarity value is 0 point;There is a half-phase
Together, then Similarity value is 50 points.
If collection is image, the rectangle point that the Similarity value calculated between image can using histogramming algorithm, mathematically
(such as SVD (The singular value decomposition, singular value decomposition) is decomposed resolving Algorithm, NMF (Non-negtive
Matrix Factorization, Non-negative Matrix Factorization) decompose), the image similarity of distinguished point based calculate (such as SIFT
(Scale Invariant Feature Transform, Scale invariant features transform matching) algorithm), vector space model etc..
Wherein, histogramming algorithm refers to calculate two histogrammic normalizated correlation coefficients of image etc..SIFT is a kind of computer vision
Algorithm be used for detect and describe the locality characteristic in image, it finds extreme point in space scale, and extracts its position
Put, yardstick, rotational invariants.Vector space model (Vector space model) is that a most widely used basis is similar
Degree computation model, in the model, each object map is a characteristic vector.
The Similarity value of the facial image for shooting and the facial image for having stored is calculated for example with vector space model, can
The characteristic vector and the characteristic vector of the facial image for having stored of the facial image for shooting are obtained, the facial image of shooting is calculated
The distance between characteristic vector of characteristic vector and facial image, according to the corresponding relation between the distance between vector and score value
The distance between the vector is converted into corresponding score value, using the score value as Similarity value.For example, distance is corresponding for 0.1
Score value is 100 points, and distance is 95 points for 0.2 corresponding score value, and distance is graded for 1 corresponding score value for 85.
User's usage behavior data user's history behavioral data corresponding with account number mark is compared, second is obtained
Similarity value.
In the present embodiment, when user's usage behavior data may include upload user biological information and identity document information
The facility information and network environment for being used.Facility information may include device type, unit type, device identification etc..Network rings
Border may include used network type, geographical position etc..User's history behavioral data includes the facility information for being used before
And network environment.Obtain the facility information and network rings used when this upload user biological information and identity document information
Border.The facility information and network environment that this is used are compared with the facility information and network environment of history, obtain
Two Similarity values.
It is compared with user's history behavioral data for user's usage behavior data, vector space model, base can be used
Similarity value is calculated in hash Similarity Measures (minhash algorithms, simhash algorithms) etc..Simhash algorithms are in big text
Repeat to recognize a conventional method, it is a regular length that the method is mainly by by the primitive character compound mapping of object
Signature, the measurement of the similarity between object is converted into the Hamming distance of signature.Calculated for example with vector space model
User's usage behavior data and the Similarity value of user's history behavioral data, can obtain the spy of current user's usage behavior data
The characteristic vector of vector sum user's history behavioral data is levied, characteristic vector and the user of current user's usage behavior data is calculated
The distance between characteristic vector of historical behavior data, according to the corresponding relation between the distance between vector and score value by this to
The distance between amount is converted into corresponding score value, using the score value as Similarity value.For example, distance is for 0.1 corresponding score value
100 points, distance is 95 points for 0.2 corresponding score value, and distance is graded for 1 corresponding score value for 85.
User biological characteristic information and/or identity document information are entered with the data of storage in Third Party Authentication system 130
Row comparison includes:User biological characteristic information can be compared with the biological information of storage in Third Party Authentication system 130
It is right, identity document information can also be compared with the identity document information of storage in Third Party Authentication system 130, or will use
Family biological information is compared with the biological information of storage in Third Party Authentication system 130, and identity document is believed
Cease and compare with the identity document information stored in Third Party Authentication system 130.
Third Party Authentication system 130 can be that public security bureau's identity authorization system or the identity authorization system specified or third party can
Telecommunications databases etc..
In other embodiments, applied environment may not include Third Party Authentication system 130.Certificate server 120 receives end
Account number mark and corresponding authentication information on end 110, by biological characteristic in user biological characteristic information and identity document information
Or the biological characteristic storehouse for having stored is compared and obtains the first Similarity value;User's usage behavior data are right with account number mark institute
The user's history behavioral data answered is compared, and obtains the second Similarity value.When the first Similarity value is more than first threshold and the
When two Similarity values are more than Second Threshold, to authentication information certification success, otherwise authentification failure.If authentication result be certification into
Work(, then certificate server 120 identifies account number, user biological characteristic information and identity document information set up corresponding real name shelves
Case.
Fig. 3 is the process schematic being authenticated to authentication information.As shown in figure 3, certificate server 120 is by identity card
Face compare and obtain the first Similarity value i.e. score A with the face for shooting;User's usage behavior data are gone through with user
History behavioral data is compared, and obtains the second Similarity value i.e. score B, and wherein user's usage behavior data may include unit type
And network environment, user's history behavioral data may include x months x day in 2015, logs in ground abc, logging device m123, x in 2015
The x days moon, log in ground abc, logging device m123 etc.;The facial image that user is submitted to and/or identity document information and public security bureau
Identity authorization system is compared, and obtains third phase like angle value i.e. score C.
Fig. 4 is that the successful schematic diagram of certification is determined whether after being authenticated to authentication information.As shown in figure 4, authentication service
Device 120 is carried out judging whether that certification passes through according to score A, score B and score C, exceeded when score A exceedes first threshold, score B
Second Threshold and score C then set up account number mark, facial image and ID card information more than the 3rd threshold value, then certification success
And the real name archives of photo.Account number mark may include user name, password and other information.ID card information may include name, body
Part card number and address information etc..
Fig. 5 is by the authority information for showing the feedback information after certification success in terminal and obtain.As shown in figure 5, at end
The successful information of certification is shown on end 110, and is pointed out " you have obtained following privilege ", such as 100% given account number for change, forbid other people to change
Close and complaint, honor enjoy real name identity etc..Account has 100% to give account number for change, and the verification mode of memoryless cost forbids other people
The advantages of changing close and complaint.
In one embodiment, after user forgets account number cipher or account number is stolen, when giving account number for change, terminal 110 is obtained
In the user biological characteristic information and the identity document information of scanning of giving the collection of account number interface for change, initiated to certificate server 120
Account number of giving for change comprising account number mark and user biological characteristic information and identity document information is asked.Certificate server 120 is received
Bag account number identify and corresponding user biological characteristic information and identity document information give account number request for change after, according to certification simultaneously
User biological characteristic information in account number mark, the real name archives of user biological characteristic information and identity document information of storage and
Identity document information verifies to the user biological characteristic information and identity document information of the upload, is verified result, if
The result then gives account number success for change to be verified, if the result is authentication failed, gives account number failure for change, will verify
Result is sent to the terminal 110 for initiating to give for change where the requestor of account number request.Because of user biological characteristic information and identity document
Information can be carried at any time, it is not necessary to be remembered, and checking is safely and conveniently.
Fig. 6 A give the process schematic of account number for change for traditional approach.Fig. 6 B are to give account for change by face and identity document information
Number process schematic.As shown in Figure 6A, the information filled in needed for account number is given in display for change, the packet are being given on account number interface for change
Name, identity card, the mailbox of binding, phone number, history password, the good friend of binding etc. are included, if any one is filled in into mistake,
Display on account number interface is given for change, " information of offer is not accurate enough, gives account number failure for change!" prompt message.As shown in Figure 6B,
Terminal 110 is giving offer scanning face and scanning identity document information on account number interface for change, will scan the face and identity for obtaining
Certificate information uploads to certificate server 120, is verified by face and identity document information, after being verified, then recognizes
Card server 120 is returned and is verified, and gives account number success for change.Show that account number is successfully given for change in terminal 110.
In one embodiment, terminal 110 obtains the sensitive operation that user identifies to account number, is sent out to certificate server 120
Play the sensitive operation request to account number mark;Safe level of the certificate server 120 according to sensitive operation in sensitive operation request
Corresponding verification mode is not obtained, the terminal 110 where verification mode to be sent to the requestor for initiating sensitive operation request;Eventually
End 110 gathers checking information according to verification mode, and checking information is uploaded into certificate server 120;Certificate server 120 leads to
Cross the checking information for having stored corresponding to the verification mode checking is carried out to the checking information for uploading and be verified result.It is sensitive
Operation may include login, Modify password, modification communicating number, modification E-mail address, bound device etc..If the result is checking
Pass through, then allow this sensitive operation, if the result is authentication failed, refuse this sensitive operation;The authentication
Formula includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information is corresponding with the verification mode, i.e.,
Verification mode verifies that the checking information for then gathering and uploading should be user biological characteristic information, recognize for user biological characteristic information
The checking information for having stored corresponding to verification mode that card server 120 is provided also is user biological characteristic information.
Verification mode corresponding to the level of security and level of security of sensitive operation can pre-set.Such as sensitive operation
To log in, during level of security is, then verification mode can be verified for user biological characteristic information;Sensitive operation is Modify password, peace
Full rank is height, then verification mode can be the checking of user biological characteristic information plus identity document Information Authentication.
Additionally, receiving and storing the mobile communication mark that typing is identified according to account, and set according to account mark
The password protection problem put and answer;The verification mode also includes password protection problem and/or sends dynamic code to mobile communication mark;It is described
Checking information includes the dynamic code of the answer and/or input being input into according to the password protection problem.
Fig. 7 A are the schematic diagram of various verification modes.As shown in Figure 7 A, the level of security according to sensitive operation can provide people
Face checking, face add identity document Information Authentication, face plus identity document information plus other modes checking, and (such as mobile phone+password protection is asked
Topic etc.).
Fig. 7 B are the process schematic of Modify password.As shown in Figure 7 B, terminal 110 gets Modify password operation, to recognizing
Card server 120 initiates the Modify password request to account number mark;Certificate server 120 is according to Modify password acquisition request face
The verification mode of checking, the verification mode of face verification is sent to terminal 110;Prompting " please first scans face to enter in terminal 110
Row authentication " and " starting checking " control, terminal 110 obtain the operation to " starting checking " control, open camera, scanning
The face of user, obtains facial image, and facial image uploaded into certificate server 120, and certificate server 120 will be scanned
The facial image that facial image is stored with certification is compared, if identical, judgement is the owner of account number mark, can continue to set
New password is put, if inconsistent, judgement is for other people, refuse this operation.
In one embodiment, terminal 110 obtains the sensitive operation to account number mark, according to sensitive operation to authentication service
Device initiates sensitive operation request of 120 initiations to account number mark, comprising initiation sensitive operation request in sensitive operation request
Facility information.Facility information may include device type etc..
After certificate server 120 receives sensitive operation request, judge to initiate the facility information institute table of sensitive operation request
The equipment shown whether authorisation device;If the equipment is authorisation device, according to the safety of sensitive operation in sensitive operation request
Rank obtains corresponding verification mode, the terminal where the verification mode to be sent to the requestor for initiating sensitive operation request
110。
Terminal 110 gathers checking information according to verification mode, and checking information is uploaded into certificate server 120;Certification
Server 120 to the checking information for uploading verify and tested by the checking information for having stored corresponding to the verification mode
Card result.Sensitive operation may include login, Modify password, modification communicating number, modification E-mail address, bound device etc..If testing
Card result then allows this sensitive operation to be verified, if the result is authentication failed, refuses this sensitive behaviour
Make.The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information is tested with described
Card mode correspondence.
If the equipment is not authorisation device, certificate server 120 is returned carries out carrying for sensitive operation in authorisation device
Show that information, to terminal 110, shows the prompt message in terminal 110.Authorisation device refers to there is binding relationship with account number mark
Equipment, binding relationship refer to by account number mark with device identification set up corresponding relation.The equipment bound is identified with account number can be
Mobile phone, panel computer etc..
By pointing out to carry out sensitive operation in authorisation device, unsafe operation entry is shielded, prevent account number to be stolen.No
The operation entry of safety can be web portal and/or other checking entrances in addition to face and identity document Information Authentication etc..
In one embodiment, in sensitive operation or when giving account number for change, certificate server 120 can only provide face and identity
Certificate information checking, shields the checking of other modes, checking such as password protection, dynamic code etc. of other modes.
Fig. 8 is the schematic diagram that prompting carries out sensitive operation in authorisation device.As shown in figure 8, user sends out on page end
The operation requests to account number Modify password are played, certificate server 120 detects webpage end entrance and shielded, pointed out by mobile phone version
Client is to account number Modify password.
It should be noted that user biological characteristic information is with people in Fig. 2, Fig. 3, Fig. 4, Fig. 5, Fig. 6 B, Fig. 7 A and Fig. 7 B
It is described as a example by face image, in other embodiments, user biological characteristic information may include face characteristic information, fingerprint characteristic
At least one of information, iris feature information and palm print characteristics information.
The schematic diagram that Fig. 9 compares for collection user fingerprints and identity document information in one embodiment.Such as Fig. 9 institutes
Show that the collection user fingerprints of terminal 110 obtain identity document information and user's usage behavior data, and account number, user are referred to
Line, identity document information and user's usage behavior data upload to certificate server 120;Certificate server 120 is by user fingerprints
Compare with fingerprint in the biological characteristic storehouse for having stored and obtain the first Similarity value;By user's usage behavior data and account number mark
Know corresponding user's history behavioral data to be compared, obtain the second Similarity value;User fingerprints and/or identity document are believed
Cease and compare with the data stored in Third Party Authentication system 130, obtain third phase like angle value;When the first Similarity value is more than
First threshold, the second Similarity value more than Second Threshold and third phase like angle value more than three threshold values when, the authentication information is recognized
Demonstrate,prove successfully, otherwise authentification failure.If authentication result be certification success, certificate server 120 by account number identify, user fingerprints and
Identity document information sets up corresponding real name archives.
Additionally, after user forgets account number cipher or account number is stolen, when giving account number for change, terminal 110 is obtained is giving account number for change
User fingerprints and the identity document information of scanning that interface is gathered, initiate to be identified comprising account number and use to certificate server 120
The account number of giving for change of family fingerprint and identity document information is asked.Certificate server 120 receives bag account number mark and corresponding user refers to
Line and identity document information give account number request for change after, identified according to certification and the account number that stores, user fingerprints and identity card
User fingerprints and identity document information in the real name archives of part information enter to the user fingerprints and identity document information of the upload
Row checking, is verified result, if the result gives account number success for change to be verified, if the result is authentication failed,
Then give account number failure for change, transmit verification result to initiate to give for change the terminal 110 where the requestor of account number request.Because of user's life
Thing characteristic information and identity document information can be carried at any time, it is not necessary to be remembered, and checking is safely and conveniently.
Figure 10 is the flow chart of the method for protection account number safety in one embodiment.As shown in Figure 10, a kind of protection account number
The method of safety, runs on the certificate server in Fig. 1, comprises the following steps:
Step 1002, receives the account number mark and corresponding authentication information for uploading, and the authentication information includes that user biological is special
Reference breath, identity document information and user's usage behavior data.
Specifically, account number mark can be account number name or E-mail address or phone number etc..Account number mark can be numeral, word
One or more combination in female, character.
Identity document information may include certificate numbering, name, date of birth, issuing authority, period of validity etc..Identity document
Information can be shown using image format, such as direct picture and verso images of identity card, or the driver's license image comprising face,
Or the passport image comprising face etc..User's usage behavior data may include upload user biological information and identity document
The facility information and network environment used during information.Facility information may include device type, unit type, device identification etc..
Network environment may include used network type, geographical position etc..Before authentication information is received, can be to user biological feature
Information carries out live body checking.
User biological characteristic information includes face characteristic information, fingerprint feature information, iris feature information and palm print characteristics
At least one of information etc..
Step 1004, by biological characteristic in the user biological characteristic information and the identity document information or the biology for having stored
Feature database is compared and obtains the first Similarity value.
Specifically, when user biological characteristic information includes face characteristic information, face can be extracted from identity document information,
The face and face characteristic information of extraction are compared and obtains the first Similarity value;Also can be by facial image and the people for having stored
Face image is compared and obtains the first Similarity value.User biological characteristic information includes fingerprint feature information, iris feature information
Or during palm print characteristics information, by fingerprint feature information, iris feature information or palm print characteristics information and the biological characteristic for having stored
Fingerprint feature information, iris feature information or palm print characteristics information carry out corresponding comparison and obtain the first Similarity value in storehouse.
Be stored with biological information in the biological characteristic storehouse for having stored, and the biological information is believed including face characteristic
Breath, fingerprint feature information, iris feature information and palm print characteristics information.
In one embodiment, user biological characteristic information is the living body faces image for shooting, from identity document information
Facial image is extracted, the facial image of the live body of shooting is compared with the facial image in identity document information, obtain the
One Similarity value.Specifically, user biological characteristic information is by imaging the movable facial image that first-class collecting device shoots.
Identity document information may include name, passport NO., date of birth, issuing authority, period of validity and identity document image etc..Can
Facial image is extracted from the identity document image in identity document information.
Step 1006, user's usage behavior data user's history behavioral data corresponding with account mark is carried out
Compare, obtain the second Similarity value.
Step 1008, the authentication result to the authentication information is obtained according to first Similarity value and the second Similarity value.
Specifically, the first Similarity value, the second Similarity value can be adopted and be expressed as a percentage, i.e., identical, then similarity
Be worth is 1;Not same, then Similarity value is 0;There is half identical, then Similarity value is 50%.First Similarity value, the second phase
Can also be represented using hundred-mark system score value like angle value like angle value and third phase, i.e., identical, then Similarity value is 100 points;A bit
Difference, then Similarity value is 0 point;There is half identical, then Similarity value is 50 points.
In the present embodiment, the authentication result to the authentication information is obtained according to first Similarity value and the second Similarity value
The step of include:When the first Similarity value is more than first threshold and the second Similarity value is more than Second Threshold, the certification is believed
Breath certification success, otherwise authentification failure.
First threshold and Second Threshold can according to circumstances set.
Step 1010, if authentication result is certification success, by account number mark, user biological characteristic information and identity document
Information sets up corresponding real name archives.
Specifically, when identity document information exists with image format, identify that identity document is believed by character recognition technology
Word in breath image.Account number mark, user biological characteristic information, the text information of identity document information and image are set up right
The real name archives answered.
The method of above-mentioned protection account number safety, uses by by user biological characteristic information, identity document information and user
Behavioral data is authenticated, and after certification passes through, establishes account number mark, user biological characteristic information and identity document information pair
The real name archives answered, the safety that user account number is identified can be effectively protected by the real name archives, improve the safety of account number
Property, it is necessary to carry out the checking of face and/or identity document information when user operates to account number, there is provided the safety of account number
Property.
In one embodiment, a kind of method for protecting account number safety includes:(1) to (4)
(1) the account number mark and corresponding authentication information for uploading are received, the authentication information is believed including user biological feature
Breath and identity document information.
(2) it is the user biological characteristic information is special with biological characteristic in the identity document information or the biology for having stored
Levy storehouse and compare and obtain the first Similarity value.
(3) authentication result to the authentication information is obtained according to first Similarity value.
(4) if authentication result is certification success, account number mark, user biological characteristic information and identity document information are built
Found corresponding real name archives.
The method of above-mentioned protection account number safety, is authenticated by by user biological characteristic information and identity document information,
After certification passes through, account number mark, user biological characteristic information and the corresponding real name archives of identity document information are established, passed through
The real name archives can be effectively protected the safety of user account number mark, improve the security of account number, and user is carried out to account number
, it is necessary to carry out the checking of face and/or identity document information during operation, there is provided the security of account number.
In one embodiment, the method for above-mentioned protection account number safety also includes:By the user biological characteristic information with
The data stored in Third Party Authentication system are compared, and obtain third phase like angle value;According to first Similarity value and
Three Similarity values obtain the authentication result to the authentication information.
Further, in one embodiment, user biological characteristic information is the facial image for shooting;From the identity document
Facial image is extracted in information;The facial image of the shooting is compared with the facial image in the identity document information
It is right, obtain the first Similarity value;Corresponding face figure is found from Third Party Authentication system according to the identity document information
Picture, by the facial image of the shooting with found in the Third Party Authentication system it is corresponding with the identity document information
Facial image is compared, and obtains third phase like angle value.
Specifically, user biological characteristic information is scene by imaging the face figure of the live body that first-class collecting device shoots
Picture.Identity document information may include name, passport NO., date of birth, issuing authority, period of validity and identity document image
Deng.Corresponding user images can be found from Third Party Authentication system according to identity document information, from the user images
Obtain corresponding facial image.
In one embodiment, the method for above-mentioned protection account number safety also includes:By the user biological characteristic information and/or
Identity document information is compared with the data of storage in Third Party Authentication system, obtains third phase like angle value;According to this first
Similarity value, the second Similarity value and third phase obtain the authentication result to the authentication information like angle value.
In the present embodiment, user biological characteristic information is the facial image for shooting.According to the identity document information from
Corresponding facial image is found in tripartite's Verification System, by the facial image of the shooting and in the Third Party Authentication system
In find facial image corresponding with the identity document information and compare, obtain third phase like angle value.Specifically, user
Biological information is scene by imaging the facial image of the live body that first-class collecting device shoots.Identity document information may include
Name, passport NO., date of birth, issuing authority, period of validity and identity document image etc..Can be from according to identity document information
Corresponding user images are found in Third Party Authentication system, corresponding facial image is obtained from the user images.
Further, obtained believing the certification like angle value according to first Similarity value, the second Similarity value and third phase
The step of authentication result of breath, includes:When the first Similarity value more than first threshold, the second Similarity value more than Second Threshold and
When third phase is more than three threshold values like angle value, to authentication information certification success, otherwise authentification failure.Detailed process such as Fig. 3 and
Shown in Fig. 4, will not be repeated here.
Figure 11 is the particular flow sheet processed sensitive operation.As shown in figure 11, with reference to Fig. 7 A and Fig. 7 B, at one
In embodiment, the method for above-mentioned protection account number safety also includes:
Step 1102, receives the sensitive operation request to account number mark.
Specifically, sensitive operation may include login, Modify password, modification communicating number, modification E-mail address, bound device
Deng.Certificate server 120 receives the sensitive operation request to account number mark.
Step 1104, the level of security according to sensitive operation in sensitive operation request obtains corresponding verification mode, will
The verification mode is sent to the requestor for initiating sensitive operation request.
Specifically, the verification mode corresponding to the level of security and level of security of sensitive operation can pre-set.For example
To log in, during level of security is, then verification mode can be verified sensitive operation for user biological characteristic information;Sensitive operation is modification
Password, level of security is height, then verification mode can be the checking of user biological characteristic information plus identity document Information Authentication.
Step 1106, receives the checking information uploaded according to the verification mode.
Step 1108, is tested the checking information for uploading by the checking information for having stored corresponding to the verification mode
Card is verified result;If the result allows this sensitive operation to be verified, if the result loses for checking
Lose, then refuse this sensitive operation;The verification mode includes that user biological characteristic information is verified and/or identity document information is tested
Card;The checking information is corresponding with the verification mode.
For example, verification mode is verified for user biological characteristic information, then the checking for having stored corresponding to verification mode is believed
Cease the user biological characteristic information to have stored.The checking information of upload is also corresponding with verification mode, if verification mode is user
Biological information verifies that the checking information of upload is the landscape figure without face, then authentication failed.By the checking letter to uploading
Breath is verified that the checking information that will be uploaded is compared with the checking information for having stored, and obtains Similarity value, works as similarity
Value exceedes similarity threshold, then be proved to be successful, if Similarity value is not less than similarity threshold, authentication failed.
Further, the method for above-mentioned protection account number safety also includes:Receive and store and typing is identified according to account
Mobile communication is identified, and the password protection problem according to account mark setting and answer;The verification mode also includes password protection problem
And/or send dynamic code to mobile communication mark;The checking information includes the answer that is input into according to the password protection problem and/or defeated
The dynamic code for entering.
Specifically, mobile communication mark can be phone number etc..Cryptographic problem can according to circumstances be set or system by user
Multiple problems are provided to be selected for user.
When sensitive operation is carried out to account number mark, there is provided verification mode, the verification mode includes face and/or identity card
Part Information Authentication, the special certificate of people belonging to account number mark is belonged to because of face and identity document information, and other people are difficult to steal or multiple
System, improves the security of account number, and steal-number person can be recognized accurately, and is not required to remember cost;Enter with reference to other verification modes
Row checking, security is higher.
In one embodiment, the method for above-mentioned protection account number safety also includes:Judge to initiate the sensitive operation request
Facility information represented by equipment whether be authorisation device;If the facility information institute table for initiating the sensitive operation request
The equipment shown is authorisation device, then the level of security according to sensitive operation in sensitive operation request obtains corresponding authentication
Formula, the verification mode is sent to the requestor for initiating the sensitive operation request;If the equipment is not authorisation device,
Return carries out the prompt message of sensitive operation in authorisation device.
Figure 12 is the flow chart of the method for protection account number safety in another embodiment.As shown in figure 12, a kind of protection account
The method of number safety, runs in terminal, comprises the following steps:
Step 1202, gathers user biological characteristic information and identity document information.
Specifically, collection user biological characteristic information and the bodies such as the camera or collection sensor that are carried by terminal 110
Part certificate information.The identity document information of collection can be the identity document image for shooting.
Step 1204, obtains account number mark and user's usage behavior data.
Specifically, user's usage behavior data may include to be made when upload user biological information and identity document information
Facility information and network environment.Facility information may include device type, unit type, device identification etc..Network environment can
Including used network type, etc. geographical position.
Step 1206, uploads account mark and corresponding authentication information to certificate server, and the authentication information includes use
Family biological information, identity document information and user's usage behavior data;So that the certificate server is special by the user biological
Reference ceases to compare with biological characteristic in the identity document information or the biological characteristic storehouse for having stored and obtains the first Similarity value;
User's usage behavior data user's history behavioral data corresponding with account mark is compared, second is obtained similar
Angle value;The authentication result to the authentication information is determined according to first Similarity value and the second Similarity value;If authentication result is
Certification success, then set up corresponding real name archives by account number mark, user biological characteristic information and identity document information.
The method of above-mentioned protection account number safety, by user biological characteristic information, identity document information and the use that will gather
Family usage behavior data upload to certificate server and are authenticated, and after certification passes through, establish account number mark, user biological special
Reference ceases real name archives corresponding with identity document information, can be effectively protected what user account number was identified by the real name archives
Safety, improves the security of account number, it is necessary to carry out face and/or identity document information when user operates to account number
Checking, there is provided the security of account number.
Figure 13 is the particular flow sheet processed sensitive operation on the basis of Figure 12.Such as Figure 13, with reference to Fig. 7 A and Fig. 7 B
Shown, in one embodiment, the method for above-mentioned protection account number safety also includes:
Step 1302, obtains the sensitive operation to account number mark.
Specifically, sensitive operation may include login, Modify password, modification communicating number, modification E-mail address, bound device
Deng.Certificate server 120 receives the sensitive operation request to account number mark.
Step 1304, sends to certificate server according to the sensitive operation and the sensitive operation that account number is identified is asked.
Step 1306, receives the checking according to corresponding to the level of security of sensitive operation in sensitive operation request for returning
Mode.
Specifically, the verification mode corresponding to the level of security and level of security of sensitive operation can pre-set.For example
To log in, during level of security is, then verification mode can be verified sensitive operation for user biological characteristic information;Sensitive operation is modification
Password, level of security is height, then verification mode can be the checking of user biological characteristic information plus identity document Information Authentication.
Step 1308, obtains the checking information gathered according to the verification mode.
Step 1310, certificate server is uploaded to by the checking information of collection.
Step 1312, receives the certificate server by the checking information for having stored corresponding to the verification mode to uploading
Checking information verify the result for obtaining;If the result allows this sensitive operation to be verified, if
The result is authentication failed, then refuse this sensitive operation;The verification mode include user biological characteristic information checking and/
Or identity document Information Authentication;The checking information is corresponding with the verification mode.
For example, verification mode is verified for user biological characteristic information, then the checking for having stored corresponding to verification mode is believed
Cease the user biological characteristic information to have stored.The checking information of upload is also corresponding with verification mode, if verification mode is user
Biological information verifies that the checking information of upload is the landscape figure without face, then authentication failed.By the checking letter to uploading
Breath is verified that the checking information that will be uploaded is compared with the checking information for having stored, and obtains Similarity value, works as similarity
Value exceedes similarity threshold, then be proved to be successful, if Similarity value is not less than similarity threshold, authentication failed.
Further, in one embodiment, the method for above-mentioned protection account number safety also includes:Obtain according to account mark
Know mobile communication mark and password protection problem and the answer of typing;Account mark and the mobile communication mark and password of typing are asked
Topic and answer upload are stored to certificate server;The verification mode also includes password protection problem and/or is identified to mobile communication
When sending dynamic code, the checking information includes the answer of password protection problem input and/or the dynamic code of input.
When sensitive operation is carried out to account number mark, there is provided verification mode, the verification mode is believed including user biological feature
Breath and/or identity document Information Authentication, because user biological characteristic information and identity document information belong to people belonging to account number mark
Special certificate, other people are difficult to steal or replicate, and improve the security of account number, and steal-number person can be recognized accurately;With reference to other
Verification mode is verified that security is higher.
Figure 14 be one embodiment in give for change account number method flow chart.As shown in figure 14, a kind of side for giving account number for change
Method, runs on certificate server 120, with reference to Fig. 6 B, comprises the following steps:
Account number request is given in step 1402, reception for change.
Step 1404, account number mark and corresponding user biological characteristic information and identity are obtained in giving account number request for change from this
Certificate information.
Step 1406, according to certification and the account number mark for storing, user biological characteristic information and identity document information
The user biological characteristic information and identity card of user biological characteristic information and identity document information in real name archives to the upload
Part information verified, is verified result.
Step 1408, transmits verification result to the requestor for initiating to give account number request for change;If the result is logical for checking
Cross, then give account number success for change, if the result is authentication failed, give account number failure for change.
The above-mentioned method for giving account number for change, by by the user biological characteristic information and identity document information of reception with stored
User biological characteristic information and identity document information real name archives in user biological characteristic information and identity document information
Compare, be verified, then give account number for change, recovered account number, looked for by user biological characteristic information and identity document information
Return account number, it is not necessary to remember cost, can quickly give account number for change, and because user biological characteristic information and identity document information belong to account
Number mark belonging to people voucher, it is safe.
In one embodiment, the above-mentioned method for giving account number for change, after step 1402, also includes:Judge that this gives account for change
Number request in whether include user biological characteristic information and identity document information, if so, then from this give for change account number request in obtain
Account number is identified and corresponding user biological characteristic information and identity document information, if it is not, then return to need to provide user biological spy
Reference ceases and identity document information gives account number guidance information for change, then receive upload basis this give the acquisition of account number guidance information for change
User biological characteristic information and identity document information.
By whether judging to give for change during account number is asked comprising user biological characteristic information and identity document information, it is maskable fall
Other give the request that account number is initiated for change, such as fill in phone number, password protection answer mode is initiated gives account number request for change.
In one embodiment, the above-mentioned method for giving account number for change, before reception is given for change the step of account number is asked, also includes
(a1)~(a5):
(a1) the account number mark and corresponding authentication information for uploading are received, the authentication information is believed including user biological feature
Breath, identity document information and user's usage behavior data.
(a2) face is extracted from the identity document information, the face of the extraction is carried out with the user biological characteristic information
Comparison obtains the first Similarity value.
(a3) user's usage behavior data user's history behavioral data corresponding with account mark is compared,
Obtain the second Similarity value.
(a4) authentication result to the authentication information is obtained according to first Similarity value and the second Similarity value.
The step of obtaining the authentication result to the authentication information according to first Similarity value and the second Similarity value includes:
When the first Similarity value is more than first threshold and the second Similarity value is more than Second Threshold, to authentication information certification success,
Otherwise authentification failure.
(a5) if authentication result is certification success, by account number mark, user biological characteristic information and identity document information
Set up corresponding real name archives.
Further, the above-mentioned method for giving account number for change also includes:The user biological characteristic information and/or identity document are believed
Cease and compare with the data stored in Third Party Authentication system, obtain third phase like angle value;According to first Similarity value,
Two Similarity values and third phase determine the authentication result to the authentication information like angle value.
Certification knot to the authentication information is determined like angle value according to first Similarity value, the second Similarity value and third phase
The step of fruit, includes:When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is like degree
When value is more than three threshold values, to authentication information certification success, otherwise authentification failure.
Figure 15 is the flow chart of the method for giving account number in another embodiment for change.As shown in figure 15, with reference to Fig. 6 B, one kind is looked for
The method for returning account number, runs in terminal 110, comprises the following steps:
Step 1502, obtains and is giving the identity document letter of the user biological characteristic information of account number interface collection and scanning for change
Breath.
Step 1504, initiating the account number of giving for change comprising account number mark and user biological characteristic information and identity document information please
Ask.
Step 1506, receives and gives the result that account number request is returned for change according to this, and the result is certificate server
The user's life in real name archives according to certification and the account number mark, user biological characteristic information and the identity document information that store
Thing characteristic information and identity document information are verified to the user biological characteristic information and identity document information of the upload
's;If the result gives account number success for change to be verified, if the result is authentication failed, account number failure is given for change.
The above-mentioned method for giving account number for change, by by the user biological characteristic information and identity document information of reception with stored
User biological characteristic information and identity document information real name archives in user biological characteristic information and identity document information
Compare, be verified, then give account number for change, recovered account number, looked for by user biological characteristic information and identity document information
Return account number, it is not necessary to remember cost, can quickly give account number for change, and because user biological characteristic information and identity document information belong to account
Number mark belonging to people voucher, it is safe.
In one embodiment, the method for giving account number for change is giving the user biological feature of account number interface input for change in acquisition
Before information and identity document information, also including (b1)~(b3):
(b1) user biological characteristic information and identity document information are gathered;
(b2) account number mark and user's usage behavior data are obtained;
(b3) account mark and corresponding authentication information are uploaded to certificate server, the authentication information includes user biological
Characteristic information, identity document information and user's usage behavior data;So that the certificate server by user biological characteristic information with
Biological characteristic or the biological characteristic storehouse for having stored are compared and obtain the first Similarity value in identity document information;The user is made
Corresponding user's history behavioral data is identified with behavioral data and account to be compared, obtain the second Similarity value;According to
First Similarity value and the second Similarity value determine the authentication result to the authentication information;If authentication result is certification success,
Account number mark, user biological characteristic information and identity document information are then set up into corresponding real name archives.
Further, the above-mentioned method for giving account number for change also includes:The user biological characteristic information and/or identity document are believed
Cease and compare with the data stored in Third Party Authentication system, obtain third phase like angle value;According to first Similarity value,
Two Similarity values and third phase determine the authentication result to the authentication information like angle value.
Certification knot to the authentication information is determined like angle value according to first Similarity value, the second Similarity value and third phase
The step of fruit, includes:When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is like degree
When value is more than three threshold values, to authentication information certification success, otherwise authentification failure.
Figure 16 is the flow chart of the method for account anti-theft in one embodiment.As shown in figure 16, with reference to Fig. 8, a kind of account number
Theft preventing method, runs on certificate server 120, comprises the following steps:
Step 1602, receives the sensitive operation request to account number mark, is included in sensitive operation request and initiates sensitive behaviour
The facility information that work is asked.
Specifically, sensitive operation may include login, Modify password, modification communicating number, modification E-mail address, bound device
Deng.
Step 1604, judge initiate the sensitive operation request facility information represented by equipment whether authorisation device.
Specifically, authorisation device refers to the equipment that there is binding relationship with account number mark.Binding relationship refers to by account number mark
Know and set up corresponding relation with device identification.
Step 1606, if the equipment is authorisation device, according to the level of security of sensitive operation in sensitive operation request
Corresponding verification mode is obtained, the verification mode is sent to the requestor for initiating sensitive operation request.
Step 1608, receives the checking information uploaded according to the verification mode.
Step 1610, the checking information is tested upload by the checking information for having stored corresponding to the verification mode
Card information carries out checking and is verified result;If the result allows this sensitive operation to be verified, if checking knot
Fruit is authentication failed, then refuse this sensitive operation;The verification mode includes that user biological characteristic information is verified and/or identity
Certificate information is verified;The checking information is corresponding with the verification mode.
Step 1612, if the equipment is not authorisation device, returns to the prompting letter that sensitive operation is carried out in authorisation device
Breath.
Whether the method for above-mentioned account anti-theft, be authorisation device by the equipment for judging to initiate sensitive operation request, if
Authorisation device, then level of security according to sensitive operation corresponding verification mode, the checking according to corresponding to verification mode are provided
Information is verified to the checking information for uploading, and after being verified, it is allowed to this sensitive operation, authentication failed then refuses this
Secondary sensitive operation, if equipment is not authorisation device, sends prompt message, and prompting carries out sensitive operation in authorisation device,
Unsafe entrance is shielded, the security of account number is improve, prevents account number to be stolen.
In other embodiments, step 1604 and step 1612 be may not include.
In one embodiment, the antitheft method of account, is receiving the sensitive operation request to account number mark, the sensitivity
Before the step of in operation requests comprising the facility information for initiating sensitive operation request, also including (c1)~(c5):
(c1) the account number mark and corresponding authentication information for uploading are received, the authentication information is believed including user biological feature
Breath, identity document information and user's usage behavior data;
(c2) face is extracted from the identity document information, the face of the extraction is carried out with the user biological characteristic information
Comparison obtains the first Similarity value;
(c3) user's usage behavior data user's history behavioral data corresponding with account mark is compared,
Obtain the second Similarity value;
(c4) when the first Similarity value is more than first threshold and the second Similarity value is more than Second Threshold, the certification is believed
Breath certification success, otherwise authentification failure;
(c5) if authentication result is certification success, by account number mark, user biological characteristic information and identity document information
Set up corresponding real name archives.
Further, in one embodiment, the method for above-mentioned account anti-theft also includes:By the user biological characteristic information
Compare with the data stored in Third Party Authentication system, obtain third phase like angle value;
When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is more than like angle value
During three threshold values, to authentication information certification success, otherwise authentification failure.
Figure 17 is the flow chart of the method for account anti-theft in another embodiment.As shown in figure 17, with reference to Fig. 8, a kind of account
Number theft preventing method, runs in terminal, comprises the following steps:
Step 1702, initiates the sensitive operation request to account number mark, is included in sensitive operation request and initiated to account number
The facility information of the sensitive operation request of mark.
Step 1704, if equipment is authorisation device, receive return according to sensitive operation in sensitive operation request
Verification mode corresponding to level of security.
Specifically, authorisation device refers to the equipment that there is binding relationship with account number mark, will account number mark and equipment mark
Corresponding relation is set up in knowledge.
Step 1706, obtains the checking information gathered according to the verification mode.
Step 1708, certificate server is uploaded to by the checking information of collection.
Step 1710, receives the certificate server by the checking information for having stored corresponding to the verification mode to uploading
Checking information verify the result for obtaining;If the result allows this sensitive operation to be verified, if
The result is authentication failed, then refuse this sensitive operation;The verification mode include user biological characteristic information checking and/
Or identity document Information Authentication;The checking information is corresponding with the verification mode.
Step 1712, if equipment is not authorisation device, receiving and being illustrated in carries out carrying for sensitive operation in authorisation device
Show information.
Whether the method for above-mentioned account anti-theft, be authorisation device by the equipment for judging to initiate sensitive operation request, if
Authorisation device, then receive the corresponding verification mode provided according to the level of security of sensitive operation, is tested according to verification mode collection
Card information, and upload checking information and verified, after being verified, it is allowed to this sensitive operation, authentication failed, then refusal this
Secondary sensitive operation, if equipment is not authorisation device, sends prompt message, and prompting carries out sensitive operation in authorisation device,
Unsafe entrance is shielded, the security of account number is improve, prevents account number to be stolen.
In other embodiments, step 1712 can be omitted.
Figure 18 is the structured flowchart of the device of protection account number safety in one embodiment.As shown in figure 18, a kind of protection account
The device of number safety, corresponding to the virtual bench protected in Figure 10 constructed by the method for account number safety, including receiver module 1802,
Comparing module 1804, comparison module 1806, authentication result obtain module 1808 and relation sets up module 1810.Wherein:
Receiver module 1802 is used to receive the account number mark and corresponding authentication information of upload, and the authentication information includes user
Biological information, identity document information and user's usage behavior data.
Comparing module 1804 is used for user biological characteristic information with biological characteristic in identity document information or the life for having stored
Thing feature database is compared and obtains the first Similarity value;
Comparison module 1806 is used for user's usage behavior data and the corresponding user's history behavior of account mark
Data are compared, and obtain the second Similarity value.
Authentication result obtains module 1808 for being obtained to the certification according to first Similarity value and the second Similarity value
The authentication result of information.
In the present embodiment, authentication result obtain module 1808 for when the first Similarity value more than first threshold and the second phase
When being more than Second Threshold like angle value, to authentication information certification success, otherwise authentification failure.
If it is certification success that relation sets up module 1810 for authentication result, by account number mark, user biological feature letter
Breath and identity document information set up corresponding real name archives.
Comparing module 1804 is additionally operable to the user biological characteristic information and/or identity document information and Third Party Authentication system
The data stored in system are compared, and obtain third phase like angle value.
Authentication result obtains module 1808 to be used for according to first Similarity value, the second Similarity value and third phase like angle value
Obtain the authentication result to the authentication information.
Specifically, authentication result obtains module 1808 when the first Similarity value is big more than first threshold, the second Similarity value
When Second Threshold and third phase are more than three threshold values like angle value, to authentication information certification success, otherwise authentification failure.
In one embodiment, the device of above-mentioned protection account number safety may include receiver module 1802, comparing module 1804,
Authentication result obtains module 1808 and relation sets up module 1810.
Receiver module 1802 is used to receive the account number mark and corresponding authentication information of upload, and the authentication information includes user
Biological information and identity document information.
Comparing module 1804 is used for user biological characteristic information with biological characteristic in identity document information or the life for having stored
Thing feature database is compared and obtains the first Similarity value.
Authentication result obtains module 1808 for obtaining the authentication result to the authentication information according to first Similarity value.
If it is certification success that relation sets up module 1810 for authentication result, by account number mark, user biological feature letter
Breath and identity document information set up corresponding real name archives.
Authentication result obtains module 1808 for obtaining the certification knot to the authentication information according to first Similarity value
Really.
In one embodiment, the device of above-mentioned protection account number safety, may also include operation requests receiver module, authentication
Formula returns to module, checking information receiver module and authentication module.
Operation requests receiver module is used to receive the sensitive operation request to account number mark.
Verification mode returns to module to be used to obtain corresponding according to the level of security of sensitive operation in sensitive operation request
Verification mode, the verification mode is sent to the requestor for initiating the sensitive operation request.
Checking information receiver module is used to receive the checking information uploaded according to the verification mode.
Authentication module, for being entered to the checking information for uploading by the checking information for having stored corresponding to the verification mode
Row checking is verified result.
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;Verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking
Information is corresponding with the verification mode.
Memory module is used to receiving and storing the mobile communication mark for identifying typing according to the account number, and according to described
Password protection problem and answer that account number mark is set.
The verification mode also includes password protection problem and/or sends dynamic code to mobile communication mark;The checking information includes
The answer being input into according to the password protection problem and/or the dynamic code of input.
Figure 19 is the structured flowchart of the device of protection account number safety in another embodiment.As shown in figure 19, a kind of protection
The device of account number safety, including acquisition module 1902, data obtaining module 1904 and uploading module 1906.Wherein:
Acquisition module 1902 is used to gather user biological characteristic information and identity document information.
Data obtaining module 1904 is used to obtain account number mark and user's usage behavior data.
Uploading module 1906 is used to upload account mark and corresponding authentication information to certificate server, the authentication information
Comprising user biological characteristic information, identity document information and user's usage behavior data;So that the certificate server gives birth to user
Thing characteristic information is compared with biological characteristic in the identity document information or the biological characteristic storehouse for having stored and obtains the first phase
Like angle value;User's usage behavior data user's history behavioral data corresponding with account mark is compared, is obtained
Second Similarity value;The authentication result to the authentication information is determined according to first Similarity value and the second Similarity value;If recognizing
Card result is certification success, then account number mark, user biological characteristic information and identity document information are set up into corresponding real name shelves
Case.
In one embodiment, the device of above-mentioned protection account number safety also includes that operation acquisition module, operation requests are initiated
Module, verification mode receiver module, checking information acquisition module, checking information uploading module, the result receiver module, password protection
Data obtaining module and encrypted message uploading module.
Operation acquisition module is used to obtain the sensitive operation to account number mark;
Operation requests initiation module is used to be sent to certificate server according to the sensitive operation the sensitive behaviour identified to account number
Ask;
Verification mode receiver module is used to receive the safe level according to sensitive operation in sensitive operation request for returning
Not corresponding verification mode;
Checking information acquisition module is used to obtain the checking information gathered according to the verification mode;
Checking information uploading module is used to for the checking information of collection to upload to certificate server;
The result receiver module is used to receive the certificate server by having stored corresponding to the verification mode
Checking information verify the result for obtaining to the checking information for uploading;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;It is described to test
Card information is corresponding with the verification mode.
Password protection data obtaining module be used for obtain according to account identify typing mobile communication mark and password protection problem and
Answer;
Password protection information uploading module is used for the mobile communication mark and cryptographic problem by account number mark and typing and answers
Case uploads to certificate server and is stored;
When the verification mode also includes password protection problem and/or sends dynamic code to mobile communication mark, the checking information bag
Include the answer of password protection problem input and/or the dynamic code of input.
Figure 20 be one embodiment in give for change account number device structured flowchart.As shown in figure 20, a kind of account number given for change
Device, runs on certificate server 120, including gives account number request receiving module 2002, extraction module 2004, authentication module for change
2006 and sending module 2008.
Give account number request receiving module 2002 for change and give account number request for change for reception.
Extraction module 2004 is used to obtain account number mark and corresponding user biological feature letter in giving account number request for change from this
Breath and identity document information.Authentication module 2006 is used for account number mark, user biological characteristic information according to certification and storage
With the user biological characteristic information and identity document information in the real name archives of identity document information to the user biological of the upload
Characteristic information and identity document information verified, is verified result.
Sending module 2008 is used for the requestor for transmitting verification result to initiate to give account number request for change;If the result is
It is verified, then gives account number success for change, if the result is authentication failed, gives account number failure for change.
As shown in figure 20, the above-mentioned device for giving account number for change also includes judge module 2010.
Judge module 2010 is used to judge that whether this is given for change during account number is asked comprising user biological characteristic information and identity card
Part information, if so, then extraction module 2004 obtains account number mark and corresponding user biological feature in giving account number request for change from this
Information and identity document information, if it is not, then the return of sending module 2008 needs to provide user biological characteristic information and identity document
Information gives account number guidance information for change, then by give for change account number request receiving module 2002 receive upload basis this give account number for change and draw
Lead the user biological characteristic information and identity document information of acquisition of information.
The above-mentioned device for giving account number for change also include receiver module, comparing module, comparison module, authentication result obtain module and
Relation sets up module.
Receiver module was used for before account number request is given in reception for change, received the account number mark and corresponding certification letter for uploading
Breath, the authentication information includes user biological characteristic information, identity document information and user's usage behavior data;
Comparing module is used for user biological characteristic information and biological characteristic in the identity document information or has stored
Compare and obtain the first Similarity value in biological characteristic storehouse;
Comparison module is used for user's usage behavior data user's history behavior number corresponding with account number mark
According to being compared, the second Similarity value is obtained;
Authentication result obtains module for being obtained to the authentication information according to first Similarity value and the second Similarity value
Authentication result;
In the present embodiment, authentication result obtain module for when the first Similarity value more than first threshold and the second similarity
When value is more than Second Threshold, to authentication information certification success, otherwise authentification failure.
If relation set up module for authentication result be certification success, by account number mark, user biological characteristic information and
Identity document information sets up corresponding real name archives.
Authentication result obtains module by the user biological characteristic information and/or identity document information and Third Party Authentication system
The data stored in system are compared, and obtain third phase like angle value;According to first Similarity value, the second Similarity value and
Three Similarity values determine the authentication result to the authentication information.
When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is more than like angle value
During three threshold values, to authentication information certification success, otherwise authentification failure.
Figure 21 is the structured flowchart of the device for giving account number in another embodiment for change.As shown in figure 21, one kind gives account number for change
Device, run in terminal, including give account acquisition module 2102 for change, give account number request for change and initiation module 2104 and look for
Return account number result receiver module 2106.Wherein:
Give for change account acquisition module 2102 for obtain giving for change account number interface gather user biological characteristic information
With the identity document information of scanning;
Giving account number request initiation module 2104 for change is used to initiate comprising account number mark and user biological characteristic information and identity
The account number of giving for change of certificate information is asked;
Give for change account number result receiver module 2106 for receive according to this give for change account number request return the result, this is tested
Card result be certificate server identified according to the account number of certification and storage, user biological characteristic information and identity document information
The user biological characteristic information and identity card of user biological characteristic information and identity document information in real name archives to the upload
Part information carries out verifying what is obtained.
If the result gives account number success for change to be verified, if the result is authentication failed, account number mistake is given for change
Lose.
In one embodiment, the above-mentioned device for giving account number for change also includes acquisition module, data obtaining module and uploads mould
Block.
Acquisition module is used to gather user biological characteristic information and identity document information.
Data obtaining module is used to obtain account number mark and user's usage behavior data.
Uploading module is used to upload the account number mark and corresponding authentication information to certificate server, the authentication information bag
Characteristic information containing user biological, identity document information and user's usage behavior data;So that the certificate server is by user biological
Characteristic information is compared to biological characteristic in the identity document information or the biological characteristic storehouse for having stored, and to obtain first similar
Angle value;User's usage behavior data and the corresponding user's history behavioral data of account mark are compared, the is obtained
Two Similarity values;The authentication result to the authentication information is determined according to first Similarity value and the second Similarity value;If certification
Result is certification success, then account number mark, user biological characteristic information and identity document information are set up into corresponding real name archives.
Figure 22 is the structured flowchart of the device of account anti-theft in one embodiment.As shown in figure 22, a kind of account anti-theft dress
Put, including operation requests receiver module 2202, judge module 2204, verification mode return to module 2206, checking information and receive mould
Block 2208, antitheft authentication module 2210 and prompt message return to module 2212.Wherein:
Operation requests receiver module 2202 is used to receive the sensitive operation request to account number mark, in sensitive operation request
Comprising the facility information for initiating sensitive operation request;
Whether the equipment that judge module 2204 is used to judge to initiate represented by the facility information of sensitive operation request authorizes
Equipment;
If it is authorisation device that verification mode return to module 2206 be used to the equipment, according to sensitive in sensitive operation request
The level of security of operation obtains corresponding verification mode, and the verification mode is sent into account identifies corresponding user;
Checking information receiver module 2208 is used to receive the checking information uploaded according to the verification mode;
Antitheft authentication module 2210 is used to believe the checking information by the checking for having stored corresponding to the verification mode
Breath carries out checking and is verified result to the checking information for uploading;If the result allows this sensitivity to be verified
Operation, if the result is authentication failed, refuses this sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information with
Verification mode correspondence.
If prompt message return module 2212 be used for the equipment not be authorisation device, return carried out in authorisation device it is quick
Feel the prompt message of operation.
In other embodiments, the device of above-mentioned account anti-theft may include operation requests receiver module 2202, verification mode
Return to module 2206, checking information receiver module 2208 and antitheft authentication module 2210.
The device of above-mentioned account anti-theft also include receiver module, comparing module, comparison module, authentication result obtain module and
Relation sets up module.
Receiver module is used to receive the sensitive operation request to account number mark, quick comprising initiating in sensitive operation request
Before feeling the facility information of operation requests, the account number mark and corresponding authentication information for uploading are received, the authentication information includes using
Family biological information, identity document information and user's usage behavior data;
Comparing module is used for biological characteristic in user biological characteristic information and identity document information or the biology for having stored
Feature database is compared and obtains the first Similarity value;
Comparison module is used for user's usage behavior data user's history behavior number corresponding with account number mark
According to being compared, the second Similarity value is obtained;
Authentication result obtains module for being obtained to the authentication information according to first Similarity value and the second Similarity value
Authentication result;
In the present embodiment, authentication result obtain module for when the first Similarity value more than first threshold and the second similarity
When value is more than Second Threshold, to authentication information certification success, otherwise authentification failure.
If relation set up module for authentication result be certification success, by account number mark, user biological characteristic information and
Identity document information sets up corresponding real name archives.
Authentication result obtains module by user biological characteristic information and/or identity document information and Third Party Authentication system
The data of storage are compared, and obtain third phase like angle value;According to first Similarity value, the second Similarity value and third phase
Determine the authentication result to the authentication information like angle value.
When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is more than like angle value
During three threshold values, to authentication information certification success, otherwise authentification failure.
Figure 23 is the structured flowchart of the device of account anti-theft in another embodiment.As shown in figure 23, a kind of account anti-theft
Device, including operation requests initiation module 2302, verification mode receiver module 2304, checking information acquisition module 2306, checking
Information uploading module 2308, the result receiver module 2310 and prompt message receiver module 2312.
Operation requests initiation module 2302 is used to initiate the sensitive operation request to account number mark, in sensitive operation request
Comprising the facility information initiated to the sensitive operation request of account number mark;
If it is authorisation device that verification mode receiver module 2304 is used for equipment, being asked according to the sensitive operation for return is received
Seek the verification mode corresponding to the level of security of sensitive operation;
Checking information acquisition module 2306 is used to obtain the checking information gathered according to the verification mode;
Checking information uploading module 2308 is used to for the checking information of collection to upload to certificate server;
The result receiver module 2310 is used to receive the certificate server by the storage corresponding to the verification mode
Checking information to upload checking information verify the result for obtaining;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse
This sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information with
Verification mode correspondence;
If it is not authorisation device that prompt message receiver module 2312 is used for equipment, receives and to be illustrated in authorisation device enterprising
The prompt message of row sensitive operation.
In other embodiments, a kind of account anti-theft device, including operation requests initiation module 2302, verification mode is received
Module 2304, checking information acquisition module 2306, checking information uploading module 2308, the result receiver module 2310 and prompting
Any possible combination of information receiving module 2312.
Figure 24 is the internal structure schematic diagram of terminal in one embodiment.As shown in figure 24, the terminal includes passing through system
Processor, storage medium, internal memory, network interface, image collecting device, display screen and input unit that bus is connected.Wherein, eventually
The storage medium at end is stored with operating system, also including a kind of device for protecting account number safety, the device and account number of giving account number for change
Antitheft device, the device of protection account number safety is used for the method for realizing protection account number safety, and the device for giving account number for change is realized looking for
The method for returning account number, the device of account anti-theft realizes the method for account anti-theft.The processor is used to provide calculating and control ability,
Support the operation of whole terminal.The safe device of the protection account number in storage medium is saved as in terminal, giving the dress of account number for change
Put and provide environment with the operation of the device of account anti-theft, network interface is used to carry out network service with server, such as sends certification
Authentication result that request is returned to server, the reception server etc..Image collecting device is used to gather user biological characteristic information
With identity document information.The display screen of terminal can be LCDs or electric ink display screen etc., and input unit can be with
It is button, trace ball or the Trackpad, or outer set on the touch layer, or terminal enclosure covered on display screen
Keyboard, Trackpad or mouse for connecing etc..The terminal can be mobile phone, panel computer or personal digital assistant.Art technology
Personnel are appreciated that the structure shown in Figure 24, and only the block diagram of the part-structure related to application scheme, is not constituted
The restriction of the terminal being applied thereon to application scheme, specific terminal can include more more or less than shown in figure
Part, or some parts are combined, or arranged with different parts.
Figure 25 is the internal structure schematic diagram of certificate server in one embodiment.As shown in figure 25, the server includes
Processor, storage medium, internal memory and the network interface connected by system bus.Wherein, the storage medium storage of the server
There is the safe device of operating system, database, protection account number, the device of account number and the device of account anti-theft are given for change, in database
The account number that is stored with mark, user biological characteristic information and identity document information.The processor of the server be used for provide calculate and
Control ability, supports the operation of whole server.The device of the interior protection account number safety saved as in storage medium of the server,
The operation for giving the device of account number and the device of account anti-theft for change provides environment.The network interface of the server be used for according to this with outside
Terminal by network connection communicate, such as receiving terminal send certification request and to terminal return authentication result etc..Clothes
Business device can with independent server or multiple server groups into server cluster realize.Those skilled in the art can
To understand, the structure shown in Figure 25, only the block diagram of the part-structure related to application scheme, is not constituted to this Shen
Please the restriction of server that is applied thereon of scheme, specific server can include than more or less portion shown in figure
Part, or some parts are combined, or arranged with different parts.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, can be
The hardware of correlation is instructed to complete by computer program, described program can be stored in a non-volatile computer and can read
In storage medium, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage is situated between
Matter can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) etc..
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, but simultaneously
Therefore the limitation to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that for one of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Shield scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (32)
1. a kind of method of account anti-theft, comprises the following steps:
The sensitive operation request to account number mark is received, comprising the equipment for initiating sensitive operation request in the sensitive operation request
Information;
If the equipment represented by the facility information for initiating the sensitive operation request is authorisation device, according to the sensitivity
The level of security of sensitive operation obtains corresponding verification mode in operation requests, and it is described quick that the verification mode is sent into initiation
Feel the requestor of operation requests;
Receive the checking information uploaded according to the verification mode;
The checking information is entered by the checking information for having stored corresponding to the verification mode to the checking information for uploading
Row checking is verified result;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this
Sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document information;The checking information with it is described
Verification mode correspondence.
2. method according to claim 1, it is characterised in that receiving the sensitive operation request to account number mark, it is described
Before the step of in sensitive operation request comprising the facility information for initiating sensitive operation request, methods described also includes:
The account number mark and corresponding authentication information for uploading are received, the authentication information includes user biological characteristic information, identity
Certificate information and user's usage behavior data;
The user biological characteristic information is entered with biological characteristic in the identity document information or the biological characteristic storehouse for having stored
Row comparison obtains the first Similarity value;
User's usage behavior data user's history behavioral data corresponding with account number mark is compared, is obtained
Second Similarity value;
When the first Similarity value is more than first threshold and the second Similarity value is more than Second Threshold, to the authentication information certification
Success, otherwise authentification failure;
It is if authentication result is certification success, account number mark, user biological characteristic information is corresponding with the foundation of identity document information
Real name archives.
3. method according to claim 2, it is characterised in that methods described also includes:
The user biological characteristic information and/or identity document information are compared with the data of storage in Third Party Authentication system
It is right, third phase is obtained like angle value;
When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is more than the 3rd like angle value
During threshold value, to authentication information certification success, otherwise authentification failure.
4. a kind of method of account anti-theft, it is characterised in that comprise the following steps:
The sensitive operation request to account number mark is initiated, comprising the sensitive behaviour initiated to account number mark in the sensitive operation request
The facility information that work is asked;
If equipment is authorisation device, the level of security institute according to sensitive operation in sensitive operation request for returning is received right
The verification mode answered;
Obtain the checking information gathered according to the verification mode;
The checking information of collection is uploaded into certificate server;
Checking of the certificate server by the checking information for having stored corresponding to the verification mode to uploading is received to believe
Breath verify the result for obtaining;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this
Sensitive operation;
The verification mode includes user biological characteristic information and/or identity document Information Authentication;The checking information with it is described
Verification mode correspondence.
5. it is a kind of protect account number safety method, it is characterised in that comprise the following steps:
The account number mark and corresponding authentication information for uploading are received, the authentication information includes user biological characteristic information and identity
Certificate information;
The user biological characteristic information is entered with biological characteristic in the identity document information or the biological characteristic storehouse for having stored
Row comparison obtains the first Similarity value;
The authentication result to the authentication information is obtained according to first Similarity value;
It is if authentication result is certification success, account number mark, user biological characteristic information is corresponding with the foundation of identity document information
Real name archives.
6. method according to claim 5, it is characterised in that the user biological characteristic information is the face figure for shooting
Picture;It is described that the user biological characteristic information and biological characteristic in the identity document information compared to obtain first similar
Angle value, including:
Facial image is extracted from the identity document information;
The facial image of the shooting is compared with the facial image in the identity document information, the first similarity is obtained
Value.
7. method according to claim 5, it is characterised in that methods described also includes:By user biological feature letter
Cease and compare with the data stored in Third Party Authentication system, obtain third phase like angle value;
The authentication result to the authentication information is obtained like angle value according to first Similarity value and third phase.
8. method according to claim 7, it is characterised in that the user biological characteristic information is the face figure for shooting
Picture;Methods described also includes:
Facial image is extracted from the identity document information;
The facial image of the shooting is compared with the facial image in the identity document information, the first similarity is obtained
Value;
Corresponding facial image is found from Third Party Authentication system according to the identity document information, by the people of the shooting
Face image is compared with facial image corresponding with the identity document information is found in the Third Party Authentication system,
Third phase is obtained like angle value.
9. method according to claim 5, it is characterised in that the authentication information includes user behavior data;
Methods described also includes:
User's usage behavior data user's history behavioral data corresponding with account number mark is compared, is obtained
Second Similarity value;
The authentication result to the authentication information is obtained according to first Similarity value and the second Similarity value.
10. method according to claim 9, it is characterised in that described similar according to first Similarity value and second
The step of angle value obtains the authentication result to the authentication information includes:
When the first Similarity value is more than first threshold and the second Similarity value is more than Second Threshold, to the authentication information certification
Success, otherwise authentification failure.
11. methods according to claim 9, it is characterised in that methods described also includes:
The user biological characteristic information and/or identity document information are compared with the data of storage in Third Party Authentication system
It is right, third phase is obtained like angle value;
Certification knot to the authentication information is obtained like angle value according to first Similarity value, the second Similarity value and third phase
Really.
12. methods according to claim 11, it is characterised in that according to first Similarity value, the second Similarity value
The step of obtaining the authentication result to the authentication information like angle value with third phase includes:
When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is more than the 3rd like angle value
During threshold value, to authentication information certification success, otherwise authentification failure.
13. methods according to claim 5, it is characterised in that methods described also includes:
Receive the sensitive operation request to account number mark;
Level of security according to sensitive operation in sensitive operation request obtains corresponding verification mode, by the verification mode
It is sent to the requestor for initiating the sensitive operation request;
Receive the checking information uploaded according to the verification mode;
Checking is carried out by the checking information for having stored corresponding to the verification mode to the checking information for uploading to be verified
As a result;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this
Sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information with
The verification mode correspondence.
14. methods according to claim 13, it is characterised in that methods described also includes:
The mobile communication mark that typing is identified according to the account number is received and stores, and according to the close of account number mark setting
Guarantor's problem and answer;
The verification mode also includes password protection problem and/or sends dynamic code to mobile communication mark;The checking information includes
The answer being input into according to the password protection problem and/or the dynamic code of input.
15. methods according to claim 13, it is characterised in that methods described also includes:
Whether the equipment for judging to initiate represented by the facility information of the sensitive operation request is authorisation device;
If the equipment represented by the facility information for initiating the sensitive operation request is authorisation device, according to the sensitivity
The level of security of sensitive operation obtains corresponding verification mode in operation requests, and it is described quick that the verification mode is sent into initiation
Feel the requestor of operation requests;
If the equipment is not authorisation device, the prompt message that sensitive operation is carried out in authorisation device is returned.
A kind of 16. methods for protecting account number safety, it is characterised in that comprise the following steps:
Collection user biological characteristic information and identity document information;
Obtain account number mark and user's usage behavior data;
The account number mark and corresponding authentication information are uploaded to certificate server, the authentication information includes user biological feature
Information, identity document information and user's usage behavior data;
So that the certificate server extracts face from the identity document information, by the user biological characteristic information and
Biological characteristic is compared and obtains the first Similarity value in the biological characteristic or identity document information of storage;The user is used
The behavioral data user's history behavioral data corresponding with account number mark is compared, and obtains the second Similarity value;According to
First Similarity value and the second Similarity value determine the authentication result to the authentication information;If authentication result be certification into
Work(, then set up corresponding real name archives by account number mark, user biological characteristic information and identity document information.
17. methods according to claim 16, it is characterised in that methods described also includes:
Obtain the sensitive operation to account number mark;
Sent to certificate server according to the sensitive operation and the sensitive operation that account number is identified is asked;
Receive the verification mode according to corresponding to the level of security of sensitive operation in sensitive operation request for returning;
Obtain the checking information gathered according to the verification mode;
The checking information of collection is uploaded into the certificate server;
Checking of the certificate server by the checking information for having stored corresponding to the verification mode to uploading is received to believe
Breath verify the result for obtaining;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this
Sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information with
The verification mode correspondence.
18. methods according to claim 17, it is characterised in that methods described also includes:
Obtain mobile communication mark and password protection problem and the answer that typing is identified according to the account number;
Account number mark and the mobile communication mark and cryptographic problem and answer upload of typing are deposited to certificate server
Storage;
When the verification mode also includes password protection problem and/or sends dynamic code to mobile communication mark, the checking information bag
Include the answer of password protection problem input and/or the dynamic code of input.
A kind of 19. methods for giving account number for change, it is characterised in that comprise the following steps:
Account number request is given in reception for change;
Account number mark and corresponding user biological characteristic information and identity document information are obtained from described giving for change during account number is asked;
According to user biological characteristic information corresponding with account number mark in real name archives and identity document information on described
The user biological characteristic information and identity document information of biography verified, is verified result;
Transmit verification result to the requestor for initiating to give account number request for change;
If the result gives account number success for change to be verified, if the result is authentication failed, account number failure is given for change.
20. methods according to claim 19, it is characterised in that after the reception is given for change the step of account number is asked,
Methods described also includes:
Whether given for change described in judging during account number is asked comprising user biological characteristic information and identity document information, if so, then from institute
State and give acquisition account number mark and corresponding user biological characteristic information and identity document information in account number request for change, if it is not, then returning
Return need to provide user biological characteristic information and identity document information give account number guidance information for change, then receive upload according to institute
State the user biological characteristic information and identity document information for giving the acquisition of account number guidance information for change.
21. methods according to claim 19, it is characterised in that before the reception is given for change the step of account number is asked,
Methods described also includes:
The account number mark and corresponding authentication information for uploading are received, the authentication information includes user biological characteristic information, identity
Certificate information and user's usage behavior data;
The user biological characteristic information is entered with biological characteristic in the identity document information or the biological characteristic storehouse for having stored
Row comparison obtains the first Similarity value;
User's usage behavior data user's history behavioral data corresponding with account number mark is compared, is obtained
Second Similarity value;
The authentication result to the authentication information is obtained according to first Similarity value and the second Similarity value;
It is if authentication result is certification success, account number mark, user biological characteristic information is corresponding with the foundation of identity document information
Real name archives.
22. methods according to claim 21, it is characterised in that described similar according to first Similarity value and second
The step of angle value obtains the authentication result to the authentication information includes:
When the first Similarity value is more than first threshold and the second Similarity value is more than Second Threshold, to the authentication information certification
Success, otherwise authentification failure.
23. methods according to claim 21, it is characterised in that methods described also includes:
The user biological characteristic information and/or identity document information are compared with the data of storage in Third Party Authentication system
It is right, third phase is obtained like angle value;
Certification knot to the authentication information is determined like angle value according to first Similarity value, the second Similarity value and third phase
Really.
24. methods according to claim 23, it is characterised in that according to first Similarity value, the second Similarity value
The step of determining the authentication result to the authentication information like angle value with third phase includes:
When the first Similarity value is more than, first threshold, the second Similarity value are more than Second Threshold and third phase is more than the 3rd like angle value
During threshold value, to authentication information certification success, otherwise authentification failure.
A kind of 25. methods for giving account number for change, it is characterised in that comprise the following steps:
Obtain in the user biological characteristic information and the identity document information of scanning for giving the collection of account number interface for change;
The account number of giving for change comprising account number mark and user biological characteristic information and identity document information is initiated to ask;
Receive and give the result that account number request is returned for change according to, the result is certificate server according to certification
And the user biological characteristic information in the real name archives of account number mark, user biological characteristic information and the identity document information for storing
The user biological characteristic information and identity document information of the upload are carried out verifying what is obtained with identity document information;
If the result gives account number success for change to be verified, if the result is authentication failed, account number failure is given for change.
26. methods according to claim 25, it is characterised in that giving the user biological of account number interface collection for change obtaining
Before characteristic information and identity document information, methods described also includes:
Collection user biological characteristic information and identity document information;
Obtain account number mark and user's usage behavior data;
The account number mark and corresponding authentication information are uploaded to certificate server, the authentication information includes user biological feature
Information, identity document information and user's usage behavior data;
So that the certificate server is by the user biological characteristic information and biological characteristic in the identity document information or
Compare and obtain the first Similarity value in the biological characteristic storehouse of storage;User's usage behavior data and the account number are identified
Corresponding user's history behavioral data is compared, and obtains the second Similarity value;According to first Similarity value and second
Similarity value determines the authentication result to the authentication information;If authentication result is certification success, by account number mark, Yong Husheng
Thing characteristic information and identity document information set up corresponding real name archives.
A kind of 27. devices of account anti-theft, it is characterised in that including:
Operation requests receiver module, for receiving the sensitive operation request to account number mark, includes in the sensitive operation request
Initiate the facility information of sensitive operation request;
Verification mode returns to module, if for the equipment represented by the facility information for initiating the sensitive operation request to award
Power equipment, then according to the corresponding verification mode of level of security acquisition of sensitive operation in sensitive operation request, test described
Card mode is sent to the account number and identifies corresponding user;
Checking information receiver module, for receiving the checking information uploaded according to the verification mode;
Antitheft authentication module, for by the checking information by the checking information pair for having stored corresponding to the verification mode
The checking information of upload carries out checking and is verified result;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this
Sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information with
The verification mode correspondence.
A kind of 28. devices of account anti-theft, it is characterised in that including:
Operation requests initiation module, for initiating the sensitive operation request to account number mark, includes in the sensitive operation request
Initiate the facility information to the sensitive operation request of account number mark;
Verification mode receiver module, if being authorisation device for equipment, during what reception was returned asks according to the sensitive operation
Verification mode corresponding to the level of security of sensitive operation;
Checking information acquisition module, for obtaining the checking information gathered according to the verification mode;
Checking information uploading module, for the checking information of collection to be uploaded into certificate server;
The result receiver module, for receiving the certificate server testing by having stored corresponding to the verification mode
Card information verify the result for obtaining to the checking information for uploading;
If the result allows this sensitive operation to be verified, if the result is authentication failed, refuse this
Sensitive operation;
The verification mode includes that user biological characteristic information is verified and/or identity document Information Authentication;The checking information with
The verification mode correspondence.
A kind of 29. devices for protecting account number safe, it is characterised in that including:
Receiver module, for receiving the account number for uploading mark and corresponding authentication information, the authentication information includes user biological
Characteristic information and identity document information;
Comparing module, for by the user biological characteristic information and biological characteristic in the identity document information or having stored
Compare and obtain the first Similarity value in biological characteristic storehouse;
Authentication result obtains module, for obtaining the authentication result to the authentication information according to first Similarity value;
Relation sets up module, if being certification success for authentication result, by account number mark, user biological characteristic information and identity
Certificate information sets up corresponding real name archives.
A kind of 30. devices for protecting account number safe, it is characterised in that including:
Acquisition module, for gathering user biological characteristic information and identity document information;
Data obtaining module, for obtaining account number mark and user's usage behavior data;
Uploading module, for uploading the account number mark and corresponding authentication information to certificate server, the authentication information bag
Characteristic information containing user biological, identity document information and user's usage behavior data;So that the certificate server is by the use
Family biological information is compared with biological characteristic in the identity document information or the biological characteristic storehouse for having stored and obtains
One Similarity value;User's usage behavior data user's history behavioral data corresponding with account number mark is compared
Compared with obtaining the second Similarity value;Determine to recognize the authentication information according to first Similarity value and the second Similarity value
Card result;If authentication result is certification success, account number mark, user biological characteristic information and identity document information are set up right
The real name archives answered.
A kind of 31. devices for giving account number for change, it is characterised in that including:
Give account number request receiving module for change, account number request is given for change for receiving;
Extraction module, for obtaining account number mark and corresponding user biological characteristic information and body from described giving for change during account number is asked
Part certificate information;
Authentication module, for real name archives in user biological characteristic information corresponding with account number mark and identity document letter
Cease and the user biological characteristic information and identity document information of the upload are verified, be verified result;
Sending module, for the requestor for transmitting verification result to initiate to give account number request for change;
If the result gives account number success for change to be verified, if the result is authentication failed, account number failure is given for change.
A kind of 32. devices for giving account number for change, it is characterised in that including:
Give account acquisition module for change, the user biological characteristic information of account number interface collection and scanning are being given for change for obtaining
Identity document information;
Account number request initiation module is given for change, for initiating comprising account number mark and user biological characteristic information and identity document information
Give for change account number request;
Give account number result receiver module for change, give the result that account number request is returned for change according to for receiving, the checking
Result is certificate server according to certification and the reality of the account number mark, user biological characteristic information and the identity document information that store
User biological characteristic information and identity document information in name archives is to the user biological characteristic information and identity card of the upload
Part information carries out verifying what is obtained;
If the result gives account number success for change to be verified, if the result is authentication failed, account number failure is given for change.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510900205.XA CN105553947A (en) | 2015-12-08 | 2015-12-08 | Methods and devices for finding account back, protecting account security and preventing account theft |
| CN201510900205X | 2015-12-08 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106789918A true CN106789918A (en) | 2017-05-31 |
Family
ID=55832883
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510900205.XA Pending CN105553947A (en) | 2015-12-08 | 2015-12-08 | Methods and devices for finding account back, protecting account security and preventing account theft |
| CN201611060402.6A Pending CN106789918A (en) | 2015-12-08 | 2016-11-25 | Give account number, protection account number safety, the method and apparatus of account anti-theft for change |
| CN201611061995.8A Pending CN106789922A (en) | 2015-12-08 | 2016-11-25 | Give account number, the method and apparatus of authentication for change |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510900205.XA Pending CN105553947A (en) | 2015-12-08 | 2015-12-08 | Methods and devices for finding account back, protecting account security and preventing account theft |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611061995.8A Pending CN106789922A (en) | 2015-12-08 | 2016-11-25 | Give account number, the method and apparatus of authentication for change |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN105553947A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107704759A (en) * | 2017-09-30 | 2018-02-16 | 广东欧珀移动通信有限公司 | Control method, device, storage medium and the electronic equipment of sensitive operation |
| CN108985069A (en) * | 2018-06-29 | 2018-12-11 | 深信服科技股份有限公司 | A kind of information processing method, device, terminal and computer readable storage medium |
| CN109214632A (en) * | 2017-07-05 | 2019-01-15 | 阿里巴巴集团控股有限公司 | A kind of risk control method and equipment |
| CN109242489A (en) * | 2018-08-15 | 2019-01-18 | 中国银行股份有限公司 | Authentication mode selection method and device |
| CN111190909A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data credible processing method |
| CN113705506A (en) * | 2021-09-02 | 2021-11-26 | 中国联合网络通信集团有限公司 | Nucleic acid detection method, nucleic acid detection device, nucleic acid detection apparatus, and computer-readable storage medium |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107689936B (en) * | 2016-08-03 | 2021-07-06 | 阿里巴巴集团控股有限公司 | Security verification system, method and device for login account |
| CN107729727B (en) * | 2016-08-11 | 2021-03-02 | 腾讯科技(深圳)有限公司 | Real-name authentication method and device for account |
| CN106293751B (en) * | 2016-08-15 | 2021-02-05 | 华为技术有限公司 | Method for displaying information on terminal equipment and terminal equipment |
| CN107786491A (en) * | 2016-08-24 | 2018-03-09 | 腾讯科技(深圳)有限公司 | account number verification method and device |
| CN107786349B (en) * | 2016-08-24 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Security management method and device for user account |
| CN107800672B (en) * | 2016-09-06 | 2020-12-08 | 腾讯科技(深圳)有限公司 | Information verification method, electronic equipment, server and information verification system |
| CN106358145B (en) * | 2016-09-22 | 2020-02-07 | 中国联合网络通信集团有限公司 | Safe replacement method of reserved mobile phone number and background system of operator |
| CN106506459B (en) * | 2016-10-17 | 2019-08-30 | 北京小米移动软件有限公司 | Identity information verification method and device |
| CN106921655B (en) * | 2017-01-26 | 2021-01-29 | 华为技术有限公司 | Service authorization method and device |
| IT201700034573A1 (en) * | 2017-03-29 | 2018-09-29 | Aliaslab S P A | REMOTE IDENTIFICATION METHOD FOR SIGNING AN ELECTRONIC DOCUMENT |
| CN107257325A (en) * | 2017-05-09 | 2017-10-17 | 北京潘达互娱科技有限公司 | User profile guard method and device |
| CN107196971A (en) * | 2017-07-19 | 2017-09-22 | 中国银行股份有限公司 | Information processing method, device, electronic equipment and server |
| CN109428804B (en) * | 2017-08-28 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Account management method and device |
| CN107528849B (en) * | 2017-09-04 | 2019-11-22 | 马上消费金融股份有限公司 | A kind of method and system for changing password |
| CN109510806B (en) * | 2017-09-15 | 2021-12-24 | 创新先进技术有限公司 | Authentication method and device |
| CN109559759B (en) * | 2017-09-27 | 2021-10-08 | 华硕电脑股份有限公司 | Electronic device with incremental registration unit and method thereof |
| CN107622203B (en) * | 2017-09-30 | 2020-12-22 | Oppo广东移动通信有限公司 | Sensitive information protection method and device, storage medium and electronic equipment |
| CN108288080A (en) * | 2017-12-01 | 2018-07-17 | 国政通科技股份有限公司 | Identity information checking method, device, medium and computing device |
| CN108491701B (en) * | 2018-03-23 | 2020-11-10 | 深圳乐信软件技术有限公司 | Authentication method, device, server and storage medium |
| CN110401621A (en) * | 2018-04-25 | 2019-11-01 | 中国移动通信集团有限公司 | A kind of means of defence of sensitive instructions, equipment and storage medium |
| CN109598251A (en) * | 2018-12-11 | 2019-04-09 | 北京旷视科技有限公司 | Testimony of a witness checking method, device, equipment and system and storage medium |
| CN109686011A (en) * | 2018-12-18 | 2019-04-26 | 维拓智能科技(深圳)有限公司 | The user identification method of self-aided terminal and self-aided terminal |
| CN109960920A (en) * | 2019-03-29 | 2019-07-02 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN110276892A (en) * | 2019-06-26 | 2019-09-24 | 深圳市腾讯计算机系统有限公司 | Self-service method, apparatus, equipment and storage medium |
| CN111786991B (en) * | 2020-06-29 | 2022-06-14 | 深圳赛安特技术服务有限公司 | Block chain-based platform authentication login method and related device |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101226653A (en) * | 2007-01-18 | 2008-07-23 | 中国科学院自动化研究所 | Rapid go-aboard system and method based on id card and biological characteristic recognition technique |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| CN102045367A (en) * | 2011-01-10 | 2011-05-04 | 软库创投(北京)科技有限公司 | Registration method and authentication server of real-name authentication |
| CN102970292A (en) * | 2012-11-20 | 2013-03-13 | 无锡成电科大科技发展有限公司 | Single sign on system and method based on cloud management and key management |
| CN103023921A (en) * | 2012-12-27 | 2013-04-03 | 中国建设银行股份有限公司 | Authentication and access method and authentication system |
| CN103593598A (en) * | 2013-11-25 | 2014-02-19 | 上海骏聿数码科技有限公司 | User online authentication method and system based on living body detection and face recognition |
| CN103929402A (en) * | 2013-01-11 | 2014-07-16 | 深圳市腾讯计算机系统有限公司 | Sensitive operation verification method, terminal device, servers and verification system |
| CN104159225A (en) * | 2014-09-02 | 2014-11-19 | 解芳 | Wireless network based real-name registration system management method and system |
| CN104202339A (en) * | 2014-09-24 | 2014-12-10 | 广西大学 | User behavior based cross-cloud authentication service method |
| CN104239768A (en) * | 2014-09-04 | 2014-12-24 | 深圳市浩方电子商务有限公司 | Personal account information security management system and method based on biologic characteristic information verification |
| CN104298908A (en) * | 2013-07-15 | 2015-01-21 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN104301328A (en) * | 2014-10-29 | 2015-01-21 | 北京思特奇信息技术股份有限公司 | Resource operation safety authentication method and system under cloud calculation environment |
| CN104378343A (en) * | 2014-05-21 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Network account password regain method, device and system |
| CN104573434A (en) * | 2013-10-12 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Account protection method, device and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174948A (en) * | 2006-11-02 | 2008-05-07 | 上海银晨智能识别科技有限公司 | Network login system and method with face authentication |
| US20120096542A1 (en) * | 2010-10-14 | 2012-04-19 | Shea David P | Portable confidential account information management device |
| CN102790674B (en) * | 2011-05-20 | 2016-03-16 | 阿里巴巴集团控股有限公司 | Auth method, equipment and system |
| CN103634120A (en) * | 2013-12-18 | 2014-03-12 | 上海市数字证书认证中心有限公司 | Method and system for real-name authentication based on face recognition |
| CN103853950A (en) * | 2014-03-20 | 2014-06-11 | 深圳市中兴移动通信有限公司 | Authentication method based on mobile terminal and mobile terminal |
-
2015
- 2015-12-08 CN CN201510900205.XA patent/CN105553947A/en active Pending
-
2016
- 2016-11-25 CN CN201611060402.6A patent/CN106789918A/en active Pending
- 2016-11-25 CN CN201611061995.8A patent/CN106789922A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101226653A (en) * | 2007-01-18 | 2008-07-23 | 中国科学院自动化研究所 | Rapid go-aboard system and method based on id card and biological characteristic recognition technique |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
| CN102045367A (en) * | 2011-01-10 | 2011-05-04 | 软库创投(北京)科技有限公司 | Registration method and authentication server of real-name authentication |
| CN102970292A (en) * | 2012-11-20 | 2013-03-13 | 无锡成电科大科技发展有限公司 | Single sign on system and method based on cloud management and key management |
| CN103023921A (en) * | 2012-12-27 | 2013-04-03 | 中国建设银行股份有限公司 | Authentication and access method and authentication system |
| CN103929402A (en) * | 2013-01-11 | 2014-07-16 | 深圳市腾讯计算机系统有限公司 | Sensitive operation verification method, terminal device, servers and verification system |
| CN104298908A (en) * | 2013-07-15 | 2015-01-21 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN104573434A (en) * | 2013-10-12 | 2015-04-29 | 深圳市腾讯计算机系统有限公司 | Account protection method, device and system |
| CN103593598A (en) * | 2013-11-25 | 2014-02-19 | 上海骏聿数码科技有限公司 | User online authentication method and system based on living body detection and face recognition |
| CN104378343A (en) * | 2014-05-21 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Network account password regain method, device and system |
| CN104159225A (en) * | 2014-09-02 | 2014-11-19 | 解芳 | Wireless network based real-name registration system management method and system |
| CN104239768A (en) * | 2014-09-04 | 2014-12-24 | 深圳市浩方电子商务有限公司 | Personal account information security management system and method based on biologic characteristic information verification |
| CN104202339A (en) * | 2014-09-24 | 2014-12-10 | 广西大学 | User behavior based cross-cloud authentication service method |
| CN104301328A (en) * | 2014-10-29 | 2015-01-21 | 北京思特奇信息技术股份有限公司 | Resource operation safety authentication method and system under cloud calculation environment |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109214632A (en) * | 2017-07-05 | 2019-01-15 | 阿里巴巴集团控股有限公司 | A kind of risk control method and equipment |
| CN109214632B (en) * | 2017-07-05 | 2022-01-28 | 创新先进技术有限公司 | Risk control method and equipment |
| CN107704759A (en) * | 2017-09-30 | 2018-02-16 | 广东欧珀移动通信有限公司 | Control method, device, storage medium and the electronic equipment of sensitive operation |
| CN108985069A (en) * | 2018-06-29 | 2018-12-11 | 深信服科技股份有限公司 | A kind of information processing method, device, terminal and computer readable storage medium |
| CN109242489A (en) * | 2018-08-15 | 2019-01-18 | 中国银行股份有限公司 | Authentication mode selection method and device |
| CN109242489B (en) * | 2018-08-15 | 2020-08-25 | 中国银行股份有限公司 | Authentication mode selection method and device |
| CN111190909A (en) * | 2019-05-17 | 2020-05-22 | 延安大学 | Data credible processing method |
| CN113705506A (en) * | 2021-09-02 | 2021-11-26 | 中国联合网络通信集团有限公司 | Nucleic acid detection method, nucleic acid detection device, nucleic acid detection apparatus, and computer-readable storage medium |
| CN113705506B (en) * | 2021-09-02 | 2024-02-13 | 中国联合网络通信集团有限公司 | Nucleic acid detection method, apparatus, device, and computer-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105553947A (en) | 2016-05-04 |
| CN106789922A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789918A (en) | Give account number, protection account number safety, the method and apparatus of account anti-theft for change | |
| US11962702B2 (en) | Biometric sensor | |
| Dasgupta et al. | Advances in user authentication | |
| CN108804884B (en) | Identity authentication method, identity authentication device and computer storage medium | |
| CN104036177B (en) | Intelligent terminal unlocked by fingerprint device and method | |
| US6687390B2 (en) | System for and method of web signature recognition system based on object map | |
| Jain et al. | Biometrics: a tool for information security | |
| CN108134791A (en) | A kind of data center's total management system login validation method | |
| CN107506634A (en) | Display methods, device, storage medium and the terminal of data | |
| CN107370770A (en) | Login method, apparatus and system | |
| US9202035B1 (en) | User authentication based on biometric handwriting aspects of a handwritten code | |
| US20200250297A1 (en) | Authentication system, authentication device, authentication method, and program | |
| EP3786820B1 (en) | Authentication system, authentication device, authentication method, and program | |
| RU2365047C2 (en) | Method of forming of electronic documents and device for its realisation | |
| Chuah et al. | The Assistance of Eye Blink Detection for Two-Factor Authentication | |
| Ara et al. | An efficient privacy-preserving user authentication scheme using image processing and blockchain technologies | |
| Goicoechea-Telleria et al. | Attack potential evaluation in desktop and smartphone fingerprint sensors: can they be attacked by anyone? | |
| Olorunsola et al. | Assessment of privacy and security perception of biometric technology case study of Kaduna state tertiary academic institutions | |
| Batool et al. | Biometric authentication in cloud computing | |
| JP4286069B2 (en) | Authentication card | |
| Le Bouder et al. | Theoretical security evaluation of the Human Semantic Authentication protocol | |
| JP6907426B1 (en) | Authentication system, authentication method, and program | |
| KR100515683B1 (en) | System and method for registrating and identifiying a person by clicking password points in a image | |
| Guillén-Gámez et al. | Facial Authentication as A Possible Solution to the Challenges in User’s Security and Privacy in Web Applications | |
| Hakami | Combining Face Recognition with Keystrokes to Reduce Spoofing Attacks on Mobile Touchscreens |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |