CN112954693A - Identity authentication method, identity authentication server and terminal - Google Patents
Identity authentication method, identity authentication server and terminal Download PDFInfo
- Publication number
- CN112954693A CN112954693A CN202110183331.3A CN202110183331A CN112954693A CN 112954693 A CN112954693 A CN 112954693A CN 202110183331 A CN202110183331 A CN 202110183331A CN 112954693 A CN112954693 A CN 112954693A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- audio
- identity authentication
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an identity authentication method, an identity authentication server and a terminal, which can be applied to the field of information security, and the method comprises the following steps: when an identity authentication request of a user terminal is received, a one-time secret key is randomly generated; intercepting the one-time key into a message key and an audio key, and converting the audio key into audio; sending a message key and a call request to a terminal; when the call is connected, the converted audio is played, and a user is instructed to make a sound; receiving a terminal confirmation request encrypted by a terminal through a one-time key and user voice audio collected by the terminal, wherein the one-time key is formed by combining an audio key restored from the audio by the terminal and a received message key; extracting a voiceprint characteristic value from a user voice audio, and comparing the voiceprint characteristic value with a pre-stored reference voiceprint value; and if the voiceprint characteristic values are compared and consistent, and the terminal confirmation request is obtained after decryption is successful, sending an authentication success notification to the terminal. The invention can ensure the safety of user information and fund.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an identity authentication method, an identity authentication server and a terminal.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
The popularization of the internet technology has great influence on the daily life of people, shopping, ordering, booking, calling cars, paying fees and the like can be completed through an online platform, various convenience is brought to people, and meanwhile, the safety problem is also caused.
When a user transacts a specific transaction through the online platform, the online platform usually needs the user to perform identity authentication first to complete login, and when a large-amount payment operation is involved, the online platform also needs the user to perform identity authentication again to ensure the safety of user information and funds to the maximum extent. In order to avoid the trouble of memorizing static passwords by users, most of the existing online platforms carry out identity authentication in a dynamic verification code authentication mode, namely, when a user requests login or payment, a dynamic verification code which is valid within a specified time (for example, valid within 1 minute) is sent to a mobile phone number specified by the user, after the user obtains the dynamic verification code, the dynamic verification code is submitted to the online platform, and after the online platform confirms that the dynamic verification code is correct, the user further completes the handling of specific services through the login or payment request of the user.
Because the dynamic verification code is usually sent in a short message mode, the possibility of losing due to network transmission problems exists, and because the short message sending is unidirectional, the online platform cannot confirm the short message sending result and actively resends the short message when the short message is lost, so that the situation that a user cannot smoothly log in the online platform or complete payment exists, meanwhile, lawless persons can also happen when stealing the dynamic verification code case through a pseudo base station by using a Global System for Mobile Communications (GSM) hijacking and short message sniffing technology, and the safety of user information and fund cannot be effectively guaranteed.
In order to improve the safety problem caused by the loss of the short message, an identity authentication mode of voice verification code authentication appears, namely, a terminal call is used for replacing the short message, and a dynamic verification code is provided for a user in a voice playing mode. Compared with the method of sending dynamic verification codes by short messages, the method has enhanced security, but still has the following problems:
firstly, the user needs to record the dynamic verification code played by the terminal and then submits the recorded dynamic verification code to the online platform, so that the operation steps of the user are increased, and certain inconvenience is brought to the user due to the need of recording.
And secondly, if the user terminal is stolen by a lawbreaker, the lawbreaker can still obtain the dynamic verification code, thereby bringing threats to user information and fund security.
Disclosure of Invention
The embodiment of the invention provides an identity authentication method, which is used for simplifying the steps of identity authentication of a user and simultaneously ensuring the safety of user information and funds, is applied to an identity authentication server and comprises the following steps:
when an identity authentication request sent by a user terminal is received, a one-time secret key is randomly generated;
intercepting the one-time key into at least two sections, dividing the at least two sections of keys into a message key and an audio key, and converting the audio key into audio, wherein the message key and the audio key respectively comprise at least one section of key;
sending a message key to the terminal and initiating a call request to the terminal;
when the call is connected, playing the audio converted by the audio key, and directing a user to make a sound;
receiving a terminal confirmation request encrypted by a terminal through a one-time key and user voice audio collected by the terminal, wherein the one-time key is formed by combining an audio key restored from the audio by the terminal and a received message key;
extracting a voiceprint characteristic value from a user voice audio, and comparing the voiceprint characteristic value with a pre-stored reference voiceprint value;
and if the voiceprint characteristic values are compared and consistent, and the terminal confirmation request is obtained after decryption is successful, sending an authentication success notification to the terminal.
The embodiment of the invention also provides an identity authentication method, which is used for simplifying the steps of identity authentication of a user and simultaneously ensuring the safety of user information and funds, is applied to a terminal and comprises the following steps:
sending an identity authentication request to an identity authentication server;
receiving a message key sent by an identity authentication server;
answering the call initiated by the identity authentication server, and restoring the audio played by the call into an audio key;
combining the audio key and the received message key into a one-time key, and encrypting the terminal confirmation request by using the one-time key;
collecting the sound emitted by a user to obtain the sound audio of the user;
sending an encrypted terminal confirmation request and user voice audio to an identity authentication server;
and receiving an authentication success notice sent by the identity authentication server, wherein when the identity authentication server extracts the voiceprint characteristic value from the voice audio of the user, the voiceprint characteristic value is compared with the reference voiceprint value and is consistent, and after the terminal confirmation request is obtained after the decryption is successful, the identity authentication server sends the authentication success notice.
The embodiment of the present invention further provides an identity authentication server, which is used to simplify the steps of identity authentication performed by a user and ensure the safety of user information and funds, and the identity authentication server includes:
the key generation module is used for randomly generating a disposable key when receiving an identity authentication request sent by a user terminal;
the key conversion module is used for intercepting the one-time key into at least two sections, dividing the at least two sections of keys into a message key and an audio key, and converting the audio key into audio, wherein the message key and the audio key respectively comprise at least one section of key;
the server communication module is used for sending a message key to the terminal and initiating a call request to the terminal;
the voice playing module is used for playing the audio converted by the audio key after the call is connected and directing the user to make a sound;
the server communication module is also used for receiving a terminal confirmation request encrypted by the terminal by using a one-time secret key and user voice audio collected by the terminal, wherein the one-time secret key is formed by combining an audio secret key restored from the audio by the terminal and a received message secret key;
the comparison module is used for extracting a voiceprint characteristic value from the voice audio of the user and comparing the voiceprint characteristic value with a prestored reference voiceprint value;
and the server communication module is also used for sending an authentication success notice to the terminal when the voiceprint characteristic values are compared and consistent and are decrypted successfully to obtain a terminal confirmation request.
The embodiment of the present invention further provides a terminal, configured to simplify the steps of performing identity authentication by a user, and ensure the safety of user information and funds, where the terminal includes:
the terminal communication module is used for sending an identity authentication request to the identity authentication server;
the terminal communication module is also used for receiving a message key sent by the identity authentication server;
the voice call module is used for answering the call initiated by the identity authentication server and restoring the audio played by the call into an audio key;
the key combination module is used for combining the audio key and the received message key into a one-time key and encrypting the terminal confirmation request by using the one-time key;
the acquisition module is used for acquiring the sound emitted by the user to obtain the sound audio of the user;
the terminal communication module is also used for sending an encrypted terminal confirmation request and user voice audio to the identity authentication server;
and the terminal communication module is also used for receiving an authentication success notice sent by the identity authentication server, wherein when the identity authentication server extracts the voiceprint characteristic value from the voice audio of the user, the voiceprint characteristic value is compared with the reference voiceprint value and is consistent, and the authentication success notice is sent out after the terminal confirmation request is obtained after the decryption is successful.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the identity authentication method is realized when the processor executes the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program for executing the above identity authentication method is stored in the computer-readable storage medium.
In the embodiment of the invention, by means of the message receiving function and the call function of the terminal, whether the terminal receiving the message key and the terminal answering the call of the audio converted by the audio key are the same terminal is verified, thereby preventing lawbreakers from stealing the message key sent by the identity authentication server and utilizing the message key to directly authenticate the identity successfully; meanwhile, by utilizing the voiceprint comparison technology, whether the voiceprint value of the sound emitted in the user call is consistent with the reference voiceprint value is compared, and when the voiceprint value is consistent with the reference voiceprint value, the voiceprint authentication step is passed, so that the terminal which carries out identity authentication is ensured to be not provided with a middle terminal in the identity authentication server by the user, and the user who uses the terminal to manually reserve the reference voiceprint, namely a legal user, ensures the information of the user, namely fund safety. In addition, the whole process does not need any content input by the user manually, and the operation of the user is simplified. In addition, the embodiment of the invention can improve the safety of identity authentication, has no special requirement on the model of the terminal equipment, and is easier to popularize compared with the terminal needing an additional biological information acquisition module in the market, such as a fingerprint acquisition module for acquiring fingerprints.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a schematic structural diagram of a service system in an embodiment of the present invention;
FIG. 2 is a flowchart of an identity authentication method according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method of identity authentication in an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an identity authentication server according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
The embodiment of the invention provides an identity authentication method which is applied to a service system shown in figure 1. Referring to fig. 1, the service system includes an identity authentication server, a terminal, a service server, and an operator server.
The terminal may be a mobile phone, a tablet computer or a computer with a voice communication function and a network communication function, for example, a tablet computer with an SIM card.
The operator server is used for providing an operator network, and the operator network is used as a communication medium between the terminal and the identity authentication server and the service processing server, so that the network, the conversation, the message transmission and the like between the terminal and the identity authentication server and between the terminal and the service processing server are kept smooth. The operator network may be a mobile data network or a WI-FI network.
And the service processing server is used for processing services, such as payment, account transfer and the like, which need to be transacted after the user passes the identity authentication. The identity authentication server and the service processing server can be connected through an enterprise internal network or an operator network, or the identity authentication server and the service processing server can be integrated into one server, and the integrated server provides identity authentication and service processing services at the same time.
In another implementation manner, the plurality of terminals may be used to respectively complete identity authentication and service processing, for example, a computer initiates an identity authentication request, a mobile phone is used to perform identity authentication, and a computer is used to perform service processing after identity authentication is passed.
In the embodiment of the invention, a service handling request can be sent to a service processing server by a terminal, the service processing server judges whether the service requested to be handled by the user needs to perform identity authentication on the user, and if not, the service processing server directly processes the service; if so, the service processing server sends an identity authentication request for the terminal to an identity authentication server; after the identity authentication server confirms that the identity of the terminal user is correct, the identity authentication server informs the service processing server that the service requested by the terminal can be handled.
As shown in fig. 2, the method is applied to an identity authentication server in a business system, and the method includes steps 201 to 207:
The one-time key is only used for the identity authentication request, and the one-time keys used in each identity authentication are different.
In the embodiment of the present invention, the one-time key may be generated using a symmetric encryption algorithm or an asymmetric encryption algorithm, and if an asymmetric encryption algorithm is used, the key processed into the audio and sent to the mobile terminal 1 is a public key. In the specific algorithm selection, the symmetric encryption algorithm can select 3DES or a domestic key algorithm SM4, and the asymmetric encryption algorithm can select RSA or a domestic key algorithm SM 2.
Wherein, the message key and the audio key each comprise at least one section of key.
In the embodiment of the present invention, the one-time key may be intercepted into multiple segments, and it is only required to ensure that each of the message key and the audio key at least includes one segment of key when dividing the message key and the audio key, for example, the one-time key is intercepted into a front segment and a rear segment, the front half segment is divided into the message key, and the rear half segment is divided into the audio key; or, the disposable key is intercepted into 5 sections, the 1 st, 3 rd and 5 th sections are divided into message keys, and the 2 nd and 4 th sections are divided into audio keys; alternatively, the one-time key is truncated into 6 segments, where segment 2 is divided into the message key and the remaining segments are divided into the audio key.
After the message key and the audio key are obtained through division, the audio key can be converted into audio played in the call according to the specified transcoding rule.
The identity authentication server can initiate a call request in an internet dialing mode and send a message key to the terminal in the forms of short messages, business handling client APP push messages and the like.
In order to realize the authentication of the identity authentication server to the terminal and the user, before receiving the identity authentication request sent by the user terminal, the terminal also receives a registration request of the terminal; when a registration request of a terminal is received, storing identity information submitted by the terminal, wherein the identity information comprises a terminal number and registration voice; extracting a voiceprint characteristic value from the registered voice to serve as a reference voiceprint value; the reference voiceprint value and other identity information are saved.
Thereafter, the identity authentication server may initiate a call request to the stored terminal number, or send a message key to the terminal corresponding to the terminal number.
And step 204, after the call is connected, playing the audio converted by the audio key, and directing a user to make a sound.
The voice played by the identity authentication server can guide the user to speak any sentence; alternatively, the user is directed to read out the specified character string. The designated character string is generated by a random algorithm and can be a string of numbers, a sentence and the like, and the content of the character string of the numbers, the sentence and the like can be selected from the registered voice reserved by the user so as to increase the accuracy of voiceprint comparison.
In order to bring better use experience to the user, after the user connects the call, the identity authentication server can play voice to prompt the user to perform identity authentication before completing a certain service, so that the user can know the purpose of the current call conveniently. And then, prompting the user to make any sound, and simultaneously prompting the user to repeat the played designated character string when the user does not determine which voice to make.
Because the frequency range of the voice signal in the current telephone communication is between 300Hz and 3400Hz, and the human ear feels more comfortable to the sound about 1000Hz, the voice frequency of the voice sample generated by the identity authentication server aiming at the identity authentication request can be controlled about 1000Hz, and the user can not feel uncomfortable because of the voice frequency in the authentication process.
And step 205, receiving the terminal confirmation request encrypted by the terminal by using the one-time key and the user voice audio collected by the terminal.
The one-time key is formed by combining an audio key restored from audio by the terminal and a received message key.
The identity authentication server sends a transcoding rule for converting the audio into the audio key to the terminal in advance for storage, the terminal can restore the audio key from the audio by using the transcoding rule, and the audio key and the message key are combined to obtain the one-time key generated by the identity authentication server in step 201.
And step 206, extracting a voiceprint characteristic value from the voice audio of the user, and comparing the voiceprint characteristic value with a pre-stored reference voiceprint value.
And step 207, if the voiceprint characteristic values are compared and consistent, and the terminal confirmation request is obtained after decryption is successful, sending an authentication success notification to the terminal.
In the embodiment of the invention, if any one or more conditions of not connecting the call request initiated to the terminal, inconsistent voiceprint characteristic value comparison and unsuccessfully decrypting the call request to obtain the terminal confirmation request occur, an authentication failure notification is sent to the terminal.
In the embodiment of the invention, by means of the message receiving function and the call function of the terminal, whether the terminal receiving the message key and the terminal answering the call of the audio converted by the audio key are the same terminal is verified, thereby preventing lawbreakers from stealing the message key sent by the identity authentication server and utilizing the message key to directly authenticate the identity successfully; meanwhile, by utilizing the voiceprint comparison technology, whether the voiceprint value of the sound emitted in the user call is consistent with the reference voiceprint value is compared, and when the voiceprint value is consistent with the reference voiceprint value, the voiceprint authentication step is passed, so that the terminal which carries out identity authentication is ensured to be not provided with a middle terminal in the identity authentication server by the user, and the user who uses the terminal to manually reserve the reference voiceprint, namely a legal user, ensures the information of the user, namely fund safety. In addition, the whole process does not need any content input by the user manually, and the operation of the user is simplified. In addition, the embodiment of the invention can improve the safety of identity authentication, has no special requirement on the model of the terminal equipment, and is easier to popularize compared with the terminal needing an additional biological information acquisition module in the market, such as a fingerprint acquisition module for acquiring fingerprints.
An embodiment of the present invention further provides an identity authentication method, which is applied to a terminal in a service system shown in fig. 1, and as shown in fig. 3, the method includes steps 301 to 307:
In order to accelerate the speed of identity authentication, after a terminal receives an incoming call, the number of the incoming call is identified; if the identification result of the incoming call number is the identity authentication server, the call is automatically answered, so that the time consumed by the user for manually answering the call is shortened.
Considering that the user may be in an environment where it is inconvenient to answer the call, or the user is currently busy and cannot answer the call, in another implementation, an option of whether to answer the call may also be set, and the user selects to answer or not to answer the call.
And 305, collecting the sound emitted by the user to obtain the sound and audio of the user.
And 307, receiving an authentication success notification sent by the identity authentication server, wherein when the identity authentication server extracts a voiceprint characteristic value from the voice audio of the user, the voiceprint characteristic value is compared with a reference voiceprint value and is consistent with the reference voiceprint value, and the authentication success notification is sent after the terminal confirmation request is obtained after the decryption is successful.
In the embodiment of the invention, by means of the message receiving function and the call function of the terminal, whether the terminal receiving the message key and the terminal answering the call of the audio converted by the audio key are the same terminal is verified, thereby preventing lawbreakers from stealing the message key sent by the identity authentication server and utilizing the message key to directly authenticate the identity successfully; meanwhile, by utilizing the voiceprint comparison technology, whether the voiceprint value of the sound emitted in the user call is consistent with the reference voiceprint value is compared, and when the voiceprint value is consistent with the reference voiceprint value, the voiceprint authentication step is passed, so that the terminal which carries out identity authentication is ensured to be not provided with a middle terminal in the identity authentication server by the user, and the user who uses the terminal to manually reserve the reference voiceprint, namely a legal user, ensures the information of the user, namely fund safety. In addition, the whole process does not need any content input by the user manually, and the operation of the user is simplified. In addition, the embodiment of the invention can improve the safety of identity authentication, has no special requirement on the model of the terminal equipment, and is easier to popularize compared with the terminal needing an additional biological information acquisition module in the market, such as a fingerprint acquisition module for acquiring fingerprints.
The embodiment of the invention also provides an identity authentication server, which is described in the following embodiment. Because the principle of the device for solving the problems is similar to the identity authentication method, the implementation of the device can refer to the implementation of the identity authentication method, and repeated parts are not described again.
As shown in fig. 4, the identity authentication server 400 includes a key generation module 401, a key conversion module 402, a server communication module 403, a voice playing module 404, and a comparison module 405.
The key generation module 401 is configured to randomly generate a one-time key when receiving an identity authentication request sent by a user terminal;
a key conversion module 402, configured to intercept the one-time key into at least two segments, divide the at least two segments of keys into a message key and an audio key, and convert the audio key into audio, where the message key and the audio key each include at least one segment of key;
a server communication module 403, configured to send a message key to the terminal, and initiate a call request to the terminal;
a voice playing module 404, configured to play an audio converted by the audio key after the call is connected, and instruct the user to make a sound;
the server communication module 403 is further configured to receive a terminal confirmation request encrypted by the terminal using a one-time key, and user voice audio collected by the terminal, where the one-time key is formed by combining an audio key restored from the audio by the terminal and a received message key;
a comparison module 405, configured to extract a voiceprint feature value from a user voice audio, and compare the voiceprint feature value with a pre-stored reference voiceprint value;
the server communication module 403 further sends an authentication success notification to the terminal when the voiceprint feature values are compared and consistent and the terminal confirmation request is obtained after decryption is successful.
In an implementation manner of the embodiment of the present invention, the identity authentication server 400 further includes:
the storage module 406 is configured to store, when a registration request of the terminal is received, identity information submitted by the terminal, where the identity information includes a terminal number and a registration voice; extracting a voiceprint characteristic value from the registered voice to serve as a reference voiceprint value; storing the reference voiceprint value and other identity information;
a server communication module 403, configured to: and initiating a call request to the stored terminal number.
In an implementation manner of the embodiment of the present invention, the voice playing module 404 is configured to:
directing the user to speak an arbitrary sentence; alternatively, the user is directed to read out the specified character string.
In an implementation manner of the embodiment of the present invention, the server communication module 403 is further configured to:
and when the call request initiated to the terminal is not connected, or the voiceprint characteristic value comparison is inconsistent, or the terminal confirmation request is obtained by unsuccessful decryption, sending an authentication failure notification to the terminal.
In the embodiment of the invention, by means of the message receiving function and the call function of the terminal, whether the terminal receiving the message key and the terminal answering the call of the audio converted by the audio key are the same terminal is verified, thereby preventing lawbreakers from stealing the message key sent by the identity authentication server and utilizing the message key to directly authenticate the identity successfully; meanwhile, by utilizing the voiceprint comparison technology, whether the voiceprint value of the sound emitted in the user call is consistent with the reference voiceprint value is compared, and when the voiceprint value is consistent with the reference voiceprint value, the voiceprint authentication step is passed, so that the terminal which carries out identity authentication is ensured to be not provided with a middle terminal in the identity authentication server by the user, and the user who uses the terminal to manually reserve the reference voiceprint, namely a legal user, ensures the information of the user, namely fund safety. In addition, the whole process does not need any content input by the user manually, and the operation of the user is simplified. In addition, the embodiment of the invention can improve the safety of identity authentication, has no special requirement on the model of the terminal equipment, and is easier to popularize compared with the terminal needing an additional biological information acquisition module in the market, such as a fingerprint acquisition module for acquiring fingerprints.
The embodiment of the invention also provides a terminal, which is described in the following embodiment. Because the principle of the terminal for solving the problem is similar to the identity authentication method, the implementation of the terminal can refer to the implementation of the identity authentication method, and repeated parts are not described again.
As shown in fig. 5, the terminal 500 includes a terminal communication module 501, a voice call module 502, a key combination module 503, and an acquisition module 504.
The terminal communication module 501 is configured to send an identity authentication request to an identity authentication server;
the terminal communication module 501 is further configured to receive a message key sent by the identity authentication server;
the voice call module 502 is configured to answer a call initiated by the identity authentication server, and restore an audio played in the call to an audio key;
a key combination module 503, configured to combine the audio key and the received message key into a one-time key, and encrypt the terminal confirmation request with the one-time key;
the acquisition module 504 is configured to acquire a sound emitted by a user to obtain a user sound audio;
the terminal communication module 501 is further configured to send an encrypted terminal confirmation request and a user voice audio to the identity authentication server;
the terminal communication module 501 is further configured to receive an authentication success notification sent by the identity authentication server, where the identity authentication server extracts a voiceprint feature value from the user voice audio, compares the voiceprint feature value with a reference voiceprint value, and sends the authentication success notification after a terminal confirmation request is obtained after decryption is successful.
In an implementation manner of the embodiment of the present invention, the voice call module 502 is configured to:
when the terminal receives an incoming call, identifying the number of the incoming call;
and if the identification result of the incoming call number is the identity authentication server, automatically answering the call.
In the embodiment of the invention, by means of the message receiving function and the call function of the terminal, whether the terminal receiving the message key and the terminal answering the call of the audio converted by the audio key are the same terminal is verified, thereby preventing lawbreakers from stealing the message key sent by the identity authentication server and utilizing the message key to directly authenticate the identity successfully; meanwhile, by utilizing the voiceprint comparison technology, whether the voiceprint value of the sound emitted in the user call is consistent with the reference voiceprint value is compared, and when the voiceprint value is consistent with the reference voiceprint value, the voiceprint authentication step is passed, so that the terminal which carries out identity authentication is ensured to be not provided with a middle terminal in the identity authentication server by the user, and the user who uses the terminal to manually reserve the reference voiceprint, namely a legal user, ensures the information of the user, namely fund safety. In addition, the whole process does not need any content input by the user manually, and the operation of the user is simplified. In addition, the embodiment of the invention can improve the safety of identity authentication, has no special requirement on the model of the terminal equipment, and is easier to popularize compared with the terminal needing an additional biological information acquisition module in the market, such as a fingerprint acquisition module for acquiring fingerprints.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the identity authentication method is realized when the processor executes the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program for executing the above identity authentication method is stored in the computer-readable storage medium.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. An identity authentication method is applied to an identity authentication server, and comprises the following steps:
when an identity authentication request sent by a user terminal is received, a one-time secret key is randomly generated;
intercepting the one-time key into at least two sections, dividing the at least two sections of keys into a message key and an audio key, and converting the audio key into audio, wherein the message key and the audio key respectively comprise at least one section of key;
sending a message key to the terminal and initiating a call request to the terminal;
when the call is connected, playing the audio converted by the audio key, and directing a user to make a sound;
receiving a terminal confirmation request encrypted by a terminal through a one-time key and user voice audio collected by the terminal, wherein the one-time key is formed by combining an audio key restored from the audio by the terminal and a received message key;
extracting a voiceprint characteristic value from a user voice audio, and comparing the voiceprint characteristic value with a pre-stored reference voiceprint value;
and if the voiceprint characteristic values are compared and consistent, and the terminal confirmation request is obtained after decryption is successful, sending an authentication success notification to the terminal.
2. The method of claim 1, wherein before receiving the identity authentication request sent by the user terminal, the method further comprises:
when a registration request of a terminal is received, storing identity information submitted by the terminal, wherein the identity information comprises a terminal number and registration voice;
extracting a voiceprint characteristic value from the registered voice to serve as a reference voiceprint value;
storing the reference voiceprint value and other identity information;
initiating a call request to a terminal, comprising: and initiating a call request to the stored terminal number.
3. The method of claim 1, wherein directing the user to emit a sound comprises:
directing the user to speak an arbitrary sentence;
alternatively, the user is directed to read out the specified character string.
4. The method according to any one of claims 1 to 3, further comprising:
and if the call request initiated to the terminal is not connected, or the voiceprint characteristic value comparison is inconsistent, or the terminal confirmation request is obtained by unsuccessful decryption, sending an authentication failure notification to the terminal.
5. An identity authentication method is applied to a terminal, and the method comprises the following steps:
sending an identity authentication request to an identity authentication server;
receiving a message key sent by an identity authentication server;
answering the call initiated by the identity authentication server, and restoring the audio played by the call into an audio key;
combining the audio key and the received message key into a one-time key, and encrypting the terminal confirmation request by using the one-time key;
collecting the sound emitted by a user to obtain the sound audio of the user;
sending an encrypted terminal confirmation request and user voice audio to an identity authentication server;
and receiving an authentication success notice sent by the identity authentication server, wherein when the identity authentication server extracts the voiceprint characteristic value from the voice audio of the user, the voiceprint characteristic value is compared with the reference voiceprint value and is consistent, and after the terminal confirmation request is obtained after the decryption is successful, the identity authentication server sends the authentication success notice.
6. The method of claim 5, wherein answering a call request from an authentication server comprises:
when the terminal receives an incoming call, identifying the number of the incoming call;
and if the identification result of the incoming call number is the identity authentication server, automatically answering the call.
7. An authentication server, comprising:
the key generation module is used for randomly generating a disposable key when receiving an identity authentication request sent by a user terminal;
the key conversion module is used for intercepting the one-time key into at least two sections, dividing the at least two sections of keys into a message key and an audio key, and converting the audio key into audio, wherein the message key and the audio key respectively comprise at least one section of key;
the server communication module is used for sending a message key to the terminal and initiating a call request to the terminal;
the voice playing module is used for playing the audio converted by the audio key after the call is connected and directing the user to make a sound;
the server communication module is also used for receiving a terminal confirmation request encrypted by the terminal by using a one-time secret key and user voice audio collected by the terminal, wherein the one-time secret key is formed by combining an audio secret key restored from the audio by the terminal and a received message secret key;
the comparison module is used for extracting a voiceprint characteristic value from the voice audio of the user and comparing the voiceprint characteristic value with a prestored reference voiceprint value;
and the server communication module is also used for sending an authentication success notice to the terminal when the voiceprint characteristic values are compared and consistent and are decrypted successfully to obtain a terminal confirmation request.
8. A terminal, characterized in that the terminal comprises:
the terminal communication module is used for sending an identity authentication request to the identity authentication server;
the terminal communication module is also used for receiving a message key sent by the identity authentication server;
the voice call module is used for answering the call initiated by the identity authentication server and restoring the audio played by the call into an audio key;
the key combination module is used for combining the audio key and the received message key into a one-time key and encrypting the terminal confirmation request by using the one-time key;
the acquisition module is used for acquiring the sound emitted by the user to obtain the sound audio of the user;
the terminal communication module is also used for sending an encrypted terminal confirmation request and user voice audio to the identity authentication server;
and the terminal communication module is also used for receiving an authentication success notice sent by the identity authentication server, wherein when the identity authentication server extracts the voiceprint characteristic value from the voice audio of the user, the voiceprint characteristic value is compared with the reference voiceprint value and is consistent, and the authentication success notice is sent out after the terminal confirmation request is obtained after the decryption is successful.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110183331.3A CN112954693B (en) | 2021-02-10 | 2021-02-10 | Identity authentication method, identity authentication server and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110183331.3A CN112954693B (en) | 2021-02-10 | 2021-02-10 | Identity authentication method, identity authentication server and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112954693A true CN112954693A (en) | 2021-06-11 |
| CN112954693B CN112954693B (en) | 2023-02-24 |
Family
ID=76245452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110183331.3A Active CN112954693B (en) | 2021-02-10 | 2021-02-10 | Identity authentication method, identity authentication server and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112954693B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345788A (en) * | 2007-07-11 | 2009-01-14 | 游艺春秋网络科技(北京)有限公司 | Identity affirmation method and system through telephone call-back |
| WO2009054807A1 (en) * | 2007-10-26 | 2009-04-30 | Nanyang Polytechnic | Secure messaging using outband mode authentication |
| CN103986725A (en) * | 2014-05-29 | 2014-08-13 | 中国农业银行股份有限公司 | Client side, server side and identity authentication system and method |
| CN104144058A (en) * | 2014-07-29 | 2014-11-12 | 诚迈科技(南京)股份有限公司 | Information verification method based on sound wave pairing |
| CN105894283A (en) * | 2015-01-26 | 2016-08-24 | 中兴通讯股份有限公司 | Mobile payment method and device based on voice control |
| CN106504745A (en) * | 2016-11-11 | 2017-03-15 | 广州市讯飞樽鸿信息技术有限公司 | A kind of speech verification code system and its implementation method |
| CN106656992A (en) * | 2016-11-03 | 2017-05-10 | 林锦吾 | Information verification method |
| US20170331819A1 (en) * | 2014-12-08 | 2017-11-16 | Cryptomathic Ltd | System and method for enabling secure authentication |
| CN107483398A (en) * | 2017-06-28 | 2017-12-15 | 北京三快在线科技有限公司 | A kind of silent verification method and device, electronic equipment |
| CN108206737A (en) * | 2016-12-16 | 2018-06-26 | 柯呈翰 | For generating the method and system of Multiple Factors authentication code |
| JP2018201070A (en) * | 2017-05-25 | 2018-12-20 | 株式会社日立情報通信エンジニアリング | Communication system and authentication method thereof |
| CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
-
2021
- 2021-02-10 CN CN202110183331.3A patent/CN112954693B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345788A (en) * | 2007-07-11 | 2009-01-14 | 游艺春秋网络科技(北京)有限公司 | Identity affirmation method and system through telephone call-back |
| WO2009054807A1 (en) * | 2007-10-26 | 2009-04-30 | Nanyang Polytechnic | Secure messaging using outband mode authentication |
| CN103986725A (en) * | 2014-05-29 | 2014-08-13 | 中国农业银行股份有限公司 | Client side, server side and identity authentication system and method |
| CN104144058A (en) * | 2014-07-29 | 2014-11-12 | 诚迈科技(南京)股份有限公司 | Information verification method based on sound wave pairing |
| US20170331819A1 (en) * | 2014-12-08 | 2017-11-16 | Cryptomathic Ltd | System and method for enabling secure authentication |
| CN105894283A (en) * | 2015-01-26 | 2016-08-24 | 中兴通讯股份有限公司 | Mobile payment method and device based on voice control |
| CN106656992A (en) * | 2016-11-03 | 2017-05-10 | 林锦吾 | Information verification method |
| CN106504745A (en) * | 2016-11-11 | 2017-03-15 | 广州市讯飞樽鸿信息技术有限公司 | A kind of speech verification code system and its implementation method |
| CN108206737A (en) * | 2016-12-16 | 2018-06-26 | 柯呈翰 | For generating the method and system of Multiple Factors authentication code |
| JP2018201070A (en) * | 2017-05-25 | 2018-12-20 | 株式会社日立情報通信エンジニアリング | Communication system and authentication method thereof |
| CN107483398A (en) * | 2017-06-28 | 2017-12-15 | 北京三快在线科技有限公司 | A kind of silent verification method and device, electronic equipment |
| CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112954693B (en) | 2023-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2019236638B2 (en) | User authentication via mobile phone | |
| EP3474211A1 (en) | Offline payment method and device | |
| US20130262873A1 (en) | Method and system for authenticating remote users | |
| JP2018532301A (en) | User authentication method and apparatus | |
| KR20080066956A (en) | Remote activation of a user account in a telecommunication network | |
| JP6625815B2 (en) | User authentication | |
| JPH10502195A (en) | User authentication method and device | |
| JP4633059B2 (en) | Authentication method and device in telecommunication network using portable device | |
| US7865719B2 (en) | Method for establishing the authenticity of the identity of a service user and device for carrying out the method | |
| US20100291899A1 (en) | Method and system for delivering a command to a mobile device | |
| CN113190724A (en) | User bank information query method, mobile terminal and server | |
| JP2024054229A (en) | Techniques for Call Authentication | |
| JP2008097263A (en) | Authentication system, authentication method and service providing server | |
| CN113065622A (en) | Business handling method, terminal and server | |
| CN112801660A (en) | Secret-free signing method and device for payment protocol | |
| JP2002269047A (en) | Sound user authentication system | |
| CN112954693B (en) | Identity authentication method, identity authentication server and terminal | |
| FR2832825A1 (en) | Securing access to a digital resource, uses display with array of patterns from which user selects to generate numeric access code which is stored in a memory that must be presented to allow access | |
| CN113242551A (en) | Mobile banking login verification method and device | |
| US20230120373A1 (en) | Strong authentication of a user of a communication terminal | |
| WO2018157211A1 (en) | Securely verifying voice communication | |
| CN111583020B (en) | Shared platform-based operation method and device | |
| AU2019101103A4 (en) | Securely verifying voice communication | |
| CN113068189A (en) | Authentication method and server based on block chain | |
| US20200374367A1 (en) | Service providing system and service providing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |