CN108900536B - Authentication method, authentication device, computer equipment and storage medium - Google Patents
Authentication method, authentication device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108900536B CN108900536B CN201810879107.6A CN201810879107A CN108900536B CN 108900536 B CN108900536 B CN 108900536B CN 201810879107 A CN201810879107 A CN 201810879107A CN 108900536 B CN108900536 B CN 108900536B
- Authority
- CN
- China
- Prior art keywords
- authentication
- user terminal
- user
- server
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Abstract
The application relates to an authentication method, an authentication device, computer equipment and a storage medium, wherein a server receives an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal; authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification to obtain an authentication result; when the authentication result is that the authentication passes, an authentication response message is sent to the user terminal according to the authentication result; the authentication response message is used for controlling the user terminal to communicate with the authentication device. The potential safety hazard problems of information transfer, leakage and abuse caused by intentional damage of the authentication equipment to the personal biological characteristic information of the user can be avoided, and the authentication equipment is simpler in structure and function, can correspondingly reduce the cost and is more flexible in applicable scenes.
Description
Technical Field
The present application relates to the field of biometric identification technologies, and in particular, to an authentication method, an authentication apparatus, a computer device, and a storage medium.
Background
Along with the improvement of the safety consciousness of people, the application of the biological feature recognition technology is more and more extensive, and the biological feature recognition technology comprises various forms of human faces, irises, fingerprints, sounds, handwriting and the like. Security authentication methods based on biometric identification are also widely used.
At present, a commonly used security authentication method is that a biometric identification device collects biometric characteristic information of a user and performs security authentication on the biometric characteristic information, if a biometric identification mode commonly adopted by an electronic door lock is fingerprint identification, when the user needs to open the electronic door lock, a fingerprint is entered into the electronic door lock, a controller of the electronic door lock compares the fingerprint entered by the user with a pre-stored fingerprint, and if the fingerprint entered by the user is the same as or has a high similarity with the stored fingerprint, it is indicated that the user has an unlocking permission, and the electronic door lock is automatically opened.
However, the above method has a safety problem in that the biometric information of the individual user is stored, leaked, and abused.
Disclosure of Invention
In view of the above, it is necessary to provide an authentication method, an apparatus, a computer device, and a storage medium capable of effectively securing biometric information of a user person in view of the above technical problems.
In a first aspect, an embodiment of the present application provides an authentication method, where the method includes:
receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
authenticating the identity of the user according to the corresponding relation among the authentication request message, preset biological characteristic information and the user identification to obtain an authentication result;
sending an authentication response message to the user terminal according to the authentication result; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, if the authentication result is that the authentication is passed, the authentication response message is used to notify that the user terminal passes the identity authentication.
In one embodiment, the method further comprises: determining a target authentication device corresponding to the first user identification;
sending an authentication success message to the target authentication device; the authentication success message comprises a terminal identification of the user terminal and is used for indicating that the identity authentication of the user terminal passes;
in one embodiment, the determining the target authentication device corresponding to the first user identifier includes:
and determining that all the authentication equipment associated with the first user identifier is the target authentication equipment according to the corresponding relation between the user identifier and the authentication equipment.
In one embodiment, the determining the authentication device corresponding to the first user identifier includes:
receiving a device identifier sent by the user terminal;
and determining the authentication device corresponding to the device identifier as the target authentication device.
In one embodiment, the device identifier is an identifier of an authentication device which is successfully registered by the terminal device; or, the device identifier is an identifier in a white list of the authentication device carried in the authentication response message.
In one embodiment, the authentication response message includes a permission code, and the permission code is identity credentials of the user terminal communicating with the authentication device.
In one embodiment, the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
In one embodiment, the method further comprises: sending the license code to the authentication device.
In one embodiment, the authenticating the identity of the user according to the correspondence between the authentication request message, the preset biometric information, and the user identifier includes:
judging whether the biological characteristic information exceeds an authentication period or not according to a timestamp carried by the biological characteristic information;
and if not, authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification.
In one embodiment, before receiving the authentication request message sent by the user terminal, the method further includes:
receiving registration messages sent by a plurality of user terminals; the registration message comprises second biological characteristic information and a second user identification of the user, which are acquired by the user terminal;
and establishing a corresponding relation between the biological characteristic information and the user identification according to the registration message.
In one embodiment, before receiving the authentication request message sent by the user terminal, the method further includes:
receiving an authentication negotiation message sent by the user terminal; the authentication negotiation message comprises a terminal identification of the user terminal;
determining a target authentication mode corresponding to the user terminal according to the authentication negotiation message;
and sending the target authentication mode to the user terminal.
In one embodiment, the determining, according to the authentication negotiation message, a target authentication manner corresponding to the user equipment includes:
determining a first authentication mode supported by the user terminal according to the terminal identification, and determining a second authentication mode according to the grade of the server;
and determining the target authentication mode according to the first authentication mode, the second authentication mode and a preset selection rule.
In a second aspect, an embodiment of the present application provides an authentication method, where the method includes:
sending an authentication request message to a server; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
receiving an authentication response message sent by the server; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, if the authentication result is that the authentication is passed, the authentication response message is used to notify that the user terminal passes the identity authentication.
In one embodiment, the method further comprises:
sending a device identification to the server; the device identifier is used for indicating the server to inquire the corresponding relation between the device identifier and the authentication device according to the device identifier, and determining the target authentication device corresponding to the first user identifier.
In one embodiment, the device identifier is an identifier of an authentication device which is successfully registered by the terminal device; or, the device identifier is an identifier in a white list of the authentication device carried in the authentication response message.
In one embodiment, the authentication response message includes a permission code, and the permission code is identity credentials of the user terminal communicating with the authentication device;
after receiving the authentication response message sent by the server, the method further includes:
sending a communication request message to the authentication device; the communication request message includes the permission code.
In one embodiment, the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
In one embodiment, the biometric information carries a time stamp.
In one embodiment, before sending the authentication request message to the server, the method further includes:
sending a registration message to the server; the registration message includes second biometric information and a second user identification of the user collected by the user terminal.
In one embodiment, before sending the authentication request message to the server, the method further includes:
sending an authentication negotiation message to the server; the authentication negotiation message comprises a terminal identifier of the user terminal and a second device identifier of the authentication device;
and receiving a target authentication mode sent by the server according to the authentication negotiation message.
In a third aspect, an embodiment of the present application provides an authentication apparatus, where the apparatus includes:
the first receiving module is used for receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
the authentication module is used for authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification to obtain an authentication result;
a first sending module, configured to send an authentication response message to the user terminal according to the authentication result; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In a fourth aspect, an embodiment of the present application provides an authentication apparatus, including:
the second sending module is used for sending the authentication request message to the server; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
the second receiving module is used for receiving the authentication response message sent by the server; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In a fifth aspect, the present application provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the method in any one of the first aspect or the second aspect when executing the computer program.
In a sixth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method described in any one of the first or second aspects.
According to the authentication method, the authentication device, the computer equipment and the storage medium, a server receives an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal; authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification to obtain an authentication result; when the authentication result is that the authentication passes, an authentication response message is sent to the user terminal according to the authentication result; the authentication response message is used for controlling the user terminal to communicate with the authentication device. The server can authenticate the identity of the user according to the biological characteristic information and the user identification of the user, which are acquired by the user terminal, and is a special server and is not equipment placed in a public place, so that the biological characteristic information, the user identification and other information of the user stored in the server can not be easily leaked, and the potential safety hazard problems of information transfer, leakage and abuse caused by the intentional damage of the authentication equipment to the personal biological characteristic information of the user can not occur. In addition, the personal biological characteristic information of the user is collected through the user terminal, and the authentication equipment can finish the authentication of the personal biological characteristic information of the user through the user terminal only by establishing communication connection with the user terminal, so the authentication equipment does not need to have the function of identifying the biological characteristic information, the structure and the function of the authentication equipment are simpler, the cost can be correspondingly reduced, and the application scene is more flexible.
Drawings
FIG. 1 is a diagram of an application environment of an authentication method in one embodiment;
fig. 2 is a flowchart of an authentication method according to an embodiment of the present application;
fig. 3 is a flowchart illustrating an authentication method according to another embodiment;
fig. 4 is a flowchart illustrating an authentication method according to another embodiment;
FIG. 5 is a schematic flow chart illustrating another implementation manner of S102 in the embodiment of FIG. 2;
fig. 6 is a flowchart illustrating an authentication method according to another embodiment;
fig. 7 is a flowchart illustrating an authentication method according to another embodiment;
FIG. 8 is a flow diagram of an authentication method provided by one embodiment;
FIG. 9 is a flow diagram of an authentication method according to another embodiment;
FIG. 10 is a flow diagram of an authentication method according to another embodiment;
FIG. 11 is a flow diagram of a method of authentication according to another embodiment;
FIG. 12 is a schematic diagram of an authentication device provided by one embodiment;
fig. 13 is a schematic diagram of an authentication apparatus according to another embodiment;
fig. 14 is a schematic diagram of an authentication apparatus according to another embodiment;
FIG. 15 is a schematic diagram of an authentication device, provided by one embodiment;
FIG. 16 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
At present, a commonly used security authentication method is that a biometric identification device collects biometric characteristic information of a user and performs security authentication on the biometric characteristic information, if a biometric identification mode commonly adopted by an electronic door lock is fingerprint identification, when the user needs to open the electronic door lock, a fingerprint is entered into the electronic door lock, a controller of the electronic door lock compares the fingerprint entered by the user with a pre-stored fingerprint, and if the fingerprint entered by the user is the same as or has a high similarity with the stored fingerprint, it is indicated that the user has an unlocking permission, and the electronic door lock is automatically opened. However, since the biometric device belongs to a public device and is located in a public place, the biometric information of the user's individual, which is stored in advance in the biometric device, may be leaked or stolen by others due to the biometric device being damaged intentionally. Therefore, the current authentication method has a safety risk that the biometric information of the individual user is stored, leaked and abused.
The authentication method, the authentication device, the computer equipment and the storage medium aim at solving the technical problem that the existing authentication method has the potential safety hazard that the individual biometric information of a user can be stored, leaked and abused.
The authentication method provided by the application can be applied to the application environment shown in fig. 1. The server 12 establishes a communication connection with the user terminal 11 for communication, the server 12 can also establish a communication connection with the authentication device 13 for communication, and the user terminal 11 can also directly establish a communication connection with the authentication device 13 for communication. After the user terminal 11, the server 12 and the authentication device 13 establish communication connection with each other, the system can complete the process of user identity authentication. The user terminal 11 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 12 may be implemented by an independent server or a server cluster formed by a plurality of servers. And the server 12 is managed by a professional having a certain authority. The authentication device 13 may be an electronic door lock, an in-vehicle device, an air conditioner, a safe, or the like.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 2 is a flowchart of an authentication method according to an embodiment of the present application, where an execution subject of the method is the server in fig. 1, and the method relates to a process in which the server authenticates an identity of a user according to biometric information. As shown in fig. 2, the method specifically includes the following steps:
s101, receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are collected by the user terminal.
The authentication request message is a message sent to the server when the terminal device needs to communicate with the authentication device, and is used for requesting the server to verify the identity of the user according to the authentication request message. The first biological characteristic information refers to the inherent physiological characteristics and behavior characteristics of the human body, and can be human faces, irises, fingerprints, voice, handwriting, gait and the like. The first user identifier may be a credential for identifying the user identity, which may be a name of the user, a mobile phone number of the user, an ID of a mobile phone of the user, an internet ID, identity card information of the user, and the like. The user terminal may collect one or more kinds of biometric information of the user, for example, the user terminal is a mobile phone, and the mobile phone may collect information of the user, such as voice, fingerprint, face, and the like.
In this embodiment, when the user terminal needs to communicate with the authentication device, the user terminal first sends an authentication request message to the server to request the server to perform identity verification on the user terminal, and then controls the authentication device connected to the server according to a verification result. For example, after the fingerprint information of the user is collected by the mobile phone of the user, an authentication request message is sent to the server, and the authentication request message comprises the user ID and the fingerprint information of the user.
S102, according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification, the identity of the user is authenticated, and an authentication result is obtained.
The server may obtain the correspondence between the biometric information and the user identifier in advance and store the correspondence in the server. For example, when a user terminal enters a network, the user terminal may actively register with a server, the user is required to provide user identification and biometric information during registration, the user terminal sends the user identification and the biometric information input by the user to the server, and the server stores the corresponding relationship between the user identification and the biometric information. Or, when the user terminal enters a certain network, the server acquires the terminal identifier of the user terminal from the communication message sent by the user terminal, and indicates the user terminal to report the biological characteristic information of the user, and the user terminal can report the biological characteristic information and the user identifier of the user. One user identifier may correspond to one piece of biometric information, and optionally, one user identifier may also correspond to a plurality of pieces of biometric information. The authentication result is used for identifying whether the user identity of the user terminal passes the authentication.
In this embodiment, when the user terminal needs to communicate with the authentication device, the user terminal sends an authentication request message to the server, where the authentication request message includes a first user identifier and first biometric information of the user. When receiving the first user identifier and the first biological characteristic information of the user, the server inquires the corresponding relation between the preset biological characteristic information and the user identifier, and compares and analyzes whether the first biological characteristic information in the authentication request message is matched with the first user identifier, so that an authentication result can be obtained. For example, after the server receives the fingerprint information and the mobile phone number of the user, the server acquires a pre-stored corresponding relationship between a user identifier and biometric information from a database of the server, judges whether the fingerprint information is matched with the mobile phone number, and if so, determines that the identity authentication of the user passes; and if not, determining that the identity authentication of the user fails.
S103, sending an authentication response message to the user terminal according to the authentication result; the authentication response message is used for controlling the user terminal to communicate with the authentication device.
In this embodiment, the authentication response message may include an authentication result, and when the user terminal receives the authentication response message, the user terminal may perform the next operation according to the authentication response message. For example, if the authentication result is that the authentication is passed, the authentication response message is used to indicate that the identity authentication of the user is passed, and the user terminal may continue to interact with the server to notify the server of the authentication device that the user terminal needs to communicate; if the authentication result is that the authentication is not passed, the authentication response message is used for indicating that the identity authentication of the user is not passed, and the user terminal needs to resend a new authentication request message for authentication, or the user terminal directly abandons the communication with the authentication device. One user terminal may communicate with a plurality of authentication devices, and one authentication device may also communicate with a plurality of user terminals, which is not limited in this embodiment.
In the above embodiment, the server receives an authentication request message sent by the user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal; authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification to obtain an authentication result; when the authentication result is that the authentication passes, an authentication response message is sent to the user terminal according to the authentication result; the authentication response message is used for controlling the user terminal to communicate with the authentication device. The server can authenticate the identity of the user according to the first biological characteristic information and the first user identification of the user, which are acquired by the user terminal, and is a special server and is not equipment placed in a public place, so that the biological characteristic information, the user identification and other information of the user stored in the server cannot be easily leaked, and the potential safety hazard problems of information transfer, leakage and abuse caused by the fact that the authentication equipment is deliberately damaged in the personal biological characteristic information of the user cannot occur. In addition, the personal biological characteristic information of the user is collected through the user terminal, and the authentication equipment can finish the authentication of the personal biological characteristic information of the user through the user terminal only by establishing communication connection with the user terminal, so the authentication equipment does not need to have the function of identifying the biological characteristic information, the structure and the function of the authentication equipment are simpler, the cost can be correspondingly reduced, and the application scene is more flexible.
In the embodiment shown in fig. 2, the server may send an authentication response message to the user terminal according to the authentication result, where if the authentication result is that the authentication passes, the authentication response message is used to notify that the identity authentication of the user terminal passes; and if the authentication result is that the authentication is not passed, the authentication response message is used for informing the user terminal that the identity authentication is not passed. Hereinafter, the authentication method according to the embodiment of the present application is described in detail mainly by taking the user terminal as an example of passing the identity authentication.
Fig. 3 is a flowchart illustrating an authentication method according to another embodiment. The embodiment relates to a specific process that a server controls an authentication device to unlock when the user terminal passes identity authentication, as shown in fig. 3, the method includes the following steps:
s201, determining a target authentication device corresponding to the first user identification.
The target authentication device is an authentication device which the user terminal needs to communicate with. The target authentication device may include one authentication device, and optionally, may also include a plurality of authentication devices. The specific number of target authentication devices is determined according to actual requirements.
In this embodiment, the method for the server to identify the target authentication device may be that the user terminal sends the relevant information of the target authentication device to the server in advance, so that the server may determine the target authentication device corresponding to the first user identifier from the relevant information, optionally, the method for the server to identify the target authentication device may also be that the relevant information of the target authentication device is stored in the server in advance, and the server may determine the target authentication device corresponding to the first user identifier of the user terminal according to rules such as a region characteristic where the user terminal is located, a region characteristic where the authentication device is located, a communication network coverage area where the authentication device is located, and the like. For example, when a user needs to unlock a door lock by using fingerprint information, after the user sends the fingerprint information to the server through the mobile phone, the server may obtain the location information of the mobile phone, and then query a door lock in the same location as the location of the mobile phone from the database of the server according to the location information, that is, determine the door lock as a target authentication device corresponding to the mobile phone.
Optionally, the method of S201 "determining the target authentication device corresponding to the first user identifier" may specifically include determining that all the authentication devices associated with the first user identifier are the target authentication devices according to the correspondence between the user identifiers and the authentication devices.
Wherein, one user identification can be associated with at least more than one authentication device. The corresponding relation between the user identification and the authentication device can be sent to the server by the user terminal in advance, and then recorded by the server for use when the target authentication device is carried out. The server may also monitor communication data of each user terminal or authentication device, and may obtain a correspondence between the user identifier and the authentication device according to the communication data.
In this embodiment, when the server identifies the authentication devices, the server determines, according to the received first user identifier sent by the user terminal, all the authentication devices corresponding to the first user identifier, determines all the authentication devices as authentication devices that can communicate with the user terminal, and then may give the user terminal the authority to communicate with all the authentication devices.
Optionally, as shown in fig. 4, another method of S201 "determining a target authentication device corresponding to a first user identifier" may specifically include:
s301, receiving the equipment identification sent by the user terminal.
The device identifier may be a device identification code, a device ID, a device two-dimensional code, a device model, or the like. In this embodiment, when the server authenticates the user identity of the user terminal, and the authentication result is that the authentication is passed, the user terminal sends, to the server, an equipment identifier of an authentication device that needs to communicate, that is, an equipment identifier, where the equipment identifier may be an identifier of one authentication device or an identifier including multiple authentication devices.
Optionally, the device identifier is an identifier of an authentication device for which the terminal device is successfully registered; or the device identifier is an identifier in a white list of the authentication device carried in the authentication response message.
In this embodiment, the user terminal may register with a plurality of authentication devices, and if the registration is successful, record the device identifier of the authentication device that has successfully registered. Or, the user terminal may register with multiple authentication devices through the server, and the server may generate a white list for the device identifier of the authentication device that is successfully registered for each user terminal, and carry the white list in the authentication response message.
S302, the authentication device corresponding to the device identification is determined to be the target authentication device.
In this embodiment, after receiving the device identifier sent by the user terminal, the server determines one or more authentication devices corresponding to the device identifier as target authentication devices. The server receives an equipment identifier sent by the user terminal; and the authentication device corresponding to the device identifier is determined as the target authentication device, and the server can accurately determine the authentication device which needs to be communicated by the user terminal, so that the accuracy and reliability of communication are improved.
S202, sending an authentication success message to target authentication equipment; the authentication success message includes the terminal identifier of the user terminal and is used for indicating that the identity authentication of the user terminal passes.
The successful authentication message is a prompt message sent by the server to the target authentication device after the server determines that the user identity authentication of the user terminal passes and determines the target authentication device corresponding to the user terminal, wherein the message contains a terminal identifier of the user terminal passing the identity authentication, so as to prompt the target authentication device that the identity of the user terminal has passed the authentication of the server, and the user terminal can start to communicate with the target authentication device.
In this embodiment, when the server authenticates the user identity of the user terminal and the authentication result is that the authentication passes, the server further sends an authentication success message to the target authentication device according to the target authentication device with which the user terminal needs to communicate, so as to prompt the target authentication device that the identity of the user terminal has passed the authentication of the server. After receiving the authentication success message, the target authentication device may automatically unlock to change the operating state, for example, start an authentication apparatus of the target authentication device, so that the target authentication device may communicate with the user terminal corresponding to the terminal identifier in the authentication success message. Optionally, the target authentication device may also verify the terminal identifier according to registration information of the user terminal, and if the user terminal corresponding to the terminal identifier is successfully registered, the target authentication device considers that the user terminal corresponding to the terminal identifier passes identity verification, the target authentication device will automatically unlock and may communicate with the corresponding user terminal; and if the user terminal corresponding to the terminal identification fails to register and the target authentication equipment considers that the user terminal corresponding to the terminal identification fails to pass identity verification, the target authentication equipment cannot be unlocked and refuses to communicate with the user terminal.
Optionally, the server may further detect an unlocking state of the target authentication device to check a working state of the target authentication device, and if it is detected that the target authentication device is successfully unlocked, the server may further send an unlocking success message to the user terminal. When the working state of the target authentication device changes, for example, an authentication device of the target authentication device is started, the target authentication device may send an unlocking success message to the server to notify the server that the authentication device may be in communication connection with the user terminal, and the server sends the unlocking success message to the user terminal, which may be in communication connection with the authentication device, and may further communicate with the authentication device. After the authentication device is successfully unlocked, the user terminal acts as a master key and can communicate with the unlocked authentication device.
In the above embodiment, the server determines the target authentication device corresponding to the first user identifier; sending an authentication success message to the target authentication device; the authentication success message comprises a terminal identification of the user terminal and is used for indicating that the identity authentication of the user terminal passes. After the target authentication equipment corresponding to the user terminal is determined, the server simultaneously sends the terminal identification of the authenticated user terminal to the target authentication equipment to inform the target authentication equipment which user terminal passes the identity authentication and can communicate with the target authentication equipment, so that only the user terminal passing the identity authentication can have the use authority of the target authentication equipment, the authentication equipment is only provided for the user with the use authority, and the safety of the authentication equipment is improved.
In the above embodiment, the server may send an authentication success message to the target authentication device, and prompt the target authentication device to communicate with the user terminal that passes the identity authentication. In another embodiment, after the server performs identity authentication on the user terminal, the server sends an authentication response message to the user terminal according to the authentication result, where the authentication response message may further include a permission code, and if the authentication response message includes the permission code, the permission code is an identity credential for the user terminal to communicate with the authentication device. In this case, the user terminal directly performs communication connection with the authentication device and control according to the permission code. For example, the user terminal sends a communication message carrying the permission code to the authentication device, and after receiving the communication message, the authentication device determines whether the permission code is legal, and if so, communicates with the user terminal.
Optionally, the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code. The permission code is a permission message which is sent to the authentication equipment by the user terminal and requests communication when the user terminal needs to communicate with the authentication equipment. The fixed license code may be fixed credential information negotiated in advance by the server and the authentication device, and the license information may be image information or two-dimensional code information. The dynamic license code may be a real-time dynamic code generated by the server according to a predetermined rule, for example, the server generates the dynamic license code according to the identifier and the time stamp of the authentication device. The time-lapse permission code with the time stamp means that the permission code has validity for a certain period of time, for example, if the permission code of 10 seconds represents that the permission code is valid within 10 seconds, the permission code is approved when the authentication device receives the permission code within 10 seconds, and if the permission code exceeds 10 seconds, the permission code is invalid, and the authentication device refuses to approve the permission code.
Optionally, in this embodiment, the server may further send the license code to the authentication device. In this embodiment, if the server does not agree with the authentication device with a license code in advance, the server sends the license code to the user terminal and also sends the license code to the authentication device. Alternatively, the server may negotiate a generation mechanism of the license code with the authentication device in advance, the server may generate the dynamic license code according to the generation mechanism, send the dynamic license code to the user terminal, and when the user terminal sends the dynamic license code to the authentication device, the authentication device may check whether the license code is correct according to the generation mechanism of the license code.
In this embodiment, after the server performs the identity authentication of the user to the user terminal, the server sends an authentication response message to the user terminal according to the authentication result, the authentication response message may further include a permission code, and the user terminal directly communicates with the authentication device according to the permission code, so that the communication efficiency may be improved.
Fig. 5 is a schematic flowchart of another implementation manner of S102 in the embodiment of fig. 2, where as shown in fig. 5, the above-mentioned S102 "authenticates the identity of the user according to the correspondence between the authentication request message, the preset biometric information, and the user identifier, and obtains an authentication result", includes the following steps:
s401, judging whether the biological characteristic information exceeds the authentication period according to the time stamp carried by the biological characteristic information.
In this embodiment, when the user terminal collects the biometric information, a timestamp may be added to each piece of biometric information, where the timestamp is a time when the user terminal collects the biometric information. The server may determine whether the biometric information exceeds the authentication deadline according to a timestamp carried by the biometric information. For example, if the authentication time limit of the fingerprint is 30S and the time stamp corresponding to the fingerprint collected by the user terminal is 12:30:10, the fingerprint is valid before the time 12:30:40, and if the time exceeds the time, the fingerprint information is invalid.
S402, if not, authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification.
In this embodiment, when the user terminal collects the biometric information, a timestamp may be added to each piece of biometric information, the server may determine whether the biometric information exceeds an authentication period according to the timestamp carried by the biometric information, and if the biometric information does not exceed the authentication period, the server authenticates the identity of the user according to a correspondence between the authentication request message, the preset biometric information, and the user identifier, so that the biometric information is prevented from being stored in the user terminal in advance, a hidden danger that a non-user uses the user terminal of the user to perform authentication is avoided, and the security of the identity authentication is improved.
The above embodiments all require the server to receive the authentication request message sent by the user terminal, so as to perform the next identity authentication. Before the user terminal sends the authentication request message, the user terminal also needs to send a registration message to the server to inform the server of the corresponding relationship between the biological characteristic information which can be collected by the user terminal and the user identifier of the user terminal, so that the server can be used when the user identity needs to be verified later. Therefore, as shown in fig. 6, the authentication method provided in the present application further includes:
s1011, receiving registration messages sent by a plurality of user terminals; the registration message includes second biometric information and a second user identification of the user collected by the user terminal.
The registration message is registration information of a user corresponding to the user terminal, which is sent by the user terminal to the server, and the registration information may be personal information registered by the user and is used as a second user identifier, such as a name, an identification number, a WeChat ID, and the like. Optionally, the registration information further includes biometric information of the user as the second biometric information. Such as fingerprints, eye masks, etc. The second biometric information may include one biometric information collected by the user terminal, or may include a plurality of biometric information collected by the user terminal.
In this embodiment, the user may register biometric information of the user on the user terminal in advance, and after a plurality of users register biometric information on each user terminal, the server records the biometric information of the plurality of users and each user identifier corresponding to the biometric information, so as to be used in authenticating the identity of the user later.
S1012, establishing a corresponding relation between the biological characteristic information and the user identification according to the registration message.
In this embodiment, after the server receives the registration messages sent by the multiple user terminals, the biometric information of the multiple users and the user identifiers corresponding to the biometric information in the registration messages are obtained, and then, according to the user identifier of each user and the biometric information corresponding to the user identifier, the correspondence between the biometric information and the user identifiers is established, so that the server can query or obtain information from the user identifiers in the subsequent user identity authentication process.
In the above embodiment, the server receives registration messages sent by a plurality of user terminals; and establishing a corresponding relation between the biological characteristic information and the user identification according to the registration message. Because the user terminal registers the biological characteristic information of the user in the server in advance and associates the biological characteristic information with the corresponding user identification, the server is convenient to use when the server authenticates the identity of the user terminal, the identity authentication time of the user is shortened, and meanwhile, the server can accurately authenticate the identity of the user according to the corresponding relation between the biological characteristic information and the user identification which are stored in advance. In addition, the server is managed by a manager with authority, so that the biological characteristic information of the user is not easy to leak, and the safety is high. Moreover, the biological characteristic information pre-stored in the server is also the information collected by the user terminal, and the authentication device does not need to have any function of collecting the biological characteristic information, so that the functions of the software and hardware of the authentication device are simple, and the cost is low.
In some scenarios, before performing identity authentication of a user, a user terminal may also negotiate an authentication manner with a server, and on the basis of the embodiment shown in fig. 1, as shown in fig. 7, before the step S101 "receiving an authentication request message sent by the user terminal," the method further includes the following steps:
s501, receiving an authentication negotiation message sent by the user terminal; the authentication negotiation message includes a terminal identification of the user terminal.
In this embodiment, the user terminal may further negotiate an authentication mode with the server, and when the user terminal needs to perform identity authentication, an authentication negotiation message of the terminal identifier of the user terminal may be sent to the server. Optionally, the authentication negotiation message may further include a collection manner of biometric information supported by the user terminal.
S502, determining a target authentication mode corresponding to the user terminal according to the authentication negotiation message.
In this embodiment, after receiving the authentication negotiation message, the server determines a target authentication mode corresponding to the user terminal according to the terminal identifier of the user terminal in the authentication negotiation message. The target authentication mode may be a collection mode of biometric information commonly supported by the user terminal and the server.
Further, in an embodiment, as shown in fig. 8, the step S502 "determining a target authentication manner corresponding to the user terminal according to the authentication negotiation message" may include:
s601, determining a first authentication mode supported by the user terminal according to the terminal identification, and determining a second authentication mode according to the grade of the server.
The first authentication mode is a collection mode of biological characteristic information supported by a user terminal, and the second authentication mode is a collection mode of biological characteristic information supported by a server. The server grades are different, and the corresponding second authentication modes are also different.
In this embodiment, the server may determine, according to the terminal identifier, an acquisition manner of the biometric information supported by the user terminal, and then determine, according to the level of the server, an acquisition manner of the biometric information supported by the server. For example, the first terminal identifier corresponds to a mobile phone a, and a first authentication mode corresponding to the mobile phone a includes a face feature, a fingerprint, and a voice; if the level of the server is low, the corresponding second authentication method is fingerprint.
S602, determining the target authentication mode according to the first authentication mode, the second authentication mode and a preset selection rule.
In this embodiment, the preset selection rule may include a rule for selecting an authentication method according to a level of the authentication device, a rule for selecting an authentication method set according to a scene requirement, and the like. For example, the higher the rank of the server is, the greater the number of authentication methods is, or the higher the rank of the server is, the higher the complexity of the authentication methods is, and the like. For example, the first terminal identifier corresponds to a mobile phone a, and a first authentication mode corresponding to the mobile phone a includes a face feature, a fingerprint, and a voice; if the level of the server is low, the corresponding second authentication mode is the fingerprint; if the grade of the server is high, the corresponding second authentication mode is the iris or the face characteristic, and because the mobile phone A and the server both support the face characteristic, the corresponding target authentication mode is the face characteristic authentication mode.
S503, sending the target authentication mode to the user terminal.
The authentication method provided in this embodiment receives the authentication negotiation message sent by the user terminal, determines the target authentication mode corresponding to the user terminal according to the authentication negotiation message, and sends the target authentication mode to the user terminal, and the user terminal may negotiate the authentication mode with the server in advance, thereby avoiding the disadvantage that the authentication cannot be performed due to the non-uniform authentication modes supported by the user terminal and the server, and improving the authentication efficiency.
Fig. 2 to fig. 8 are the method steps implemented by the server side, and the implementation process of the user terminal side is described below by taking fig. 9 to fig. 11 as an example.
Fig. 9 is a flowchart of an authentication method according to an embodiment, where an execution subject of the method is a user terminal, as shown in fig. 8, the method includes:
s701, sending an authentication request message to a server; the authentication request message includes the user's biometric information and the user identification collected by the user terminal.
S702, receiving an authentication response message sent by the server; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
The implementation principle and the beneficial effects of the authentication method provided in this embodiment can refer to the implementation principle and the beneficial effects of the embodiment in fig. 2, and are not described herein again.
In one embodiment, if the authentication result is that the authentication is passed, the authentication response message is used to notify that the user terminal passes the identity authentication.
Further, on the basis of the embodiment shown in fig. 9, as shown in fig. 10, the method further includes:
and S801, receiving an unlocking success message sent by the server.
Optionally, before 801 "receiving an unlocking success message sent by the server", the method further includes: sending a device identification to the server; the device identifier is used for indicating the server to determine the target authentication device corresponding to the user identifier.
Further, the device identifier is an identifier of an authentication device which is successfully registered by the terminal device; or, the device identifier is an identifier in a white list of the authentication device carried in the authentication response message.
And step 802, communicating with the authentication equipment corresponding to the user identification according to the unlocking success message.
The implementation principle and the beneficial effect of the authentication method provided by this embodiment can refer to the implementation principle and the beneficial effect of the embodiments in fig. 3 and fig. 4, and are not described herein again.
In one embodiment, the authentication response message includes a permission code, and the permission code is identity credentials of the user terminal communicating with the authentication device; after receiving the authentication response message sent by the server, the method further includes: sending a communication request message to the authentication device; the communication request message includes the permission code.
Optionally, the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
In one embodiment, the biometric information carries a time stamp.
Optionally, before sending the authentication request message to the server, the method further includes: sending a registration message to the server; the registration message includes second biometric information and a second user identification of the user collected by the user terminal.
The implementation principle and the beneficial effects of the authentication method provided in this embodiment can refer to the implementation principle and the beneficial effects of the embodiment in fig. 6, and are not described herein again.
In one embodiment, as shown in fig. 11, before S101 "sending an authentication request message to a server", the method further includes:
s901, sending an authentication negotiation message to the server; the authentication negotiation message includes a terminal identification of the user terminal.
S902, receiving a target authentication mode sent by the server according to the authentication negotiation message.
The implementation principle and the beneficial effect of the authentication method provided by this embodiment can refer to the implementation principle and the beneficial effect of the embodiments in fig. 7 and fig. 8, and are not described herein again.
It should be understood that although the various steps in the flow charts of fig. 2-11 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-11 may include multiple sub-steps or phases that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or phases is not necessarily sequential.
Fig. 12 is a schematic diagram of an authentication apparatus according to an embodiment, and as shown in fig. 12, the apparatus includes: a first receiving module 11, an authentication module 12 and a first sending module 13, wherein:
a first receiving module 11, configured to receive an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
the authentication module 12 is configured to authenticate the identity of the user according to the correspondence between the authentication request message, the preset biometric information, and the user identifier, and obtain an authentication result;
a first sending module 13, configured to send an authentication response message to the user terminal according to the authentication result; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, if the authentication result is that the authentication is passed, the authentication response message is used to notify that the user terminal passes the identity authentication.
In one embodiment, as shown in fig. 13, on the basis of the authentication device shown in fig. 12, the authentication module 12 includes:
a first determining unit 121, configured to determine a target authentication device corresponding to the first user identifier;
a first sending unit 122, configured to send an authentication success message to the target authentication device; the authentication success message comprises a terminal identification of the user terminal and is used for indicating that the identity authentication of the user terminal passes;
in one embodiment, on the basis of the authentication apparatus shown in fig. 13, the first determining unit 121 is specifically configured to determine, according to a correspondence between a user identifier and an authentication device, that all authentication devices associated with the user identifier are the target authentication devices.
In one embodiment, on the basis of the authentication apparatus shown in fig. 13, the first determining unit 121 is specifically configured to receive a first device identifier sent by the user terminal; and determining the authentication device corresponding to the first device identifier as the target authentication device.
In one embodiment, on the basis of the authentication apparatus shown in fig. 13, the first device identifier is an identifier of an authentication device that the terminal device successfully registers; or, the first device identifier is an identifier in a white list of the authentication device carried in the authentication response message.
In one embodiment, the authentication response message includes a permission code, and the permission code is identity credentials of the user terminal communicating with the authentication device.
In one embodiment, the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
In one embodiment, the first sending module 13 is further configured to send the license code to the authentication device.
In one embodiment, as shown in fig. 14, the authentication module 12 includes:
a judging unit 124, configured to judge whether the biometric information exceeds an authentication deadline according to a timestamp carried by the biometric information;
and an authenticating unit 125, configured to authenticate the identity of the user according to a corresponding relationship between the authentication request message, preset biometric information, and a user identifier if the biometric information does not exceed the authentication deadline.
In one embodiment, the first receiving module 11 is further configured to receive registration messages sent by a plurality of user terminals; the registration message comprises second biological characteristic information and a second user identification of the user, which are acquired by the user terminal; and establishing a corresponding relation between the biological characteristic information and the user identification according to the registration message.
In one embodiment, the first receiving module 11 is further configured to receive an authentication negotiation message sent by the user terminal; the authentication negotiation message comprises a terminal identifier of the user terminal and a second device identifier of the authentication device; determining a target authentication mode corresponding to the user terminal according to the authentication negotiation message;
the first sending module 13 is further configured to send the target authentication manner to the user terminal.
In one embodiment, the determining, by the first receiving module 11, the target authentication manner corresponding to the user equipment according to the authentication negotiation message includes: the first receiving module 11 determines a first authentication mode supported by the user terminal according to the terminal identifier, and determines a level of a server to determine a second authentication mode; and determining the target authentication mode according to the first authentication mode, the second authentication mode and a preset selection rule.
Fig. 15 is a schematic diagram of an authentication apparatus according to an embodiment, and as shown in fig. 15, the apparatus includes: a second sending module 14 and a second receiving module 15, wherein:
a second sending module 14, configured to send an authentication request message to the server; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
a second receiving module 15, configured to receive an authentication response message sent by the server; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, if the authentication result is that the authentication is passed, the authentication response message is used to notify that the user terminal passes the identity authentication.
In one embodiment, on the basis of the authentication apparatus shown in fig. 15, the second sending module 14 is further configured to send the first device identifier to the server; the first device identification is used for indicating the server to determine the target authentication device corresponding to the user identification.
In one embodiment, the first device identifier is an identifier of an authentication device that is successfully registered by the terminal device; or, the first device identifier is an identifier in a white list of the authentication device carried in the authentication response message.
In one embodiment, the authentication response message includes a permission code, and the permission code is identity credentials of the user terminal communicating with the authentication device; the second sending module 14 is further configured to send a communication request message to the authentication device; the communication request message includes the permission code.
In one embodiment, the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
In one embodiment, the biometric information carries a time stamp.
In one embodiment, the second sending module 14 is further configured to send a registration message to the server; the registration message includes second biometric information and a second user identification of the user collected by the user terminal.
In one embodiment, the second sending module 14 is further configured to send an authentication negotiation message to the server; the authentication negotiation message comprises a terminal identifier of the user terminal and a second device identifier of the authentication device; the second receiving module 15 is further configured to receive a target authentication manner sent by the server according to the authentication negotiation message.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 16. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data such as user terminal information, identification information of the authentication device and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an authentication method.
Those skilled in the art will appreciate that the architecture shown in fig. 16 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
authenticating the identity of the user according to the corresponding relation among the authentication request message, preset biological characteristic information and the user identification to obtain an authentication result;
sending an authentication response message to the user terminal according to the authentication result; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
sending an authentication request message to a server; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
receiving an authentication response message sent by the server; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, the computer program, when executed by a processor, further implementing the steps of:
receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
authenticating the identity of the user according to the corresponding relation among the authentication request message, preset biological characteristic information and the user identification to obtain an authentication result;
sending an authentication response message to the user terminal according to the authentication result; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, the computer program, when executed by a processor, further implementing the steps of:
sending an authentication request message to a server; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
receiving an authentication response message sent by the server; and the authentication response message is used for controlling the user terminal to communicate with the authentication equipment.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (17)
1. An authentication method, the method comprising:
receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
authenticating the identity of the user according to the corresponding relation among the authentication request message, preset biological characteristic information and the user identification to obtain an authentication result;
sending an authentication response message to the user terminal according to the authentication result; the authentication response message is used for controlling the user terminal to communicate with a plurality of target authentication devices; if the authentication result is that the authentication is passed, the authentication response message comprises a permission code, and the permission code is an identity certificate of the communication between the user terminal and the target authentication devices; the target authentication equipment is determined by the server according to at least one of the regional characteristics of the user terminal, the regional characteristics of the authentication equipment and the coverage area of the communication network of the authentication equipment;
sending an authentication success message to the target authentication devices under the condition that the authentication result is that the authentication is passed; the authentication success message comprises the terminal identification of the user terminal, is used for prompting that the identity authentication of the user terminal passes, indicating the target authentication devices to be unlocked to change the working state, and is communicated with the user terminal corresponding to the terminal identification in the authentication success message.
2. The method according to claim 1, wherein if the authentication result is authentication pass, the authentication response message is used to notify the user terminal that the identity authentication pass.
3. The method of claim 1, wherein the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
4. The method of claim 3, further comprising:
and sending the permission code to the target authentication device.
5. The method according to any one of claims 1 to 4, wherein the biometric information carries a timestamp, and the authenticating the identity of the user according to the correspondence between the authentication request message, the preset biometric information, and the user identifier comprises:
judging whether the biological characteristic information exceeds an authentication period or not according to a timestamp carried by the biological characteristic information;
and if not, authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification.
6. The method according to any of claims 1-4, wherein before receiving the authentication request message sent by the user terminal, the method further comprises:
receiving registration messages sent by a plurality of user terminals; the registration message comprises second biological characteristic information and a second user identification of the user, which are acquired by the user terminal;
and establishing a corresponding relation between the biological characteristic information and the user identification according to the registration message.
7. The method according to any of claims 1-4, wherein before receiving the authentication request message sent by the user terminal, the method further comprises:
receiving an authentication negotiation message sent by the user terminal; the authentication negotiation message comprises a terminal identification of the user terminal;
determining a target authentication mode corresponding to the user terminal according to the authentication negotiation message;
and sending the target authentication mode to the user terminal.
8. The method according to claim 7, wherein the determining the target authentication method corresponding to the ue according to the authentication negotiation message comprises:
determining a first authentication mode supported by the user terminal according to the terminal identification, and determining a second authentication mode according to the grade of the server;
and determining the target authentication mode according to the first authentication mode, the second authentication mode and a preset selection rule.
9. An authentication method, the method comprising:
sending an authentication request message to a server; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
receiving an authentication response message sent by the server; the authentication response message is used for controlling the user terminal to communicate with a plurality of target authentication devices; if the authentication result of the server is that the authentication is passed, the authentication response message comprises a permission code, and the permission code is an identity certificate of the communication between the user terminal and the target authentication devices; the target authentication equipment is determined by the server according to at least one of the regional characteristics of the user terminal, the regional characteristics of the authentication equipment and the coverage area of the communication network of the authentication equipment;
after the receiving the authentication response message sent by the server, the method further includes:
sending a communication request message to the target authentication device; the communication request message includes the permission code; the target authentication equipment unlocks and changes the working state after receiving an authentication success message sent by the server; the authentication success message comprises the terminal identification of the user terminal and is used for prompting that the identity authentication of the user terminal passes.
10. The method of claim 9, wherein the license code is a fixed license code, a dynamic license code, or a time-stamped aging license code.
11. The method according to any of claims 9-10, wherein the biometric information carries a time stamp.
12. The method according to any of claims 9-10, wherein prior to sending the authentication request message to the server, the method further comprises:
sending a registration message to the server; the registration message includes second biometric information and a second user identification of the user collected by the user terminal.
13. The method according to any of claims 9-10, wherein prior to sending the authentication request message to the server, the method further comprises:
sending an authentication negotiation message to the server; the authentication negotiation message comprises a terminal identification of the user terminal;
and receiving a target authentication mode sent by the server according to the authentication negotiation message.
14. An authentication apparatus, characterized in that the apparatus comprises:
the first receiving module is used for receiving an authentication request message sent by a user terminal; the authentication request message comprises first biological characteristic information and a first user identification of the user, which are acquired by the user terminal;
the authentication module is used for authenticating the identity of the user according to the corresponding relation among the authentication request message, the preset biological characteristic information and the user identification to obtain an authentication result;
a first sending module, configured to send an authentication response message to the user terminal according to the authentication result; the authentication response message is used for controlling the user terminal to communicate with a plurality of target authentication devices; if the authentication result is that the authentication is passed, the authentication response message comprises a permission code, and the permission code is an identity certificate of the communication between the user terminal and the target authentication devices; the target authentication equipment is determined by the server according to at least one of the regional characteristics of the user terminal, the regional characteristics of the authentication equipment and the coverage area of the communication network of the authentication equipment;
the authentication module is further configured to send an authentication success message to the plurality of target authentication devices when the authentication result is that the authentication passes; the authentication success message comprises the terminal identification of the user terminal, is used for prompting that the identity authentication of the user terminal passes, indicating the target authentication devices to be unlocked to change the working state, and is communicated with the user terminal corresponding to the terminal identification in the authentication success message.
15. An authentication apparatus, characterized in that the apparatus comprises:
the second sending module is used for sending the authentication request message to the server; the authentication request message comprises user biological characteristic information and user identification of a user, which are acquired by a user terminal;
the second receiving module is used for receiving the authentication response message sent by the server; the authentication response message is used for controlling the user terminal to communicate with a plurality of target authentication devices; if the authentication result of the server is that the authentication is passed, the authentication response message comprises a permission code, and the permission code is an identity certificate of the communication between the user terminal and the target authentication devices; the target authentication equipment is determined by the server according to at least one of the regional characteristics of the user terminal, the regional characteristics of the authentication equipment and the coverage area of the communication network of the authentication equipment;
the second sending module is further configured to send a communication request message to the target authentication device; the communication request message includes the permission code; the target authentication equipment unlocks and changes the working state after receiving an authentication success message sent by the server; the authentication success message comprises the terminal identification of the user terminal and is used for prompting that the identity authentication of the user terminal passes.
16. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 13 when executing the computer program.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810879107.6A CN108900536B (en) | 2018-08-03 | 2018-08-03 | Authentication method, authentication device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810879107.6A CN108900536B (en) | 2018-08-03 | 2018-08-03 | Authentication method, authentication device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108900536A CN108900536A (en) | 2018-11-27 |
| CN108900536B true CN108900536B (en) | 2021-03-26 |
Family
ID=64353278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810879107.6A Active CN108900536B (en) | 2018-08-03 | 2018-08-03 | Authentication method, authentication device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108900536B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109992680A (en) * | 2018-12-13 | 2019-07-09 | 阿里巴巴集团控股有限公司 | Information processing method, device, electronic equipment and computer readable storage medium |
| CN110570203A (en) * | 2019-09-05 | 2019-12-13 | 浙江大搜车软件技术有限公司 | Transaction verification method and device, computer equipment and storage medium |
| CN111414596A (en) * | 2020-04-07 | 2020-07-14 | 中国建设银行股份有限公司 | Method and device for processing request |
| CN112261051B (en) * | 2020-10-23 | 2023-06-06 | 北京奇艺世纪科技有限公司 | User registration method, device and system |
| CN113822674A (en) * | 2021-05-31 | 2021-12-21 | 中国银联股份有限公司 | Biometric identification terminal, user terminal, payment server and related methods |
| CN113468506B (en) * | 2021-06-30 | 2024-04-02 | 百度在线网络技术(北京)有限公司 | Method, device, equipment and storage medium for activating equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227278A (en) * | 2007-01-18 | 2008-07-23 | 中国科学院自动化研究所 | Method and system of remote network identification authenticating based on multiple biology characteristics |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100894421B1 (en) * | 2007-04-18 | 2009-04-21 | 주식회사 슈프리마 | Fingerprint authentication terminal, access control system thereof, and user authentication method |
| CN105069874B (en) * | 2015-07-28 | 2018-08-03 | 北京航空航天大学 | A kind of mobile Internet sound-groove gate inhibition system and its implementation |
| CN106992956B (en) * | 2016-01-21 | 2021-02-02 | 斑马智行网络(香港)有限公司 | Method, device and system for realizing authentication between devices |
| CN105847253B (en) * | 2016-03-22 | 2019-01-15 | 燕南国创科技(北京)有限公司 | Method and apparatus for certification |
| CN106302547A (en) * | 2016-10-19 | 2017-01-04 | 中国科学院深圳先进技术研究院 | Type hotel occupancy management system and method |
| CN206431720U (en) * | 2017-01-19 | 2017-08-22 | 嘉兴职业技术学院 | Wireless intelligent access control system |
| CN207037762U (en) * | 2017-04-25 | 2018-02-23 | 上海亦源智能科技有限公司 | mobile fingerprint access control system |
| CN107590487A (en) * | 2017-10-20 | 2018-01-16 | 西南财经大学 | A kind of fingerprint identification method and system based on cloud computing |
| CN108205834A (en) * | 2017-12-15 | 2018-06-26 | 深圳市商汤科技有限公司 | Access control management method and access control system |
-
2018
- 2018-08-03 CN CN201810879107.6A patent/CN108900536B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227278A (en) * | 2007-01-18 | 2008-07-23 | 中国科学院自动化研究所 | Method and system of remote network identification authenticating based on multiple biology characteristics |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108900536A (en) | 2018-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108900536B (en) | Authentication method, authentication device, computer equipment and storage medium | |
| CN111835689B (en) | Identity authentication method of digital key, terminal device and medium | |
| CN107294900B (en) | Identity registration method and device based on biological characteristics | |
| CA2813855C (en) | Methods and systems for conducting smart card transactions | |
| CN107832670B (en) | Face recognition method and related product | |
| US8955069B1 (en) | Event-based biometric authentication using mobile device | |
| US20160371438A1 (en) | System and method for biometric-based authentication of a user for a secure event carried out via a portable electronic device | |
| US20080065895A1 (en) | Method and System for Implementing Authentication on Information Security | |
| CN109903043B (en) | Block chain-based secure transaction method, device, equipment and storage medium | |
| CN104935438A (en) | Method and apparatus for identity verification | |
| US10938814B2 (en) | Unified authentication software development kit | |
| CN110086799B (en) | Identity verification method and device | |
| CN105550553B (en) | A kind of right management method, terminal, equipment and system | |
| JP2006277028A (en) | User registration method and proxy authentication system using biometric information | |
| US11663306B2 (en) | System and method for confirming a person's identity | |
| US10679028B2 (en) | Method and apparatus for performing authentication based on biometric information | |
| US10541813B2 (en) | Incorporating multiple authentication systems and protocols in conjunction | |
| CN111581624B (en) | Intelligent terminal user identity authentication method | |
| CN113221084A (en) | Charging authentication method, device, system, charging equipment and storage medium | |
| CN112671534A (en) | Service key management method, service terminal and system based on biological characteristics | |
| CN106533685B (en) | Identity authentication method, device and system | |
| US10528713B2 (en) | Distributed biometric identification system for a mobile environment | |
| WO2017181691A1 (en) | Secure communication method and device, system, and secure server | |
| CN116628674A (en) | Authorization method, device, equipment and storage medium of application system | |
| WO2022237546A1 (en) | Method for offline authentication of variable biometric features, device, and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |