CN111541659B - Identity verification method, system and electronic equipment - Google Patents
Identity verification method, system and electronic equipment Download PDFInfo
- Publication number
- CN111541659B CN111541659B CN202010293088.6A CN202010293088A CN111541659B CN 111541659 B CN111541659 B CN 111541659B CN 202010293088 A CN202010293088 A CN 202010293088A CN 111541659 B CN111541659 B CN 111541659B
- Authority
- CN
- China
- Prior art keywords
- party
- trusted
- service
- file
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Abstract
An identity verification method, system and electronic equipment, the method includes the steps: the service demand side sends a biological characteristic canceling file to a trusted third party; wherein the biometric cancellation file comprises a credential file; the trusted third party judges whether the voucher file is matched with a prestored storage file or not; if so, the trusted third party eliminates the biological characteristics of the service demander; and if not, the trusted third party continuously saves the biological characteristics of the service demand party. The identity authentication method, the identity authentication system and the electronic equipment can cancel the service of the intelligent card after the identity authentication is passed, and greatly improve the safety performance of the intelligent card.
Description
Technical Field
The invention belongs to the technical field of identity authentication, and particularly relates to an identity authentication method, an identity authentication system and electronic equipment.
Background
A Smart Card (Smart Card) is an IC Card embedded with a microchip, developed on the basis of a barcode Card and a magnetic Card, includes a CPU, a RAM, an I/O, and the like, as a novel high-performance identification Card, and is an independent microprocessor including an operating system. Smart cards take integrated circuit card (IC card) technology as a core and computer and communication technology as a means. One or more integrated circuit chips with functions of storage, operation and the like are embedded in a PVC (or ABS and the like) plastic substrate conforming to the ISO7816 standard, so that the integrated circuit chips become carriers capable of storing, transferring, transmitting and processing data.
The smart card has the advantages of large storage capacity, strong computing capability, high safety and the like, can store various information such as characters, sounds, images and the like, and is widely applied to the fields of finance and finance, social insurance, traffic tourism, commodity retail, leisure and entertainment, school management and the like. Common smart cards include credit cards, debit cards, campus cards, medical cards, bus cards, SIM cards, and the like. In 2018, the global smart card issuing amount exceeds 100 hundred million cards.
Public transport cards are currently used to make payments in many areas, such as bus riding, car refueling, boat riding, shopping online or in brick and mortar stores, and the like. However, in practical use, when the card is lost, the owner of the smart stored-value card (e.g., a bus card) often faces serious problems such as the inability to recover the balance in the card and illegal access rights of others. Until now, there has been no secure, quick way for card users to revoke smart cards when they lose the cards or the cards are stolen.
Disclosure of Invention
In order to solve the above problem, the present invention provides an authentication method, comprising the steps of:
the service demand side sends a biological characteristic canceling file to a credible third party; wherein the biometric cancellation file comprises a credential file;
The trusted third party judges whether the voucher file is matched with a pre-stored saved file or not;
if yes, the trusted third party rejects the biological characteristics of the service demand party;
and if not, the trusted third party continuously stores the biological characteristics of the service demand party.
Preferably, before the service requirement party sends the biometric canceling file to the trusted third party, the method further comprises the following steps:
the service demander registering the biometric feature and the saved file in the trusted third party;
the trusted third party saves the biometric characteristic and the saved file in a registry.
Preferably, after the trusted third party saves the biometric characteristic and the saved file in a registry, the method further comprises the steps of:
the trusted third party generates a master key and a shared key;
the trusted third party sends the master secret key to the service demand party;
the trusted third party sends the shared key to a service provider.
Preferably, after the trusted third party sends the master key to the service demander, the method further includes the steps of:
the service requirement side sends a biological characteristic canceling request to the trusted third party;
The trusted third party sends an identity verification request to the service demander;
the service requiring party sends the master secret key to the trusted third party;
the trusted third party judges whether the received master key is matched with the master key sent by the trusted third party;
if so, the trusted third party allows the service demand side to send a biological characteristic canceling file to the service demand side;
if not, the trusted third party refuses the service demand party to send the biological characteristic canceling file to the service demand party.
Preferably, after the trusted third party sends the shared key to the service provider, the method further comprises the following steps:
the service provider sends a biometric authentication request to the trusted third party;
the trusted third party sends an authentication request to the service provider;
the service provider sends the shared secret key to the trusted third party;
the trusted third party judges whether the shared secret key received by the trusted third party is matched with the shared secret key sent by the trusted third party;
if yes, the service provider saves the biological characteristics shared by the trusted third party;
if not, the trusted third party does not share the biometric characteristic with the service provider.
Preferably, after the trusted third party shares the self-stored biometric features with the service provider, the method further comprises the following steps:
the service demand side sends a service demand request to the service provider;
the service provider sends an identity authentication request to the service demander;
the service demander sends the biometric to the service provider;
the service provider judges whether the received biological characteristics match the stored biological characteristics;
if so, the service provider provides the service to the service demander;
and if not, the service provider rejects the service requirement request of the service demander.
Preferably, the step of sending the biometric canceling file to the trusted third party by the service requirement direction comprises the steps of:
and the service demander sends the biological characteristic canceling file to the trusted third party through the mobile terminal.
The invention also provides an identity verification system, which comprises:
the service demander is used for sending the biological characteristic canceling file to the trusted third party; wherein the biometric cancellation file comprises a credential file;
the trusted third party is used for judging whether the certificate file is matched with a prestored storage file or not;
When the judgment result is yes, the trusted third party rejects the biological characteristics of the service demander; and when the judgment result is no, the trusted third party continuously stores the biological characteristics of the service demand party.
Preferably, the system further comprises:
the mobile terminal is used for sending the biological characteristic canceling file to the trusted third party by the service demand direction;
and the service provider is used for providing service for the service demander when the biological characteristics provided by the service demander are matched with the biological characteristics shared by the credible third party.
The present invention also provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform any of the authentication methods described above.
The identity authentication method, the identity authentication system and the electronic equipment can cancel the service of the intelligent card after the identity authentication is passed, and greatly improve the safety performance of the intelligent card.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method of authentication provided by the present invention;
fig. 2 is a schematic structural diagram of an authentication system provided in the present invention;
fig. 3 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the accompanying drawings in combination with the embodiments. It is to be understood that these descriptions are only illustrative and are not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1, in an embodiment of the present application, the present application provides an identity authentication method, including the steps of:
S101, the service demand side sends a biological characteristic canceling file to a trusted third party; wherein the biometric cancellation file comprises a credential file;
s102, the trusted third party judges whether the voucher file is matched with a pre-stored saved file or not;
s103, if yes, the trusted third party eliminates the biological characteristics of the service demander;
and S104, if not, the trusted third party continues to store the biological characteristics of the service demand party.
In the embodiment of the application, the trusted third party stores the biological characteristics of the stored file and the service demand party in advance, at the moment, the service demand party sends a biological characteristic canceling file to the trusted third party, wherein the biological characteristic canceling file comprises a certificate file, the trusted third party judges whether the certificate file is matched with the stored file, and if the certificate file is matched with the stored file, the trusted third party rejects the biological characteristics of the service demand party stored by the trusted third party; when the two do not match, the trusted third party continues to save the biometric at this point.
In this embodiment, the service demander may be a smart card, the trusted third party may be a database, the biometric features may be various pieces of biometric information such as a fingerprint, a voice, a palm print, and an iris of the smart card user, and the credential file and the save file may be personal information, a telephone number, and the like of the smart card user.
In this embodiment of the present application, before the step S101, the step of sending the biometric canceling file to the trusted third party by the service requirement party further includes:
the service demander registering the biometric feature and the saved file in the trusted third party;
the trusted third party saves the biometric characteristic and the saved file in a registry.
In the embodiment of the application, when the service demander registers the saved file such as the biological characteristics of the fingerprint and the telephone number in the trusted third party, the trusted third party saves the file in the registry.
In an embodiment of the present application, after the trusted third party saves the biometric feature and the saved file in the registry, the method further includes:
the trusted third party generates a master key and a shared key;
the trusted third party sends the master secret key to the service demand party;
the trusted third party sends the shared key to a service provider.
In the embodiment of the application, after the trusted third party stores the biological characteristics and the storage file in the registry, the trusted third party generates a master key and a shared key, sends the master key to the service demander, and sends the shared key to the service provider.
In this embodiment of the present application, after the trusted third party sends the master key to the service demander, the method further includes:
the service requirement side sends a biological characteristic canceling request to the trusted third party;
the trusted third party sends an authentication request to the service demander;
the service requirement party sends the master secret key to the trusted third party;
the trusted third party judges whether the master key received by the trusted third party is matched with the master key sent by the trusted third party;
if so, the trusted third party allows the service demand side to send a biological characteristic canceling file to the service demand side;
and if not, the trusted third party refuses the service demand party to send the biological characteristic canceling file to the service demand party.
In the embodiment of the application, when the service demander sends the biological characteristic canceling request to the trusted third party, the trusted third party needs to perform identity verification on the biological characteristic canceling request, and only when the master key input by the service demander is matched with the master key sent by the service demander, it is indicated that the service demander has the biological characteristic canceling authority, and at this time, the service demander is allowed to send the biological characteristic canceling file.
In this embodiment of the present application, after the trusted third party sends the shared key to the service provider, the method further includes:
The service provider sends a biometric authentication request to the trusted third party;
the trusted third party sends an authentication request to the service provider;
the service provider sends the shared secret key to the trusted third party;
the trusted third party judges whether the received shared secret key is matched with the shared secret key sent by the trusted third party;
if yes, the service provider saves the biological characteristics shared by the trusted third party;
if not, the trusted third party does not share the biometric characteristic with the service provider.
In the embodiment of the application, when the biometric features in the trusted third party are shared with the service provider, the service provider needs to perform identity verification, and only when the shared key provided by the service provider is matched with the shared key sent by the trusted third party, it is indicated that the service provider has communication with the trusted third party and can receive the shared key shared by the service provider and the trusted third party.
In this embodiment of the present application, after the trusted third party shares the biometric features stored by itself with the service provider, the method further includes:
the service demand side sends a service demand request to the service provider;
the service provider sends an identity authentication request to the service demander;
The service demander sends the biometric to the service provider;
the service provider judges whether the received biological characteristics match the stored biological characteristics;
if so, the service provider provides the service to the service demander;
and if not, the service provider rejects the service requirement request of the service demander.
In the embodiment of the application, the service provider can provide the service to the service demander only when the biological characteristics provided by the service demander are matched with the biological characteristics received by the service provider from the trusted third party.
In an embodiment of the present application, the sending, by the service requirement party, the biometric cancellation file to the trusted third party includes:
and the service demander sends the biological characteristic canceling file to the trusted third party through the mobile terminal.
In the embodiment of the application, the service demander sends the biological characteristic canceling file to the trusted third party through mobile terminals such as a mobile phone and a smart watch.
As shown in fig. 2, in the embodiment of the present application, the present invention further provides an identity verification system, where the system includes:
the service demander 201 is used for sending the biological characteristic canceling file to the trusted third party; wherein the biometric cancellation file comprises a credential file;
The trusted third party 202 is used for judging whether the voucher file is matched with a prestored storage file or not;
when the judgment result is yes, the trusted third party 202 eliminates the biological characteristics of the service demander 201; when the determination is negative, the trusted third party 202 continues to save the biometric features of the service demander 201.
In an embodiment of the present application, the system further includes:
the mobile terminal 203 is used for the service demander 201 to send the biometric canceling file to the trusted third party 202;
the service provider 204 is configured to provide a service for the service demander 201 when the biometric provided by the service demander 201 matches the biometric shared by the trusted third party 202.
The system shown in fig. 2 can correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
As shown in fig. 3, in the embodiment of the present application, the present invention also provides an electronic device, and the electronic device 30 may include a processing device (e.g., a central processing unit, a graphics processing unit, etc.) 301, which may perform various suitable actions and processes according to a program stored in a Read Only Memory (ROM)302 or a program loaded from a storage device 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data necessary for the operation of the electronic apparatus 30 are also stored. The processing device 301, the ROM 302, and the RAM303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Generally, the following devices may be connected to the I/O interface 305: input devices 306 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, or the like; an output device 307 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 308 including, for example, magnetic tape, hard disk, etc.; and a communication device 309. The communication means 309 may allow the electronic device 30 to communicate with other devices wirelessly or by wire to exchange data. While the figures illustrate an electronic device 30 having various means, it is understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication means 309, or installed from the storage means 308, or installed from the ROM 302. The computer program, when executed by the processing device 301, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
The identity authentication method, the identity authentication system and the electronic equipment can cancel the service of the intelligent card after the identity authentication is passed, and greatly improve the safety performance of the intelligent card.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (5)
1. An identity verification method, characterized in that the method comprises the steps of:
the service demand side sends a biological characteristic canceling file to a credible third party; wherein the biometric cancellation file comprises a credential file;
the trusted third party judges whether the voucher file is matched with a prestored storage file or not;
if so, the trusted third party eliminates the biological characteristics of the service demander;
if not, the trusted third party continues to store the biological characteristics of the service demand party;
Before the service requirement direction sends the biological characteristic canceling file to the trusted third party, the method further comprises the following steps:
the service demander registering the biometric feature and the saved file with the trusted third party;
the trusted third party saving the biometric characteristic and the saved file in a registry;
the step of sending the biological characteristic canceling file to the trusted third party by the service demand direction comprises the following steps:
the service demander sends a biological characteristic canceling file to the trusted third party through the mobile terminal;
the trusted third party, after saving the biometric characteristic and the saved file in a registry, further comprises the steps of:
the trusted third party generates a master key and a shared key;
the trusted third party sends the master secret key to the service demand party;
the trusted third party sends the shared secret key to a service provider;
the method for sending the master key to the service demand party by the trusted third party further comprises the following steps:
the service requirement side sends a biological characteristic canceling request to the trusted third party;
the trusted third party sends an authentication request to the service demander;
the service requirement party sends the master secret key to the trusted third party;
The trusted third party judges whether the received master key is matched with the master key sent by the trusted third party;
if so, the trusted third party allows the service demand side to send a biological characteristic canceling file to the service demand side;
and if not, the trusted third party refuses the service demand party to send the biological characteristic canceling file to the service demand party.
2. The method of identity verification according to claim 1, further comprising, after the trusted third party sends the shared key to the service provider, the steps of:
the service provider sends a biometric authentication request to the trusted third party;
the trusted third party sends an authentication request to the service provider;
the service provider sends the shared secret key to the trusted third party;
the trusted third party judges whether the received shared secret key is matched with the shared secret key sent by the trusted third party;
if yes, the service provider saves the biological characteristics shared by the trusted third party;
if not, the trusted third party does not share the biometric characteristic with the service provider.
3. The identity verification method of claim 2, further comprising, after the trusted third party shares its own saved biometric with the service provider, the steps of:
The service demand side sends a service demand request to the service provider;
the service provider sends an identity authentication request to the service demander;
the service demander sends the biometric to the service provider;
the service provider judges whether the received biological characteristics match the stored biological characteristics;
if so, the service provider provides the service to the service demander;
and if not, the service provider rejects the service requirement request of the service demander.
4. An authentication system for implementing the authentication method according to any one of claims 1 to 3, characterized in that the system comprises:
the service demander is used for sending the biological characteristic canceling file to the trusted third party; wherein the biometric cancellation file comprises a credential file;
the trusted third party is used for judging whether the certificate file is matched with a prestored storage file or not;
when the judgment result is yes, the trusted third party rejects the biological characteristics of the service demander; when the judgment result is no, the trusted third party continues to store the biological characteristics of the service demand party;
The system further comprises:
the mobile terminal is used for sending the biological characteristic canceling file to the trusted third party by the service demand direction;
and the service provider is used for providing service for the service demander when the biological characteristics provided by the service demander are matched with the biological characteristics shared by the trusted third party.
5. An electronic device, characterized in that the electronic device comprises:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the authentication method of any one of claims 1-3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010293088.6A CN111541659B (en) | 2020-04-15 | 2020-04-15 | Identity verification method, system and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010293088.6A CN111541659B (en) | 2020-04-15 | 2020-04-15 | Identity verification method, system and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111541659A CN111541659A (en) | 2020-08-14 |
CN111541659B true CN111541659B (en) | 2022-06-28 |
Family
ID=71970689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010293088.6A Active CN111541659B (en) | 2020-04-15 | 2020-04-15 | Identity verification method, system and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111541659B (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040073570A1 (en) * | 2002-10-10 | 2004-04-15 | International Business Machines Corporation | System and method for blind sharing of genome data |
US7161465B2 (en) * | 2003-04-08 | 2007-01-09 | Richard Glee Wood | Enhancing security for facilities and authorizing providers |
WO2006044917A2 (en) * | 2004-10-15 | 2006-04-27 | The Regents Of The University Of Colorado, A Body Corporate | Revocable biometrics with robust distance metrics |
JP2007183767A (en) * | 2006-01-05 | 2007-07-19 | Fujitsu Ltd | Method and system for deleting biological information |
WO2011017099A2 (en) * | 2009-07-27 | 2011-02-10 | Suridx, Inc. | Secure communication using asymmetric cryptography and light-weight certificates |
-
2020
- 2020-04-15 CN CN202010293088.6A patent/CN111541659B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111541659A (en) | 2020-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7287165B2 (en) | IC card, portable terminal, and access control method | |
US8768303B2 (en) | Telecommunications chip card and mobile telephone device | |
CN104919779B (en) | Method relative to automatic device certification user | |
US20070181672A1 (en) | Electronic settlement system, portable telephone, noncontact ic card reader, and personal identification data sampler | |
WO2015001473A1 (en) | Authorizing transactions using mobile device based rules | |
WO2012125477A2 (en) | System and device for facilitating a transaction by consolidating sim, personal token, and associated applications for electronic wallet transactions | |
US20090045257A1 (en) | Federated ID Secure Virtual Terminal Emulation Smartcard | |
CN101809579A (en) | Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications | |
EP2237519A1 (en) | Method and system for securely linking digital user's data to an NFC application running on a terminal | |
WO2022072166A8 (en) | Systems and methods for securely opening apis with cardholder authentication and consent | |
SE536589C2 (en) | Secure two-party comparison transaction system | |
CN107733973A (en) | Method of controlling security, terminal, server and computer-readable medium | |
CN101770665A (en) | One-card system based on IC identification card | |
CN112468975A (en) | Management method, device, medium and electronic equipment of analog card | |
JP4414679B2 (en) | Mobile phone terminal | |
US11720882B2 (en) | Identity deep freeze | |
CN111541659B (en) | Identity verification method, system and electronic equipment | |
US10742662B2 (en) | Non-transaction enabling data security | |
CN102073888A (en) | Intelligent card system capable of displaying transaction data in real time and method thereof | |
US11392935B2 (en) | Automatic activation of a physical payment card | |
KR20090021887A (en) | The integrative method and system which use an id card and a mobile phone for electronic payment | |
CN112232467A (en) | Account switching method and multi-frequency Internet of things card | |
KR101152892B1 (en) | Method and apparatus for mmanaging withdrawal with bank card | |
AU2011254438B2 (en) | Portable communication equipment, system and method for communicating between a local terminal and a plurality of portable equipment | |
US20140236821A1 (en) | Method and system for the transmission of authenticated authorization requests |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |