CN109670428A - Identity identifying method and device - Google Patents
Identity identifying method and device Download PDFInfo
- Publication number
- CN109670428A CN109670428A CN201811502496.7A CN201811502496A CN109670428A CN 109670428 A CN109670428 A CN 109670428A CN 201811502496 A CN201811502496 A CN 201811502496A CN 109670428 A CN109670428 A CN 109670428A
- Authority
- CN
- China
- Prior art keywords
- iris
- characteristic data
- certification end
- server
- dimensional code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/18—Eye characteristics, e.g. of the iris
- G06V40/197—Matching; Classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/18—Eye characteristics, e.g. of the iris
- G06V40/193—Preprocessing; Feature extraction
Abstract
The present invention provides a kind of identity identifying method and device, it is related to field of information security technology, this method is applied to the server of identity authorization system, this method comprises: obtaining the dynamic iris two dimensional code of the identity information for indicating user to be certified forwarded by certification end;According to first key, the current time of server, the iris characteristic data in dynamic iris two dimensional code is obtained;Iris characteristic data and pre-stored iris characteristic data are subjected to matching verifying, are verified result;The authentication information for indicating verification result is sent to certification end.The dynamic iris two dimensional code forwarded by certification end is obtained by server, on the basis of ensuring iris data safety, server is facilitated to obtain the iris characteristic data for indicating the identity information of user to be certified, and then it match verifying to send authentication information to certification end, to improve the convenience that iris feature is applied in field of identity authentication with pre-stored iris characteristic data.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of identity identifying method and device.
Background technique
In Association Identity authentication techniques, biological identification technology is more safer than traditional identity identifying technology, secrecy and side
Just property.In all biological identification technologies, due to the height uniqueness of the iris in human eye, stability and it can not change
The characteristics of, iris recognition technology is that current application is the most convenient and accurate a kind of.
Iris recognition technology pre-processes iris image by the image of acquisition human eye iris, then using specific
Algorithm extracts characteristic, finally by the characteristic extracted with iris image characteristic in the database is stored in advance
According to being compared to judge whether it is identical iris, to achieve the purpose that authentication.
However, the acquisition of iris image and the relevant operations such as extraction of iris characteristic data need specific professional equipment
It carries out, thus limits iris feature in the application of authentication related fields.
Summary of the invention
It is an object of the present invention in view of the deficiency of the prior art, a kind of identity identifying method and device are provided,
To solve the problems, such as that iris feature is limited in the application of authentication related fields.
To achieve the above object, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, the service the embodiment of the invention provides a kind of identity identifying method, applied to identity authorization system
Device, the identity authorization system include server and certification end, this method comprises:
The dynamic iris two dimensional code of the identity information for indicating user to be certified forwarded by certification end is obtained, this is dynamic
State iris two dimensional code is certification end from acquisition for mobile terminal, and the dynamic iris two dimensional code be mobile terminal use based on when
Between disposal password algorithm, the iris characteristic data of user is added according to first key and the current time of mobile terminal
Close and generation two dimensional code, the first key are keys shared in advance between server and mobile terminal;
According to first key, the current time of server, the iris characteristic data in dynamic iris two dimensional code is obtained;
Iris characteristic data and pre-stored iris characteristic data are subjected to matching verifying, are verified result;
The authentication information for indicating verification result is sent to certification end.
It is further, described that the authentication information for indicating verification result is sent to certification end, comprising:
If verification result is matching, authentication success message is sent to certification end;
If verification result is to mismatch, authentication failure message is sent to certification end.
Further, authentication success message includes at least one of following: certification success flag, associated with the user
User information.
Further, the iris characteristic data of user is that mobile terminal obtains one of in the following way: identification
The iris image of user;Or read the iris characteristic data that user in the terminal is stored in advance.
It is further, described that the authentication information for indicating verification result is sent to certification end, comprising:
It indicates that the authentication information of verification result is encrypted using the second key pair, obtains encrypted authentication information, it should
The key that second key is shared between server and certification end;
Encrypted authentication information is sent to certification end.
Second aspect, the embodiment of the invention also provides a kind of identification authentication systems, the clothes applied to identity authorization system
Business device, which includes server and certification end, which includes:
Two-dimensional code acquisition module, for obtaining by the identity information for indicating user to be certified of certification end forwarding
Dynamic iris two dimensional code, which is certification end from acquisition for mobile terminal, and dynamic iris two dimensional code is
Mobile terminal uses time-based disposal password algorithm, according to first key and the current time of mobile terminal to user's
Iris characteristic data is encrypted and the two dimensional code that generates, which shared in advance between server and mobile terminal
Key;
Iris characteristic data obtains module, for the current time according to first key, server, obtains dynamic iris two
Tie up the iris characteristic data in code;
Authentication module is matched, for iris characteristic data and pre-stored iris characteristic data to be carried out matching verifying,
It is verified result;
Authentication information sending module, for sending the authentication information for indicating verification result to certification end.
Further, the authentication information sending module, is specifically used for:
If verification result is matching, authentication success message is sent to certification end;
If verification result is to mismatch, authentication failure message is sent to certification end.
Further, authentication success message includes at least one of following: certification success flag, associated with the user
User information.
Further, the iris characteristic data of user is that mobile terminal obtains one of in the following way: identification
The iris image of user;Or read the iris characteristic data that user in the terminal is stored in advance.
Further, the authentication information sending module, comprising:
Submodule is encrypted, for indicating that the authentication information of verification result is encrypted using the second key pair, is encrypted
Authentication information afterwards, the key which shares between server and certification end;
Sending submodule, for sending encrypted authentication information to certification end.
The beneficial effect comprise that
The embodiment of the present invention is by obtaining the identity for being used to indicate user to be certified forwarded by certification end by server
The dynamic iris two dimensional code of information obtains the iris in dynamic iris two dimensional code according to first key, the current time of server
Then iris characteristic data and pre-stored iris characteristic data are carried out matching verifying by characteristic, be verified as a result,
The authentication information for indicating verification result is sent to certification end again.It is obtained by server and is adopted by what certification end forwarded by mobile terminal
The dynamic iris two dimensional code that dynamic encryption is carried out to iris characteristic data with time-based disposal password algorithm and is generated,
On the basis of ensuring iris data information security, facilitating server to obtain indicates that the iris of the identity information of user to be certified is special
Data are levied, and then it are carried out to match verifying with to certification end transmission authentication information with pre-stored iris characteristic data, from
And improve the convenience that iris feature is applied in field of identity authentication.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the flow diagram for the identity identifying method that one embodiment of the invention provides;
Fig. 2 be another embodiment of the present invention provides identity identifying method flow diagram;
Fig. 3 is the schematic diagram for the identification authentication system that one embodiment of the invention provides;
Fig. 4 be another embodiment of the present invention provides identification authentication system schematic diagram;
Fig. 5 is the schematic diagram of identification authentication system provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.
Fig. 1 is the flow diagram for the identity identifying method that one embodiment of the invention provides, as shown in Figure 1, being applied to body
The server of part Verification System, the identity authorization system include server and certification end, this method comprises:
Step 101, the dynamic iris two for obtaining the identity information for indicating user to be certified forwarded by certification end
Tie up code.
Wherein, which is certification end from acquisition for mobile terminal, and the dynamic iris two dimensional code is
Mobile terminal uses time-based disposal password algorithm, according to the current time of key and mobile terminal to the iris of user
Characteristic is encrypted and the two dimensional code that generates, which is key shared in advance between server and mobile terminal.
Authentication is also referred to as authentication or identification, refer in computer and computer network system confirmation to
The process of the identity of the user of certification, so that it is determined that whether the user has access and access right to certain resource, in turn
So that the access strategy of computer and networks system is reliably and efficiently executed, prevents attacker from palming off legitimate user and provided
The access authority in source guarantees the safety of system and data, and the legitimate interests of authorization visitor.
Iris recognition technology is the technology of the iris image progress identification in the eyes based on people, is set applied to security protection
Place that is standby and having highly confidential demand.The eye structure of people is by parts groups such as sclera, iris, pupil crystalline lens, retinas
At.Iris is the annular formations between black pupil and white sclera, and it includes have many interlaced spots, thin
The minutia of silk, coronal, striped, crypts etc..And iris is incited somebody to action in entire life course after prenatal development stage is formed
It is to maintain constant.These features determine the uniqueness of iris feature, while also determining the uniqueness of identification.Cause
This, can be using the iris feature of eyes as everyone identification object.
Iris recognition, to determine the identity of people, belongs to that exempt from password non-by the similitude between comparison iris image feature
The high-end identity identifying technology of contact.In order to compare processing to iris feature using computer, it is necessary first to which obtaining indicates
The iris characteristic data of iris image feature.Due to the uniqueness of iris image feature, can be calculated according to scheduled coding
Method obtains corresponding iris characteristic data with uniqueness.
The embodiment of the present invention uses the iris identity identifying technology based on iris characteristic data, and in the embodiment of the present invention
The matching verifying of iris characteristic data is carried out in the server of identity authorization system.Authentication system in the embodiment of the present invention
System further includes certification end.Certification end indicates the terminal for needing to confirm user identity to be certified, for example, bank business net
The terminal confirmed to user identity is needed in point.In general, being tested to carry out the matching of iris characteristic data in the server
Card, it is necessary first to which the iris characteristic data to user obtains in certification end, then by certification end that acquired iris is special
Data forwarding is levied to server.However, directly acquiring for iris characteristic data usually requires professional equipment to carry out, and needs pair
The conventional certification end that user identity to be certified is confirmed does not have such function usually.Therefore, the embodiment of the present invention
Iris characteristic data is provided using dynamic iris two dimensional code.
The acquisition for mobile terminal that dynamic iris two dimensional code can be held by certification end from user to be certified, and this is dynamic
State iris two dimensional code is mobile terminal using time-based disposal password algorithm, according to working as first key and mobile terminal
The preceding time encrypts to the iris characteristic data of user and the two dimensional code that generates, which is server and mobile terminal
Between shared in advance key.Dynamic iris two dimensional code is generated by mobile terminal, next will be carried out to its generating process
Detailed description.
Firstly, mobile terminal needs to obtain iris characteristic data.Typically for the acquisition of iris characteristic data, can adopt
With the following two kinds mode: by the iris image of on-site identification human eye, carrying out processing coding, and then obtain iris characteristic data;
Or read pre-stored iris characteristic data.Both modes will be hereinafter described in detail.
The available pre-stored iris characteristic data of mobile terminal.For not having iris image acquiring and identification function
The mobile terminal of energy, such as mobile phone, usual available pre-stored iris characteristic data.These iris characteristic datas can be with
It is pre-stored in the storage device in the mobile terminal for generating dynamic iris two dimensional code, can also be pre-stored in
In other storage devices.When mobile terminal needs to generate dynamic iris two dimensional code, can from the storage device of itself or other
Iris characteristic data ready for use is obtained in storage device.This require mobile terminal prepare for dynamic iris two dimensional code it
Before, it is acquired and identify iris image in the terminal for having iris image acquiring and identification function, it is extracted iris spy
Sign, and obtain encoded iris characteristic data.In practical applications, mobile terminal is pre- by reading from storage device
The iris characteristic data first stored may not need iris image acquisition and identification equipment, simplify dynamic two-dimension code generating process, contracting
The short operation time, and more easily operate.
Optionally, mobile terminal can identify iris image to obtain iris characteristic data.It is obtained with above-mentioned from storage device
It takes pre-stored iris characteristic data different, iris characteristic data be not stored in advance or for generating dynamic iris two
When the mobile terminal of dimension code can not access the storage device of storage iris characteristic data, if the mobile terminal has iris image
Acquisition and identification function, then can directly acquire iris image and carry out identification extraction, to obtain iris characteristic data.This method
It is more demanding for mechanical discipline, and compared to it is above-mentioned from storage device obtain mode, it is complicated for operation, spend the time compared with
It is long, but this method can the iris feature directly to user to be certified acquired in real time, reliability and highly-safe is anti-
The hidden danger such as acquired iris characteristic data is untrue are stopped.
Obtaining iris image is the first procedure of iris authentication system and the crucial ring of decision systems total quality
Section.Specific apparatus for making a video recording can be used to shoot the entire eye of people, and the image transmitting taken is known to iris
The image preprocessing software of other system.The acquisition of iris image is relatively high to light source requirements.It is acquired if source mass is low
Iris image quality is poor, then can seriously affect subsequent extraction and analysis to iris feature.Therefore, it is necessary to the items in good light source
Under part, iris image is obtained using specific apparatus for making a video recording.
Then mobile terminal can use pre-set algorithm, extract the iris feature in iris image.
After getting iris image, the iris image got is handled as follows, meets it and extracts iris
The needs of feature:
Iris Location: the position of inner circle, outer circle and conic section in the picture is determined.Wherein, inner circle is iris and pupil
Boundary, outer circle be iris and sclera boundary, conic section be iris and upper lower eyelid boundary;
Iris image normalization: iris image annular in shape in abstract image is transformed to strip through particular procedure technology
The image of shape, and eliminate image noise signal;
Image enhancement: for the image after normalization, the processing such as brightness, contrast and smoothness is carried out, is improved in image
The discrimination of iris information;
After carrying out above-mentioned processing to iris image, pre-set special algorithm can be used from processed iris image
In extract iris recognition needed for characteristic point as iris feature.Used special algorithm can be Fourier transformation and small
Wave conversion scheduling algorithm, this is not limited by the present invention.
Last mobile terminal can carry out coded treatment to iris feature, obtain iris characteristic data.
It after obtaining iris feature, needs to encode it, to generate iris characteristic data.Iris generated is special
Sign data can be used for carrying out identification.When carrying out identification, server can be by by obtained iris feature
The iris characteristic data stored in data and server carries out matching verifying one by one, identical iris is judged whether it is, to reach
To the purpose of identification.
Optionally, it is above-mentioned iris feature is encoded after, the encoded iris feature of predetermined key pair can be used
It is encrypted, to obtain iris characteristic data.In this way, the original iris features data of the unencryption of user to be certified generate it
It is encrypted afterwards, it is therefore prevented that a possibility that original iris features data are leaked, it is ensured that the original iris features data of user
Safety.After the equipment authenticated obtains encrypted iris characteristic data, predetermined key pair iris can be used
Characteristic is decrypted, then carries out the matching verifying of iris characteristic data.
It should be noted that in embodiments of the present invention, the above-mentioned iris characteristic data obtained from storage device or logical
It crosses and obtains and identify that iris image iris characteristic data obtained is not directly used in identification, but in movement
Terminal is converted into dynamic iris two dimensional code, then when needing to carry out authentication by certification end scanning recognition mobile terminal
Dynamic iris two dimensional code, then obtain iris characteristic data from the dynamic iris two dimensional code and carry out identification.In this way, can be with
The quick and safe for facilitating iris characteristic data obtains, and helps to carry out the long-distance identity-certifying of iris characteristic data.
After obtaining iris characteristic data according to the above method, mobile terminal is calculated using time-based disposal password
Method encrypts iris characteristic data according to the current time of key and mobile terminal, obtains dynamic encryption iris data.?
After obtaining iris characteristic data, it usually cannot directly be used for generating pattern in 2 D code.As described above, the iris of people is special
Sign has uniqueness and stablizes invariance, thus using the iris characteristic data that predictive encoding algorithm obtains also have uniqueness and
Stablize invariance.If the original iris features data application of acquisition in generation pattern in 2 D code or is carried out information transmission,
Once leaking data occurs, then the iris feature of user will be revealed, this will generate serious adverse effect.Therefore, institute is being applied
Before the iris characteristic data of acquisition, need that iris characteristic data is encrypted.
TOTP (Time-Based One-Time Password, time-based disposal password) algorithm is to use to be based on
The dynamic disposal password that three time (current time based on terminal), event and key variables generate is (usually every 60
Second generate primary, primary or other times interval can also be generated every 30 seconds), disposal password generated can only be by
Using primary, therefore can be with the safety of effective protection user information.For being had using each mobile terminal of TOTP algorithm
One unique key, the key are stored in server simultaneously, and basis is same respectively for mobile terminal and server when certification every time
Key, same random parameter (time, event) and same pre-defined algorithm calculate dynamic password data to be certified, thus
The bilateral consistency for ensuring code data, to realize the authentication of user.Random parameter when because authenticating every time is different, so
The dynamic password data generated every time are also different, and the randomness of parameter ensure that the unpredictability of each code data, from
And it ensure that the safety of system in most basic and most important cipher authentication link.
In an embodiment of the present invention, it can be calculated using above-mentioned TOTP for generating the mobile terminal of dynamic iris two dimensional code
Method is shared in advance between the current time based on mobile terminal, acquired iris characteristic data, mobile terminal and server
Key, at predetermined time intervals be spaced (for example, 60 seconds or 30 seconds or other times interval) generate dynamic encryption iris data with
In subsequent processing, to ensure that the safety of iris characteristic data.
Mobile terminal of the invention can include but is not limited to: personal computer terminal, laptop, tablet computer,
Mobile phone, the various professional terminal systems (such as professional terminal system of bank outlets) of business place etc..
Finally, mobile terminal generates dynamic iris two dimensional code according to dynamic encryption iris data.It is moved in mobile terminal
After state encrypts iris data, the pattern in 2 D code comprising iris characteristic data can be generated.
Two dimensional code be distributed on plane (two-dimensional directional) according to certain rules with specific geometric figure it is chequered with black and white
Figure, in modern business activities, it can be achieved that using very extensive, such as: product false proof/trace to the source, advertisement pushing, website chain
Connect, data downloading, commodity transaction, positioning/navigation, E-business applications, vehicle management, information transmitting etc..
In general, specific data can be converted to pattern in 2 D code using following conventional two dimensional code code system technology:
PDF417, QR Code, Code 49, Code 16K, Code One, two dimensional code grid matrix code (SJ/T 11349-2006) with
And two dimensional code close matrix code (SJ/T 11350-2006) etc..
In the embodiment of the present invention, mobile terminal can will have been obtained using as escribed above any planar bar code technology
Dynamic encryption iris data is converted to dynamic iris two dimensional code, is read in a manner of facilitating other certification ends for example by scanning dynamic
State iris two dimensional code, the present invention is to the used two dimensional code skill that dynamic encryption iris data is converted to dynamic iris two dimensional code
Art is with no restriction.
It optionally, can be additionally when mobile terminal generates dynamic iris two dimensional code according to dynamic encryption iris data
Encrypted message is set.
Specifically, mobile terminal can obtain preset encrypted message first, which equally protects in advance
It holds in the server, then mobile terminal generates dynamic further according to obtained dynamic encryption data and preset encrypted message
Iris two dimensional code.When the dynamic iris two dimensional code is applied to authentication, server is needed to iris characteristic data and pre-
If encrypted message carry out double verification, when being only both verified, can by authentication, thus further really
The reliability and safety of authentication are protected.
Step 102, according to first key, the current time of server, obtain the iris feature in dynamic iris two dimensional code
Data.
After the dynamic iris two dimensional code that server acquisition is forwarded via certification end, server can be according to whole with movement
The current time of key shared in advance, server between end, obtains the iris characteristic data in dynamic iris two dimensional code.According to
Described above, due to using TOTP algorithm, dynamic iris two dimensional code updates once at predetermined time intervals, so if clothes
The time difference when current time and generation dynamic iris two dimensional code of business device between the current time of mobile terminal has been more than predetermined
Time (namely generates the interval time of dynamic iris two dimensional code), then when subsequent server is verified by authentication failed.
Iris characteristic data and pre-stored iris characteristic data are carried out matching verifying by step 103, are verified knot
Fruit.
After server obtains iris characteristic data to be certified, can by the iris characteristic data be stored in advance in
In server or the iris characteristic data that is stored in advance in the accessible storage device of server carries out matching verifying, from
And available verification result.
Step 104 sends the authentication information for indicating verification result to certification end.
After server is verified result, the authentication information for indicating the verification result can be sent to certification end,
To inform certification end by scanning whether the authentication that dynamic iris two dimensional code is carried out succeeds, certification end can be according to service
Authentication information transmitted by device takes further corresponding actions.
Optionally, server sends the authentication information for indicating verification result to certification end, may include as follows:
If verification result is matching, server sends authentication success message to certification end, and authentication success message can be with
Including certification success flag (for example, instruction authenticates successfully any icon, text, figure, voice etc.), it also may include and use
The relevant user information in family, such as the information such as name, ID card No., home address of user;
If verification result is to mismatch, server sends authentication failure message to certification end, and authentication failure message can
To include authentification failure mark (for example, any icon of instruction authentification failure, text, figure, voice etc.).
In conclusion the embodiment of the present invention is used to indicate use to be certified by being obtained by server by what certification end forwarded
The dynamic iris two dimensional code of the identity information at family obtains dynamic iris two dimensional code according to first key, the current time of server
In iris characteristic data, iris characteristic data and pre-stored iris characteristic data are then subjected to matching verifying, obtained
Verification result, then the authentication information for indicating verification result is sent to certification end.By server obtain by certification end forward by
The dynamic rainbow that mobile terminal generates iris characteristic data progress dynamic encryption using time-based disposal password algorithm
Film two dimensional code facilitates server to obtain the identity for indicating user to be certified on the basis of ensuring iris data information security
The iris characteristic data of information, and then it match verifying with pre-stored iris characteristic data to send to certification end
Authentication information, to improve the convenience that iris feature is applied in field of identity authentication.
Fig. 2 be another embodiment of the present invention provides identity identifying method flow diagram, as shown in Fig. 2, being applied to
The server of identity authorization system, the identity authorization system include server and certification end, this method comprises:
Step 201, the dynamic iris two for obtaining the identity information for indicating user to be certified forwarded by certification end
Tie up code.
Wherein, which is certification end from acquisition for mobile terminal, and the dynamic iris two dimensional code is
Mobile terminal uses time-based disposal password algorithm, according to the current time of key and mobile terminal to the iris of user
Characteristic is encrypted and the two dimensional code that generates, which is key shared in advance between server and mobile terminal.
Step 202, according to first key, the current time of server, obtain the iris feature in dynamic iris two dimensional code
Data.
Iris characteristic data and pre-stored iris characteristic data are carried out matching verifying by step 203, are verified knot
Fruit.
Due to the process of step 201 to step 203, similar with the process of step 101 to step 103, details are not described herein.
Step 204 indicates that the authentication information of verification result is encrypted using the second key pair, obtains encrypted certification
Information.
Wherein, the key which shares between server and certification end.
After being verified result according to above-mentioned steps, the authentication information for indicating verification result is being sent by server
It, can be using the key shared between server and certification end in order to guarantee the safety of transmitted information when to certification end
Verification result is encrypted, after certification end receives the encryption information, can be carried out according to key pair encryption information
Decryption, to obtain authentication information.
Step 205 sends encrypted authentication information to certification end.
Since the process of step 205 and the process of step 104 are similar, details are not described herein.It should be noted that in step
Information sent in 205 has already passed through encryption, it is ensured that the safety of information transmission.
In conclusion the embodiment of the present invention is used to indicate use to be certified by being obtained by server by what certification end forwarded
The dynamic iris two dimensional code of the identity information at family obtains dynamic iris two dimensional code according to first key, the current time of server
In iris characteristic data, iris characteristic data and pre-stored iris characteristic data are then subjected to matching verifying, obtained
Verification result, then indicate that the authentication information of verification result is encrypted using the second key pair, encrypted authentication information is obtained,
Finally encrypted authentication information is sent to certification end.It is obtained by server and base is used by mobile terminal by what certification end forwarded
In the dynamic iris two dimensional code that the disposal password algorithm of time carries out dynamic encryption to iris characteristic data and generates, ensuring
On the basis of iris data information security, server is facilitated to obtain the iris feature number for indicating the identity information of user to be certified
According to, and then it match verifying and encrypted authentication result information with pre-stored iris characteristic data to send out to certification end
Encrypted authentication information is sent, is led to improve iris feature on the basis of guaranteeing information transmission safety in authentication
The convenience of domain application.
Fig. 3 is the schematic diagram for the identification authentication system that one embodiment of the invention provides, as shown in figure 3, the device is applied to
The server of identity authorization system, the identity authorization system include server and certification end, the apparatus may include:
Two-dimensional code acquisition module 301, for obtaining the identity letter for indicating user to be certified by certification end forwarding
The dynamic iris two dimensional code of breath, which is certification end from acquisition for mobile terminal, and dynamic iris is two-dimentional
Code is mobile terminal using time-based disposal password algorithm, according to first key and the current time of mobile terminal to
The iris characteristic data at family is encrypted and the two dimensional code that generates, the first key be between server and mobile terminal in advance altogether
The key enjoyed;
Iris characteristic data obtains module 302, for the current time according to first key, server, obtains dynamic rainbow
Iris characteristic data in film two dimensional code;
Authentication module 303 is matched, for match testing iris characteristic data with pre-stored iris characteristic data
Card, is verified result;
Authentication information sending module 304, for sending the authentication information for indicating verification result to certification end.
Optionally, the authentication information sending module 304, is specifically used for:
If verification result is matching, authentication success message is sent to certification end;
If verification result is to mismatch, authentication failure message is sent to certification end.
Optionally, authentication success message includes at least one of following: certification success flag, use associated with the user
Family information.
Optionally, the iris characteristic data of user is that mobile terminal obtains one of in the following way: identification is used
The iris image at family;Or read the iris characteristic data that user in the terminal is stored in advance.
Optionally, as shown in figure 4, the authentication information sending module 304, comprising:
Submodule 3041 is encrypted, for indicating that the authentication information of verification result is encrypted using the second key pair, is obtained
Encrypted authentication information, the key which shares between server and certification end;
Sending submodule 3042, for sending encrypted authentication information to certification end.
The method that above-mentioned apparatus is used to execute previous embodiment offer, it is similar that the realization principle and technical effect are similar, herein not
It repeats again.
The above module can be arranged to implement one or more integrated circuits of above method, such as: one
Or multiple specific integrated circuits (Application Specific Integrated Circuit, abbreviation ASIC), or, one
Or multi-microprocessor (digital singnal processor, abbreviation DSP), or, one or more field programmable gate
Array (Field Programmable Gate Array, abbreviation FPGA) etc..For another example, when some above module passes through processing elements
When the form of part scheduler program code is realized, which can be general processor, such as central processing unit (Central
Processing Unit, abbreviation CPU) or it is other can be with the processor of caller code.For another example, these modules can integrate
Together, it is realized in the form of system on chip (system-on-a-chip, abbreviation SOC).
Fig. 5 is the schematic diagram of identification authentication system provided in an embodiment of the present invention, which can integrate in terminal device
Or the chip of terminal device, the terminal can be the calculating equipment for having image processing function.
The device includes: memory 501, processor 502.
Memory 501 is for storing program, the program that processor 502 calls memory 501 to store, to execute the above method
Embodiment.Specific implementation is similar with technical effect, and which is not described herein again.
Optionally, the present invention also provides a kind of program product, such as computer readable storage medium, including program, the journeys
Sequence is when being executed by processor for executing above method embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) or processor (English: processor) execute this hair
The part steps of bright each embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory
(English: Read-Only Memory, abbreviation: ROM), random access memory (English: Random Access Memory, letter
Claim: RAM), the various media that can store program code such as magnetic or disk.
Claims (10)
1. a kind of identity identifying method, which is characterized in that applied to the server of identity authorization system, the identity authorization system
Including the server and certification end, which comprises
The dynamic iris two dimensional code of the identity information for indicating user to be certified forwarded by the certification end is obtained, it is described
Dynamic iris two dimensional code is the certification end from acquisition for mobile terminal, and the dynamic iris two dimensional code is described mobile whole
End uses time-based disposal password algorithm, according to first key and the current time of the mobile terminal to the user
Iris characteristic data encrypted and the two dimensional code that generates, the first key be the server and the mobile terminal it
Between shared in advance key;
According to the first key, the current time of the server, the iris feature in the dynamic iris two dimensional code is obtained
Data;
The iris characteristic data and pre-stored iris characteristic data are subjected to matching verifying, are verified result;
The authentication information for indicating the verification result is sent to the certification end.
2. the method as described in claim 1, which is characterized in that described send to the certification end indicates the verification result
Authentication information, comprising:
If the verification result is matching, authentication success message is sent to the certification end;
If the verification result is to mismatch, authentication failure message is sent to the certification end.
3. method according to claim 2, which is characterized in that the authentication success message includes at least one of following:
Authenticate success flag, user information associated with the user.
4. the method as described in claim 1, which is characterized in that the iris characteristic data of the user is that the mobile terminal is logical
It crosses such as one of under type obtaining:
Identify the iris image of the user;Or
Read the iris characteristic data for the user being stored in advance in the mobile terminal.
5. the method as described in claim 1, which is characterized in that described send to the certification end indicates the verification result
Authentication information, comprising:
It indicates that the authentication information of the verification result is encrypted using the second key pair, obtains encrypted authentication information, institute
State the key that the second key is shared between the server and the certification end;
The encrypted authentication information is sent to the certification end.
6. a kind of identification authentication system, which is characterized in that applied to the server of identity authorization system, the identity authorization system
Including the server and certification end, described device includes:
Two-dimensional code acquisition module, for obtaining the identity information for indicating user to be certified forwarded by the certification end
Dynamic iris two dimensional code, the dynamic iris two dimensional code is the certification end from acquisition for mobile terminal, and the dynamic rainbow
Film two dimensional code is the mobile terminal using time-based disposal password algorithm, according to first key and the mobile terminal
Current time the iris characteristic data of the user is encrypted and the two dimensional code that generates, the first key is the clothes
Key shared in advance between business device and the mobile terminal;
Iris characteristic data obtains module, for the current time according to the first key, the server, obtains described dynamic
Iris characteristic data in state iris two dimensional code;
Authentication module is matched, for the iris characteristic data and pre-stored iris characteristic data to be carried out matching verifying,
It is verified result;
Authentication information sending module, for sending the authentication information for indicating the verification result to the certification end.
7. device as claimed in claim 6, which is characterized in that the authentication information sending module is specifically used for:
If the verification result is matching, authentication success message is sent to the certification end;
If the verification result is to mismatch, authentication failure message is sent to the certification end.
8. device as claimed in claim 7, which is characterized in that the authentication success message includes at least one of following:
Authenticate success flag, user information associated with the user.
9. device as claimed in claim 6, which is characterized in that the iris characteristic data of the user is that the mobile terminal is logical
It crosses such as one of under type obtaining:
Identify the iris image of the user;Or
Read the iris characteristic data for the user being stored in advance in the mobile terminal.
10. device as claimed in claim 6, which is characterized in that the authentication information sending module, comprising:
Submodule is encrypted, for indicating that the authentication information of the verification result is encrypted using the second key pair, is encrypted
Authentication information afterwards, the key that second key is shared between the server and the certification end;
Sending submodule, for sending the encrypted authentication information to the certification end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811502496.7A CN109670428A (en) | 2018-12-07 | 2018-12-07 | Identity identifying method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811502496.7A CN109670428A (en) | 2018-12-07 | 2018-12-07 | Identity identifying method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109670428A true CN109670428A (en) | 2019-04-23 |
Family
ID=66144320
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811502496.7A Pending CN109670428A (en) | 2018-12-07 | 2018-12-07 | Identity identifying method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109670428A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110162951A (en) * | 2019-05-28 | 2019-08-23 | 吉林无罔生物识别科技有限公司 | Iris information registration and verification method, system and computer readable storage medium |
| CN110175444A (en) * | 2019-05-28 | 2019-08-27 | 吉林无罔生物识别科技有限公司 | Iris-encoding and verification method, system and computer readable storage medium |
| CN110362752A (en) * | 2019-08-12 | 2019-10-22 | 珠海格力电器股份有限公司 | A kind of method, apparatus and computer readable storage medium of information push |
| CN112152976A (en) * | 2019-06-28 | 2020-12-29 | 西安光启未来技术研究院 | Identity authentication method and system |
| CN113037742A (en) * | 2021-03-04 | 2021-06-25 | 上海华申智能卡应用系统有限公司 | Fingerprint authentication method and system |
| CN114978659A (en) * | 2022-05-17 | 2022-08-30 | 中国银行股份有限公司 | Implementation method of long-acting two-dimensional code and related device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080025575A1 (en) * | 2004-03-22 | 2008-01-31 | Microsoft Corporation | Iris-Based Biometric Identification |
| CN103729902A (en) * | 2012-10-15 | 2014-04-16 | 金蝶软件(中国)有限公司 | Attendance checking sign-in method, attendance checking register method, attendance checking terminal and attendance checking server |
| CN105551117A (en) * | 2014-11-04 | 2016-05-04 | 广东中星电子有限公司 | Two-dimension code generation/verification method used in access control environment, and apparatus thereof |
| CN107331003A (en) * | 2017-06-22 | 2017-11-07 | 厦门劢联科技有限公司 | A kind of school dormitory's management system based on recognition of face |
-
2018
- 2018-12-07 CN CN201811502496.7A patent/CN109670428A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080025575A1 (en) * | 2004-03-22 | 2008-01-31 | Microsoft Corporation | Iris-Based Biometric Identification |
| CN103729902A (en) * | 2012-10-15 | 2014-04-16 | 金蝶软件(中国)有限公司 | Attendance checking sign-in method, attendance checking register method, attendance checking terminal and attendance checking server |
| CN105551117A (en) * | 2014-11-04 | 2016-05-04 | 广东中星电子有限公司 | Two-dimension code generation/verification method used in access control environment, and apparatus thereof |
| CN107331003A (en) * | 2017-06-22 | 2017-11-07 | 厦门劢联科技有限公司 | A kind of school dormitory's management system based on recognition of face |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110162951A (en) * | 2019-05-28 | 2019-08-23 | 吉林无罔生物识别科技有限公司 | Iris information registration and verification method, system and computer readable storage medium |
| CN110175444A (en) * | 2019-05-28 | 2019-08-27 | 吉林无罔生物识别科技有限公司 | Iris-encoding and verification method, system and computer readable storage medium |
| CN110175444B (en) * | 2019-05-28 | 2022-07-22 | 吉林无罔生物识别科技有限公司 | Iris encoding and verifying method, system and computer readable storage medium |
| CN110162951B (en) * | 2019-05-28 | 2022-09-09 | 吉林无罔生物识别科技有限公司 | Iris information registration and verification method, system and computer readable storage medium |
| CN112152976A (en) * | 2019-06-28 | 2020-12-29 | 西安光启未来技术研究院 | Identity authentication method and system |
| CN110362752A (en) * | 2019-08-12 | 2019-10-22 | 珠海格力电器股份有限公司 | A kind of method, apparatus and computer readable storage medium of information push |
| CN113037742A (en) * | 2021-03-04 | 2021-06-25 | 上海华申智能卡应用系统有限公司 | Fingerprint authentication method and system |
| CN114978659A (en) * | 2022-05-17 | 2022-08-30 | 中国银行股份有限公司 | Implementation method of long-acting two-dimensional code and related device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10681025B2 (en) | Systems and methods for securely managing biometric data | |
| CN109670428A (en) | Identity identifying method and device | |
| US20220191012A1 (en) | Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System | |
| Gunasinghe et al. | PrivBioMTAuth: Privacy preserving biometrics-based and user centric protocol for user authentication from mobile phones | |
| CN106330464B (en) | A kind of identity identifying method, equipment and system | |
| US7269277B2 (en) | Perfectly secure authorization and passive identification with an error tolerant biometric system | |
| CN107294900A (en) | Identity registration method and apparatus based on biological characteristic | |
| CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
| JP2004536384A (en) | Method, system, and computer program for remote authentication of fingerprint via network | |
| US11741263B1 (en) | Systems and processes for lossy biometric representations | |
| KR20180003113A (en) | Server, device and method for authenticating user | |
| Shafique et al. | Modern authentication techniques in smart phones: Security and usability perspective | |
| Melzi et al. | An overview of privacy-enhancing technologies in biometric recognition | |
| CN108989038A (en) | It is a kind of for the identification equipment of geographic position authentication, system and method | |
| Conti et al. | Fingerprint traits and RSA algorithm fusion technique | |
| CN110826038B (en) | Data encryption and decryption method and device | |
| Natgunanathan et al. | An overview of protection of privacy in multibiometrics | |
| Rittenhouse et al. | A survey of alternative authentication methods | |
| CN102571341B (en) | A kind of Verification System based on dynamic image and authentication method | |
| CN109635906A (en) | Two-dimensional code generation method and device | |
| CN112417424A (en) | Authentication method and system for power terminal | |
| CN107690789A (en) | The method being authenticated using local factor pair authenticating device communication with least one certificate server | |
| CN107680218B (en) | Security inspection method and system based on multi-biometric feature recognition and instant license technology | |
| Kumar et al. | Biometric passport validation scheme using radio frequency identification | |
| JP5301365B2 (en) | Authentication card, card authentication terminal, card authentication server, and card authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190423 |