CN115051812B - User identity dual-recognition method based on two-dimensional code and biological characteristics - Google Patents
User identity dual-recognition method based on two-dimensional code and biological characteristics Download PDFInfo
- Publication number
- CN115051812B CN115051812B CN202210810650.7A CN202210810650A CN115051812B CN 115051812 B CN115051812 B CN 115051812B CN 202210810650 A CN202210810650 A CN 202210810650A CN 115051812 B CN115051812 B CN 115051812B
- Authority
- CN
- China
- Prior art keywords
- user
- dimensional code
- identity
- management
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000012795 verification Methods 0.000 claims abstract description 73
- 230000008569 process Effects 0.000 claims abstract description 19
- 238000004891 communication Methods 0.000 claims description 9
- 230000009977 dual effect Effects 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 5
- 230000001815 facial effect Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 6
- 230000006872 improvement Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 108090000623 proteins and genes Proteins 0.000 description 4
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/10544—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
- G06K7/10712—Fixed beam scanning
- G06K7/10722—Photodetector array or CCD scanning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/14—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation using light without selection of wavelength, e.g. sensing reflected white light
- G06K7/1404—Methods for optical code recognition
- G06K7/1408—Methods for optical code recognition the method being specifically adapted for the type of code
- G06K7/1417—2D bar codes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/161—Detection; Localisation; Normalisation
- G06V40/166—Detection; Localisation; Normalisation using acquisition arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/168—Feature extraction; Face representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/70—Multimodal biometrics, e.g. combining information from different biometric modalities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Abstract
The invention belongs to the field of information science, and particularly relates to a user identity dual-identification method based on two-dimensional codes and biological characteristics and a user identity dual-verification system working by adopting the identification method. The identification method comprises the following two main processes of a registration stage and an authentication stage. In the registration stage, the manager requests the user to upload account information, user information and biometric identification information of the user, and sends a key pair to the user. Wherein the biometric information comprises a facial image. In the authentication stage, a manager firstly acquires the face of a user, and after the face is successfully matched, the manager and the user realize digital signature verification through the two-dimension code. And after the digital signature is successfully verified, user identity authentication is completed. Based on the identity authentication logic of the method, the invention also designs a verification system special for identity recognition. The technical scheme of the invention solves the problem that the confidentiality and the security of the existing digital account identity authentication mode are insufficient.
Description
Technical Field
The invention belongs to the field of information science, and particularly relates to a user identity dual-identification method based on two-dimensional codes and biological characteristics and a user identity dual-verification system working by adopting the identification method.
Background
With the continuous development of information technology and the internet, digitization has become a new trend of social management. Digital government affairs, intelligent factories, online education, online shopping, remote education and remote medical treatment are all realistic. Various digitized services need to rely on efficient digital account verification methods to verify the identity of the user requesting access. The existing user identity authentication method mainly comprises account passwords, and users can pass authentication after inputting correct passwords. In order to improve account safety, technicians can increase a man-machine recognition verification environment in the recognition process, so that the object sending the request is a true person rather than a machine. Even so, the account password verification method still has risks, such as that the user name and the password can be revealed, and thus the confidentiality of the account is completely lost. In addition, the password set by the user is too simple to be easily cracked, and the memory is difficult if too complex, so that inconvenience is caused to the user.
For the above reasons, the academia believes that the combination of account encryption and password cannot prove to be safe in theory. In practice, digital signatures are an authentication scheme that has proven to be secure. It requires the storage of a signature or key in a digital device, such as a secure token, smart card or cell phone. However, such authentication schemes cannot ensure the authenticity of the authenticated person. I.e. any person can pass the authentication as long as the device is obtained.
Therefore, how to overcome the defects of the identity verification method, a higher confidentiality and security identity verification mode is developed; which is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In order to solve the problem that confidentiality and security of the existing digital account identity authentication mode are insufficient, the invention provides a user identity dual-identification method based on two-dimensional codes and biological characteristics and a user identity dual-verification system working by adopting the identification method.
The invention is realized by adopting the following technical scheme:
a user identity dual-recognition method based on two-dimension codes and biological characteristics is used for carrying out identity authentication on an access request sent by a registered user of any digital account. The identification method comprises the following two main processes of a registration stage and an authentication stage.
The content of the registration stage is as follows:
and the user sends an account registration request to a management party of the digital account.
After responding to the account registration request, the manager requests the user to fill in account information and necessary user data, and uploads the biometric identification information of the user. The biometric information includes at least facial features.
And after the user fills in account signals and user data and completes the collection of the biological characteristic identification information, waiting for the verification of the management party.
And the management party carries out manual verification on the information uploaded by the user, establishes a registration account in the server after the manual verification is passed, and stores the registration account, the user data and the biological characteristic identification information of the corresponding user in the server.
And the management party randomly generates a dedicated key pair after the registration account is established, codes the key pair into a registration two-dimensional code and sends the registration two-dimensional code to the registration user. The key pair comprises a public key and a private key; and synchronously storing the public key of the registered account in the server.
The registered user decodes the registered two-dimension code to obtain a key pair, and the registered user stores the key pair for identity authentication when an access request is sent in the later period.
The authentication phase is as follows:
after filling account information, a user sends an access request to a management party, the management party firstly acquires face data of the request party after receiving the access request, and the following authentication process is started after the face data of the request party is successfully acquired.
(1) Matching the face feature identification information of the current user with the face features of all registered users stored in the server: and if the matching is successful, the next step is carried out, and if the matching is failed, the biometric identification information is collected again or the access request of the user is refused.
(2) The management side obtains information in the registered account number of the registered user matched with the biological characteristics of the current request user from the server, codes random information and time information into a random two-dimensional code and sends the random two-dimensional code to the registered user. Wherein, the time information refers to the current year, month, day, time, minute and second.
(3) After the registered user decodes the random two-dimensional code; signing the received random information and the time information by using the private key, and further generating a special digital signature; and then the digital signature is encoded into an identity two-dimensional code and sent to a manager.
(4) The management side decodes the identity two-dimensional code, extracts a digital signature, performs signature verification on the digital signature by using a public key of a corresponding registered user, responds to the access request of the current user after the verification is successful, and refuses the access request of the current user if the verification is successful.
As a further improvement of the invention, in the registration phase, the account information filled in by the user comprises a registration ID, a name, a contact way and a password. The contact means may include a mail box number, a cell phone number, and/or other network account numbers such as telephone numbers, micro signals, QQ account numbers, etc.
As a further improvement of the invention, the server sends the registration two-dimension code to the registered user through the contact way filled in by the user in the account registration stage. For example, the registered two-dimensional code is sent to a mailbox or a download link or image containing the registered two-dimensional code image is sent to a mobile phone number.
As a further improvement of the invention, the biometric features uploaded by the user during the account registration stage include a face, and one or more of a fingerprint and an iris. The above is a common biological verification method, and with the continuous progress of the technology, new biological verification methods may be developed in the future, and these methods can also be applied to the present invention. For example, when rapid gene detection is a reality, genes can be incorporated into biometric verification.
As a further improvement of the invention, in the authentication stage, if one of the biometric features of the current user is successfully matched, the current user is considered to pass the authentication of the biometric feature recognition stage. Or, in an application scenario with a higher security level, it may be set that the authentication of the current user through the biometric feature recognition stage is only determined if all the biometric features of the current user are successfully matched.
As a further improvement of the invention, after the face feature matching of the current user fails, the face data is re-acquired or other biological features are re-acquired for auxiliary verification.
Because single verification may be affected by environment or other human factors (such as poor shooting angle), the invention sets multiple verification opportunities for the face feature recognition stage in the verification rule, and only if limited times of verification fail, the invention determines that the biometric feature recognition does not pass. In addition, after the face recognition fails, other biological characteristics can be used for auxiliary verification, so that the limitation of single characteristics (such as that in certain scenes, the face characteristics can not be provided for verification due to illness of a user or equipment damage and the like) on the real access request of the user is avoided.
In the invention, when all the biometric information of the user fails to match, the access request of the current user is refused.
The invention also provides a user identity dual-verification system based on the two-dimensional code and the biological characteristics. The verification system comprises user equipment, management equipment and server equipment; the server side equipment stores account information filled in by all registered users in a registration stage, generated public keys, uploaded user data and biometric identification information. The user equipment stores a key pair which is received by the current user and used for identity authentication. The management end device is in communication connection with the server end device.
The user terminal equipment interacts with the management terminal equipment, so that the following steps are realized:
the identity of the user sending the access request is authenticated by adopting the user identity dual-recognition method based on the two-dimensional code and the biological characteristics.
In the verification system provided by the invention, the user side equipment at least comprises a camera and a display. The management terminal equipment at least comprises a camera, a display screen and a biological characteristic acquisition module.
The data interaction process of the user terminal equipment and the management terminal equipment in the verification stage is as follows:
s1: the user sends an access request to the server-side equipment on the user-side equipment or the management-side equipment.
S2: the server side equipment sends out an instruction, controls the camera of the management side equipment to be started, and judges whether the face of the current user is scanned or not:
after the face image is successfully acquired, entering an authentication stage of the next step; otherwise, continuously scanning and acquiring the face image.
S3: the management terminal equipment extracts the face characteristics in the acquired face images, and sends the face characteristic values to the server terminal equipment, and the server terminal equipment matches the face characteristic values of the current user with the stored face characteristic values of all registered users:
and if the matching is successful, returning the public key of the registered user to the management end, and entering the next step. Otherwise, collecting other biological characteristic identification information of the current user through the biological characteristic collection module to carry out auxiliary authentication or rejecting the access request of the current user.
S4: the management terminal equipment encodes a random information into a random two-dimensional code and displays the random two-dimensional code on a display of the management terminal equipment; and starting the camera, and waiting for the user side to return the digital signature.
S5: the user scans the random two-dimensional code through a camera of the user terminal equipment, decodes the random signal, signs the random signal by using a private key, and generates a corresponding digital signature. The user terminal equipment encodes the digital signature into an identity two-dimensional code and then displays the identity two-dimensional code on a display of the user terminal equipment.
S6: and the user aims the identity two-dimensional code displayed on the user terminal device at the camera of the management terminal device. The management terminal equipment identifies and decodes the identity two-dimensional code, and then performs signature verification on the extracted digital signature by using the public key:
and after verification, the management end equipment sends a message passing authentication to the server end equipment, or else, sends a message refusing access to the server end equipment.
In the invention, the user terminal equipment adopts any one of a mobile phone, a tablet personal computer, a notebook computer and a desktop computer, or adopts other special digital equipment. The management end device and the server end device are mutually independent and in communication connection, and the architecture of the system is similar to the architecture of a bank background server and a front end ATM.
Or in other schemes, the management end device and the server end device may be the same device. Namely, data originally belonging to the remote cloud server is stored locally, and the authentication process is completed by utilizing the local data. Compared with the scheme that the management end equipment and the server end equipment are mutually independent, the scheme can completely remove the network communication service in the authentication process, and further reduces the risks of potential network attack, data hijacking and the like in the user identity authentication process to the minimum.
The technical scheme provided by the invention has the following beneficial effects:
1. the user identity dual-recognition method based on the two-dimension code and the biological characteristics introduces a biological characteristic recognition and digital signature verification technology besides account password verification, and establishes a set of identity verification mechanism with strict logic by fusing a plurality of different identity verification channels. And further, the account safety problem caused by machine cracking, account information leakage and other reasons is completely avoided. The method provided by the invention can ensure that the identity authentication can be passed only in the actual operation state of the user; this greatly improves the confidentiality and security of various digital account numbers.
2. In the identity verification mechanism constructed by the invention, human-machine identification is realized firstly in the face identification process, and the extracted face image can be used as the characteristic information required in the subsequent biological characteristic identification process. The invention also fuses the two-dimension code technology and the digital signature technology, realizes the data interaction between the user terminal and the management terminal through the two-dimension code, and realizes the offline information interaction between the user terminal and the management terminal. The possible risks of data hijacking and network attack of direct communication between the user side and the management side are avoided, and the security level of the identity verification process is further improved.
Drawings
Fig. 1 is an information flow diagram of a registration stage in a user identity dual identification method based on two-dimensional codes and biological characteristics provided in embodiment 1 of the present invention.
Fig. 2 is an information flow diagram of an authentication stage in a user identity dual-recognition method based on two-dimensional codes and biological characteristics according to embodiment 1 of the present invention.
Fig. 3 is a system topology diagram of a user identity dual verification system based on two-dimensional codes and biological characteristics provided in embodiment 2 of the present invention.
Fig. 4 is a flowchart of the operation steps when a user uses the authentication system to perform user authentication in embodiment 2 of the present invention.
Fig. 5 is a system topology diagram of an authentication system including only a user device and a management device in embodiment 2 of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Example 1
The embodiment provides a user identity dual-identification method based on two-dimension codes and biological characteristics, which is used for carrying out identity authentication on an access request sent by a registered user of any digital account. The identification method comprises the following two main processes of a registration stage and an authentication stage.
As shown in fig. 1, the content of the registration stage is as follows:
and the user sends an account registration request to a management party of the digital account.
After responding to the account registration request, the manager requests the user to fill in account information and necessary user data, and uploads the biometric identification information of the user. The biometric information includes at least facial features.
The account information filled in by the user comprises a registration ID, a name, a contact way and a password. The contact means may include a mail box number, a cell phone number, and/or other network account numbers such as telephone numbers, micro signals, QQ account numbers, etc. The biometric features uploaded by the user during the account registration stage include a face, and one or more of a fingerprint and an iris.
The above list is merely common biological verification methods, and as technology advances, new biological verification methods may be developed in the future, and these methods may also be applied to the present invention. For example, when rapid gene detection becomes a reality, genes can be incorporated into the biometric verification of the present embodiment.
And after the user fills in account signals and user data and completes the collection of the biological characteristic identification information, waiting for the verification of the management party.
And the management party carries out manual verification on the information uploaded by the user, establishes a registration account in the server after the manual verification is passed, and stores the registration account, the user data and the biological characteristic identification information of the corresponding user in the server.
And the management party randomly generates a dedicated key pair after the registration account is established, codes the key pair into a registration two-dimensional code and sends the registration two-dimensional code to the registration user. The key pair comprises a public key and a private key; and synchronously storing the public key of the registered account in the server.
In this embodiment, the server sends the registration two-dimensional code to the registered user through the contact way filled in by the user in the account registration stage. For example: and sending the registration two-dimension code to a mailbox or sending a download link or an image containing the registration two-dimension code image to the mobile phone number.
The registered user decodes the registered two-dimension code to obtain a key pair, and the registered user stores the key pair for identity authentication when an access request is sent in the later period.
As shown in fig. 2, the content of the authentication phase is as follows:
after filling account information, a user sends an access request to a management party, the management party firstly acquires face data of the request party after receiving the access request, and the following authentication process is started after the face data of the request party is successfully acquired.
(1) Matching the face feature identification information of the current user with the face features of all registered users stored in the server: and if the matching is successful, the next step is carried out, and if the matching is failed, the biometric identification information is collected again or the access request of the user is refused.
(2) The management side obtains information in the registered account number of the registered user matched with the biological characteristics of the current request user from the server, codes random information and time information into a random two-dimensional code and sends the random two-dimensional code to the registered user. Wherein, the time information refers to the current year, month, day, time, minute and second.
(3) After the registered user decodes the random two-dimensional code; signing the received random information and the time information by using the private key, and further generating a special digital signature; and then the digital signature is encoded into an identity two-dimensional code and sent to a manager.
(4) The management side decodes the identity two-dimensional code, extracts a digital signature, performs signature verification on the digital signature by using a public key of a corresponding registered user, responds to the access request of the current user after the verification is successful, and refuses the access request of the current user if the verification is successful.
In this embodiment, if one of the biometric features of the current user is successfully matched, the current user is considered to pass the authentication of the biometric feature recognition stage. Or, in an application scenario with a higher security level, it may be set that the authentication of the current user through the biometric feature recognition stage is only determined if all the biometric features of the current user are successfully matched.
And after the face features of the current user fail to match, re-acquiring the face data or re-acquiring other biological features for auxiliary verification. Because single verification may be affected by environment or other human factors (such as poor shooting angle), the invention sets multiple verification opportunities for the face feature recognition stage in the verification rule, and only if limited times of verification fail, the invention determines that the biometric feature recognition does not pass. In addition, after the face recognition fails, other biological characteristics can be used for auxiliary verification, so that the limitation of single characteristics (such as that in certain scenes, the face characteristics can not be provided for verification due to illness of a user or equipment damage and the like) on the real access request of the user is avoided.
In this embodiment, when all the biometric information of the user fails to match, the access request of the current user is directly denied.
Example 2
The embodiment also provides a user identity dual-verification system based on the two-dimensional code and the biological characteristics. As shown in fig. 3, the verification system includes a user terminal device, a management terminal device and a server terminal device; the server side equipment stores account information filled in by all registered users in a registration stage, generated public keys, uploaded user data and biometric identification information. The user equipment stores a key pair which is received by the current user and used for identity authentication. The management end device is in communication connection with the server end device.
The user terminal equipment interacts with the management terminal equipment, so that the following steps are realized: the identity of the user who issued the access request is authenticated using the user identity double recognition method based on the two-dimensional code and the biometric feature as provided in embodiment 1.
In the verification system provided in the embodiment, the user terminal device at least includes a camera and a display. The management terminal equipment at least comprises a camera, a display screen and a biological characteristic acquisition module.
As shown in fig. 4, the data interaction process of the user equipment and the management equipment in the verification stage is as follows:
s1: the user sends an access request to the server-side equipment on the user-side equipment or the management-side equipment.
S2: the server side equipment sends out an instruction, controls the camera of the management side equipment to be started, and judges whether the face of the current user is scanned or not:
after the face image is successfully acquired, entering an authentication stage of the next step; otherwise, continuously scanning and acquiring the face image.
S3: the management terminal equipment extracts the face characteristics in the acquired face images, and sends the face characteristic values to the server terminal equipment, and the server terminal equipment matches the face characteristic values of the current user with the stored face characteristic values of all registered users:
and if the matching is successful, returning the public key of the registered user to the management end, and entering the next step. Otherwise, collecting other biological characteristic identification information of the current user through the biological characteristic collection module to carry out auxiliary authentication or rejecting the access request of the current user.
S4: the management terminal equipment encodes a random information into a random two-dimensional code and displays the random two-dimensional code on a display of the management terminal equipment; and starting the camera, and waiting for the user side to return the digital signature.
S5: the user scans the random two-dimensional code through a camera of the user terminal equipment, decodes the random signal, signs the random signal by using a private key, and generates a corresponding digital signature. The user terminal equipment encodes the digital signature into an identity two-dimensional code and then displays the identity two-dimensional code on a display of the user terminal equipment.
S6: and the user aims the identity two-dimensional code displayed on the user terminal device at the camera of the management terminal device. The management terminal equipment identifies and decodes the identity two-dimensional code, and then performs signature verification on the extracted digital signature by using the public key:
and after verification, the management end equipment sends a message passing authentication to the server end equipment, or else, sends a message refusing access to the server end equipment.
In this embodiment, the user terminal device adopts any one of a mobile phone, a tablet computer, a notebook computer and a desktop computer, or adopts other special digital devices. The management end device and the server end device are mutually independent and in communication connection, and the architecture of the system is similar to the architecture of a bank background server and a front end ATM.
Or in other solutions, as shown in fig. 5, the management end device and the server end device may be the same device. Namely, data originally belonging to the remote cloud server is stored locally, and the authentication process is completed by utilizing the local data. Compared with the scheme that the management end equipment and the server end equipment are mutually independent, the scheme can completely remove the network communication service in the authentication process, and further reduces the risks of potential network attack, data hijacking and the like in the user identity authentication process to the minimum.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.
Claims (10)
1. A user identity dual-recognition method based on two-dimension codes and biological characteristics is used for carrying out identity authentication on an access request sent by a registered user of any digital account; the identification method is characterized by comprising the following steps:
1. registration phase
A user sends an account registration request to a digital account management party;
after responding to the account registration request, the management side requests the user to fill in account information and user data, and uploads the biological characteristic identification information of the user; the biological characteristic identification information at least comprises a human face characteristic;
the user fills in account signals and user data, and waits for verification of a management party after the biological characteristic identification information acquisition is completed;
the management side carries out manual verification on the information uploaded by the user, establishes a registration account in the server after the manual verification is passed, and stores the registration account, the user data and the biological characteristic identification information of the corresponding user in the server;
the management side randomly generates a dedicated key pair after the registration account is established, codes the key pair into a registration two-dimensional code and sends the registration two-dimensional code to a registration user; the key pair comprises a public key and a private key; synchronously storing the public key of the registered account in the server;
the registered user decodes the registered two-dimension code to obtain a key pair, and the registered user stores the key pair for identity authentication when an access request is sent in the later period;
2. authentication phase
After filling account information, a user sends an access request to a management party, the management party firstly acquires face data of a request party after receiving the access request, and the following authentication process is started after the face data of the request party is successfully acquired;
(1) Matching the face feature identification information of the current user with the face features of all registered users stored in the server; if the matching is successful, the next step is carried out, and if the matching is failed, the biological characteristic identification information is collected again or the access request of the user is refused;
(2) The management side obtains information in a registration account number of a registration user matched with the biological characteristics of the current request user from a server, codes random information and time information into a random two-dimensional code and sends the random two-dimensional code to the registration user; the time information refers to the current year, month, day, time, minute and second;
(3) After the registered user decodes the random two-dimensional code; signing the received random information and the time information by using the private key, and further generating a special digital signature; then the digital signature is encoded into an identity two-dimensional code and then sent to a management party;
(4) And the management side decodes the identity two-dimensional code, extracts a digital signature, verifies the digital signature by utilizing the public key of the corresponding registered user, responds to the access request of the current user after the verification is successful, and refuses the access request of the current user if the verification is successful.
2. The user identity dual recognition method based on the two-dimensional code and the biological characteristics as set forth in claim 1, wherein: in the registration stage, the account information filled in by the user comprises a registration ID, a name, a contact way and a password; the contact means may include a mailbox number, a cell phone number, and/or other network account number.
3. The user identity dual recognition method based on the two-dimensional code and the biological characteristics as set forth in claim 2, wherein: and the server sends the registration two-dimension code to the registered user through the contact way filled in by the user in the account registration stage.
4. The user identity dual recognition method based on the two-dimensional code and the biological characteristics as set forth in claim 2, wherein: the biometric features uploaded by the user during the account registration stage include a face, and one or more of a fingerprint and an iris.
5. The user identity dual recognition method based on the two-dimensional code and the biological characteristics according to claim 4, wherein the method comprises the following steps: in the authentication stage, if one of the biometric features of the current user is successfully matched, the current user is considered to pass the authentication of the biometric feature recognition stage;
or alternatively
And judging that the current user passes the authentication of the biological characteristic recognition stage only if all the biological characteristic recognition features of the current user are successfully matched.
6. The user identity dual recognition method based on the two-dimensional code and the biological characteristics as set forth in claim 1, wherein: and after the face features of the current user fail to match, re-acquiring the face data or re-acquiring other biological features for auxiliary verification.
7. The user identity dual recognition method based on the two-dimensional code and the biological characteristics according to claim 6, wherein the method comprises the following steps: and rejecting the access request of the current user when all the biometric information of the user fails to match.
8. The user identity dual-verification system based on the two-dimensional code and the biological characteristics is characterized by comprising user side equipment, management side equipment and server side equipment; the server side equipment stores account information filled in by all registered users in a registration stage, generated public keys, uploaded user data and biological characteristic identification information; the user terminal equipment stores a key pair which is received by a current user and used for identity authentication; the management end device is in communication connection with the server end device;
the user terminal equipment interacts with the management terminal equipment, so that the following steps are realized: the identity of the user who sends the access request is authenticated by adopting the user identity double identification method based on the two-dimensional code and the biological characteristics as set forth in any one of claims 1 to 7.
9. The user identity dual-verification system based on two-dimensional codes and biological characteristics according to claim 8, wherein: the user terminal equipment at least comprises a camera and a display; the management end equipment at least comprises a camera, a display screen and a biological characteristic acquisition module;
the data interaction process of the user terminal equipment and the management terminal equipment in the verification stage is as follows:
s1: a user sends an access request to server-side equipment on user-side equipment or management-side equipment;
s2: the server side equipment controls the camera of the management side equipment to be started, and the face of the current user is scanned: after the face image is successfully acquired, entering an authentication stage of the next step; otherwise, continuously scanning and acquiring a face image;
s3: the management terminal equipment extracts the face characteristics in the acquired face images, and sends the face characteristic values to the server terminal equipment, and the server terminal equipment matches the face characteristic values of the current user with the stored face characteristic values of all registered users; if the matching is successful, the public key of the registered user is returned to the management end, and the next step is carried out; otherwise, collecting other biological characteristic identification information of the current user through the biological characteristic collection module to carry out auxiliary authentication or rejecting the access request of the current user;
s4: the management terminal equipment encodes a random information into a random two-dimensional code and displays the random two-dimensional code on a display of the management terminal equipment; starting the camera, and waiting for the user side to return the digital signature;
s5: a user scans the random two-dimensional code through a camera of the user terminal equipment, decodes the random signal, signs the random signal by using a private key, and generates a corresponding digital signature; the user terminal equipment encodes the digital signature into an identity two-dimensional code and then displays the identity two-dimensional code on a display of the user terminal equipment;
s6: the user aims the identity two-dimensional code displayed on the user terminal device at the camera of the management terminal device; the management end equipment identifies and decodes the identity two-dimensional code, and then signature verification is carried out on the extracted digital signature by utilizing the public key: and after verification, the management end equipment sends a message passing authentication to the server end equipment, or else, sends a message refusing access to the server end equipment.
10. The user identity dual-verification system based on two-dimensional codes and biological characteristics according to claim 9, wherein: the user terminal equipment adopts any one of a mobile phone, a tablet personal computer, a notebook computer and a desktop computer, or adopts other special digital equipment;
the management end device and the server end device are independent devices which are in communication connection, or the management end device and the server end device are the same device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210810650.7A CN115051812B (en) | 2022-07-11 | 2022-07-11 | User identity dual-recognition method based on two-dimensional code and biological characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210810650.7A CN115051812B (en) | 2022-07-11 | 2022-07-11 | User identity dual-recognition method based on two-dimensional code and biological characteristics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115051812A CN115051812A (en) | 2022-09-13 |
| CN115051812B true CN115051812B (en) | 2024-03-08 |
Family
ID=83165902
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210810650.7A Active CN115051812B (en) | 2022-07-11 | 2022-07-11 | User identity dual-recognition method based on two-dimensional code and biological characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115051812B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115620358B (en) * | 2022-09-21 | 2024-02-09 | 联通数字科技有限公司 | Express delivery detection method and device and computer readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506562A (en) * | 2015-01-13 | 2015-04-08 | 东北大学 | Two-dimension code and face recognition fused conference identity authentication device and method |
| CN106878017A (en) * | 2015-12-14 | 2017-06-20 | 中国电信股份有限公司 | Method, user terminal, Website server and system for network ID authentication |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487511B (en) * | 2015-08-27 | 2020-02-04 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
-
2022
- 2022-07-11 CN CN202210810650.7A patent/CN115051812B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506562A (en) * | 2015-01-13 | 2015-04-08 | 东北大学 | Two-dimension code and face recognition fused conference identity authentication device and method |
| CN106878017A (en) * | 2015-12-14 | 2017-06-20 | 中国电信股份有限公司 | Method, user terminal, Website server and system for network ID authentication |
Non-Patent Citations (1)
| Title |
|---|
| 一种公钥密码体制下指纹识别与数字水印的身份认证协议;蔡龙飞;赵慧民;方艳梅;;中山大学学报(自然科学版);20130715(第04期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115051812A (en) | 2022-09-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111414599A (en) | Identity authentication method, device, terminal, server and readable storage medium | |
| CN110457878A (en) | A kind of identity identifying method based on block chain, apparatus and system | |
| EP2065798A1 (en) | Method for performing secure online transactions with a mobile station and a mobile station | |
| CN108235314B (en) | Identity authentication method, device and system | |
| CN102769531A (en) | Identity authentication device and method thereof | |
| CN105939197B (en) | A kind of identity identifying method and system | |
| CN105608621A (en) | Remote account opening method, server and system | |
| CN103679436A (en) | Electronic contract security system and method based on biological information identification | |
| CN103632436B (en) | A kind of method of the withdrawal based on terminal | |
| CN110516435B (en) | Private key management method and device based on biological characteristics | |
| CN110545274A (en) | Method, device and system for UMA service based on people and evidence integration | |
| CN111753271A (en) | Account opening identity verification method, account opening identity verification device, account opening identity verification equipment and account opening identity verification medium based on AI identification | |
| CN115618399A (en) | Identity authentication method and device based on block chain, electronic equipment and readable medium | |
| CN111831995A (en) | Trusted identity authentication method and system based on eID and human body biological information | |
| JP2012138011A (en) | Information processing system, information processing method and program | |
| CN108075894B (en) | Identity authentication online processing method and system | |
| CN115051812B (en) | User identity dual-recognition method based on two-dimensional code and biological characteristics | |
| CN108337251A (en) | Bank card phone number changes implementation method, equipment, system and storage medium | |
| US10601822B2 (en) | Multifactor authentication device | |
| CN107146079B (en) | Transaction payment method and system | |
| CN114553838A (en) | Method, system and server for implementing remote service handling | |
| WO2022201411A1 (en) | Face authentication application using homomorphic encryption | |
| CN112329004A (en) | Method and device for face recognition and face password | |
| CN110084021A (en) | Cabinet surface terminal, client, cabinet face data exchange method and system | |
| Chand et al. | Biometric Authentication using SaaS in Cloud Computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |