CN109561428A - Remote authentication method and device thereof, equipment and storage medium - Google Patents
Remote authentication method and device thereof, equipment and storage medium Download PDFInfo
- Publication number
- CN109561428A CN109561428A CN201811624505.XA CN201811624505A CN109561428A CN 109561428 A CN109561428 A CN 109561428A CN 201811624505 A CN201811624505 A CN 201811624505A CN 109561428 A CN109561428 A CN 109561428A
- Authority
- CN
- China
- Prior art keywords
- terminal
- mobile terminal
- biometric feature
- server
- authorisation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 238000013475 authorization Methods 0.000 claims abstract description 227
- 238000004891 communication Methods 0.000 claims abstract description 16
- 230000005540 biological transmission Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 238000005314 correlation function Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The present invention relates to the communications fields, disclose remote authentication method and device thereof, equipment and storage medium.Remote authentication method of the invention includes: to obtain and be encrypted in the first biometric feature of the user to acquire at authorisation device;The first biometric feature of encryption is sent, to mobile terminal so that mobile terminal will match after the decryption of the first biometric feature with the second biometric feature of the user stored in the mobile terminal;If receiving the first terminal ID for the mark mobile terminal that mobile terminal is sent after the matching of the first and second biometric features, first terminal ID and mark are sent to server to the first device id of authorisation device.The present invention geographically ensures to request to authenticate and that enjoy related service is all user, the situation for effectively avoiding user identity or mobile terminal from being stolen, while not storing the biometric feature of user to avoid the risk of leakage user biological identification feature.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of remote authentication method and device thereof, equipment and storage medium.
Background technique
With popularizing for networking life mode, occur that user is more and more needed to carry out network in daily life
Bicycle etc. is shared in certification, the demand authenticated in other words, such as mobile payment.It is existing to be based on the skills such as internet or bluetooth communication
The networked devices of art, such as shared bicycle lock, its authentication mode of the Related products such as smart locks such as intelligent door lock is unidirectional mirror
Power, i.e., by mobile terminal, perhaps other modes initiation authentication applies verifying applicant's identity in lock body or cloud, and
The object runs such as the unlocking of related executing agency, certification, attendance are authorized after the authentication is passed.Most of mobile Internet that relies on carries out
The mode unidirectionally authenticated there are problems that being easy to forge address information, the feelings such as be stolen, breaks through or replicate in mobile terminal
Under condition, attacker can remotely operate the terminal that mobile terminal authenticates needs and authorize.
Can not almost it discover since the characteristic of internet causes the information in this strange land to send, to can not judge mobile whole
Whether end is confirmed whether near the terminal (execution equipment i.e. as described herein) for needing to authorize by the user by authorization
Initiate authentication application.
I.e. only by checking identity information (mobile phone SN, the phone number, in mobile terminal OS of authentication or certification promoter
The authentication functions such as screen-lock password set) at present it has been confirmed that can forge/break through.It is needed in this case compared with Gao An
The occasion of full property cannot rely on these traditional identification authentication modes and method for authenticating again.
And directly authenticated by way of users' unique identifier such as biometric feature, presence must concentrate
The problem of storing user information.When related service is towards general marketplace can centrally stored a large amount of user information, especially
The user information that biometric feature etc. can not change, once leakage will cause great loss to client.That is any
The service of centrally stored user information is all high risk.The acquisition biometric feature information personal with transmission is in China and generation
Boundary various regions are all that a height is related to the sensitive behavior of safety and law.
Summary of the invention
The purpose of the present invention is to provide a kind of remote authentication method and device thereof, equipment and storage mediums, can be in physics
Ensure to request to authenticate on position and that enjoy related service is all user, effectively avoids user identity or mobile terminal quilt
The case where usurping, while not storing the biometric feature of user to avoid the risk of leakage user biological identification feature.
In order to solve the above technical problems, embodiments of the present invention disclose a kind of remote authentication method, this method comprises:
Obtain and be encrypted in the first biometric feature of the user to acquire at authorisation device;
The first biometric feature of encryption is sent, to mobile terminal so that mobile terminal is by the first biometric feature solution
It is matched after close with the second biometric feature of the user stored in the mobile terminal;
If receiving the mark mobile terminal that mobile terminal is sent after the matching of the first and second biometric features
First terminal ID and mark are then sent to server to the first device id of authorisation device, for server by first terminal ID
The second of the mark mobile terminal received based on the first device id and first terminal ID that receive and from mobile terminal is eventually
Hold the second device id of ID and mark to authorisation device, it is determined whether send authorization message;
Wherein, mobile terminal the first and second biometric features matching after to server send second terminal ID and from
The second device id received to authorisation device.
In a demonstration example, above-mentioned server determines whether that sending authorization message includes:
Server the first device id for receiving of judgement and first terminal ID whether with the second device id and second terminal ID
Matching;
If it is judged that then server obtains the pre-stored power about to authorisation device and mobile terminal for matching
Limit information, and determine whether to send authorization message based on the authority information got.
In another demonstration example, the first biometric feature for sending encryption to mobile terminal includes:
Judge whether mobile terminal meets predetermined communication condition, if meeting predetermined communication condition, is sent out to mobile terminal
Send the first biometric feature of encryption.
In another demonstration example, first terminal ID and mark are being sent to server to the first device id of authorisation device
Later, method further include:
If receiving the authorization message of server transmission, user's request that mobile terminal is executed to authorisation device is controlled
Relevant operation.
In another demonstration example, after the first biometric feature for sending encryption to mobile terminal, to authorisation device
Delete the first biometric feature.
In another demonstration example, biometric feature is fingerprint.
Embodiments of the present invention also disclose a kind of remote authentication method, this method comprises:
Mobile terminal is received by the first biometric feature of the encryption sent to authorisation device, wherein the first biology is known
Other feature at authorisation device to acquire, and by encrypting to authorisation device;
First biometric feature of encryption is decrypted mobile terminal, and the first bio-identification after decryption is special
Sign is matched with the second biometric feature of pre-stored user in the mobile terminal;
Mobile terminal identifies the mobile terminal after the matching of the first and second biometric features, to sending to authorisation device
First terminal ID, and to server send identify the mobile terminal second terminal ID and received to authorisation device mark to
Second device id of authorisation device, so that server is based on second terminal ID, the second device id and from wait authorize received
First device id of the first terminal ID and mark that equipment receives to authorisation device, it is determined whether send authorization message.
In a demonstration example, mobile terminal by after decryption the first biometric feature and the mobile terminal in deposit in advance
After the second biometric feature of the user of storage matches, the first biometric feature is deleted.
Embodiments of the present invention also disclose a kind of remote authentication method, this method comprises:
Server receives the first device id and first terminal ID to authorisation device, and receives the second equipment from mobile terminal
ID and second terminal ID;
Server is based on the first device id, first terminal ID, second terminal ID and the determination of the second device id received
No transmission authorization message;
Wherein, the first biometric feature at authorisation device after be collected and by being sent to shifting after authorisation device encrypts
Dynamic terminal, and
Determine that receive the user stored in the first biometric feature and the mobile terminal second is raw in mobile terminal
After the matching of object identification feature, mark is sent to the first terminal ID for sending mark mobile terminal to authorisation device, and to server
The second terminal ID of mobile terminal and the second device id received from the mark to authorisation device to authorisation device, and
After authorisation device receive mobile terminal transmission first terminal ID after, to server send first terminal ID and
Identify the first device id to authorisation device.
In a demonstration example, server is based on the first device id, first terminal ID, second terminal ID and second received
Device id determines whether that sending authorization message includes:
Server the first device id for receiving of judgement and first terminal ID whether with the second device id and second terminal ID
Matching;
If it is judged that then server obtains the pre-stored power about to authorisation device and mobile terminal for matching
Limit information, and determine whether to send authorization message based on the authority information got.
In another demonstration example, server is based on the first device id, first terminal ID, second terminal ID and received
Two device ids determine whether that sending authorization message includes:
Server the first device id for receiving of judgement and first terminal ID whether with the second device id and second terminal ID
It matches respectively;
If it is judged that then server sends authorization message for matching.
Embodiments of the present invention also disclose a kind of remote authentication device, comprising:
Acquiring unit, for obtaining and being encrypted in the first biometric feature of the user to acquire at authorisation device;
First transmission unit, for sending the first biometric feature of encryption to mobile terminal, so that mobile terminal will
It is matched after the decryption of first biometric feature with the second biometric feature of the user stored in the mobile terminal;
Second transmission unit, for receiving what mobile terminal was sent after the matching of the first and second biometric features
After the first terminal ID for identifying mobile terminal, first terminal ID and mark are sent to service to the first device id of authorisation device
Device, so that server is mobile based on the first device id and first terminal ID that receive and the mark received from mobile terminal
Second device id of the second terminal ID and mark of terminal to authorisation device, it is determined whether send authorization message.
Embodiments of the present invention also disclose a kind of mobile terminal, which includes:
First receiving unit, for receiving the first biometric feature of the encryption by sending to authorisation device, wherein the
One biometric feature at authorisation device to acquire, and by encrypting to authorisation device;
Matching unit, the first biometric feature for that will encrypt are decrypted, and the first biology after decryption is known
Other feature is matched with the second biometric feature of pre-stored user in the mobile terminal;
Third transmission unit, for being identified to being sent to authorisation device after the matching of the first and second biometric features
The first terminal ID of the mobile terminal, and sent to server and identify the second terminal ID of the mobile terminal and received from wait authorize
Device identification waits for the second device id of authorisation device, for server based on receive second terminal ID, the second device id with
And the first device id from the first terminal ID and mark received to authorisation device to authorisation device, it is determined whether send authorization
Information.
Embodiments of the present invention also disclose a kind of server, which includes:
Second receiving unit, for receiving the first device id and first terminal ID to authorisation device, and from mobile terminal
Receive the second device id and second terminal ID;
Determination unit, for based on the first device id, first terminal ID, second terminal ID and the second device id received
Determine whether to send authorization message;
Wherein, the first biometric feature at authorisation device after be collected and by being sent to shifting after authorisation device encrypts
Dynamic terminal, and
Determine that receive the user stored in the first biometric feature and the mobile terminal second is raw in mobile terminal
After the matching of object identification feature, mark is sent to the first terminal ID for sending mark mobile terminal to authorisation device, and to server
The second terminal ID of mobile terminal and the second device id received from the mark to authorisation device to authorisation device, and
After authorisation device receive mobile terminal transmission first terminal ID after, to server send first terminal ID and
Identify the first device id to authorisation device.
Embodiments of the present invention also disclose a kind of equipment, which includes being stored with depositing for computer executable instructions
Reservoir and processor, processor are configured as when executing computer executable instructions, are executed disclosed in above embodiment
Remote authentication method.
Embodiments of the present invention also disclose a kind of non-volatile computer storage Jie using computer program code
Matter, wherein computer program includes instruction, when instruction is executed by more than one computer, is instructed so that more than one
Computer executes remote authentication method disclosed in above embodiment.
Compared with prior art, the main distinction and its effect are embodiment of the present invention:
In remote authorization process, it can geographically ensure to request to authorize and that enjoy related service is all user
I, the stolen situation of related resource, improves remote authorization after effectively avoiding user identity or mobile terminal stolen
Safety, meanwhile, the biometric feature constantly acquired is encrypted transmission, effectively prevent the leakage of biometric feature and is stolen
With.
Further, so that improving biology to authorisation device only with the communication of mobile terminal that meets predetermined communication condition
The safety of information transmission.
Further, the biometric feature for not storing user to authorisation device sends bio-identification spy without long-range
Sign, avoids the leakage of user biological identification feature while guaranteeing authorizing secure.
Further, if it find that the situation stolen to authorisation device or customer mobile terminal, server is by refusing
The use for treating authorisation device can unilaterally be limited by sending authorization message absolutely, improve the safety used to authorisation device.
Further, mobile terminal does not store the biometric feature of the user received, sends biology without long-range
Identification feature avoids the leakage of user biological identification feature while guaranteeing authorizing secure.
Detailed description of the invention
Fig. 1 is the flow diagram of the remote authentication method of first embodiment according to the present invention;
Fig. 2 is the flow diagram of the remote authentication method of second embodiment according to the present invention;
Fig. 3 is the flow diagram of the remote authentication method of third embodiment according to the present invention;
Fig. 4 is the structural schematic diagram of the remote authentication device of the 4th embodiment according to the present invention;
Fig. 5 is the structural schematic diagram of the mobile terminal of the 5th embodiment according to the present invention;
Fig. 6 is the structural schematic diagram of the server of sixth embodiment according to the present invention.
Specific embodiment
In the following description, in order to make the reader understand this application better, many technical details are proposed.But this
The those of ordinary skill in field is appreciated that even if without these technical details and many variations based on the following respective embodiments
And modification, each claim of the application technical solution claimed can also be realized.
It is appreciated that in the present invention, biometric feature refers to the biometric feature of unique identification user, such as refer to
Line, iris, facial characteristics, sound etc..
Furthermore, it is to be understood that in the present invention, mobile terminal includes but is not limited to smart phone, tablet computer etc..Equipment
ID (identification code) refers to the information that unique identification waits for authorisation device, for example identification code or identification to authorisation device setting
Number, perhaps to the IP address of authorisation device, MAC Address etc. or it is placed in in authorisation device, execute setting for correlation function
The standby identification code being set either to authorisation device or is placed in the execution downloaded to the device in authorisation device from server
The ID that the application program of correlation function is set.The Termination ID of mobile terminal also refers to the letter for capableing of unique identification mobile terminal
Breath, such as MAC Address or the identifier being specially arranged for terminal.The present invention sends the different ID in source to what server received
It is distinguished using by the way of the preceding plus first or second, for example, first terminal ID and second terminal ID are that mark is mobile eventually
The ID at end, the first device id and the second device id are ID of the mark to authorisation device, and the equipment only directly transmitted is different, institute
To be distinguished.
It is appreciated that in the present invention, can have acquisition simultaneously to authorisation device and obtain the function of biometric feature
Can, the equipment for acquiring biometric feature may not be to authorisation device, herein with no restrictions.If it is special to acquire bio-identification
The equipment of sign is not that collected biometric feature is being sent it by the equipment that biometric feature is then acquired to authorisation device
Afterwards, it will be deleted the biometric feature of acquisition, also to guarantee that user biological identification feature is not centrally stored and reveals.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to implementation of the invention
Mode is described in further detail.
First embodiment of the invention is related to a kind of remote authentication method.Fig. 1 is the process signal of the remote authentication method
Figure.
Specifically, as shown in Figure 1, method includes the following steps:
In a step 101, obtain and be encrypted in the first biometric feature of the user to acquire at authorisation device.
Hereafter, 102 are entered step.
In a step 102, the first biometric feature of encryption is sent, to mobile terminal so that mobile terminal is raw by first
It is matched after the decryption of object identification feature with the second biometric feature of the user stored in the mobile terminal.
It is appreciated that in the embodiments of the present invention, mobile terminal and can be to the communication between authorisation device
It is restricted, that is to say, that it is raw to be just sent to it first to authorisation device for the mobile terminal for only meeting predetermined communication condition
Object identification feature.For example, in the step 102, can prejudge whether mobile terminal meets predetermined lead in a demonstration example
Creed part sends the first biometric feature of encryption to mobile terminal if meeting predetermined communication condition.So that
Authorisation device only with the communication of mobile terminal that meets predetermined communication condition, improves the safety of biological information transmission.
It is in order to enable EM equipment module is communicated with specific some equipment that predetermined communication condition, which is arranged, and transmission biology is known
Other feature.For example, with the equipment with specific communications frequency range, the equipment with specifically identifying etc., to improve bio-identification letter
Cease the safety of transmission.
Hereafter, 103 are entered step.
In step 103, judge whether to receive mobile terminal in the first predetermined amount of time in the first and second biologies
The first terminal ID of the mark mobile terminal sent after identification feature matching.
If the judging result be it is yes, enter step 104;Otherwise, terminate this process.
At step 104, first terminal ID and mark are sent to server to the first device id of authorisation device, for
The mark mobile terminal that server is received based on the first device id and first terminal ID received and from mobile terminal
The second device id of second terminal ID and mark to authorisation device, it is determined whether send authorization message.
It is appreciated that mobile terminal sends second terminal ID to server after the matching of the first and second biometric features
With from the second device id received to authorisation device.
For example, in a demonstration example, it includes: that server judgement receives that server, which determines whether to send authorization message,
Whether one device id and first terminal ID match with the second device id and second terminal ID;If it is judged that then being taken for matching
Business device obtains the pre-stored authority information about to authorisation device and mobile terminal, and true based on the authority information got
It is fixed whether to send authorization message.For example, server can be based on device id (the first device id or the second equipment received
ID) and Termination ID (first terminal ID or second terminal ID) searches for pre-stored authorization message.
It is appreciated that authority information can be pre- to authorisation device and mobile terminal in the embodiments of the present invention
It is first sent to server, is also possible to execute the correlation of above-mentioned function from server downloading to authorisation device or mobile terminal
When application program, the authorization message that server generates, or be mounted in advance what server was recorded to authorisation device and shifting
Corresponding hardware module in dynamic terminal perhaps close by corresponding between the information of chip such as chip or the identifier of hardware module
System.
It is appreciated that server can also directly transmit authorization after each ID matching in other demonstration examples of the invention
Information, without authority information, herein with no restrictions.
Hereafter, 105 are entered step.
In step 105, judge whether the authorization message that server transmission is received in the second predetermined amount of time.
If it is judged that be it is yes, then enter step 106;Otherwise, terminate this process.
In step 106, the relevant operation that user's request of mobile terminal is executed to authorisation device is controlled.
For example, being shared bicycle to authorisation device, then relevant operation is the lock for opening shared bicycle;It is to authorisation device
Vending Machine, then relevant operation is that the commodity that user buys are pushed to user.
Hereafter, terminate this process.
In addition, after the first biometric feature for sending encryption to mobile terminal, deleting first in a demonstration example
Biometric feature.For example, deleting in the given time, or receive deletion after the first terminal ID of mobile terminal transmission
Biometric feature.
In this way, not storing the biometric feature of user to authorisation device, biometric feature is sent without long-range,
Guarantee the leakage that user biological identification feature is avoided while authorizing secure.
It is appreciated that in the present invention, the application program that can be to be equipped in authorisation device of above-mentioned steps is executed,
It is also possible to be mounted on hardware module or chip to authorisation device, these applications is also correspondingly installed in mobile terminal
Program, hardware module or chip, meanwhile, based on preparatory setting (setting carried out when such as hardware dispatches from the factory to it or software
Application program is the setting carried out to it in downloading), by these programs of authorisation device, hardware module or chip encryption
Biometric feature, it can be decrypted in corresponding application program, hardware module or chip in mobile terminal.
In remote authorization process, it can geographically ensure to request to authorize and that enjoy related service is all user
I, the stolen situation of related resource, improves remote authorization after effectively avoiding user identity or mobile terminal stolen
Safety.Also, if it find that the situation stolen to authorisation device or customer mobile terminal, server are sent by refusal
Authorization message can unilaterally limit the use for treating authorisation device, improve the safety used to authorisation device.
Second embodiment of the present invention is related to a kind of remote authentication method.Fig. 2 is that the process of the remote authentication method is shown
It is intended to.
Specifically, as shown in Fig. 2, the remote authentication method includes the following steps:
In step 201, mobile terminal is received by the first biometric feature of the encryption sent to authorisation device,
In, the first biometric feature at authorisation device to acquire, and by encrypting to authorisation device.
Hereafter, 202 are entered step.
In step 202, the first biometric feature of encryption is decrypted mobile terminal, and by after decryption
One biometric feature is matched with the second biometric feature of pre-stored user in the mobile terminal.
It in the present invention, is the answering of waiting for installing in authorisation device by the correlation step or function that are executed to authorisation device
With program, either in authorisation device hardware module or chip execute, and the correlation step of mobile terminal execution can also
To be the application program correspondingly installed, hardware module perhaps chip execution while application program, hardware module or chip quilt
It is arranged in advance, so that by the biometric feature to these programs of authorisation device, hardware module or chip encryption,
It can be decrypted in corresponding application program, hardware module or chip in mobile terminal.
It is appreciated that in this step, it is preferable that by the first biometric feature and the progress of the second biometric feature
After matching, mobile terminal deletes the first biometric feature.In this way, the bio-identification that mobile terminal does not store the user received is special
Sign sends biometric feature without long-range, avoids letting out for user biological identification feature while guaranteeing authorizing secure
Dew.
If it does, then entering step 203;Otherwise, terminate this process.
In step 203, it to the first terminal ID for sending the mark mobile terminal to authorisation device, and is sent to server
The second terminal ID of the mobile terminal is identified and received from the second device id to authorisation device is identified to authorisation device, for clothes
Business device is based on second terminal ID, the second device id and from the first terminal ID and mark received to authorisation device received
The first device id to authorisation device, it is determined whether send authorization message.
For example, in a demonstration example, it includes: that server judgement receives that server, which determines whether to send authorization message,
Whether one device id and first terminal ID match with the second device id and second terminal ID;If it is judged that then being taken for matching
Business device obtains the pre-stored authority information about to authorisation device and mobile terminal, and true based on the authority information got
It is fixed whether to send authorization message.For example, server can be based on device id (the first device id or the second equipment received
ID) and Termination ID (first terminal ID or second terminal ID) searches for pre-stored authorization message.
It is appreciated that authority information can be pre- to authorisation device and mobile terminal in the embodiments of the present invention
It is first sent to server, is also possible to execute the correlation of above-mentioned function from server downloading to authorisation device or mobile terminal
When application program, the authorization message that server generates, or be mounted in advance what server was recorded to authorisation device and shifting
Corresponding hardware module in dynamic terminal perhaps close by corresponding between the information of chip such as chip or the identifier of hardware module
System.
It is appreciated that server can also directly transmit authorization after each ID matching in other demonstration examples of the invention
Information, without authority information, herein with no restrictions.
Hereafter, terminate this process.
In remote authorization process, the present invention can geographically ensure to request authorization and enjoy related service
It is user, the stolen situation of related resource, is improved long-range after effectively avoiding user identity or mobile terminal stolen
The safety of authorization.
Third embodiment of the present invention is related to a kind of remote authentication method.Fig. 3 is that the process of the remote authentication method is shown
It is intended to.
Specifically, as shown in figure 3, the remote authentication method includes the following steps:
In step 301, server receives the first device id and first terminal ID to authorisation device, and from mobile terminal
Receive the second device id and second terminal ID.
Hereafter, 302 are entered step.
In step 302, server is based on the first device id, first terminal ID, second terminal ID and second received
Device id determines whether to send authorization message.
It is appreciated that the first biometric feature at authorisation device after be collected and by sending after authorisation device encrypts
To mobile terminal, and is determined in mobile terminal and receive the user's stored in the first biometric feature and the mobile terminal
After the matching of second biometric feature, sent out to the first terminal ID for sending mark mobile terminal to authorisation device, and to server
The second terminal ID of mark mobile terminal and the second device id received from the mark to authorisation device to authorisation device are sent, and
After authorisation device after the first terminal ID for receiving mobile terminal transmission, first terminal ID is sent to server and is identified wait award
Weigh the first device id of equipment.
Hereafter, terminate this process.
In a demonstration example, above-mentioned steps 302 include:
Server the first device id for receiving of judgement and first terminal ID whether with the second device id and second terminal ID
Matching;
If it is judged that then server obtains the pre-stored power about to authorisation device and mobile terminal for matching
Limit information, and determine whether to send authorization message based on the authority information got.
In another demonstration example, above-mentioned steps 302 include:
Server the first device id for receiving of judgement and first terminal ID whether with the second device id and second terminal ID
It matches respectively;
If it is judged that then server sends authorization message for matching.
In remote authorization process, it can geographically ensure to request to authorize and that enjoy related service is all user
I, the stolen situation of related resource, improves remote authorization after effectively avoiding user identity or mobile terminal stolen
Safety.
4th embodiment of the invention discloses a kind of remote authentication device.Fig. 4 is the structure of the remote authentication device
Schematic diagram.
Specifically, as shown in figure 4, the device includes:
Acquiring unit, for obtaining and being encrypted in the first biometric feature of the user to acquire at authorisation device.
First transmission unit, for sending the first biometric feature of encryption to mobile terminal, so that mobile terminal will
It is matched after the decryption of first biometric feature with the second biometric feature of the user stored in the mobile terminal.
Second transmission unit, for receiving what mobile terminal was sent after the matching of the first and second biometric features
After the first terminal ID for identifying mobile terminal, first terminal ID and mark are sent to service to the first device id of authorisation device
Device, so that server is mobile based on the first device id and first terminal ID that receive and the mark received from mobile terminal
Second device id of the second terminal ID and mark of terminal to authorisation device, it is determined whether send authorization message.
In remote authorization process, it can geographically ensure to request to authorize and that enjoy related service is all user
I, the stolen situation of related resource, improves remote authorization after effectively avoiding user identity or mobile terminal stolen
Safety.Also, if it find that the situation stolen to authorisation device or customer mobile terminal, server are sent by refusal
Authorization message can unilaterally limit the use for treating authorisation device, improve the safety used to authorisation device.
First embodiment is method implementation corresponding with present embodiment, and present embodiment can be implemented with first
Mode is worked in coordination implementation.The relevant technical details mentioned in first embodiment are still effective in the present embodiment, in order to
It reduces and repeats, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment are also applicable in the first implementation
In mode.
5th embodiment of the invention is related to a kind of mobile terminal.Fig. 5 is the structural schematic diagram of the mobile terminal.Specifically
Ground, as shown in figure 5, the mobile terminal includes:
First receiving unit, for receiving the first biometric feature of the encryption by sending to authorisation device, wherein the
One biometric feature at authorisation device to acquire, and by encrypting to authorisation device.
Matching unit, the first biometric feature for that will encrypt are decrypted, and the first biology after decryption is known
Other feature is matched with the second biometric feature of pre-stored user in the mobile terminal.
Third transmission unit, for being identified to being sent to authorisation device after the matching of the first and second biometric features
The first terminal ID of the mobile terminal, and sent to server and identify the second terminal ID of the mobile terminal and received from wait authorize
Device identification waits for the second device id of authorisation device, for server based on receive second terminal ID, the second device id with
And the first device id from the first terminal ID and mark received to authorisation device to authorisation device, it is determined whether send authorization
Information.
Second embodiment is method implementation corresponding with present embodiment, and present embodiment can be implemented with second
Mode is worked in coordination implementation.The relevant technical details mentioned in second embodiment are still effective in the present embodiment, in order to
It reduces and repeats, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment are also applicable in the second implementation
In mode.
Sixth embodiment of the invention discloses a kind of server.Fig. 6 is the structural schematic diagram of the server.
Specifically, as shown in fig. 6, the server includes:
Second receiving unit, for receiving the first device id and first terminal ID to authorisation device, and from mobile terminal
Receive the second device id and second terminal ID;
Determination unit, for based on the first device id, first terminal ID, second terminal ID and the second device id received
Determine whether to send authorization message;
Wherein, the first biometric feature at authorisation device after be collected and by being sent to shifting after authorisation device encrypts
Dynamic terminal, and
Determine that receive the user stored in the first biometric feature and the mobile terminal second is raw in mobile terminal
After the matching of object identification feature, mark is sent to the first terminal ID for sending mark mobile terminal to authorisation device, and to server
The second terminal ID of mobile terminal and the second device id received from the mark to authorisation device to authorisation device, and
After authorisation device receive mobile terminal transmission first terminal ID after, to server send first terminal ID and
Identify the first device id to authorisation device.
Third embodiment is method implementation corresponding with present embodiment, and present embodiment can be implemented with third
Mode is worked in coordination implementation.The relevant technical details mentioned in third embodiment are still effective in the present embodiment, in order to
It reduces and repeats, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment are also applicable in third implementation
In mode.
7th embodiment of the invention discloses a kind of equipment, which includes being stored with computer executable instructions
Memory and processor, processor are configured as when executing computer executable instructions, execute first to third embodiment
In any remote authentication method.
8th embodiment of the invention discloses a kind of non-volatile computer storage using computer program code
Medium, wherein computer program include instruction, when instruction by more than one computer execute when, instruction so that more than one
Computer execute first into third embodiment any remote authentication method.
Each method embodiment of the invention can be realized in a manner of software, hardware, firmware etc..Regardless of the present invention be with
Software, hardware or firmware mode realize that instruction code may be stored in any kind of computer-accessible memory
In (such as permanent perhaps revisable volatibility is perhaps non-volatile solid or non-solid, it is fixed or
The replaceable medium etc. of person).Equally, memory may, for example, be programmable logic array (Programmable Array
Logic, referred to as " PAL "), random access memory (Random Access Memory, referred to as " RAM "), it may be programmed read-only deposit
Reservoir (Programmable Read Only Memory, referred to as " PROM "), read-only memory (Read-Only Memory, letter
Claim " ROM "), electrically erasable programmable read-only memory (Electrically Erasable Programmable ROM, referred to as
" EEPROM "), disk, CD, digital versatile disc (Digital Versatile Disc, referred to as " DVD ") etc..
Electronics physical identity certification existing at present relies primarily on the safety of mobile terminal to ensure its verification process
It is reliable and secure, therefore given the core support process of security system to external uncontrollable link, thus it is serious weaken it is whole
The safety of a system is easy to appear the failure of whole system caused by single point failure.And centrally stored user information can be led
Cause huge information leakage risk.The present invention solve existing electronics physical certifying to mobile terminal safety it is single according to
Rely, so as to avoid the authentication mechanism failure of the caused entire security system because mobile terminal fails, while according to the present invention
The problem of centrally stored user biological information is not present in constructed system, it is not easy to large-scale user information be caused to be revealed
Event.
It should be noted that each unit mentioned in each equipment embodiment of the present invention is all logic unit, physically,
One logic unit can be a physical unit, be also possible to a part of a physical unit, can also be with multiple physics
The combination of unit realizes that the Physical realization of these logic units itself is not most important, these logic units institute reality
The combination of existing function is only the key for solving technical problem proposed by the invention.In addition, in order to protrude innovation of the invention
Part, there is no the technical problem relationship proposed by the invention with solution is less close for the above-mentioned each equipment embodiment of the present invention
Unit introduce, this does not indicate above equipment embodiment and there is no other units.
It should be noted that in the claim and specification of this patent, such as first and second or the like relationship
Term is only used to distinguish one entity or operation from another entity or operation, without necessarily requiring or implying
There are any actual relationship or orders between these entities or operation.Moreover, the terms "include", "comprise" or its
Any other variant is intended to non-exclusive inclusion so that include the process, methods of a series of elements, article or
Equipment not only includes those elements, but also including other elements that are not explicitly listed, or further include for this process,
Method, article or the intrinsic element of equipment.In the absence of more restrictions, being wanted by what sentence " including one " limited
Element, it is not excluded that there is also other identical elements in the process, method, article or apparatus that includes the element.
Although being shown and described to the present invention by referring to some of the preferred embodiment of the invention,
It will be understood by those skilled in the art that can to it, various changes can be made in the form and details, without departing from this hair
Bright spirit and scope.
Claims (16)
1. a kind of remote authentication method characterized by comprising
Obtain and be encrypted in the first biometric feature of the user to acquire at authorisation device;
First biometric feature of encryption is sent, to mobile terminal so that the mobile terminal knows first biology
It is matched after other feature decryption with the second biometric feature of the user stored in the mobile terminal;
If receiving the mark shifting that the mobile terminal is sent after first and second biometric feature matching
The first terminal ID and mark first device id to authorisation device are then sent to clothes by the first terminal ID of dynamic terminal
Business device, is connect for the server based on first device id received and first terminal ID and from the mobile terminal
The second terminal ID and mark second device id to authorisation device of the mark mobile terminal received, it is determined whether hair
Send authorization message;
Wherein, the mobile terminal sends described the to the server after first and second biometric feature matching
Two Termination ID and from second device id received to authorisation device.
2. remote authentication method according to claim 1, which is characterized in that the server determines whether to send authorization letter
Breath includes:
First device id and first terminal ID that server judgement receives whether with second device id and the
The matching of two Termination ID;
If the judging result is matching, the server obtains pre-stored about described to authorisation device and described
The authority information of mobile terminal, and determine whether to send the authorization message based on the authority information got.
3. remote authentication method according to claim 2, which is characterized in that send described the first of encryption to mobile terminal
Biometric feature includes:
Judge whether the mobile terminal meets predetermined communication condition, if meeting the predetermined communication condition, to the shifting
Dynamic terminal sends first biometric feature of the encryption.
4. remote authentication method according to claim 3, which is characterized in that will the first terminal ID and mark described in
After the first device id to authorisation device is sent to server, the method also includes:
If receiving the authorization message that the server is sent, control is described to execute the mobile terminal to authorisation device
The relevant operation of user's request.
5. remote authentication method according to any one of claim 1 to 4, which is characterized in that sent to mobile terminal
It is described to delete first biometric feature to authorisation device after first biometric feature of encryption.
6. remote authentication method according to any one of claim 1 to 4, which is characterized in that the biometric feature
For fingerprint.
7. a kind of remote authentication method characterized by comprising
Mobile terminal is received by the first biometric feature of the encryption sent to authorisation device, wherein first biology is known
Other feature is encrypted to acquire at authorisation device, and by described to authorisation device described;
First biometric feature of the encryption is decrypted mobile terminal, and first biology after decryption is known
Other feature is matched with the second biometric feature of pre-stored user in the mobile terminal;
Mobile terminal identifies the movement after first and second biometric feature matching, to described send to authorisation device
The first terminal ID of terminal, and sent to server and identify the second terminal ID of the mobile terminal and set received from described wait authorize
Standby mark second device id to authorisation device, so that the server is based on the second terminal ID received, the
Two device ids and from the first terminal ID received to authorisation device and mark first to authorisation device
Device id, it is determined whether send authorization message.
8. remote authentication method according to claim 7, which is characterized in that the mobile terminal will be described in after decryption
After first biometric feature is matched with the second biometric feature of pre-stored user in the mobile terminal, delete
First biometric feature.
9. a kind of remote authentication method characterized by comprising
Server receives the first device id and first terminal ID to authorisation device, and from mobile terminal receive the second device id and
Second terminal ID;
The server is true based on first device id, first terminal ID, second terminal ID and the second device id received
It is fixed whether to send authorization message;
Wherein, the first biometric feature is described after be collected at authorisation device and sent after authorisation device encryption by described
To the mobile terminal, and
Determine that receive the user stored in first biometric feature and the mobile terminal second is raw in mobile terminal
After the matching of object identification feature, the first terminal ID of the mobile terminal is identified to described send to authorisation device, and to server
Send the second terminal ID for identifying the mobile terminal and received from described in the mark to authorisation device to authorisation device
Second device id, and
It is described after authorisation device after receiving the first terminal ID that the mobile terminal is sent, Xiang Suoshu server is sent
The first terminal ID and mark first device id to authorisation device.
10. remote authentication method according to claim 9, which is characterized in that the server is based on described in receiving
First device id, first terminal ID, second terminal ID and the second device id determine whether that sending authorization message includes:
First device id and first terminal ID that server judgement receives whether with second device id and the
The matching of two Termination ID;
If the judging result is matching, the server obtains pre-stored about described to authorisation device and described
The authority information of mobile terminal, and determine whether to send the authorization message based on the authority information got.
11. remote authentication method according to claim 9, which is characterized in that the server is based on described in receiving
First device id, first terminal ID, second terminal ID and the second device id determine whether that sending authorization message includes:
First device id and first terminal ID that server judgement receives whether with second device id and the
Two Termination ID match respectively;
If the judging result is matching, the server sends the authorization message.
12. a kind of remote authentication device characterized by comprising
Acquiring unit, for obtaining and being encrypted in the first biometric feature of the user to acquire at authorisation device;
First transmission unit, for sending first biometric feature of encryption to mobile terminal, for described mobile whole
End carries out the second biometric feature after first biometric feature decryption with the user stored in the mobile terminal
Matching;
Second transmission unit, for receive the mobile terminal first and second biometric feature matching after send out
After the first terminal ID of the mark mobile terminal sent, by the first terminal ID and mark first to authorisation device
Device id is sent to server, for the server based on first device id received and first terminal ID and from
It is set described in the second terminal ID and mark of the mark mobile terminal that the mobile terminal receives to the second of authorisation device
Standby ID, it is determined whether send authorization message.
13. a kind of mobile terminal characterized by comprising
First receiving unit, for receiving the first biometric feature of the encryption by sending to authorisation device, wherein described
One biometric feature is encrypted to acquire at authorisation device, and by described to authorisation device described;
Matching unit, for the first biometric feature of the encryption to be decrypted, and described first after decryption is raw
Object identification feature is matched with the second biometric feature of pre-stored user in the mobile terminal;
Third transmission unit, for being sent to described to authorisation device after first and second biometric feature matching
The first terminal ID of the mobile terminal is identified, and is sent to server and identifies the second terminal ID of the mobile terminal and received from institute
It states to authorisation device mark second device id to authorisation device, so that the server is based on described second received
It Termination ID, the second device id and is set from the first terminal ID received to authorisation device and mark are described wait authorize
The first standby device id, it is determined whether send authorization message.
14. a kind of server characterized by comprising
Second receiving unit for receiving the first device id and first terminal ID to authorisation device, and is received from mobile terminal
Second device id and second terminal ID;
Determination unit, for based on first device id, first terminal ID, second terminal ID and the second device id received
Determine whether to send authorization message;
Wherein, the first biometric feature is described after be collected at authorisation device and sent after authorisation device encryption by described
To the mobile terminal, and
Determine that receive the user stored in first biometric feature and the mobile terminal second is raw in mobile terminal
After the matching of object identification feature, the first terminal ID of the mobile terminal is identified to described send to authorisation device, and to server
Send the second terminal ID for identifying the mobile terminal and received from described in the mark to authorisation device to authorisation device
Second device id, and
It is described after authorisation device after receiving the first terminal ID that the mobile terminal is sent, Xiang Suoshu server is sent
The first terminal ID and mark first device id to authorisation device.
15. a kind of equipment, which is characterized in that memory and processor including being stored with computer executable instructions, the place
Reason device is configured as when executing the computer executable instructions, is executed remote as described in any one of claims 1 to 11
Journey method for authenticating.
16. a kind of nonvolatile computer storage media using computer program code, which is characterized in that the computer journey
Sequence includes instruction, and when described instruction is executed by more than one computer, described instruction makes one above calculating
Machine executes the remote authentication method as described in any one of claims 1 to 11.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811624505.XA CN109561428B (en) | 2018-12-28 | 2018-12-28 | Remote authentication method, device, equipment and storage medium thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811624505.XA CN109561428B (en) | 2018-12-28 | 2018-12-28 | Remote authentication method, device, equipment and storage medium thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109561428A true CN109561428A (en) | 2019-04-02 |
CN109561428B CN109561428B (en) | 2021-10-29 |
Family
ID=65871688
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811624505.XA Active CN109561428B (en) | 2018-12-28 | 2018-12-28 | Remote authentication method, device, equipment and storage medium thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109561428B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110070014A (en) * | 2019-04-12 | 2019-07-30 | 顾宏超 | Recognition methods and its device, equipment and storage medium based on biometric feature |
CN111274167A (en) * | 2020-01-21 | 2020-06-12 | 李岗 | Method and system for protecting media data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105224933A (en) * | 2015-10-23 | 2016-01-06 | 云丁网络技术(北京)有限公司 | A kind of safety long-distance authorization method of finger print information and system |
CN105282148A (en) * | 2015-09-17 | 2016-01-27 | 褚维戈 | Data remote authentication system and method |
CN106921738A (en) * | 2017-03-01 | 2017-07-04 | 深圳春沐源农业科技有限公司 | A kind of apparatus control method and device |
US20180184249A1 (en) * | 2015-08-04 | 2018-06-28 | At&T Intellectual Property I, L.P. | Determination of location of a mobile device |
CN109067881A (en) * | 2018-08-09 | 2018-12-21 | 顾宏超 | Remote-authorization method and its device, equipment and storage medium |
-
2018
- 2018-12-28 CN CN201811624505.XA patent/CN109561428B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180184249A1 (en) * | 2015-08-04 | 2018-06-28 | At&T Intellectual Property I, L.P. | Determination of location of a mobile device |
CN105282148A (en) * | 2015-09-17 | 2016-01-27 | 褚维戈 | Data remote authentication system and method |
CN105224933A (en) * | 2015-10-23 | 2016-01-06 | 云丁网络技术(北京)有限公司 | A kind of safety long-distance authorization method of finger print information and system |
CN106921738A (en) * | 2017-03-01 | 2017-07-04 | 深圳春沐源农业科技有限公司 | A kind of apparatus control method and device |
CN109067881A (en) * | 2018-08-09 | 2018-12-21 | 顾宏超 | Remote-authorization method and its device, equipment and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110070014A (en) * | 2019-04-12 | 2019-07-30 | 顾宏超 | Recognition methods and its device, equipment and storage medium based on biometric feature |
CN111274167A (en) * | 2020-01-21 | 2020-06-12 | 李岗 | Method and system for protecting media data |
Also Published As
Publication number | Publication date |
---|---|
CN109561428B (en) | 2021-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210350013A1 (en) | Security systems and methods for continuous authorized access to restricted access locations | |
US10755507B2 (en) | Systems and methods for multifactor physical authentication | |
US9953151B2 (en) | System and method identifying a user to an associated device | |
US9032498B1 (en) | Method for changing authentication for a legacy access interface | |
US7108177B2 (en) | Proximity validation system and method | |
US11252142B2 (en) | Single sign on (SSO) using continuous authentication | |
US9350548B2 (en) | Two factor authentication using a protected pin-like passcode | |
US8646060B1 (en) | Method for adaptive authentication using a mobile device | |
EP1922632B1 (en) | Extended one-time password method and apparatus | |
CN100438421C (en) | Method and system for conducting user verification to sub position of network position | |
CN108650212A (en) | A kind of Internet of Things certification and access control method and Internet of Things security gateway system | |
CN109067881B (en) | Remote authorization method, device, equipment and storage medium thereof | |
EP3862899A1 (en) | Information communication apparatus, authentication program for information communication apparatus, and authentication method | |
US7587051B2 (en) | System and method for securing information, including a system and method for setting up a correspondent pairing | |
CN108989331B (en) | Use authentication method of data storage device, device and storage medium thereof | |
CN109561428A (en) | Remote authentication method and device thereof, equipment and storage medium | |
KR101996317B1 (en) | Block chain based user authentication system using authentication variable and method thereof | |
CN109547484A (en) | Remote authentication method and device thereof, equipment and storage medium | |
CN109617898A (en) | Remote authentication method and device thereof, equipment and storage medium | |
US8447984B1 (en) | Authentication system and method for operating the same | |
TWI640887B (en) | User verification system implemented along with a mobile device and method thereof | |
CN109067880A (en) | The remote de-locking method and its device of shared device, equipment and storage medium | |
KR100930012B1 (en) | Method for Processing User's Certification | |
CN109145561A (en) | The method for authenticating and its equipment and storage medium of computer | |
KR100857080B1 (en) | Method for Processing Loggin Authentication Replay in Client |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200518 Address after: 201101 401, 39 Lane 3333, Hongxin Road, Minhang District, Shanghai Applicant after: Gu Hongchao Address before: 241000 A609, No. 35 Hengshan Road, Wuhu Economic and Technological Development Zone, Wuhu City, Anhui Province Applicant before: WUHU JIZHI INTELLIGENT TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |