CN110516427B - Terminal user identity authentication method and device, storage medium and computer equipment - Google Patents
Terminal user identity authentication method and device, storage medium and computer equipment Download PDFInfo
- Publication number
- CN110516427B CN110516427B CN201910810586.0A CN201910810586A CN110516427B CN 110516427 B CN110516427 B CN 110516427B CN 201910810586 A CN201910810586 A CN 201910810586A CN 110516427 B CN110516427 B CN 110516427B
- Authority
- CN
- China
- Prior art keywords
- user
- terminal
- information
- sim card
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Abstract
The invention discloses an authentication method, an authentication device, a storage medium and computer equipment of a terminal user, wherein the authentication method of the terminal user is that the terminal is provided with a corresponding SIM card, and the authentication method comprises the following steps: respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal; respectively judging whether account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal are matched with prestored information; and determining the validity of the user identity authentication according to the judgment result. The correctness of the account number and the password input by the user is verified; judging whether the operation of inputting the account number and the password is the personal operation or not by adding a biological identification link; the steps are looped and buckled with each other by judging whether the user account is authorized and whether the current SIM card carried by the terminal is effective, so that the reliability of user identity authentication is improved.
Description
Technical Field
The present invention relates to the field of intelligent devices, and in particular, to a method, an apparatus, a storage medium, and a computer device for authenticating an identity of a terminal user.
Background
With the development of mobile communication technology, intelligent terminals such as mobile phones have been deeply studied and worked. The intelligent terminal mainly verifies the user identity in the modes of account number and password, user biological characteristic information and the like, and the method for verifying the user identity has different defects. The method for identifying the user identity through the account password has the advantages that the account password is stolen by others; in the method for authenticating the user by the user biometric feature, since the prior art is not mature enough, the biometric feature of the user has the possibility of being counterfeited. Therefore, how to improve the reliability of the existing terminal user authentication is very necessary.
Disclosure of Invention
The invention mainly aims to provide an authentication method of a terminal user, aiming at solving the problem of improving the reliability of the authentication of the existing terminal user.
The invention provides an identity authentication method of a terminal user, wherein the terminal is provided with a corresponding SIM card, and the method comprises the following steps:
respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal;
respectively judging whether account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal are matched with prestored information;
and determining the validity of the user identity authentication according to the judgment result.
Preferably, the step of respectively determining whether the account key information input by the user, the biometric information of the user, and the current SIM card carried by the terminal are all matched with pre-stored information includes:
judging whether the account key information input by the user is matched with information prestored in a database;
if yes, obtaining the biological feature information of the user, and judging whether the biological feature information meets the preset requirement;
if so, acquiring ID information corresponding to each SIM card carried by the terminal, and generating a first ID set;
acquiring a second ID set which is prestored in the database and corresponds to the terminal, wherein the second ID set comprises ID information of each SIM card associated with a legal user of the terminal;
judging whether the second ID set is a subset of the first ID set;
if yes, respectively judging whether first SIM cards in the subset are all valid, wherein the first SIM cards are all SIM cards corresponding to the ID information in the second ID set in the terminal;
and if the information is valid, judging that the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information.
Preferably, the step of respectively determining whether the first SIM cards in the subsets are all valid includes:
acquiring ID information corresponding to each first SIM card in the subset;
respectively encrypting the ID information corresponding to each first SIM card through a first encryption algorithm to generate a first sequence value;
for each first SIM card, sending the corresponding first sequence value to a server in a preset form through the first SIM card, wherein the server is used for verifying whether the current SIM card carried by the terminal is valid;
acquiring a second array value fed back by the server aiming at the telephone number corresponding to the first SIM card;
judging whether the first array value is the same as the second array value;
if yes, the first SIM card in the subset is judged to be effective.
Preferably, the account key information includes a password and an account number, and the step of determining whether the account key information input by the user matches information prestored in the database includes:
carrying out encryption calculation on the password input by the user through a second encryption algorithm to generate a third sequence of values;
acquiring a fourth numerical value corresponding to the account from a database according to the account input by the user, wherein the database prestores a corresponding relationship between the account and the fourth numerical value;
determining whether the third array value matches the fourth array value;
if yes, the account key information input by the user is judged to be matched with the information prestored in the database, and if not, the account key information is not matched.
Preferably, the step of acquiring the biometric information of the user and determining whether the biometric information meets a preset requirement includes:
acquiring biological characteristic information of a user, preprocessing the biological characteristic information, and determining a user account corresponding to the biological characteristic information;
acquiring a fifth array value corresponding to the biological characteristic information according to the corresponding relation between the user account of the biological characteristic information prestored in the database and the array value;
determining whether the fifth array value matches the third array value;
if so, judging that the biological characteristic information meets the preset requirement, otherwise, judging that the biological characteristic information does not meet the preset requirement.
Preferably, after the step of determining the validity of the user authentication according to the judgment result, the method includes:
and configuring a terminal operating environment corresponding to the authority according to the user identity authentication result.
Preferably, the step of configuring the terminal operating environment with the corresponding right according to the user authentication result includes:
respectively carrying out security level division on all application programs prestored in the terminal to form application program lists corresponding to different security levels;
according to the number ratio of all verification steps in the verification result, respectively evaluating the security level of the operating environment of all SIM cards carried by the terminal;
acquiring a security level corresponding to an SIM card connected with a current network;
and matching the application program list with the security level consistent with the security level corresponding to the SIM card connected with the current network according to the security level corresponding to the SIM card connected with the current network.
The present application further provides an authentication device for a terminal user, where the terminal has a corresponding SIM card, and the device includes:
the first acquisition module is used for respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal;
the first judgment module is used for respectively judging whether the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information;
and the determining module is used for determining the validity of the user identity authentication according to the judgment result.
The present invention also provides a storage medium, which is a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed, implements the above-mentioned method for authenticating an end user.
The invention also provides computer equipment which is characterized by comprising a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the identity authentication method of the terminal user when executing the computer program.
The invention has the beneficial effects that: verifying the correctness of the account and the password input by the user by judging whether the account and the password input by the user are matched with the information prestored in the database; whether the operation of inputting the account number and the password is the personal operation is judged by judging whether the biological characteristic information of the user meets the requirements or not and additionally arranging a biological identification link; the steps are looped and buckled with each other by judging whether the current SIM card carried by the terminal meets the requirements or not, judging whether the user account is authorized or not and whether the current SIM card carried by the terminal is effective or not, and accordingly greatly improving the reliability of user identity verification.
Drawings
Fig. 1 is a schematic flowchart of an authentication method for an end user according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an authentication apparatus for an end user according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a second embodiment of an end user authentication device according to another embodiment of the present application;
FIG. 4 is a schematic structural diagram of a configuration module according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a first determining module according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a third determining submodule according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a second determining module according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a third determining module according to an embodiment of the present application;
FIG. 9 is a block diagram of an embodiment of a storage medium provided in the present application;
fig. 10 is a block diagram of an embodiment of a computer device provided in the present application.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, the present invention provides an authentication method for a terminal user, including:
a: respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal;
b: respectively judging whether account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal are matched with prestored information;
c: and determining the validity of the user identity authentication according to the judgment result.
The account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal can be obtained simultaneously or sequentially according to different orders without limitation. In this embodiment, the following manner of sequentially obtaining and gradually determining is taken as an example to illustrate the implementation process. The above steps a to C can be refined as follows:
s1: and acquiring an account number and a password input by a user.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. When the terminal starts user authentication, an input box pops up to remind the user to input an account number and a password. The terminal acquires an account and a password input by a user.
S2: and judging whether the account number and the password input by the user are matched with information prestored in the database.
The information in the database includes, but is not limited to, the user's account number, password, biometric information of the user. In the embodiment of the present invention, the account and the password input by the user correspond to the account and the password pre-stored in the database one to one, and each account and password pre-stored in the database are also matched with different associated information, where the associated information includes, but is not limited to, biometric information of the user and series value information obtained by encrypting the password in advance. By matching and comparing the account key information input by the user with the associated information, the correctness of the account number and the password input by the user can be verified.
S3: if yes, obtaining the biological feature information of the user, and judging whether the biological feature information meets a first preset requirement.
In the embodiment of the present invention, the terminal acquires the biometric information of the user, and the biometric information includes, but is not limited to, one or more of fingerprint information, facial feature information, iris information, and voiceprint information. After the terminal acquires the biological characteristic information of the user, whether the biological characteristic information meets a first preset requirement is judged. Through the operation, the terminal can judge whether the operation of inputting the account and the password is the personal operation, and the verification link is added through the biological recognition technology, so that the risk of cracking the user account by other people is reduced.
S4: and if so, judging whether the current SIM card carried by the terminal meets a second preset requirement.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone capable of carrying multiple SIM cards, and a four-card four-standby smart phone with four SIM cards is taken as an example. In the embodiment of the invention, the current SIM card carried by the terminal is used as a hardware key. After passing through the links of account key information verification and biological identification verification, the user also needs to pass through four SIM cards for identity verification; and the terminal respectively judges whether the four SIM cards meet the second preset requirement, and if the four SIM cards all meet the second preset requirement, the user currently inputting the information is a legal user of the terminal.
S5: if so, obtaining user identity information corresponding to the user, and judging that the user identity authentication is successful.
In the embodiment of the invention, after the verification of the links, the terminal obtains the user identity information corresponding to the user, such as the user name, and judges that the user identity verification is successful. Verifying the correctness of the account and the password input by the user by judging whether the account and the password input by the user are matched with the information prestored in the database; whether the operation of inputting the account number and the password is the personal operation is judged by judging whether the biological characteristic information of the user meets the requirements or not and additionally arranging a biological identification link; the steps are looped and buckled with each other by judging whether the current SIM card carried by the terminal meets the requirements or not, judging whether the user account is authorized or not and whether the current SIM card carried by the terminal is effective or not, and accordingly greatly improving the reliability of user identity verification.
Further, after the step C of determining the validity of the user authentication according to the judgment result, the method includes:
s6: and configuring a terminal operating environment corresponding to the authority according to the user identity authentication result. The operating environment includes, among other things, available software, system settings, callable hardware resources, and files.
Further, the step S6 of configuring the terminal operating environment with the corresponding right according to the user authentication result includes:
s60: respectively carrying out security level division on all application programs prestored in the terminal to form application program lists corresponding to different security levels;
s61: according to the number ratio of all verification steps in the verification result, respectively evaluating the security level of the operating environment of all SIM cards carried by the terminal;
s62: acquiring a security level corresponding to an SIM card connected with a current network;
s63: and matching the application program list with the security level consistent with the security level corresponding to the SIM card connected with the current network according to the security level corresponding to the SIM card connected with the current network.
In the embodiment of the invention, the terminal is provided with a virtual platform based on an Android system, and multiple application spaces are supported on the smart phone by modifying the virtual implementation of a Framework layer, the Android system component management, the file system virtualization and the application process management, so that the effect of no mutual interference is achieved. Wherein different application spaces run different application program lists, i.e. corresponding to different terminal running environments. For example, the highest level of the terminal operating environment is four levels, which correspond to four verification steps, and the levels are a password verification step, a fingerprint verification step, a voiceprint verification step and a face identification verification step from low to high in sequence, that is, if all users who pass through the four verification steps obtain the highest use permission of the terminal, the highest-safety-factor application program class table is matched, and the highest-safety-factor application program list comprises all software resources and hardware resources in the terminal. When the user passes only three verification steps during verification and does not pass the face recognition verification step, if the number of the verification steps passing the verification steps accounts for 75% of the number of all the verification steps, an application program list with a slightly low safety coefficient is matched and called, and the application program list with the slightly low safety coefficient does not comprise payment software and the like. By analogy, the authentication steps are less secure than the number of all authentication steps being 50% of the application list, which does not include phone directories, WeChats, QQQs, etc. related to user information. The verification steps account for the lowest safety factor of an application program list with the quantity of all verification steps accounting for 0%, the network is forbidden to be connected, and the application program list only comprises an emergency telephone interface, which is equivalent to the condition that the terminal cannot be normally used. As one skilled in the art will appreciate, in the case of a product combining software and hardware, the use of hardware resources is implemented by means of software drivers. In the embodiment of the invention, a user A passes identity verification of a terminal, the terminal acquires identity information of the user A, a terminal system sets a corresponding operating environment, the operating environment comprises software resources and hardware resources which can be used by the user, for example, the software resources which can be used by the user A are 'WeChat', the terminal system grants the user A the authority to use a terminal loudspeaker in a software layer, therefore, after the user A passes the identity verification of the terminal, the hardware resources which can be used are the loudspeaker, the software resources which can be used are 'WeChat', and files and system settings which correspond to the user A. In other embodiments of the present invention, the user B passes the identity authentication of the terminal, the terminal obtains the identity information of the user B, the terminal system sets a corresponding operating environment, the operating environment includes software resources and hardware resources that can be used by the user, for example, the software resources that can be used by the user B are "pay for treasure", and the terminal system grants the right to use the flash lamp to the user B in a software level. Therefore, after the user B passes the terminal identity verification, the usable hardware resource is a flash lamp, and the usable software resource is 'Paibao' and the file and system setting corresponding to the user B. Software resources and hardware resources which can be used by each user are preset, and under the condition of no system authorization, the hardware resources and the software resources of the terminal cannot be used at will. That is, user a cannot use the "pay-for-use" and "flash," and user B cannot use the "WeChat" and "speaker. Through the operation, the authenticated user is ensured to have access to the terminal resource by the authorized person.
Further, step B of respectively determining whether the account key information input by the user, the biometric information of the user, and the current SIM card carried by the terminal are all matched with pre-stored information includes:
s40 a: judging whether the account key information input by the user is matched with information prestored in a database;
s40 b: if yes, obtaining the biological feature information of the user, and judging whether the biological feature information meets the preset requirement;
s41: if so, acquiring ID information corresponding to each SIM card carried by the terminal, and generating a first ID set;
s42: acquiring a second ID set which is prestored in the database and corresponds to the terminal, wherein the second ID set comprises ID information of each SIM card associated with a legal user of the terminal;
s43: judging whether the second ID set belongs to the subset of the first ID set or not;
s44: if yes, respectively judging whether the first SIM cards in the subset are all valid, wherein the first SIM cards are all SIM cards corresponding to the ID information in the second ID set in the terminal;
s45: and if the information is valid, judging that the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone capable of carrying multiple SIM cards, where the smart phone is a four-card four-standby smart phone having four SIM cards, for example, the smart phone can carry a china mobile SIM card, a china unicom SIM card, a china telecom SIM card, and a china metro SIM card. The ID information includes an integrated circuit card identification code (ICCID) of the SIM card, for example, the terminal reads the ICCIDs of four SIM cards to generate a first ID set. And acquiring a second ID set which is prestored in the database and corresponds to the terminal, wherein the second ID set comprises the ID information of each SIM card associated with the legal user of the terminal. For example, the SIM cards which are obtained by pre-recording and should be used by the legal user of the terminal are the china mobile SIM card, the china unicom SIM card and the china railroad SIM card, and the ICCIDs respectively corresponding to the three cards in the database form a second ID set. The database may be a local database or a network database. One terminal can have N (N is an integer larger than zero) terminal legal users, each terminal legal user has a plurality of SIM cards which should be used, and a corresponding second ID set is generated based on each SIM card associated with each terminal legal user, so that the database can have N second ID sets corresponding to the terminal. As long as any one second ID set corresponding to the current terminal in the database is a subset of the first ID set, it is determined whether each SIM card in the second ID set is valid, that is, whether the china mobile SIM card, the china unicom SIM card, and the china iron communication SIM card are valid. The above-mentioned validity indicates that the card is in an active usable state. If the China Mobile SIM card, the China Unicom SIM card and the China Tietong SIM card are all valid, determining that each SIM card carried by the terminal meets the preset requirement, and matching account key information input by the user, biological characteristic information of the user and the current SIM card carried by the terminal with pre-stored information. Whether each SIM card associated with a terminal legal user is carried in the current terminal can be determined by judging whether a second ID set corresponding to the terminal and prestored in a database is a subset of the first ID set, and the validity of the SIM card is further verified only when the judgment result is yes, so that the ICCID of the current SIM card carried in the terminal is prevented from being tampered by others, and the user account is cracked. By judging whether the current SIM card is valid or not, other people are prevented from cracking the user account by copying the current SIM card carried by the terminal.
Further, the step S44 of respectively determining whether the first SIM cards in the subsets are all valid includes:
s441: acquiring ID information corresponding to each first SIM card in the subset;
s442: respectively encrypting the ID information corresponding to each first SIM card through a first encryption algorithm to generate a first sequence value;
s443: for each first SIM card, sending the corresponding first array value to a server in a preset form through the first SIM card, wherein the server is used for verifying whether the current SIM card carried by the terminal is valid;
s444: acquiring a second array value fed back by the server aiming at the telephone number corresponding to the first SIM card;
s445: judging whether the first array value is the same as the second array value;
s446: if so, determining that the first SIM card in the subset is valid.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone, wherein the smart phone is a four-card four-standby smart phone having four SIM cards. The intelligent mobile phone carries a China mobile SIM card, a China Unicom SIM card, a China telecom SIM card and a China Tong SIM card. Taking the china mobile SIM card as an example, the terminal obtains the ICCID corresponding to the china mobile SIM card, and encrypts the ICCID of the china mobile SIM card by a hash algorithm to generate a first sequence value. And the terminal generates a local short message carrying the first numerical value and sends the local short message to a preset server. After receiving the short message, the server analyzes the ISDN telephone number corresponding to the China Mobile SIM card, finds out the numerical sequence value corresponding to the ICCID corresponding to the China Mobile SIM card in the database according to the ISDN telephone number corresponding to the China Mobile SIM card, wherein the numerical sequence value is the second numerical sequence value, and sends the numerical sequence value to the ISDN telephone number corresponding to the China Mobile SIM card in the form of the short message, namely, the server sends the short message with the second numerical sequence value to the terminal. And the terminal acquires the second array value from the short message returned by the server and judges whether the first array value is the same as the second array value. If yes, the SIM card is judged to be valid. The verification mode of the China Unicom SIM card, the China telecom SIM card and the China iron communication SIM card is the same as the verification mode of the China Mobile SIM card, so the description is omitted. Because each SIM card has a corresponding ISDN telephone number which can not be modified, even if the ICCID of the current SIM card carried by the terminal is copied by other people, the copied SIM card is inconsistent with the ISDN telephone number of the current SIM card carried by the terminal, and the ISDN number can not be tampered, other people can not receive a verification short message corresponding to the current SIM card carried by the terminal and a server through the copied SIM card, thereby greatly improving the reliability of the effective verification of the SIM card.
Further, the step S2 of determining whether the account key information input by the user matches with the information pre-stored in the database includes:
s21: carrying out encryption calculation on the password input by the user through a second encryption algorithm to generate a third sequence value;
s22: acquiring a fourth numerical value of a corresponding account from a database according to the account input by the user, wherein the database prestores a corresponding relationship between the account and the fourth numerical value;
s23: judging whether the third array value is matched with the fourth array value;
s24: if yes, the account key information input by the user is judged to be matched with the information prestored in the database, and if not, the account key information is not matched.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. The process of judging the account password input by the user by the terminal is as follows, after the intelligent terminal acquires the account and the password input by the user, wherein the password can be in a text or pattern form; encrypting a password input by a user through a Hash algorithm to generate a first password sequence value, wherein the first password sequence value is a first sequence value; the terminal searches a corresponding password sequence in a database according to an account input by a user, wherein the password sequence is a second password sequence value, and the second password sequence value is a second sequence value, and the database comprises but is not limited to a local database and a cloud server database; and finally, the intelligent terminal judges whether the first numerical sequence value is the same as the second numerical sequence value, and if so, the intelligent terminal judges that the account number and the password input by the user are matched with the information prestored in the database. Through the operation, the terminal can pass the next link of identity authentication only by inputting the matched account and password, and the user trying to crack the account and password of other people is eliminated. In addition, the process that the terminal judges whether the user input information is matched is judged by the number sequence generated by the Hash algorithm through the password, and the password is not directly adopted for judgment, so that the exposure of the password is reduced, and the leakage of the password of the user is effectively prevented.
Further, the step S3 of acquiring the biometric information of the user and determining whether the biometric information meets the first preset requirement includes:
s31: acquiring biological characteristic information of a user; preprocessing the biological characteristic information to generate first biological characteristic information;
s32: acquiring a fifth array value corresponding to the first biological characteristic information according to the corresponding relation between the biological characteristic information prestored in the database and the array value;
s33: judging whether the fifth array value is matched with the third array value;
s34: if so, judging that the biological characteristic information meets the first preset requirement, otherwise, judging that the biological characteristic information does not meet the first preset requirement.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. The terminal prompts the user to input the biological characteristic information, and the prompting mode includes but is not limited to voice and words. The terminal acquires the biological characteristic information of the user, including but not limited to one or more of fingerprint information, face characteristic information, iris information and voiceprint information. The terminal preprocesses the acquired biological characteristic information, so that the terminal can more easily extract the biological characteristic information. The preprocessing process comprises the steps of filtering and denoising the picture of the biological characteristic information, and the like, so that the image is clearer. And finding a user account corresponding to the biological characteristic information in the database according to the biological characteristic information extracted by the terminal, and acquiring a fifth sequence value corresponding to the user account from the database by the terminal. The fifth array value is an encrypted value obtained by encrypting the password corresponding to the user account, and the encryption algorithm used in the process is the encryption algorithm used in the encryption calculation of the password input by the user in step S21. The database includes, but is not limited to, a local database or a cloud server database. And the terminal judges whether the fifth array value is matched with the third array value, namely the terminal judges whether the array value of the password corresponding to the user account acquired from the server is consistent with the array value corresponding to the password input by the user. And if the number series value of the password corresponding to the user account acquired in the server is consistent with the number series value corresponding to the password input by the user, judging that the biological characteristic information meets a first preset requirement. Through the operation, the terminal judges whether the biological characteristic information of the user is matched or not according to the comparison between the numerical sequence value corresponding to the biological characteristic information and the numerical sequence value corresponding to the user account in the database, but not the comparison between the biological characteristic information acquired by the terminal and the biological characteristic information stored in the database, so that the biological characteristic exposure links are reduced, and the possibility of the leakage of the biological characteristic information of the user is reduced.
Further, if yes, after the step S5 of determining that the user identity verification is successful, the method includes:
s51: recording the user identity information of the current verification and the corresponding verification time;
s52: acquiring a historical record of user identity verification, wherein the historical record comprises user identity information verified at the current time and verification time;
s53: and generating a terminal use list containing the user identity information and the corresponding verification time according to the user identity information and the corresponding verification time and history.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. In certain work and learning environments, smart phones are used by people as public supplies. And the terminal acquires the user identity information and the verification time of the current verification. If the user C passes the user identity authentication on 1 month and 1 day of 2019 and 13: 00. The terminal obtains the history record of the user authentication, if the user A passes the authentication in 1/12: 00 of 2019, and the user B passes the authentication in 1/12: 30 of 2019. And the mobile phone generates a terminal use list containing the user A, the user B, the user C and the corresponding verification time according to the current verification user identity information, the verification time and the history. Through the operation, a terminal manager can accurately know the user and the use time of the terminal, and management is convenient.
Referring to fig. 2, the present invention further provides an authentication apparatus for an end user, including:
a first obtaining module A: the terminal is used for respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal;
the first judgment module B: the terminal is used for respectively judging whether the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information;
a determining module C: and the user identity authentication device is used for determining the validity of the user identity authentication according to the judgment result.
The account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal can be obtained simultaneously or sequentially according to different orders without limitation. In this embodiment, the following manner of sequentially obtaining and gradually determining is taken as an example to illustrate the implementation process.
Referring to fig. 3, the modules a to C described above may be replaced with a plurality of modules as follows:
and the second acquisition module 1 is used for acquiring the account and the password input by the user.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. When the terminal starts user authentication, an input box pops up to remind the user to input an account number and a password. The terminal acquires an account and a password input by a user.
And the second judging module 2 is used for judging whether the key information input by the user is matched with the information prestored in the database.
The information in the database includes, but is not limited to, the user's account number, password, biometric information of the user. In the embodiment of the present invention, the account and the password input by the user correspond to the account and the password pre-stored in the database one to one, and each account and password pre-stored in the database are also matched with different associated information, respectively, where the associated information includes, but is not limited to, biometric information of the user, and sequence value information obtained by encrypting the password in advance, and the like. And matching and comparing the account key information input by the user with the associated information to realize matching and association. Through the operation, the correctness of the account number and the password input by the user can be verified.
And the third judging module 3 is used for acquiring the biological characteristic information of the user if the first preset requirement is met, and judging whether the biological characteristic information meets the first preset requirement.
In the embodiment of the present invention, the terminal acquires the biometric information of the user, and the biometric information includes, but is not limited to, one or more of fingerprint information, facial feature information, iris information, and voiceprint information. After the terminal acquires the biological characteristic information of the user, whether the biological characteristic information meets a first preset requirement is judged. Through the operation, the terminal can judge whether the operation of inputting the account and the password is the personal operation, and the verification link is added through the biological recognition technology, so that the risk of cracking the user account by other people is reduced.
And the fourth judging module 4 is used for judging whether the current SIM card carried by the terminal meets the second preset requirement if the current SIM card carried by the terminal meets the second preset requirement.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone capable of carrying multiple SIM cards, and for example, the smart phone is a four-card four-standby smart phone with four SIM cards. In the embodiment of the invention, the current SIM card carried by the terminal is used as a hardware key. After passing through the links of account key information verification and biological identification verification, the user also needs to pass through four SIM cards for identity verification; and the terminal respectively judges whether the four SIM cards meet the second preset requirement, and if the four SIM cards all meet the second preset requirement, the user currently inputting the information is a legal user of the terminal.
And the execution module 5 is used for obtaining the user identity information corresponding to the user and judging that the user identity authentication is successful if the user identity information is positive.
In the embodiment of the invention, after the verification of the links, the terminal obtains the user identity information corresponding to the user, such as the user name, and judges that the user identity verification is successful. Verifying the correctness of the account and the password input by the user by judging whether the account and the password input by the user are matched with the information prestored in the database; whether the operation of inputting the account number and the password is the personal operation is judged by judging whether the biological characteristic information of the user meets the requirements or not and additionally arranging a biological identification link; the steps are looped and buckled with each other by judging whether the current SIM card carried by the terminal meets the requirements or not, judging whether the user account is authorized or not and whether the current SIM card carried by the terminal is effective or not, and accordingly greatly improving the reliability of user identity verification.
Further, the authentication device for the end user further comprises a configuration module 6.
And the configuration module 6 is used for configuring the terminal operating environment with the corresponding authority according to the user identity authentication result. The operating environment includes, among other things, available software, system settings, callable hardware resources, and files.
Referring to fig. 4, the configuration module 6 includes:
a dividing submodule 60, configured to perform security level division on all application programs pre-stored in the terminal, respectively, so as to form application program lists corresponding to different security levels;
the evaluation submodule 61 is used for respectively evaluating the security level of the operating environments of all the SIM cards carried by the terminal according to the quantity ratio of all the verification steps in the verification result by the verification steps;
the first obtaining submodule 62 is configured to obtain a security level corresponding to the SIM card currently connected to the network;
and the matching submodule 63 is configured to match the application program list with the security level consistent with the security level corresponding to the SIM card connected to the current network according to the security level corresponding to the SIM card connected to the current network.
In the embodiment of the invention, the terminal is provided with a virtual platform based on an Android system, and multiple application spaces are supported on the smart phone by modifying the virtual implementation of a Framework layer, the Android system component management, the file system virtualization and the application process management, so that the effect of no mutual interference is achieved. Wherein different application spaces run different application program lists, i.e. corresponding to different terminal running environments. For example, the highest level of the terminal operating environment is four levels, which correspond to four verification steps, and the levels are a password verification step, a fingerprint verification step, a voiceprint verification step and a face identification verification step from low to high in sequence, that is, if all users who pass through the four verification steps obtain the highest use permission of the terminal, the highest-safety-factor application program class table is matched, and the highest-safety-factor application program list comprises all software resources and hardware resources in the terminal. When the user passes only three verification steps during verification and does not pass the face recognition verification step, if the number of the verification steps passing the verification steps accounts for 75% of the number of all the verification steps, an application program list with a slightly low safety coefficient is matched and called, and the application program list with the slightly low safety coefficient does not comprise payment software and the like. By analogy, the authentication steps are less secure than the number of all authentication steps being 50% of the application list, which does not include phone directories, WeChats, QQQs, etc. related to user information. The verification steps account for the lowest safety factor of an application program list with the quantity of all verification steps accounting for 0%, the network is forbidden to be connected, and the application program list only comprises an emergency telephone interface, which is equivalent to the condition that the terminal cannot be normally used. As one skilled in the art will appreciate, in the case of a product combining software and hardware, the use of hardware resources is implemented by means of software drivers. In the embodiment of the invention, a user A passes identity verification of a terminal, the terminal acquires identity information of the user A, a terminal system sets a corresponding operating environment, the operating environment comprises software resources and hardware resources which can be used by the user, for example, the software resources which can be used by the user A are 'WeChat', the terminal system grants the user A the authority to use a terminal loudspeaker in a software layer, therefore, after the user A passes the identity verification of the terminal, the hardware resources which can be used are the loudspeaker, the software resources which can be used are 'WeChat', and files and system settings which correspond to the user A. In other embodiments of the present invention, the user B passes the identity authentication of the terminal, the terminal obtains the identity information of the user B, the terminal system sets a corresponding operating environment, the operating environment includes software resources and hardware resources that can be used by the user, for example, the software resources that can be used by the user B are "pay for treasure", and the terminal system grants the right to use the flash lamp to the user B in a software level. Therefore, after the user B passes the terminal identity verification, the usable hardware resource is a flash lamp, and the usable software resource is 'Paibao' and the file and system setting corresponding to the user B. Software resources and hardware resources which can be used by each user are preset, and under the condition of no system authorization, the hardware resources and the software resources of the terminal cannot be used at will. That is, user a cannot use the "pay-for-use" and "flash," and user B cannot use the "WeChat" and "speaker. Through the operation, the authenticated user is ensured to have access to the terminal resource by the authorized person.
Referring to fig. 5, the first determination module B includes:
the first judging submodule 40a is configured to judge whether the account key information input by the user matches information prestored in a database;
the second obtaining sub-module 40b is configured to, if yes, obtain biometric information of the user, and determine whether the biometric information meets a preset requirement;
a third obtaining submodule 41, configured to, if yes, obtain ID information corresponding to each SIM card carried by the terminal, and generate a first ID set;
a fourth obtaining submodule 42, configured to obtain a second ID set corresponding to the terminal and pre-stored in the database, where the second ID set includes ID information of each SIM card associated with a valid user of the terminal;
a second determining submodule 43, configured to determine whether the second ID set belongs to the subset of the first ID set;
a third determining submodule 44, configured to respectively determine whether the first SIM cards in the subset are all valid if the first SIM cards in the subset are valid, where the first SIM cards are all SIM cards in the terminal corresponding to the ID information in the second ID set;
and the first judging submodule 45 is configured to judge that the account key information input by the user, the biometric information of the user, and the current SIM card carried by the terminal are all matched with pre-stored information if the account key information, the biometric information of the user, and the current SIM card carried by the terminal are all valid.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone capable of carrying multiple SIM cards, where the smart phone is a four-card four-standby smart phone having four SIM cards, for example, the smart phone can carry a china mobile SIM card, a china unicom SIM card, a china telecom SIM card, and a china metro SIM card. The ID information includes an integrated circuit card identification code (ICCID) of the SIM card, for example, the terminal reads the ICCIDs of four SIM cards to generate a first ID set. And acquiring a second ID set which is prestored in the database and corresponds to the terminal, wherein the second ID set comprises the ID information of each SIM card associated with the legal user of the terminal. For example, the SIM cards which are obtained by pre-recording and should be used by the legal user of the terminal are the china mobile SIM card, the china unicom SIM card and the china railroad SIM card, and the ICCIDs respectively corresponding to the three cards in the database form a second ID set. The database may be a local database or a network database. One terminal can have N (N is an integer larger than zero) terminal legal users, each terminal legal user has a plurality of SIM cards which should be used, and a corresponding second ID set is generated based on each SIM card associated with each terminal legal user, so that the database can have N second ID sets corresponding to the terminal. As long as any one second ID set corresponding to the current terminal in the database is a subset of the first ID set, it is determined whether each SIM card in the second ID set is valid, that is, whether the china mobile SIM card, the china unicom SIM card, and the china iron communication SIM card are valid. The above-mentioned validity indicates that the card is in an active usable state. If the China Mobile SIM card, the China Unicom SIM card and the China Tietong SIM card are all valid, determining that each SIM card carried by the terminal meets the preset requirement, and matching account key information input by the user, biological characteristic information of the user and the current SIM card carried by the terminal with pre-stored information. Whether each SIM card associated with a terminal legal user is carried in the current terminal can be determined by judging whether a second ID set corresponding to the terminal and prestored in a database is a subset of the first ID set, and the validity of the SIM card is further verified only when the judgment result is yes, so that the ICCID of the current SIM card carried in the terminal is prevented from being tampered by others, and the user account is cracked. By judging whether the current SIM card is valid or not, other people are prevented from cracking the user account by copying the current SIM card carried by the terminal.
Referring to fig. 6, the third judgment sub-module 44 includes:
a first obtaining unit 441, configured to obtain ID information corresponding to each first SIM card in the subset respectively;
an encrypting unit 442, configured to encrypt the ID information corresponding to each first SIM card by a first encryption algorithm, respectively, to generate a first sequence value;
a sending unit 443, configured to send, to each first SIM card, the corresponding first sequence value to a server in a preset form through the first SIM card, where the server is configured to verify whether a current SIM card carried by the terminal is valid;
a second obtaining unit 444, configured to obtain a second series of values fed back by the server for the phone number corresponding to the first SIM card;
a determining unit 445, configured to determine whether the first array value is the same as the second array value;
a determining unit 446, configured to determine that the first SIM card in the subset is valid if yes.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone, wherein the smart phone is a four-card four-standby smart phone having four SIM cards. The intelligent mobile phone carries a China mobile SIM card, a China Unicom SIM card, a China telecom SIM card and a China Tong SIM card. Taking the china mobile SIM card as an example, the terminal obtains the ICCID corresponding to the china mobile SIM card, and encrypts the ICCID of the china mobile SIM card by a hash algorithm to generate a first sequence value. And the terminal generates a local short message carrying the first numerical value and sends the local short message to a preset server. After receiving the short message, the server analyzes the ISDN telephone number corresponding to the China Mobile SIM card, finds out the numerical sequence value corresponding to the ICCID corresponding to the China Mobile SIM card in the database according to the ISDN telephone number corresponding to the China Mobile SIM card, wherein the numerical sequence value is the second numerical sequence value, and sends the numerical sequence value to the ISDN telephone number corresponding to the China Mobile SIM card in the form of the short message, namely, the server sends the short message with the second numerical sequence value to the terminal. And the terminal acquires the second array value from the short message returned by the server and judges whether the first array value is the same as the second array value. If yes, the SIM card is judged to be valid. The verification mode of the China Unicom SIM card, the China telecom SIM card and the China iron communication SIM card is the same as the verification mode of the China Mobile SIM card, so the description is omitted. Because each SIM card has a corresponding ISDN telephone number which can not be modified, even if the ICCID of the current SIM card carried by the terminal is copied by other people, the copied SIM card is inconsistent with the ISDN telephone number of the current SIM card carried by the terminal, and the ISDN number can not be tampered, other people can not receive a verification short message corresponding to the current SIM card carried by the terminal and a server through the copied SIM card, thereby greatly improving the reliability of the effective verification of the SIM card.
Referring to fig. 7, the account key information includes a password and an account number, and the second determination module 2 includes:
the encryption submodule 21 is configured to perform encryption calculation on a password input by a user through a second encryption algorithm to generate a third sequence value;
a fifth obtaining sub-module 22, configured to obtain a fourth numerical value of the corresponding account from the database according to the account input by the user, where a corresponding relationship between the account and the fourth numerical value is prestored in the database;
a fourth judging submodule 23 configured to judge whether the third array value matches the fourth array value;
and the second judging submodule 24 is configured to judge that the account key information input by the user matches information prestored in the database if the account key information is matched with the information, and otherwise, the account key information is not matched with the information.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. The process of judging the account password input by the user by the terminal is as follows, after the intelligent terminal acquires the account and the password input by the user, wherein the password can be in a text or pattern form; encrypting a password input by a user through a Hash algorithm to generate a first password sequence value, wherein the first password sequence value is a first sequence value; the terminal searches a corresponding password sequence in a database according to an account input by a user, wherein the password sequence is a second password sequence value, and the second password sequence value is a second sequence value, and the database comprises but is not limited to a local database and a cloud server database; and finally, the intelligent terminal judges whether the first numerical sequence value is the same as the second numerical sequence value, and if so, the intelligent terminal judges that the account number and the password input by the user are matched with the information prestored in the database. Through the operation, the terminal can pass the next link of identity authentication only by inputting the matched account and password, and the user trying to crack the account password of other people is eliminated. In addition, the process that the terminal judges whether the user input information is matched is judged by the number sequence generated by the Hash algorithm through the password, and the password is not directly adopted for judgment, so that the exposure of the password is reduced, and the leakage of the password of the user is effectively prevented.
Referring to fig. 8, the third determination module 3 includes:
a sixth obtaining sub-module 31, configured to obtain biometric information of the user; preprocessing the biological characteristic information to generate first biological characteristic information;
a seventh obtaining sub-module 32, configured to obtain a fifth array value corresponding to the first biometric characteristic information according to a correspondence between biometric characteristic information and array values pre-stored in the database;
a fifth judging submodule 33 configured to judge whether the fifth array value matches the third array value;
and the third judging submodule 34 is used for judging that the biological characteristic information meets the first preset requirement if the first judging submodule is positive.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. The terminal prompts the user to input the biological characteristic information, and the prompting mode includes but is not limited to voice and words. The terminal acquires the biological characteristic information of the user, including but not limited to one or more of fingerprint information, face characteristic information, iris information and voiceprint information. The terminal preprocesses the acquired biological characteristic information, so that the terminal can more easily extract the biological characteristic information. The preprocessing process comprises the steps of filtering and denoising the picture of the biological characteristic information, and the like, so that the image is clearer. And finding a user account corresponding to the biological characteristic information in the database according to the biological characteristic information extracted by the terminal, and acquiring a fifth sequence value corresponding to the user account from the database by the terminal. The fifth array value is an encrypted value obtained by encrypting the password corresponding to the user account, and the encryption algorithm used in the process is the encryption algorithm used in the encryption calculation of the password input by the user in step S21. The database includes, but is not limited to, a local database or a cloud server database. And the terminal judges whether the fifth array value is matched with the third array value, namely the terminal judges whether the array value of the password corresponding to the user account acquired from the server is consistent with the array value corresponding to the password input by the user. And if the number series value of the password corresponding to the user account acquired in the server is consistent with the number series value corresponding to the password input by the user, judging that the biological characteristic information meets a first preset requirement. Through the operation, the terminal judges whether the biological characteristic information of the user is matched or not according to the comparison between the numerical sequence value corresponding to the biological characteristic information and the numerical sequence value corresponding to the user account in the database, but not the comparison between the biological characteristic information acquired by the terminal and the biological characteristic information stored in the database, so that the biological characteristic exposure links are reduced, and the possibility of the leakage of the biological characteristic information of the user is reduced.
Further, the terminal user identity authentication device further comprises a recording module, a second obtaining module and a list generating module.
The recording module is used for recording the user identity information of the current verification and the corresponding verification time;
the third acquisition module is used for acquiring a historical record of the user identity authentication, wherein the historical record comprises the user identity information and the authentication time of the current previous authentication;
and the list generating module is used for generating a terminal use list containing the user identity information and the corresponding verification time according to the user identity information and the corresponding verification time and history.
In the embodiment of the present invention, the terminal includes, but is not limited to, a smart phone. In certain work and learning environments, smart phones are used by people as public supplies. And the terminal acquires the user identity information and the verification time of the current verification. If the user C passes the user identity authentication on 1 month and 1 day of 2019 and 13: 00. The terminal obtains the history record of the user authentication, if the user A passes the authentication in 1/12: 00 of 2019, and the user B passes the authentication in 1/12: 30 of 2019. And the mobile phone generates a terminal use list containing the user A, the user B, the user C and the corresponding verification time according to the current verification user identity information, the verification time and the history. Through the operation, a terminal manager can accurately know the user and the use time of the terminal, and management is convenient.
Referring to fig. 9, the present application also provides a storage medium 100, in which a computer program 200 is stored in the storage medium 100, and when the computer program runs on a computer, the computer is enabled to execute the method for authenticating the end user described in the above embodiment.
Referring to fig. 10, the present application further provides a computer device 300 containing instructions, which when run on the computer device 300, causes the computer device 300 to execute the method for authenticating an end user as described in the above embodiments by means of a processor 400 disposed therein.
It will be appreciated by those skilled in the art that the end user authentication device of the present invention and the above-described apparatus for performing one or more of the methods described in the present application are related. These devices may be specially designed and manufactured for the required purposes, or they may comprise known devices in general-purpose computers. These devices have stored therein computer programs or applications that are selectively activated or reconfigured. Such a computer program may be stored in a device (e.g., computer) readable medium, including, but not limited to, any type of disk including floppy disks, hard disks, optical disks, CD-ROMs, and magnetic-optical disks, ROMs (Read-Only memories), RAMs (Random Access memories), EPROMs (Erasable Programmable Read-Only memories), EEPROMs (Electrically Erasable Programmable Read-Only memories), flash memories, magnetic cards, or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a bus. That is, a readable medium includes any medium that stores or transmits information in a form readable by a device (e.g., a computer).
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. An authentication method for a terminal user, wherein the terminal has a corresponding SIM card, the method comprising:
respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal;
respectively judging whether account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal are matched with prestored information;
determining the validity of the user identity authentication according to the judgment result;
the step of respectively judging whether the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are all matched with the pre-stored information comprises the following steps:
judging whether the account key information input by the user is matched with information prestored in a database;
if yes, obtaining the biological feature information of the user, and judging whether the biological feature information meets the preset requirement;
if so, acquiring ID information corresponding to each SIM card carried by the terminal, and generating a first ID set;
acquiring a second ID set which is prestored in the database and corresponds to the terminal, wherein the second ID set comprises ID information of each SIM card associated with a legal user of the terminal;
judging whether the second ID set is a subset of the first ID set;
if yes, respectively judging whether first SIM cards in the subset are all valid, wherein the first SIM cards are all SIM cards corresponding to the ID information in the second ID set in the terminal;
and if the information is valid, judging that the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information.
2. The method of claim 1, wherein the step of separately determining whether the first SIM cards in the subset are all valid comprises:
acquiring ID information corresponding to each first SIM card in the subset;
respectively encrypting the ID information corresponding to each first SIM card through a first encryption algorithm to generate a first sequence value;
for each first SIM card, sending the corresponding first sequence value to a server in a preset form through the first SIM card, wherein the server is used for verifying whether the current SIM card carried by the terminal is valid;
acquiring a second array value fed back by the server aiming at the telephone number corresponding to the first SIM card;
judging whether the first array value is the same as the second array value;
if yes, the first SIM card in the subset is judged to be effective.
3. The method of claim 1, wherein the account key information includes a password and an account number, and the step of determining whether the account key information entered by the user matches information pre-stored in a database comprises:
carrying out encryption calculation on the password input by the user through a second encryption algorithm to generate a third sequence of values;
acquiring a fourth numerical value corresponding to the account from a database according to the account input by the user, wherein the database prestores a corresponding relationship between the account and the fourth numerical value;
determining whether the third array value matches the fourth array value;
if yes, the account key information input by the user is judged to be matched with the information prestored in the database, and if not, the account key information is not matched.
4. The method for authenticating an end user according to claim 3, wherein the step of obtaining the biometric information of the user and determining whether the biometric information meets a preset requirement comprises:
acquiring biological characteristic information of a user, preprocessing the biological characteristic information, and determining a user account corresponding to the biological characteristic information;
acquiring a fifth array value corresponding to the biological characteristic information according to the corresponding relation between the user account of the biological characteristic information prestored in the database and the array value;
determining whether the fifth array value matches the third array value;
if so, judging that the biological characteristic information meets the preset requirement, otherwise, judging that the biological characteristic information does not meet the preset requirement.
5. The method of claim 1, wherein the step of determining the validity of the user authentication according to the determination result comprises:
and configuring a terminal operating environment corresponding to the authority according to the user identity authentication result.
6. The method for authenticating a terminal user according to claim 5, wherein the step of configuring the terminal operating environment corresponding to the right according to the user authentication result comprises:
respectively carrying out security level division on all application programs prestored in the terminal to form application program lists corresponding to different security levels;
according to the number ratio of all verification steps in the verification result, respectively evaluating the security level of the operating environment of all SIM cards carried by the terminal;
acquiring a security level corresponding to an SIM card connected with a current network;
and matching the application program list with the security level consistent with the security level corresponding to the SIM card connected with the current network according to the security level corresponding to the SIM card connected with the current network.
7. An apparatus for authenticating a terminal user, said terminal having a corresponding SIM card, the apparatus comprising:
the first acquisition module is used for respectively acquiring account key information input by a user, biological characteristic information of the user and a current SIM card carried by the terminal;
the first judgment module is used for respectively judging whether the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information;
the determining module is used for determining the validity of the user identity authentication according to the judgment result;
the first judging module comprises:
the first judgment submodule is used for judging whether the account key information input by the user is matched with information prestored in a database;
the second obtaining submodule is used for obtaining the biological characteristic information of the user if the biological characteristic information meets the preset requirement;
a third obtaining submodule, configured to obtain ID information corresponding to each SIM card loaded by the terminal, if yes, and generate a first ID set;
a fourth obtaining submodule, configured to obtain a second ID set corresponding to the terminal and prestored in the database, where the second ID set includes ID information of each SIM card associated with a valid user of the terminal;
a second determining submodule, configured to determine whether the second ID set is a subset of the first ID set;
a third judging submodule, configured to respectively judge whether the first SIM cards in the subset are all valid if the first SIM cards in the subset are valid, where the first SIM cards are all SIM cards in the terminal corresponding to the ID information in the second ID set;
and the first judgment sub-module is used for judging that the account key information input by the user, the biological characteristic information of the user and the current SIM card carried by the terminal are matched with the pre-stored information if the account key information and the biological characteristic information are all valid.
8. A storage medium, characterized in that it is a computer-readable storage medium, on which a computer program is stored, which computer program, when executed, implements the method of authentication of an end user according to any of claims 1 to 6.
9. Computer device, characterized in that it comprises a processor, a memory and a computer program stored on said memory and executable on said processor, said processor implementing, when executing said computer program, a method for authentication of an end user according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910810586.0A CN110516427B (en) | 2019-08-29 | 2019-08-29 | Terminal user identity authentication method and device, storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910810586.0A CN110516427B (en) | 2019-08-29 | 2019-08-29 | Terminal user identity authentication method and device, storage medium and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110516427A CN110516427A (en) | 2019-11-29 |
| CN110516427B true CN110516427B (en) | 2022-03-11 |
Family
ID=68629345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910810586.0A Active CN110516427B (en) | 2019-08-29 | 2019-08-29 | Terminal user identity authentication method and device, storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110516427B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113221128B (en) * | 2020-01-21 | 2022-11-08 | 中国移动通信集团山东有限公司 | Account and password storage method and registration management system |
| CN111738734B (en) * | 2020-06-22 | 2021-08-24 | 微晶(北京)科技有限公司 | Method for transferring and merging account information in block chain |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106658463A (en) * | 2016-09-30 | 2017-05-10 | 宇龙计算机通信科技(深圳)有限公司 | Operating system login method, device and terminal |
| CN106650373A (en) * | 2016-12-15 | 2017-05-10 | 珠海格力电器股份有限公司 | SIM card information protection method and device |
| CN107070864A (en) * | 2016-12-30 | 2017-08-18 | 宇龙计算机通信科技(深圳)有限公司 | Safe verification method and system based on fingerprint |
| CN109816392A (en) * | 2019-01-19 | 2019-05-28 | 深圳市沃特沃德股份有限公司 | Intelligent payment method, device, computer equipment and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014138238A (en) * | 2013-01-16 | 2014-07-28 | Nec Saitama Ltd | Portable terminal device, wireless communication device, wireless communication system and wireless communication method |
| CN105046126B (en) * | 2015-05-21 | 2018-11-16 | 努比亚技术有限公司 | Encryption method and electronic equipment |
| CN107767137A (en) * | 2016-08-23 | 2018-03-06 | 中国移动通信有限公司研究院 | A kind of information processing method, device and terminal |
-
2019
- 2019-08-29 CN CN201910810586.0A patent/CN110516427B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106658463A (en) * | 2016-09-30 | 2017-05-10 | 宇龙计算机通信科技(深圳)有限公司 | Operating system login method, device and terminal |
| CN106650373A (en) * | 2016-12-15 | 2017-05-10 | 珠海格力电器股份有限公司 | SIM card information protection method and device |
| CN107070864A (en) * | 2016-12-30 | 2017-08-18 | 宇龙计算机通信科技(深圳)有限公司 | Safe verification method and system based on fingerprint |
| CN109816392A (en) * | 2019-01-19 | 2019-05-28 | 深圳市沃特沃德股份有限公司 | Intelligent payment method, device, computer equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| "沃互联"统一认证方案研究与应用;刘镝等;《业务与运营》;20170306(第6期);第17-30页 * |
| TrustZone-based Mobile Terminal Security System;Jian Xiao等;《网页在线公开:https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8623556》;20190124;第1-5页 * |
| 软件用户身份识别技术及应用;童恩等;《软件用户身份识别技术及应用》;20130806;第29卷(第3期);第73-75页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110516427A (en) | 2019-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| CN107172008B (en) | A kind of system and method carrying out multisystem certification and synchronization in a mobile device | |
| CN110213246B (en) | Wide-area multi-factor identity authentication system | |
| CN107800725B (en) | Remote online management device and method for digital certificates | |
| CN104104672B (en) | The method that dynamic authorization code is established in identity-based certification | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
| CN108964925B (en) | File authentication equipment method, device, equipment and readable medium | |
| CN105868970B (en) | authentication method and electronic equipment | |
| US10595206B1 (en) | Systems and methods for independent multi-challenge multi-level authentication | |
| US9485255B1 (en) | Authentication using remote device locking | |
| US10931663B2 (en) | Terminal authenticated access | |
| CN102664903A (en) | Network user identifying method and system | |
| CN111404859A (en) | Client authentication method and device and computer readable storage medium | |
| KR20160139885A (en) | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method | |
| CN110516427B (en) | Terminal user identity authentication method and device, storage medium and computer equipment | |
| CN108920919A (en) | Control method, the device and system of interactive intelligence equipment | |
| CN105243311B (en) | Fingerprint information safe calling method, fingerprint information safe calling device and mobile terminal | |
| CN104104671B (en) | Establish the unified dynamic authorization code system of business entity's account | |
| US20130198836A1 (en) | Facial Recognition Streamlined Login | |
| EP3407241B1 (en) | User authentication and authorization system for a mobile application | |
| CN110535809B (en) | Identification code pulling method, storage medium, terminal device and server | |
| CN106156549B (en) | application program authorization processing method and device | |
| CN112671534B (en) | Service key management method, service terminal and system based on biological characteristics | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20211130 Address after: 518000 201, No.26, yifenghua Innovation Industrial Park, Xinshi community, Dalang street, Longhua District, Shenzhen City, Guangdong Province Applicant after: Shenzhen waterward Software Technology Co.,Ltd. Address before: 518000 B, 503, 602, digital city building, garden city, 1079 Shekou Road, Shekou, Nanshan District, Shenzhen, Guangdong. Applicant before: SHENZHEN WATER WORLD Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |