CN113191778A

CN113191778A - Identity authentication method and identity authentication device

Info

Publication number: CN113191778A
Application number: CN202110551323.XA
Authority: CN
Inventors: 张旭伟
Original assignee: Agricultural Bank of China
Current assignee: Agricultural Bank of China
Priority date: 2021-05-20
Filing date: 2021-05-20
Publication date: 2021-07-30

Abstract

The application provides an identity authentication method and an identity authentication device. According to the technical scheme, when the identity validity of the user needs to be verified by using the USBKEY, the biological characteristic information of the user is collected, and the transaction information is sent to the USBKEY only under the condition that the biological characteristic information is matched with the biological characteristic information reserved in advance by the user, so that the user can conveniently determine whether to perform transaction on the USBKEY. The technical scheme of the application can avoid the problem of online banking transaction failure caused by forgetting the password or mistakenly inputting the password by the user.

Description

Identity authentication method and identity authentication device

Technical Field

The present application relates to the field of information security technologies, and in particular, to an identity authentication method and an identity authentication apparatus.

Background

With the vigorous development of the internet, the way of using internet banking (also called internet banking) to carry out transactions also goes deep into various industries, and meanwhile, how to determine the identity of a user to ensure the transaction security of the internet banking also becomes an important problem which must be faced by the development of the internet banking business. Currently, one method of authenticating the identity of a user is to use a Universal Serial Bus (USB) interface (also known as USB key).

The USBKEY is internally provided with a single chip microcomputer or an intelligent card chip and has a certain storage space, and a private key and a digital certificate of a user can be stored. Each USBKEY has Personal Identification Number (PIN) protection, and the user can only conduct internet banking transactions if the user obtains the USBKEY and the PIN simultaneously. Even if the PIN of the user is leaked, the identity of the legal user cannot be counterfeited as long as the USBKEY held by the user is not stolen; if the USBKEY of the user is lost, the finder can not imitate the identity of a legal user because the finder does not know the PIN of the user, so that the safety of the online banking transaction is ensured.

However, when the USBKEY is used for identity authentication, the situation that the online banking transaction fails because the user inputs a wrong password for many times often occurs.

Disclosure of Invention

The application provides an identity authentication method and an identity authentication device, which can avoid the problem of online banking transaction failure caused by forgetting passwords or mistaking passwords by a user.

In a first aspect, the present application provides an identity authentication method. In the method, a first device determines to use a universal serial bus interface device USBKEY to authenticate the identity of a user; if the first biological characteristic information input by the user at present is matched with the second biological characteristic information bound to the transaction account number logged in by the first equipment at present, the first equipment sends a ciphertext obtained by encrypting the current transaction information by using a public key of the USBKEY to the USBKEY; the first equipment receives indication information from USBKEY; and the first equipment determines the identity authentication result of the user according to the indication information.

According to the identity authentication method provided by the embodiment of the application, the biometric information of the user is collected to replace the user to input the personal identification number PIN, and the transaction information is sent to the USBKEY under the condition that the biometric information is matched with the second biometric information bound with the currently logged transaction account. The method can realize that the user does not need to memorize the password, thereby avoiding the problem of online banking transaction failure caused by forgetting the password or mistaking the password.

In addition, it can be understood that, compared with the current method of performing user authentication only by using the biometric information of the user, in the technical scheme, the first device further needs to determine the identity authentication result of the user according to the indication information of the USBKEY, so that the security of the online banking transaction is increased.

With reference to the first aspect, in a possible implementation manner, before the first device sends, to the USBKEY, a ciphertext obtained by encrypting the current transaction information using a public key of the USBKEY, the method further includes: the method comprises the steps that first equipment collects first biological characteristic information of a user; the first device judges whether the first biological characteristic information of the user is matched with the second biological characteristic information.

In the implementation mode, the collection of the biological characteristic information and the determination of whether the identity of the user is legal are both completed through the first device, so that the verification result of the biological characteristic information can be prevented from being maliciously tampered, the reliability of the verification result is improved, and further, the security of the online banking transaction is improved.

With reference to the first aspect, in a possible implementation manner, the determining, by the first device, whether the first biometric information is matched with the second biometric information includes: calculating an average value of all feature information included in the first biological feature information; calculating an average value of all feature information included in the second biometric information; calculating a difference value between an average value of all feature information included in the first biometric information and an average value of all feature information included in the second biometric information; and if the difference value is within a preset range, the first equipment determines that the first biological characteristic information is matched with the second biological characteristic information.

In this implementation, whether the first biometric information and the second biometric information match is determined by calculating whether a difference between an average value of all the feature information included in the first biometric information and an average value of all the feature information included in the second biometric information is within a preset range. The robustness is better because the average value of the first biological characteristic information is used for comparison.

With reference to the first aspect, in a possible implementation manner, before the first device sends, to the USBKEY, a ciphertext obtained by encrypting the current transaction information using a public key of the USBKEY, the method further includes: the first device sends a verification message to the second device, wherein the verification message is used for indicating a user to input first biological characteristic information by using the second device; the first equipment receives matching result information sent by the second equipment, and the matching result information is used for indicating whether the first biological characteristic information is matched with the second biological characteristic information.

In this implementation, since the first device is unable to collect the biometric information, the user inputs the biometric information from the second device by sending the verification message to the second device of the user, so as to verify whether the user identity is legal by using the biometric information on the first device without the biometric information collection module, thereby further completing the online banking transaction.

With reference to the first aspect, in a possible implementation manner, the determining, by the first device, that the identity of the user is authenticated using a universal serial bus interface device USBKEY includes: the first equipment receives a first instruction of a user; and determining to use the USBKEY to authenticate the identity of the user according to the first instruction.

With reference to the first aspect, in a possible implementation manner, the method further includes: and if the first equipment does not receive the indication information from the USBKEY within the time length T, the first equipment determines that the identity authentication of the user fails.

In the implementation mode, the safety performance of online banking transactions can be improved. For example, if the biometric information of the user is intercepted by a hacker or a trojan program, the hacker may pass the verification of the biometric information when using the biometric information for verification, but the hacker or the trojan program cannot press the confirmation key on the USBKEY, so that the authentication of the user still cannot pass, and the security of the online banking transaction is ensured.

With reference to the first aspect, in a possible implementation manner, the first biometric information includes at least one of: face information, voice information, fingerprint information.

In a second aspect, the present application provides an identity authentication apparatus comprising a memory for storing program instructions and a processor; the processor is configured to invoke program instructions in the memory to perform a method according to the first aspect or any one of its possible implementations.

In a third aspect, the present application provides a computer-readable medium storing program code for execution by a computer, the program code comprising instructions for performing the method according to the first aspect or any one of its possible implementations.

In a fourth aspect, the present application provides a computer program product comprising computer program code which, when run on a computer, causes the computer to implement the method according to the first aspect or any one of its possible implementations.

Drawings

Fig. 1 is a schematic diagram of an online banking transaction system according to an embodiment of the present application;

FIG. 2 is a schematic flow chart diagram of a method for identity authentication provided in one embodiment of the present application;

FIG. 3 is a schematic view of a first interface provided in accordance with an embodiment of the present application;

FIG. 4 is a schematic flow chart diagram of a method of identity authentication provided in another embodiment of the present application;

FIG. 5 is a schematic flow chart diagram of a method of identity authentication provided in accordance with yet another embodiment of the present application;

fig. 6 is a schematic structural diagram of an identity authentication device according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present application.

Detailed Description

For understanding, the relevant terminology referred to in this application will be first described.

1. Digital certificate

A digital certificate, also called a digital identifier, is a series of data that identifies the identity information of a network user. It provides a mode of identity authentication on the internet, which is a digital information file used for marking and proving the identity of both network communication parties. Colloquially, a digital certificate is an identification of an individual or entity on the internet.

A digital certificate is issued by a Certificate Authority (CA), which itself is a combination of the user's identity and the public key it holds. Before the combination, the identity of the user is verified by a trusted certification authority, and then the CA digitally signs the integer combining the user identity and the corresponding public key to prove the validity of the certificate.

The content of a digital certificate includes the following parts: the owner's public key, the owner's name, the expiration date of the public key, the name of the issuing authority, the serial number of the digital certificate, and the digital signature of the issuing authority. Each digital certificate possesses a pair of keys, a private key and a public key, that match each other. The private key is only mastered by the user, and is mainly used for decryption and digital signature, while the public key can be disclosed to the outside and is mainly used for encryption and signature verification. The encryption process of the digital certificate is an irreversible process, namely, the data encrypted by the public key can be decrypted only by the corresponding private key. Therefore, when data is transmitted, the data confidentiality can be ensured as long as the transmitting side encrypts the data to be transmitted using the received public key. Since even if the encrypted data is intercepted by a third party, the third party cannot decrypt it without the corresponding private key.

2、USBKEY

The USB key is a hardware device of a Universal Serial Bus (USB) interface. A single chip microcomputer or an intelligent card chip is arranged in the USB key authentication system, a certain storage space is provided, a private key and a digital certificate of a user can be stored, and the authentication of the user identity can be realized by utilizing a public key algorithm arranged in the USB key.

Each USBKEY has Personal Identification Number (PIN) protection, and the PIN and the USBKEY themselves constitute two essential factors for the use of the USBKEY by a user, so-called two-factor authentication. The user can only conduct online transactions if the user has acquired the USBKEY and the PIN at the same time. Even if the PIN of the user is leaked, the identity of the legal user cannot be counterfeited as long as the USBKEY held by the user is not stolen; if the USBKEY of the user is lost, the finder cannot imitate the identity of the legal user because the finder does not know the PIN.

The USBKEY is provided with a secure data storage space and can store secret data such as a digital certificate, a secret key and the like, the read-write operation of the storage space is realized through a program, and a user cannot directly read the secret key, wherein the user secret key is not derivable, so that the secret key is ensured not to appear in a computer memory, and the possibility that the user secret key can be intercepted by a hacker is avoided.

Fig. 1 is a schematic diagram of an online banking transaction system according to an embodiment of the present application. As shown in fig. 1, the online banking transaction system of the present application includes a first device 110 and a USBKEY 120. The first device 110 may be any terminal device, such as a smart phone, a tablet computer, or a personal computer.

With respect to the transaction system 100 shown in fig. 1, the modes of the user when using the first device 110 to perform a transaction are mainly divided into two types, one is that the user performs an online transaction by using a palm banking client on the first device 110, and the other is that the user performs a transaction by using a web page on the first device 110.

As an example, fig. 1 shows a transaction interface 130 of a user when using a first device to conduct an online banking transaction. When the user clicks on payment in the transaction interface 130, the first device receives the transaction request.

It can be understood that the popularization of internet banking facilitates the life of people, but the transaction of internet banking requires to be carried out through the network, so that the potential safety hazard exists in the transaction of internet banking, and therefore, how to determine the identity of a user to ensure the transaction safety of internet banking also becomes an important problem which must be faced in the development of internet banking business.

For the transaction system shown in fig. 1, one method of determining the identity of a user (i.e., authenticating the user's identity) is as follows: after a user initiates a transaction request and inserts the USBKEY into the first equipment, the first equipment pops up a window to prompt the user to input the PIN of the USBKEY, then the first equipment encrypts the PIN input by the user through a public key of the USBKEY and sends the PIN to the USBKEY, at the moment, the USBKEY decrypts the encrypted PIN code and compares the encrypted PIN code with the PIN code stored in the USBKEY, and if the encrypted PIN code is consistent with the PIN code stored in the USBKEY, the PIN input by the user is confirmed to be correct.

It is noted that authenticating the identity of the user includes determining whether the user requesting the online banking transaction is a valid user of the current account. The legitimate user may be considered to be the user specified by the identification card information of the current account binding.

Further, after confirming that the PIN is correct, the USBKEY sends a message that the PIN is correct to the first device, and then after receiving the message that the PIN is correct, the first device encrypts the transaction information of the current user by using a public key of the USBKEY and sends the encrypted transaction information to the USBKEY. At the moment, the USBKEY decrypts the encrypted transaction information and displays the decrypted transaction information on a display screen for user verification, if the user verification is correct and a confirmation key on the USBKEY is pressed within a time length T, the USBKEY sends indication information to the first equipment, and the first equipment determines the identity authentication result of the user according to the indication information.

That is, it is determined whether the PIN input by the user is correct, and if the user checks that the information is correct and presses the confirmation key within the time duration T, it is determined that the user passes the authentication.

It can be understood that if the password is intercepted by a hacker or a trojan program, even if the USBKEY confirms that the PIN is correct, the hacker or the trojan program cannot press a confirmation key on the USBKEY, so that the authentication of the user still cannot be passed, and the security of the transaction is ensured.

However, the existing identity authentication method is difficult to memorize due to the complicated PIN code, such as a password consisting of upper and lower case letters, numbers and special characters. The condition that the account number is locked due to inputting wrong passwords for multiple times often occurs in the using process of the user, inconvenience is brought to the user, and meanwhile, the service burden of basic network points is increased due to the fact that the user needs to go to a business hall to modify the passwords.

Based on this, the embodiment of the present application provides a new identity authentication method. According to the method, the biometric information of the user is collected to replace the user to input a personal identification password PIN, and the verification of the PIN is replaced by the matching judgment of the biometric information, so that the problem of internet banking transaction failure caused by the fact that the user forgets the password or loses the wrong password is solved.

Fig. 2 is a schematic flowchart of an identity authentication method according to an embodiment of the present application. As shown in fig. 2, the method of the present embodiment may include S210, S220, S230, S240, and S250.

S210, the first device determines to use the universal serial bus interface device USBKEY to authenticate the identity of the user.

It will be appreciated that the user will often be on the network for activities requiring payment of a monetary amount, such as transferring money, charging fees, etc., at which point the user will go through a series of operations until a transaction request is initiated to the first device. As shown in the transaction interface 130 on the line in FIG. 1, when the user clicks on payment, the first device receives the user's transaction request. At this time, after the first device receives the online banking transaction request input by the user, the first device needs to determine which way to use to authenticate the identity of the user.

In an implementation manner, the first device can only authenticate the identity of the user by using the USBKEY, and at this time, after the first device receives the online banking transaction request input by the user, the first device can directly determine to authenticate the identity of the user by using the USBKEY.

In another implementation manner, the first device may authenticate the identity of the user in multiple manners, for example, the manners may include face authentication, fingerprint authentication, and USBKEY authentication, at this time, after the first device receives an online banking transaction request input by the user, the first device may display a first interface, where the first interface is used for the user to select a verification manner, and only after the user selects the USBKEY authentication, the first device may determine to authenticate the identity of the user using the universal serial bus interface device USBKEY.

Illustratively, after the user initiates the online banking transaction request, the first interface displayed by the first device is as shown in fig. 3, and the manners for the user to select the verification in the first interface include 3: face recognition 301, password payment 302, and use of USBKEY 303. Additionally, the first interface may also display the payment amount content 304 of the current transaction. At this time, if the user selects password payment, a password input box 305 for the user to input a password may be further included in the first interface.

S220, if the first biological characteristic information input by the user at present is matched with the second biological characteristic information bound to the transaction account number logged in by the first equipment at present, the first equipment sends a ciphertext obtained by encrypting the current transaction information by using a public key of the USBKEY to the USBKEY, and correspondingly, the USBKEY receives the ciphertext.

The first biometric information may be face information, fingerprint information, or iris information, which is not limited in this embodiment of the application. The second biometric information may be considered as binding information reserved by the user.

For example, after the user downloads the palm bank client, the user may bind the biometric information during the process of registering the account for the online banking transaction.

In this embodiment, after the first device determines that the identity of the user is authenticated by using the USBKEY, if the biometric information input by the current user is matched with the second biometric information bound to the currently logged transaction account, it is indicated that the user performing the online banking transaction may be a valid user of the currently logged transaction account. At this time, the first device generates a ciphertext from the current transaction information by using the public key of the USBKEY and sends the ciphertext to the USBKEY.

It will be appreciated that in order to secure an online banking transaction, it must be ensured that the identity of the user conducting the online banking transaction is legitimate. Therefore, after the first device obtains the first biometric information, it needs to compare the first biometric information with the biometric information previously bound by the user to determine whether the user is a valid user.

It can be understood that, if the first biometric information does not match the second biometric information, which indicates that the user performing the online transaction may not be a legitimate user, the first device may not send the current transaction information to the USBKEY at this time, that is, the transaction fails, thereby ensuring the security of the online banking transaction.

Compared with the mode of inputting the password, the mode does not need the user to memorize the password, so that the condition that the transaction fails because the user forgets the password can be avoided.

The detailed implementation process of sending the ciphertext obtained by encrypting the current transaction information by using the public key of the USBKEY to the USBKEY by the first device may refer to the description of the related art, and is not described herein again.

And S230, the USBKEY decrypts the ciphertext and displays the decrypted result on a display.

S240, if the USBKEY receives the key pressing confirmation signal pressed by the user within the time length T, the USBKEY sends the indication information to the first equipment, and correspondingly, the first equipment receives the indication information from the USBKEY.

And S250, the first equipment determines the identity authentication result of the user according to the indication information.

In this embodiment, after receiving the ciphertext sent by the first device, the USBKEY may decrypt the ciphertext using a built-in private key and display the ciphertext on the display, and then the USBKEY determines whether the confirmation key signal pressed by the user is received within the time duration T, and if the confirmation key signal pressed by the user is received within the time duration T, the USBKEY sends indication information to the first device, where the indication information is used to indicate that the identity authentication of the user currently performing the transaction passes, and then the first device may determine the identity authentication result of the user according to the indication information.

It can be understood that, since the private key of the USBKEY is stored in the USBKEY and cannot be obtained in any manner theoretically, only the USBKEY can decrypt the ciphertext to obtain correct transaction information, thereby ensuring the security and reliability of the transaction.

It can be understood that even if the biometric information (for example, facial information or fingerprint information) of the user is intercepted by a hacker or a trojan horse program, the hacker or the trojan horse program cannot press the confirmation key on the USBKEY, and therefore the transaction cannot be completed. The safety of the online banking transaction is further ensured.

It is noted that, the detailed implementation process of S230 and S240 may refer to the related art description, and is not described herein again.

According to the identity authentication method provided by the embodiment of the application, the step of determining whether the personal identification password PIN is correct when the USBKEY is used for online banking transaction is replaced by acquiring the biological characteristic information of the user during transaction and determining whether the biological characteristic information of the user during transaction is matched with the second biological characteristic information bound by the currently logged-in transaction account, so that the user does not need to memorize the password, and the condition that the online banking transaction fails due to the fact that the password is input incorrectly for many times is avoided.

In addition, compared with the existing method for performing identity authentication only by using the biometric information of the user, in the technical scheme, a step of determining the identity authentication result of the user according to the indication information is also required by the first device, so that the security of online banking transactions is improved.

As an alternative embodiment, if the transaction account number currently logged in by the user is logged in by using the palmtop banking client on the first device, at this time, before S220, the method may further include: the method comprises the steps that first equipment collects first biological characteristic information of a user; the first device determines whether the first biometric information of the user matches the second biometric information.

As shown in fig. 4, the identity authentication method in this embodiment includes:

The detailed description of this step can refer to the embodiment shown in fig. 2, and is not repeated here.

S211, the first equipment collects first biological characteristic information of the user.

For example, the first device may invoke a camera included therein to capture first biometric information of the user.

S212, the first device judges whether the first biological characteristic information of the user is matched with the second biological characteristic information.

It can be understood that, if the first biometric information does not match the second biometric information, which indicates that the user performing the online transaction may not be himself, at this time, the first device may not send the current transaction information to the USBKEY or prompt that the user authentication fails, thereby ensuring the security of the online banking transaction.

In one implementation: an average value of all feature information included in the first biological feature information can be calculated; calculating an average value of all feature information included in the second biometric information; calculating a difference value between an average value of all feature information included in the first biometric information and an average value of all feature information included in the second biometric information; if the difference value is within the preset range, the first device determines that the first biological feature information is matched with the second biological feature information.

Taking the first biometric information as an example, all the feature information may be regarded as all the sub-features constituting the first biometric information. For example, the first biological feature information is a facial image acquired by a camera in which 50 rows are multiplied by 50 columns, at this time, each pixel point can be considered as a sub-feature, and the number of all feature information is 2500 in total.

It is noted that the explanation of all the feature information included in the second biometric information is the same as the principle of the first biometric information, and the details are not described herein.

In the embodiment of the present application, whether the first biometric information and the second biometric information match is determined by calculating a difference between an average value of all the feature information included in the first biometric information and an average value of all the feature information included in the second biometric information.

For example, the first biometric information includes 100 sub-features, and the second biometric information includes 100 sub-features, then the average value of the 100 sub-features of the first biometric information may be calculated, and then the average value of the 100 sub-features of the second biometric information may be calculated, if the difference between the two average values is within a preset range, it is proved that the similarity between the first biometric information and the second biometric information is relatively large, and it may be determined that the first biometric information matches the second biometric information.

It can be understood that, since the biometric information is used in the embodiment of the present application, the biometric information may be changed compared to the password method, for example, when the user wears glasses and does not wear glasses, the biometric information may have a slight difference, but still belong to the same person. Therefore, in the embodiment of the present application, a certain dynamic range is allowed between the first biometric information and the second biometric information.

According to the identity authentication method provided by the embodiment of the application, the first equipment is used for collecting the biological characteristic information and finishing judging whether the identity of the user is legal or not, so that the online banking transaction is further finished.

As an alternative embodiment, if the transaction account number currently logged in by the user is logged in by using the web page on the first device, at this time, as shown in fig. 5, before S220, the method further includes: the first device sends a verification message to the second device, wherein the verification message is used for instructing a user to input first biological characteristic information by using the second device; the first equipment receives matching result information sent by the second equipment, wherein the matching result information is used for indicating whether the first biological characteristic information is matched with the second biological characteristic information.

Next, referring to fig. 5, a detailed description will be given of an authentication method when a user logs in using a web page on the first device. As shown in fig. 5, the identity authentication method in this embodiment includes:

s210, the first device determines to authenticate the identity of the user by using the USBKEY.

For a detailed description of this embodiment, reference may be made to S210 in the embodiment shown in fig. 2, which is not described herein again.

S215, the first device sends a verification message to the second device, and correspondingly, the second device receives the verification message, wherein the verification message is used for instructing the user to input the first biological characteristic information by using the second device.

In this embodiment, the second device may collect biometric information of the user.

In this embodiment, since the first device cannot collect the biometric information, after the identity of the user is determined to be authenticated by using the USBKEY, the user is instructed to input the first biometric information through the second device by sending a verification message to the second device used by the user.

S216, when the user clicks the verification message, the second device collects first biological feature information of the user.

In this embodiment, when the user clicks the verification message, the second device starts to collect the first biometric information of the user.

And S217, the second device judges whether the first biological characteristic information is matched with second biological characteristic information, wherein the second biological characteristic information comprises biological characteristic information bound to a current login transaction account of the user.

In this embodiment, determining whether the first biometric information matches the second biometric information is performed by the second device.

S218, the second device sends the matching result information to the first device, and accordingly, the first device receives the matching result information.

In this embodiment, if the first biometric information matches the second biometric information, it indicates that the identity of the user performing the online transaction information may be legitimate. At this time, the second device needs to send the matching result information to the first device, so that the next process is performed between the first device and the USBKEY.

S220, if the matching result information indicates that the first biological characteristic information is matched with the second biological characteristic information, sending a ciphertext obtained by encrypting the current transaction information by using the public key of the USBKEY to the USBKEY.

The detailed descriptions of S220, S230, S240, and S250 may refer to the descriptions in the embodiment shown in fig. 2, and are not repeated here.

According to the identity authentication method provided by the embodiment of the application, as the first device cannot collect the biological characteristic information, the verification message is sent to the second device of the user, so that the user can input the biological characteristic information from the second device, whether the identity of the user is legal or not is verified by using a biological characteristic information mode on the first device without a biological characteristic information collection module, and the online banking transaction is further completed.

As an alternative embodiment, an implementation manner of S210 includes: the method comprises the steps that first equipment receives a first instruction of a user; and determining to use the USBKEY to authenticate the identity of the user according to the first instruction.

In this embodiment, the first device is triggered by the first instruction when determining whether to authenticate the identity of the user using the USBKEY.

It is understood that, for the first device, there are various possible ways of performing identity authentication, for example, identity authentication by a face recognition function, identity authentication by fingerprint recognition, and identity authentication by a USBKEY, and therefore, in order to enable the first device to determine which way to perform identity authentication on the user, an instruction (referred to as a first instruction in this embodiment) for performing identity authentication corresponding to the USBKEY may be received. That is, as long as the first device receives the first instruction, it is determined that the identity of the user is authenticated using the USBKEY.

Optionally, the biometric information in the embodiment of the present application may include at least one of the following: face information, voice information, fingerprint information. The embodiment of the present application does not limit this.

Fig. 6 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present application. The transaction device 600 shown in fig. 6 may be used to perform various processes in the embodiments shown in fig. 2-5.

As shown in fig. 6, the identity authentication transaction apparatus of the present embodiment includes: a determining module 601, configured to determine that a universal serial bus interface device USBKEY is used to authenticate the identity of a user; a sending module 602, configured to, if first biometric information currently input by a user matches second biometric information bound to a transaction account currently logged in by a first device, send, to a USBKEY, a ciphertext obtained by encrypting current transaction information using a public key of the USBKEY; a receiving module 603, configured to receive indication information from the USBKEY; the determining module 601 is further configured to: and determining the identity authentication result of the user according to the indication information.

As an example, the determining module 601 may be configured to perform the step of determining to authenticate the identity of the user using the usb key in the method described in fig. 2. For example, the determining module 601 is configured to execute S201.

In a possible implementation manner, the apparatus further includes an acquisition module 604 and a determination module 605, where the acquisition module 604 is configured to: collecting first biological characteristic information of a user; the determining module 605 is configured to: and judging whether the first biological characteristic information of the user is matched with the second biological characteristic information.

In a possible implementation manner, the determining module 605 is specifically configured to: calculating an average value of all feature information included in the first biological feature information; calculating an average value of all feature information included in the second biometric information; calculating a difference value between an average value of all feature information included in the first biometric information and an average value of all feature information included in the second biometric information; and if the difference value is within a preset range, determining that the first biological characteristic information is matched with the second biological characteristic information.

In a possible implementation manner, the sending module 602 is further configured to: sending a verification message to the second device, wherein the verification message is used for instructing the user to input the first biological characteristic information by using the second device; the receiving module 603 is further configured to: and receiving matching result information sent by the second equipment, wherein the matching result information is used for indicating whether the first biological characteristic information is matched with the second biological characteristic information.

In a possible implementation manner, the determining module 601 is specifically configured to: receiving a first instruction of a user; and determining to use the USBKEY to authenticate the identity of the user according to the first instruction.

In a possible implementation manner, the determining module 601 is further configured to: and if the indication information from the USBKEY is not received within the time length T, determining that the identity authentication of the user fails.

In one possible implementation, the first biometric information includes at least one of: face information, voice information, fingerprint information.

Fig. 7 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present application. The identity authentication device shown in fig. 7 may be used to perform the transaction method according to any of the foregoing embodiments.

As shown in fig. 7, the apparatus 700 of the present embodiment includes: memory 701, processor 702, communication interface 703, and bus 704. The memory 701, the processor 702, and the communication interface 703 are communicatively connected to each other via a bus 704.

The memory 701 may be a Read Only Memory (ROM), a static memory device, a dynamic memory device, or a Random Access Memory (RAM). The memory 701 may store a program and the processor 702 is configured to perform the steps of the methods shown in fig. 2-5 when the program stored in the memory 701 is executed by the processor 702.

The processor 702 may be a general-purpose Central Processing Unit (CPU), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits, and is configured to execute related programs to implement the methods of the embodiments of the present application.

The processor 702 may also be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method of planning an autonomous vehicle according to an embodiment of the present application may be performed by instructions in the form of hardware integrated logic circuits or software in the processor 702.

The processor 702 may also be a general-purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 701, and the processor 702 reads the information in the memory 701, and completes the functions required to be performed by the units included in the thermometry device in combination with the hardware thereof, for example, the steps/functions of the embodiments shown in fig. 2 to 5 may be performed.

The communication interface 703 may enable communication between the apparatus 700 and other devices or communication networks using, but not limited to, transceiver devices.

Bus 704 may include a pathway to transfer information between various components of apparatus 700 (e.g., memory 701, processor 702, communication interface 703).

It should be understood that the apparatus 700 shown in the embodiment of the present application may be an electronic device, or may also be a chip configured in the electronic device.

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.

It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, etc. for storing program codes.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. An identity authentication method, the method comprising:

the method comprises the steps that a first device determines that the identity of a user is authenticated by using universal serial bus interface equipment USBKEY;

if the first biological characteristic information currently input by the user is matched with the second biological characteristic information bound to the transaction account currently logged in by the first equipment, the first equipment sends a ciphertext obtained by encrypting the current transaction information by using a public key of the USBKEY to the USBKEY;

the first device receives indication information from the USBKEY;

and the first equipment determines the identity authentication result of the user according to the indication information.

2. The method of claim 1, wherein before the first device sends the USBKEY a ciphertext obtained by encrypting current transaction information using a public key of the USBKEY, the method further comprises:

the first equipment collects first biological characteristic information of the user;

the first device determines whether the first biometric information of the user matches the second biometric information.

3. The method of claim 2, wherein the first device determining whether the first biometric information matches the second biometric information comprises:

calculating an average value of all feature information included in the first biological feature information;

calculating an average value of all feature information included in the second biometric information;

calculating a difference between an average value of all feature information included in the first biometric information and an average value of all feature information included in the second biometric information;

and if the difference value is within a preset range, the first equipment determines that the first biological characteristic information is matched with the second biological characteristic information.

4. The method of claim 1, wherein before the first device sends the USBKEY a ciphertext obtained by encrypting current transaction information using a public key of the USBKEY, the method further comprises:

the first device sends a verification message to a second device, wherein the verification message is used for instructing the user to input first biological characteristic information by using the second device;

and the first equipment receives matching result information sent by the second equipment, wherein the matching result information is used for indicating whether the first biological characteristic information is matched with the second biological characteristic information.

5. The method according to any one of claims 1 to 4, wherein the determining, by the first device, the identity of the user to be authenticated using a universal serial bus interface device (USBKEY) comprises:

the first equipment receives a first instruction of a user;

and the first equipment determines to use the USBKEY to authenticate the identity of the user according to the first instruction.

6. The method according to any one of claims 1 to 4, further comprising:

and if the first equipment does not receive the indication information from the USBKEY within the time length T, the first equipment determines that the identity authentication of the user fails.

7. The method according to any one of claims 1 to 4, wherein the first biometric information comprises at least one of: face information, voice information, fingerprint information.

8. An identity authentication apparatus, comprising: a memory and a processor;

the memory is to store program instructions;

the processor is configured to invoke program instructions in the memory to perform a method of identity authentication according to any one of claims 1 to 7.

9. A computer-readable medium storing program code for computer execution, the program code comprising instructions for performing the method of any one of claims 1 to 7.

10. A computer program product comprising computer program code which, when run on a computer, causes the computer to carry out the method according to any one of claims 1 to 7.