CN109617898B - Remote authentication method, device, equipment and storage medium thereof - Google Patents

Remote authentication method, device, equipment and storage medium thereof Download PDF

Info

Publication number
CN109617898B
CN109617898B CN201811623773.XA CN201811623773A CN109617898B CN 109617898 B CN109617898 B CN 109617898B CN 201811623773 A CN201811623773 A CN 201811623773A CN 109617898 B CN109617898 B CN 109617898B
Authority
CN
China
Prior art keywords
authorized
mobile terminal
terminal
biological identification
received
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811623773.XA
Other languages
Chinese (zh)
Other versions
CN109617898A (en
Inventor
顾宏超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gu Hongchao
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201811623773.XA priority Critical patent/CN109617898B/en
Publication of CN109617898A publication Critical patent/CN109617898A/en
Application granted granted Critical
Publication of CN109617898B publication Critical patent/CN109617898B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Abstract

The invention relates to the field of communication, and discloses a remote authentication method, a device, equipment and a storage medium thereof. The remote authentication method of the invention comprises the following steps: acquiring a first biometric feature of a user acquired at a device to be authorized; sending the first biological identification feature to the mobile terminal; and if a terminal ID for identifying the mobile terminal is received, which is sent by the mobile terminal after the first and second biological identification characteristics are matched, sending the terminal ID and a device ID for identifying the device to be authorized to the server. The invention ensures that the user himself is required to authenticate and enjoy the related services at the physical position, effectively avoids the condition that the user identity or the mobile terminal is stolen, and simultaneously does not store the biological identification characteristics of the user so as to avoid the risk of revealing the biological identification characteristics of the user.

Description

Remote authentication method, device, equipment and storage medium thereof
Technical Field
The present invention relates to the field of communications, and in particular, to a remote authentication method, apparatus, device, and storage medium.
Background
The use of military or police weapons, mass transportation vehicles, engineering equipment, etc. has high demands on users, and the equipment can cause great harm after being impersonated or stolen. Therefore, it becomes important how to provide an efficient authentication method for the use of these devices.
Among them, the remote authentication method relying on the network is an effective authentication method. However, most of the current methods of performing one-way authentication by relying on the mobile internet have the problem that address information is easy to forge, and an attacker can remotely operate the mobile terminal to authorize the terminal needing authentication under the conditions that the mobile terminal is stolen, broken, copied or the like.
Due to the characteristics of the internet, such sending of information in a different place is almost imperceptible, and thus it cannot be determined whether the mobile terminal is in the vicinity of a terminal (i.e., an execution device) that needs to be authorized, and further, whether an authorized user initiates an authentication application is determined.
I.e. it has been proven that it can be forged/hacked at present only by checking the identity information (cell phone SN, cell phone number, authentication function built in the mobile terminal OS, e.g. lock screen password) of the authentication or certification initiator. In such cases where higher security is required, these conventional authentication methods and authentication methods cannot be relied upon.
However, authentication is performed directly by means of a user unique identification code such as biometric features, and the like, which causes a problem that user information must be stored in a concentrated manner. When the related services are oriented to the mass market, a large amount of user information, especially user information which cannot be changed such as biometric features, is stored in a centralized manner, and once the user information is revealed, a great loss is caused to the client. That is, any service that centrally stores user information is high risk. Collecting and transmitting individual biometric characteristic information is a sensitive activity that is highly related to security and law in China and all over the world.
Disclosure of Invention
The invention aims to provide a remote authentication method, a device, equipment and a storage medium thereof, which can ensure that a user himself/herself requests authentication and enjoys related services at a physical position, effectively avoid the condition that the user identity or a mobile terminal is stolen, and simultaneously avoid the risk of revealing the biological identification characteristics of the user by not storing the biological identification characteristics of the user.
In order to solve the above technical problem, an embodiment of the present invention discloses a remote authentication method, including:
acquiring a first biometric feature of a user acquired at a device to be authorized;
sending the first biometric feature to the mobile terminal so that the mobile terminal can match the first biometric feature with a second biometric feature of the user stored in the mobile terminal;
and if a terminal ID which is sent by the mobile terminal after the first biological identification characteristic and the second biological identification characteristic are matched and identifies the mobile terminal is received, sending the terminal ID and the equipment ID which identifies the equipment to be authorized to the server, so that the server can acquire pre-stored authority information about the equipment to be authorized and the mobile terminal based on the received equipment ID and the terminal ID, and determine whether to send the authorization information based on the acquired authority information.
In an example, sending the first biometric characteristic to the mobile terminal includes:
the method comprises the steps that a first biological identification feature of a user collected at a device to be authorized is encrypted and then sent to a mobile terminal, so that the mobile terminal can decrypt the encrypted first biological identification feature and then match the encrypted first biological identification feature with a second biological identification feature of the user stored in the mobile terminal.
In another example, sending the first biometric characteristic to the mobile terminal includes:
and judging whether the mobile terminal meets a preset communication condition, and if so, sending the encrypted first biological identification feature to the mobile terminal.
In another example, before the server acquires the pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, the server determines whether the device to be authorized is a device to be authorized with an abnormal state based on the received device ID, and sends disabling information to the device to be authorized to prohibit the device to be authorized from being used when the determination result is that the device to be authorized has an abnormal state.
In another example, the device to be authorized deletes the first biometric characteristic after sending the first biometric characteristic to the mobile terminal.
In another example, after transmitting the terminal ID and the device ID identifying the device to be authorized to the server, the method further comprises:
if receiving the authorization information sent by the server, controlling the device to be authorized to execute the relevant operation requested by the user of the mobile terminal;
and if the disabling information sent by the server is received, the use of the device to be authorized is prohibited.
In another example, the device to be authorized is a weapon.
The embodiment of the invention also discloses a remote authentication method, which comprises the following steps:
the mobile terminal receives a first biological identification characteristic which is sent by the device to be authorized and is collected at the device to be authorized;
the mobile terminal matches the first biological identification characteristic with a second biological identification characteristic of a user stored in the mobile terminal in advance;
after the first biological identification characteristic and the second biological identification characteristic are matched, the mobile terminal sends a terminal ID for identifying the mobile terminal to the device to be authorized, so that the device to be authorized sends the terminal ID and the device ID for identifying the device to be authorized to the server, the server obtains pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send the authorization information based on the obtained authority information.
In another example, in the mobile terminal receiving the first biometric feature collected at the device to be authorized transmitted by the device to be authorized, the first biometric feature received by the mobile terminal is the first biometric feature encrypted by the device to be authorized, and
in the matching of the first biometric characteristic of the mobile terminal with the second biometric characteristic of the user pre-stored in the mobile terminal, the mobile terminal decrypts the received encrypted first biometric characteristic and then matches the decrypted encrypted first biometric characteristic with the second biometric characteristic of the user pre-stored.
In another example, the mobile terminal deletes the first biometric characteristic after matching the first biometric characteristic with a second biometric characteristic of the user pre-stored in the mobile terminal.
The embodiment of the invention also discloses a remote authentication method, which comprises the following steps:
the server receives an equipment ID and a terminal ID, wherein the equipment ID identifies equipment to be authorized, and the terminal ID identifies the mobile terminal;
the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send authorization information to the device to be authorized based on the acquired authority information;
wherein the first biometric feature is acquired at the device to be authorized and transmitted by the device to be authorized to the mobile terminal, and
after the mobile terminal determines that the received first biological identification feature is matched with a second biological identification feature of the user stored in the mobile terminal, the server receives a device ID and a terminal ID from the device to be authorized, wherein the terminal ID sent to the server by the device to be authorized is sent to the device to be authorized by the mobile terminal after the first biological identification feature is matched with the second biological identification feature.
In an exemplary embodiment, before the server obtains the pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, the method further includes:
the server judges whether the equipment to be authorized is the equipment to be authorized with abnormal state or not based on the received equipment ID;
and if the judgment result is that the state of the equipment to be authorized is abnormal, the forbidden information is sent to the equipment to be authorized so as to forbid the use of the equipment to be authorized.
The embodiment of the invention also discloses a remote authentication device, which comprises:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a first biological identification characteristic of a user acquired at a device to be authorized;
the mobile terminal comprises a first sending unit, a second sending unit and a judging unit, wherein the first sending unit is used for sending a first biological identification characteristic to the mobile terminal so that the mobile terminal can match the first biological identification characteristic with a second biological identification characteristic of a user stored in the mobile terminal;
and the second sending unit is used for sending the terminal ID and the equipment ID for identifying the equipment to be authorized to the server after receiving the terminal ID for identifying the mobile terminal, which is sent by the mobile terminal after the first biological identification characteristic is matched with the second biological identification characteristic, so that the server can acquire pre-stored authority information about the equipment to be authorized and the mobile terminal based on the received equipment ID and the received terminal ID, and determine whether to send the authorization information based on the acquired authority information.
The embodiment of the invention also discloses a mobile terminal, which comprises:
the device comprises a first receiving unit, a second receiving unit and a control unit, wherein the first receiving unit is used for receiving a first biological identification characteristic which is transmitted by a device to be authorized and collected at the device to be authorized;
the matching unit is used for matching the first biological identification characteristic with a second biological identification characteristic of the user stored in the mobile terminal in advance;
and the third sending unit is used for sending the terminal ID for identifying the mobile terminal to the device to be authorized after the first biological identification characteristic is matched with the second biological identification characteristic, so that the device to be authorized sends the terminal ID and the device ID for identifying the device to be authorized to the server, the server obtains pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send the authorization information based on the obtained authority information.
The embodiment of the invention also discloses a server, which comprises:
the second receiving unit is used for receiving the equipment ID and the terminal ID, wherein the equipment ID identifies the equipment to be authorized, and the terminal ID identifies the mobile terminal;
the device comprises a determining unit, a sending unit and a receiving unit, wherein the determining unit is used for acquiring pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determining whether to send the authorization information to the device to be authorized based on the acquired authority information;
wherein the first biometric feature is acquired at the device to be authorized and transmitted by the device to be authorized to the mobile terminal, and
after the mobile terminal determines that the received first biological identification feature is matched with a second biological identification feature of the user stored in the mobile terminal, the server receives a device ID and a terminal ID from the device to be authorized, wherein the terminal ID sent to the server by the device to be authorized is sent to the device to be authorized by the mobile terminal after the first biological identification feature is matched with the second biological identification feature.
The embodiment of the invention also discloses equipment which comprises a memory and a processor, wherein the memory is used for storing computer executable instructions, and the processor is configured to execute the remote authentication method disclosed by the embodiment when executing the computer executable instructions.
Embodiments of the present invention also disclose a non-volatile computer storage medium encoded with a computer program, wherein the computer program comprises instructions that, when executed by one or more computers, cause the one or more computers to perform the remote authentication method disclosed in the above embodiments.
Compared with the prior art, the implementation mode of the invention has the main differences and the effects that:
in the remote authorization process, the user can be ensured to request authorization and use the related equipment at the physical position, the condition that the related equipment is stolen after the user identity or the mobile terminal is stolen is effectively avoided, and the safety of the remote authorization is improved.
Further, the device to be authorized is enabled to communicate only with the mobile terminal meeting the preset communication condition, and the safety of the biological information transmission is improved.
Furthermore, the collected biological identification features are encrypted and then sent to the mobile terminal, so that the biological identification features can be effectively prevented from being leaked.
Furthermore, the device to be authorized does not store the biometric features of the user, and does not need to remotely send the biometric features, so that the biometric features of the user are prevented from being leaked while the authorization security is ensured.
Further, if the condition that the device to be authorized or the user mobile terminal is stolen is found, the server can unilaterally limit the use of the device to be authorized by refusing to send the authorization information, and the use safety of the device to be authorized is improved.
Further, if the state of the device to be authorized is found to be abnormal, such as stolen, lost or failed, the device to be authorized can be disabled by sending the disabling information.
Furthermore, the mobile terminal does not store the received biological identification features of the user, and does not need to remotely send the biological identification features, so that the biological identification features of the user are prevented from being leaked while the authorization security is ensured.
Drawings
Fig. 1 is a schematic flow chart of a remote authentication method according to a first embodiment of the present invention;
fig. 2 is a schematic flow chart of a remote authentication method according to a second embodiment of the present invention;
fig. 3 is a schematic flow chart of a remote authentication method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a remote authentication device according to a fourth embodiment of the present invention;
fig. 5 is a schematic configuration diagram of a mobile terminal according to a fifth embodiment of the present invention;
fig. 6 is a schematic configuration diagram of a server according to a sixth embodiment of the present invention.
Detailed Description
In the following description, numerous technical details are set forth in order to provide a better understanding of the present application. However, it will be understood by those skilled in the art that the technical solutions claimed in the present application can be implemented without these technical details and with various changes and modifications based on the following embodiments.
It is understood that, in the present invention, the biometric feature refers to a biometric feature capable of uniquely identifying a user, such as a fingerprint, iris, facial feature, voice, etc.
Further, it is understood that in the present invention, the mobile terminal includes, but is not limited to, a smart phone, a tablet computer, and the like. The device ID (identification code) refers to information capable of uniquely identifying a device to be authorized, such as an identification code or an identification number set for the device to be authorized, or an IP address, a MAC address, or the like of the device to be authorized, or an identification code set for a device performing a related function, which is mounted on the device to be authorized, or an ID set for an application program performing a related function, which is downloaded from a server by the device to be authorized or an apparatus mounted on the device to be authorized. The terminal ID of the mobile terminal also refers to information capable of uniquely identifying the mobile terminal, such as a MAC address or an identifier specifically set for the terminal.
It is understood that, in the present invention, the device to be authorized may have both the function of acquiring and obtaining the biometric feature, and the device to acquire the biometric feature may not be the device to be authorized, which is not limited herein. If the device for acquiring the biological identification features is not the device to be authorized, the device for acquiring the biological identification features deletes the acquired biological identification features after transmitting the acquired biological identification features, so that the biological identification features of the user are prevented from being stored and leaked in a centralized manner.
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The first embodiment of the invention relates to a remote authentication method. Fig. 1 is a flow chart of the remote authentication method.
Specifically, as shown in fig. 1, the method includes the steps of:
in step 101, a first biometric characteristic of a user collected at a device to be authorized is obtained.
Thereafter, step 102 is entered.
In step 102, the first biometric characteristic is sent to the mobile terminal for the mobile terminal to match the first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal.
Preferably, in an exemplary embodiment, in step 102, the first biometric characteristic of the user collected at the device to be authorized is encrypted and then sent to the mobile terminal, so that the mobile terminal decrypts the encrypted first biometric characteristic and matches the second biometric characteristic of the user stored in the mobile terminal. Therefore, the collected biological identification features are encrypted and then sent to the mobile terminal, and the biological identification features can be effectively prevented from being leaked. It is understood that, in the present invention, the relevant steps or functions performed by the device to be authorized are performed by an application installed on the device to be authorized, or by a hardware module or chip in the device to be authorized, and the relevant steps performed by the mobile terminal may also be performed by a correspondingly installed application, hardware module or chip, and the application, hardware module or chip is preset, so that the biometric features encrypted by the programs, hardware modules or chips of the device to be authorized can be decrypted by the corresponding application, hardware module or chip in the mobile terminal.
It will be appreciated that in embodiments of the invention, the communication between the mobile terminal and the device to be authorised may be restricted, that is, only the mobile terminal meeting the predetermined communication conditions will have the first biometric characteristic transmitted to it by the device to be authorised. For example, in this step 102, it may be determined in advance whether the mobile terminal satisfies a predetermined communication condition, and if the predetermined communication condition is satisfied, the encrypted first biometric characteristic is sent to the mobile terminal. Therefore, the device to be authorized only communicates with the mobile terminal meeting the preset communication condition, and the safety of the biological information transmission is improved.
The predetermined communication condition is set to cause the device module to communicate with certain ones of the devices, transmitting the biometric characteristic. For example, with a device having a particular communication band, a device having a particular identification, etc., to improve the security of biometric information transmission.
Thereafter, step 103 is entered.
In step 103, it is determined whether a terminal ID identifying the mobile terminal, which is transmitted by the mobile terminal after the first and second biometric characteristics are matched, is received within a first predetermined time period.
If the judgment result is yes, entering step 104; otherwise, the flow is ended.
In step 104, the terminal ID and the device ID identifying the device to be authorized are sent to the server, so that the server obtains pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send the authorization information based on the obtained authority information. The authorization information is used for authorizing the device to be authorized to provide corresponding services for the user.
It is understood that, in the embodiments of the present invention, the authority information may be the authorization information generated by the server when the device to be authorized and the mobile terminal download the relevant application program for executing the above functions from the server, or the information of the corresponding hardware module or chip installed in the device to be authorized and the mobile terminal, which is recorded in the server in advance, such as the corresponding relationship between identifiers of the chip or the hardware module. For example, when the device to be authorized is a weapon, the authorization information may be information pre-stored in the server as to whether the weapon can be used by a person holding the mobile terminal, and the second biometric feature pre-stored in the mobile terminal may identify the identity of the person. In addition, in order to ensure the validity of the biometric feature, when the biometric feature stored in the mobile terminal is changed, a request needs to be sent to the server, and the server can modify the biometric feature after granting the request. Or to limit modification of the biometric characteristic using other techniques.
Thereafter, step 105 is entered.
In step 105, it is determined whether the authorization information sent by the server is received within a second predetermined time period.
If the judgment result is yes, the step 106 is entered; otherwise, the flow is ended.
In step 106, the device to be authorized is controlled to perform the operation related to the user request of the mobile terminal according to the received authorization information.
For example, if the device to be authorized is a shared bicycle, the related operation is to unlock a lock of the shared bicycle; and if the equipment to be authorized is the vending machine, the related operation is to push the commodities purchased by the user to the user.
Thereafter, the present flow ends.
Further, in an example, the first biometric characteristic is deleted after the encrypted first biometric characteristic is sent to the mobile terminal. For example, the deletion is performed within a predetermined time, or after receiving a terminal ID transmitted from the mobile terminal.
Therefore, the device to be authorized does not store the biological identification features of the user, and does not need to remotely send the biological identification features, so that the biological identification features of the user are prevented from being leaked while the authorization security is ensured.
It can be understood that, in the present invention, the step executed may be an application installed on the device to be authorized, or may be a hardware module or chip installed at the device to be authorized, and the mobile terminal is also correspondingly installed with the application, the hardware module or chip, and meanwhile, based on the preset setting (for example, the setting performed on the hardware when the hardware leaves the factory, or the setting performed on the software application when the software application is downloaded), the biometric feature encrypted by the programs, the hardware modules or chips of the device to be authorized, the corresponding application, the hardware module or chip in the mobile terminal can decrypt the biometric feature.
In addition, it can be understood that, in order to further improve the use security level of the device to be authorized, the device to be authorized with the disabled state exception may be set. For example, in an exemplary embodiment, before the step 104, the server determines whether the device to be authorized is a device to be authorized with abnormal status based on the received device ID, and sends disabling information to the device to be authorized to prohibit the device to be authorized from being used when the determination result is that the device to be authorized has abnormal status. And after receiving the disabling information sent by the server, the device to be authorized can prohibit the use of the device to be authorized. If the device to be authorized is determined to be in a normal state, step 104 is executed. Therefore, if the state of the equipment to be authorized is abnormal, such as stolen, lost and failed, the equipment to be authorized can be forbidden by sending forbidden information. This is particularly useful when the device to be authorised is a weapon. The method can not only ensure that the person using the weapon is a specific person, but also completely forbid the use of the weapon by sending forbidden information after the weapon is lost or stolen, thereby avoiding loss.
In the remote authorization process, the user can be ensured to request authorization and enjoy related services at the physical position, the condition that the user identity or the related resources are stolen after the mobile terminal is stolen is effectively avoided, and the safety of the remote authorization is improved. And if the condition that the equipment to be authorized or the user mobile terminal is stolen is found, the server can unilaterally limit the use of the equipment to be authorized by refusing to send the authorization information, so that the use safety of the equipment to be authorized is improved.
A second embodiment of the invention relates to a remote authentication method. Fig. 2 is a flow chart of the remote authentication method.
Specifically, as shown in fig. 2, the remote authentication method includes the following steps:
in step 201, the mobile terminal receives a first biometric feature collected at the device to be authorized, which is transmitted by the device to be authorized.
In order to increase the security of sending the first biometric characteristic, in an exemplary embodiment, in step 201, the first biometric characteristic received by the mobile terminal is the first biometric characteristic encrypted by the device to be authorized.
Thereafter, step 202 is entered.
In step 202, the mobile terminal matches the first biometric characteristic with a second biometric characteristic of the user pre-stored in the mobile terminal.
Preferably, in an exemplary embodiment, if the mobile terminal receives the encrypted first biometric characteristic, the mobile terminal decrypts the received encrypted first biometric characteristic and matches the decrypted encrypted first biometric characteristic with a second biometric characteristic of the user stored in advance in step 202.
In the present invention, the relevant steps or functions executed by the device to be authorized are executed by an application installed on the device to be authorized, or a hardware module or chip in the device to be authorized, and the relevant steps executed by the mobile terminal may also be executed by an application, a hardware module or chip installed correspondingly, and the application, the hardware module or chip is preset, so that the biometric features encrypted by the programs, the hardware modules or the chips of the device to be authorized can be decrypted by the corresponding application, the hardware module or chip in the mobile terminal.
It will be appreciated that in this step, the mobile terminal preferably deletes the first biometric characteristic after matching the first biometric characteristic with the second biometric characteristic. Therefore, the mobile terminal does not store the received biological identification characteristics of the user, does not need to remotely send the biological identification characteristics, and avoids the leakage of the biological identification characteristics of the user while ensuring the authorization security.
If so, go to step 203; otherwise, the flow is ended.
In step 203, a terminal ID identifying the mobile terminal is sent to the device to be authorized, so that the device to be authorized sends the terminal ID and the device ID identifying the device to be authorized to the server, so that the server obtains pre-stored permission information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send the authorization information based on the obtained permission information.
It can be understood that, in order to improve the use security of the device to be authorized, in an exemplary embodiment, after receiving the device ID, the server may first determine whether the device to be authorized is a device to be authorized with an abnormal state, and when the determination result is that the device to be authorized has an abnormal state, send the disabling information to the device to be authorized to prohibit the device to be authorized from being used; otherwise, it is determined whether to transmit the authorization information.
Thereafter, the present flow ends.
In the remote authorization process, the invention can ensure that the user requesting authorization and enjoying the related services is the user himself at the physical position, thereby effectively avoiding the condition that the user identity or the related resources are stolen after the mobile terminal is stolen and improving the safety of the remote authorization.
A third embodiment of the present invention relates to a remote authentication method. Fig. 3 is a flow chart of the remote authentication method.
Specifically, as shown in fig. 3, the remote authentication method includes the following steps:
in step 301, the server receives a device ID and a terminal ID, where the device ID identifies a device to be authorized and the terminal ID identifies a mobile terminal.
Thereafter, step 302 is entered.
In step 302, the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send authorization information to the device to be authorized based on the acquired authority information.
It is understood that the first biometric characteristic is collected at the device to be authorized and sent by the device to be authorized to the mobile terminal, and the server receives the device ID and the terminal ID from the device to be authorized after the mobile terminal determines that the received first biometric characteristic matches the second biometric characteristic of the user stored in the mobile terminal, wherein the terminal ID sent to the server by the device to be authorized is sent to the device to be authorized by the mobile terminal after determining that the first and second biometric characteristics match.
Thereafter, the present flow ends.
In an example, before the step 302, the method further includes:
the server judges whether the equipment to be authorized is the equipment to be authorized with abnormal state or not based on the received equipment ID;
if the judgment result is that the state of the equipment to be authorized is abnormal, the forbidden information is sent to the equipment to be authorized so as to forbid the use of the equipment to be authorized; if the determination result is that the device to be authorized is in a normal state, the above step 302 is executed to determine whether to send the authorization information.
In the remote authorization process, the user can be ensured to request authorization and enjoy related services at the physical position, the condition that the user identity or the related resources are stolen after the mobile terminal is stolen is effectively avoided, and the safety of the remote authorization is improved.
The fourth embodiment of the invention discloses a remote authentication device. Fig. 4 is a schematic structural diagram of the remote authentication device.
Specifically, as shown in fig. 4, the apparatus includes:
an acquisition unit for acquiring and encrypting a first biometric characteristic of a user acquired at a device to be authorized,
the first sending unit is used for acquiring the first biological identification characteristics of the user collected at the device to be authorized.
And the second sending unit is used for sending the terminal ID and the equipment ID for identifying the equipment to be authorized to the server after receiving the terminal ID for identifying the mobile terminal, which is sent by the mobile terminal after the first biological identification characteristic is matched with the second biological identification characteristic, so that the server can acquire pre-stored authority information about the equipment to be authorized and the mobile terminal based on the received equipment ID and the received terminal ID, and determine whether to send the authorization information based on the acquired authority information.
In the remote authorization process, the user can be ensured to request authorization and enjoy related services at the physical position, the condition that the user identity or the related resources are stolen after the mobile terminal is stolen is effectively avoided, and the safety of the remote authorization is improved. And if the condition that the equipment to be authorized or the user mobile terminal is stolen is found, the server can unilaterally limit the use of the equipment to be authorized by refusing to send the authorization information, so that the use safety of the equipment to be authorized is improved.
The first embodiment is a method embodiment corresponding to the present embodiment, and the present embodiment can be implemented in cooperation with the first embodiment. The related technical details mentioned in the first embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first embodiment.
A fifth embodiment of the present invention relates to a mobile terminal. Fig. 5 is a schematic structural diagram of the mobile terminal. Specifically, as shown in fig. 5, the mobile terminal includes:
the first receiving unit is used for receiving the first biological identification characteristics which are transmitted by the device to be authorized and collected at the device to be authorized.
And the matching unit is used for matching the first biological identification characteristic with a second biological identification characteristic of the user stored in the mobile terminal in advance.
And the third sending unit is used for sending the terminal ID for identifying the mobile terminal to the device to be authorized after the first biological identification characteristic is matched with the second biological identification characteristic, so that the device to be authorized sends the terminal ID and the device ID for identifying the device to be authorized to the server, the server obtains pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determines whether to send the authorization information based on the obtained authority information.
The second embodiment is a method embodiment corresponding to the present embodiment, and the present embodiment can be implemented in cooperation with the second embodiment. The related technical details mentioned in the second embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the second embodiment.
The sixth embodiment of the invention discloses a server. Fig. 6 is a schematic diagram of the server.
Specifically, as shown in fig. 6, the server includes:
the second receiving unit is used for receiving the equipment ID and the terminal ID, wherein the equipment ID identifies the equipment to be authorized, and the terminal ID identifies the mobile terminal;
the device comprises a determining unit, a sending unit and a receiving unit, wherein the determining unit is used for acquiring pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determining whether to send the authorization information to the device to be authorized based on the acquired authority information;
wherein the first biometric feature is acquired at the device to be authorized and transmitted by the device to be authorized to the mobile terminal, and
after the mobile terminal determines that the received first biological identification feature is matched with a second biological identification feature of the user stored in the mobile terminal, the server receives a device ID and a terminal ID from the device to be authorized, wherein the terminal ID sent to the server by the device to be authorized is sent to the device to be authorized by the mobile terminal after the first biological identification feature is matched with the second biological identification feature.
The third embodiment is a method embodiment corresponding to the present embodiment, and the present embodiment can be implemented in cooperation with the third embodiment. The related technical details mentioned in the third embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the third embodiment.
A seventh embodiment of the present invention discloses an apparatus comprising a memory storing computer executable instructions and a processor configured to perform any one of the remote authentication methods of the first to third embodiments when the processor executes the computer executable instructions.
An eighth embodiment of the present invention discloses a non-volatile computer storage medium encoded with a computer program, wherein the computer program comprises instructions that, when executed by one or more computers, cause the one or more computers to perform any one of the remote authentication methods of the first to third embodiments.
The method embodiments of the present invention may be implemented in software, hardware, firmware, etc. Whether the present invention is implemented as software, hardware, or firmware, the instruction code may be stored in any type of computer-accessible memory (e.g., permanent or modifiable, volatile or non-volatile, solid or non-solid, fixed or removable media, etc.). Also, the Memory may be, for example, Programmable Array Logic (PAL), Random Access Memory (RAM), Programmable Read Only Memory (PROM), Read-Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic disk, an optical disk, a Digital Versatile Disk (DVD), or the like.
It should be noted that, each unit mentioned in each device embodiment of the present invention is a logical unit, and physically, one logical unit may be one physical unit, or may be a part of one physical unit, or may be implemented by a combination of multiple physical units, and the physical implementation manner of these logical units itself is not the most important, and the combination of the functions implemented by these logical units is the key to solve the technical problem provided by the present invention. Furthermore, the above-mentioned embodiments of the apparatus of the present invention do not introduce elements that are less relevant for solving the technical problems of the present invention in order to highlight the innovative part of the present invention, which does not indicate that there are no other elements in the above-mentioned embodiments of the apparatus.
It is to be noted that in the claims and the description of the present patent, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the use of the verb "comprise a" to define an element does not exclude the presence of another, same element in a process, method, article, or apparatus that comprises the element.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.

Claims (15)

1. A remote authentication method, comprising:
acquiring a first biometric feature of a user acquired at a device to be authorized;
sending the first biometric characteristic to a mobile terminal so that the mobile terminal can match the first biometric characteristic with a second biometric characteristic of the user stored in the mobile terminal;
if a terminal ID which is sent by the mobile terminal after the first biological identification feature is matched with the second biological identification feature and identifies the mobile terminal is received, the terminal ID and a device ID which identifies the device to be authorized are sent to a server, so that the server can obtain pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and terminal ID, and determine whether to send the authorization information based on the obtained authority information;
before the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the received terminal ID, the server judges whether the device to be authorized is a device to be authorized with an abnormal state based on the received device ID, and sends disabling information to the device to be authorized to prohibit the device to be authorized from being used when the judgment result shows that the device to be authorized has the abnormal state.
2. The remote authentication method of claim 1, wherein sending the first biometric characteristic to a mobile terminal comprises:
the method comprises the steps that a first biological identification feature of a user collected at a device to be authorized is encrypted and then sent to the mobile terminal, so that the mobile terminal can decrypt the encrypted first biological identification feature and then match the encrypted first biological identification feature with a second biological identification feature of the user stored in the mobile terminal.
3. The remote authentication method of claim 2, wherein sending the first biometric characteristic to a mobile terminal comprises:
and judging whether the mobile terminal meets a preset communication condition, and if so, sending the encrypted first biological identification feature to the mobile terminal.
4. The remote authentication method as claimed in claim 1, wherein after transmitting the terminal ID and the device ID identifying the device to be authorized to a server, the method further comprises:
if receiving the authorization information sent by the server, controlling the device to be authorized to execute the relevant operation requested by the user of the mobile terminal;
and if the disabling information sent by the server is received, the use of the equipment to be authorized is forbidden.
5. The remote authentication method according to claim 4, wherein the device to be authorized deletes the first biometric feature after sending the first biometric feature to the mobile terminal.
6. The remote authentication method according to claim 5, wherein the device to be authorized is a weapon.
7. A remote authentication method, comprising:
the method comprises the steps that a mobile terminal receives a first biological identification characteristic which is sent by a device to be authorized and collected at the device to be authorized;
the mobile terminal matches the first biological identification characteristic with a second biological identification characteristic of the user stored in the mobile terminal in advance;
after the first biological identification feature is matched with the second biological identification feature, the mobile terminal sends a terminal ID for identifying the mobile terminal to the equipment to be authorized, so that the equipment to be authorized sends the terminal ID and an equipment ID for identifying the equipment to be authorized to a server, the server obtains pre-stored authority information about the equipment to be authorized and the mobile terminal based on the received equipment ID and the received terminal ID, and determines whether to send the authorization information based on the obtained authority information;
before the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the received terminal ID, the server judges whether the device to be authorized is a device to be authorized with an abnormal state based on the received device ID, and sends disabling information to the device to be authorized to prohibit the device to be authorized from being used when the judgment result shows that the device to be authorized has the abnormal state.
8. The remote authentication method according to claim 7, wherein, in the mobile terminal receiving the first biometric feature collected at the device to be authorized sent by the device to be authorized, the first biometric feature received by the mobile terminal is the first biometric feature encrypted by the device to be authorized, and
and in the matching of the first biological identification characteristic and a second biological identification characteristic of the user pre-stored in the mobile terminal, the mobile terminal decrypts the received encrypted first biological identification characteristic and then matches the decrypted encrypted first biological identification characteristic with the pre-stored second biological identification characteristic of the user.
9. The remote authentication method according to claim 7 or 8, wherein the mobile terminal deletes the first biometric characteristic after matching the first biometric characteristic with a second biometric characteristic of the user pre-stored in the mobile terminal.
10. A remote authentication method, comprising:
the method comprises the steps that a server receives an equipment ID and a terminal ID, wherein the equipment ID identifies equipment to be authorized, and the terminal ID identifies a mobile terminal;
the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the received terminal ID, and determines whether to send authorization information to the device to be authorized based on the acquired authority information;
wherein a first biometric characteristic is acquired at the device to be authorized and transmitted by the device to be authorized to the mobile terminal, and
after the mobile terminal determines that the received first biological identification feature is matched with a second biological identification feature of the user stored in the mobile terminal, the server receives the device ID and the terminal ID from the device to be authorized, wherein the terminal ID sent to the server by the device to be authorized is sent to the device to be authorized by the mobile terminal after the first biological identification feature is matched with the second biological identification feature;
before the server acquires the pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, the method further includes:
the server judges whether the equipment to be authorized is abnormal-state equipment to be authorized or not based on the received equipment ID;
and if the judgment result is that the state of the equipment to be authorized is abnormal, sending disabling information to the equipment to be authorized so as to forbid the use of the equipment to be authorized.
11. A remote authentication apparatus, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a first biological identification characteristic of a user acquired at a device to be authorized;
the first sending unit is used for sending the first biological identification feature to a mobile terminal so that the mobile terminal can match the first biological identification feature with a second biological identification feature of the user stored in the mobile terminal;
a second sending unit, configured to send, after receiving a terminal ID identifying the mobile terminal sent by the mobile terminal after the first and second biometric features are matched, the terminal ID and an apparatus ID identifying the apparatus to be authorized to a server, so that the server obtains, based on the received apparatus ID and terminal ID, pre-stored permission information about the apparatus to be authorized and the mobile terminal, and determines whether to send the authorization information based on the obtained permission information;
before the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the received terminal ID, the server judges whether the device to be authorized is a device to be authorized with an abnormal state based on the received device ID, and sends disabling information to the device to be authorized to prohibit the device to be authorized from being used when the judgment result shows that the device to be authorized has the abnormal state.
12. A mobile terminal, comprising:
the device comprises a first receiving unit, a second receiving unit and a control unit, wherein the first receiving unit is used for receiving a first biological identification characteristic which is sent by a device to be authorized and is collected at the device to be authorized;
the matching unit is used for matching the first biological identification characteristic with a second biological identification characteristic of the user stored in the mobile terminal in advance;
a third sending unit, configured to send, after the first and second biometric features are matched, a terminal ID that identifies the mobile terminal to the device to be authorized, so that the device to be authorized sends the terminal ID and a device ID that identifies the device to be authorized to a server, so that the server obtains, based on the received device ID and terminal ID, pre-stored permission information about the device to be authorized and the mobile terminal, and determines, based on the obtained permission information, whether to send the authorization information;
before the server acquires pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the received terminal ID, the server judges whether the device to be authorized is a device to be authorized with an abnormal state based on the received device ID, and sends disabling information to the device to be authorized to prohibit the device to be authorized from being used when the judgment result shows that the device to be authorized has the abnormal state.
13. A server, comprising:
a second receiving unit, configured to receive an equipment ID and a terminal ID, where the equipment ID identifies an equipment to be authorized, and the terminal ID identifies a mobile terminal;
a determining unit, configured to obtain pre-stored permission information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, and determine whether to send authorization information to the device to be authorized based on the obtained permission information;
wherein a first biometric characteristic is acquired at the device to be authorized and transmitted by the device to be authorized to the mobile terminal, and
after the mobile terminal determines that the received first biological identification feature is matched with a second biological identification feature of the user stored in the mobile terminal, the server receives the device ID and the terminal ID from the device to be authorized, wherein the terminal ID sent to the server by the device to be authorized is sent to the device to be authorized by the mobile terminal after the first biological identification feature is matched with the second biological identification feature;
before the server acquires the pre-stored authority information about the device to be authorized and the mobile terminal based on the received device ID and the terminal ID, the method further includes:
the server judges whether the equipment to be authorized is abnormal-state equipment to be authorized or not based on the received equipment ID;
and if the judgment result is that the state of the equipment to be authorized is abnormal, sending disabling information to the equipment to be authorized so as to forbid the use of the equipment to be authorized.
14. A device comprising a memory storing computer-executable instructions and a processor configured to perform the remote authentication method of any one of claims 1 to 10 when the computer-executable instructions are executed.
15. A non-transitory computer storage medium encoded with a computer program, the computer program comprising instructions that, when executed by one or more computers, cause the one or more computers to perform the remote authentication method of any one of claims 1 to 10.
CN201811623773.XA 2018-12-28 2018-12-28 Remote authentication method, device, equipment and storage medium thereof Active CN109617898B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811623773.XA CN109617898B (en) 2018-12-28 2018-12-28 Remote authentication method, device, equipment and storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811623773.XA CN109617898B (en) 2018-12-28 2018-12-28 Remote authentication method, device, equipment and storage medium thereof

Publications (2)

Publication Number Publication Date
CN109617898A CN109617898A (en) 2019-04-12
CN109617898B true CN109617898B (en) 2021-10-29

Family

ID=66012322

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811623773.XA Active CN109617898B (en) 2018-12-28 2018-12-28 Remote authentication method, device, equipment and storage medium thereof

Country Status (1)

Country Link
CN (1) CN109617898B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115935315B (en) * 2022-12-19 2023-09-29 北京深盾科技股份有限公司 Biological characteristic management system, method, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905514A (en) * 2012-12-28 2014-07-02 联想(北京)有限公司 Server, terminal device and network data access right management method
CN105323756A (en) * 2014-06-12 2016-02-10 西安中兴新软件有限责任公司 Authentication method, network side equipment and terminal
CN106921738A (en) * 2017-03-01 2017-07-04 深圳春沐源农业科技有限公司 A kind of apparatus control method and device
EP3388292A1 (en) * 2017-04-12 2018-10-17 Protrack Solutions Limited Driver authentication system
CN109067881A (en) * 2018-08-09 2018-12-21 顾宏超 Remote-authorization method and its device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905514A (en) * 2012-12-28 2014-07-02 联想(北京)有限公司 Server, terminal device and network data access right management method
CN105323756A (en) * 2014-06-12 2016-02-10 西安中兴新软件有限责任公司 Authentication method, network side equipment and terminal
CN106921738A (en) * 2017-03-01 2017-07-04 深圳春沐源农业科技有限公司 A kind of apparatus control method and device
EP3388292A1 (en) * 2017-04-12 2018-10-17 Protrack Solutions Limited Driver authentication system
CN109067881A (en) * 2018-08-09 2018-12-21 顾宏超 Remote-authorization method and its device, equipment and storage medium

Also Published As

Publication number Publication date
CN109617898A (en) 2019-04-12

Similar Documents

Publication Publication Date Title
CN110121873B (en) Access token management method, terminal and server
US8402552B2 (en) System and method for securely accessing mobile data
CN106612180B (en) Method and device for realizing session identification synchronization
RU2620998C2 (en) Method and authentication device for unlocking administrative rights
CN109067881B (en) Remote authorization method, device, equipment and storage medium thereof
KR101451359B1 (en) User account recovery
EP2875460B1 (en) Anti-cloning system and method
CN112330855B (en) Electronic lock safety management method, equipment and system
CN107733636B (en) Authentication method and authentication system
CN101222488A (en) Method and network authentication server for controlling client terminal access to network appliance
CN109145628B (en) Data acquisition method and system based on trusted execution environment
WO2012117253A1 (en) An authentication system
CN109714769B (en) Information binding method, device, equipment and storage medium
KR20160121775A (en) THIRD PARTY'S SECURITY AUTHENTICATION SYSTEM BETWEEN MOBILE DEVICE AND IoT DEVICES AND METHOD THEREOF
WO2017084569A1 (en) Method for acquiring login credential in smart terminal, smart terminal, and operating systems
CN108989331B (en) Use authentication method of data storage device, device and storage medium thereof
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN113572791A (en) Video Internet of things big data encryption service method, system and device
KR101273285B1 (en) Authentification agent and method for authentificating online service and system thereof
CN109561428B (en) Remote authentication method, device, equipment and storage medium thereof
CN113726797B (en) Safe login method, system and account management device
US9280645B1 (en) Local and remote verification
CN108667800B (en) Access authority authentication method and device
CN112671534B (en) Service key management method, service terminal and system based on biological characteristics
CN109617898B (en) Remote authentication method, device, equipment and storage medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200519

Address after: 201101 401, 39 Lane 3333, Hongxin Road, Minhang District, Shanghai

Applicant after: Gu Hongchao

Address before: 241000 A609, No. 35 Hengshan Road, Wuhu Economic and Technological Development Zone, Wuhu City, Anhui Province

Applicant before: WUHU JIZHI INTELLIGENT TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant