WO2017032263A1 - 身份认证方法及装置 - Google Patents
身份认证方法及装置 Download PDFInfo
- Publication number
- WO2017032263A1 WO2017032263A1 PCT/CN2016/095855 CN2016095855W WO2017032263A1 WO 2017032263 A1 WO2017032263 A1 WO 2017032263A1 CN 2016095855 W CN2016095855 W CN 2016095855W WO 2017032263 A1 WO2017032263 A1 WO 2017032263A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- digital signature
- information
- signature certificate
- server
- user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Definitions
- the present application relates to the field of computer technologies, and in particular, to an identity authentication method and apparatus.
- the identity of the user is generally authenticated by verifying the password (eg, a 6-digit string) input by the user, so that the user performs the business operation after the identity authentication is passed.
- the password eg, a 6-digit string
- the embodiment of the present application provides an identity authentication method and device, which can improve the security and convenience of a service operation performed by a user.
- an identity authentication method comprising:
- the terminal device receives the service request, and collects the first biometric authentication information of the user according to the service request;
- an identity authentication apparatus comprising: an acquisition unit, a reading unit, a generating unit, and a sending unit;
- the collecting unit is configured to receive a service request, and collect the first biometric authentication information of the user according to the service request;
- the reading unit is configured to compare the first biometric authentication information collected by the collection unit with preset biometric authentication information, and read a pre-stored digital signature certificate private key when the comparison is consistent ;
- the generating unit is configured to digitally sign the service request according to the digital signature certificate private key read by the reading unit, and generate a biometric information verification message;
- the sending unit is configured to send, to the server, the biometric information verification message generated by the generating unit, so that the server reads the pre-stored digital signature certificate corresponding to the digital signature certificate private key. And after the server verifies the biometric information verification message according to the digital signature certificate public key, and returns the authentication result information to the terminal device.
- the identity authentication method and device provided by the application when the collected biometric authentication information is consistent with the preset biometric authentication information, the terminal device sends a biometric information verification report signed by the pre-stored digital signature certificate private key to the server.
- the server verifies the biometric information verification message according to the pre-stored digital signature certificate public key, thereby achieving the purpose of verifying the identity of the user, thereby improving the security and convenience of the business operation performed by the user.
- FIG. 1 is a flowchart of an identity authentication method according to an embodiment of the present application
- FIG 2 is an information interaction diagram of an identity authentication method according to another embodiment of the present application.
- FIG. 3 is a schematic diagram of an identity authentication apparatus according to still another embodiment of the present application.
- the method and device for authenticating an identity provided by the embodiment of the present application are applicable to a scenario for authenticating the identity of a user performing a service operation, for example, a scenario in which an identity of a user performing a payment operation through a payment system is authenticated.
- the identity of the user in the payment process is authenticated (for example, the service request is a payment request), and the identity of the user performing other business operations is authenticated.
- the method is similar, and this application will not repeat this.
- the payment system includes a payment client and a payment server, and the first security component is packaged in the payment client.
- the first security component is also called a security client, or is called a payment security verification service (ie, the alipaySec module). ), which is used to store the digital signature algorithm, the secure client private key, the secure server public key, and the newly generated digital signature certificate private key.
- the secure client can communicate directly with the acquisition module (such as fingerprint sensor) of the operating system and the terminal device, or can communicate directly with the Trusted Execution Environment (TEE) provided by the terminal device vendor.
- TEE Trusted Execution Environment
- the module checks whether the terminal device supports the identification of biometric authentication information, whether biometric authentication information is entered, and biometric authentication information input by the user, and secure access of information and algorithms.
- the payment server is also packaged with a second security component, also referred to as a security server, or a "biometric core" (ie, a bic system) for generating authentication challenge information and for storing The digital signature algorithm, the secure client public key, the secure server private key, and the protocol for writing biometric authentication information into the poder system (eg, the protocol for fingerprinting) and the newly generated digitally signed certificate public key.
- a security server corresponds to the security client.
- the terminal device provided by the present application includes but is not limited to a mobile phone and a mobile phone. Brain, tablet, personal digital assistant (PDA), media player, smart TV, smart watch, smart glasses, smart bracelet, etc., and the operating system on the terminal device can be IOS system, Android (Android) System or other system.
- the terminal device of the present application is installed with a payment client, and has an acquisition module, and the collection module may be specifically configured as a hardware device in the operating system, which may be a fingerprint sensor, a camera, a microphone, or the like.
- FIG. 1 is a flowchart of an identity authentication method according to an embodiment of the present application.
- the executor of the method may be a device with processing capability: a server or a system or a device. As shown in FIG. 1 , the method specifically includes:
- Step 110 The terminal device receives the service request, and collects the first biometric authentication information of the user according to the service request.
- the payment client of the terminal device receives the service request, and sends a first collection instruction to the collection module through the security client, so that the collection module collects and returns the first biometric authentication information of the user to the security client.
- the above service request may be a payment request.
- the payment request may be triggered by a user clicking on a "Payment" button of the payment client.
- the biometric authentication information herein includes one or more of the following: fingerprint information, facial image information, and sound information.
- the biometric authentication information is described as fingerprint information.
- the preset biometric authentication information may be information that is pre-collected by the acquisition module of the terminal device and that uniquely identifies the user.
- the terminal device collects the fingerprint information of the user through the fingerprint sensor in advance, and stores the collected fingerprint information locally as the preset fingerprint information.
- the preset fingerprint information may be obtained by performing corresponding calculation on the collected actual fingerprint information according to a preset algorithm.
- the fingerprint sensor may collect fingerprint information of 10 fingers in advance. Then, the fingerprint information of the 10 fingers is averaged, and finally the preset fingerprint information is obtained.
- the method may further include the step of generating and storing the digital signature certificate private key and the digital signature certificate public key, by which the user's life can be implemented.
- the object authentication information is only stored locally on the terminal device, and is not uploaded to the payment server, so that the identity of the user can be authenticated during the payment process.
- Step 1101 The terminal device receives the opening request, and collects the second biometric authentication information of the user according to the opening request.
- the terminal device in the step 1101 receives the provisioning request, and the collecting the second biometric authentication information of the user according to the provisioning request may include:
- Step A The terminal device sends the opening request to the server.
- the payment client of the terminal device sends a provisioning request to the payment server, and after receiving the above provisioning request, the payment server reads the authentication challenge information by calling the security server, wherein the authentication challenge information may be Generated by digitally signing the generated random string using the default secure server private key.
- Step B Receive a response message returned by the server according to the provisioning request.
- the payment client receives the response message.
- the response message may be the authentication challenge information read by the payment server by the security server.
- Step C Perform verification on the response message, and collect the second biometric authentication information of the user after the verification is passed.
- the payment client checks the received authentication challenge information by calling the security client. Specifically, the security client performs the verification of the authentication challenge information according to the preset security server public key, and sends a second collection instruction to the collection module after the verification is passed, so that the collection module collects the user according to the second collection instruction. Second biometric authentication information.
- the biometric authentication information is the fingerprint information.
- the payment client may first receive the activation request input by the user, and the payment client sends the first call message to the security client after receiving the activation request, the first call message. It is used to instruct the security client to verify whether the terminal device currently used by the user supports fingerprint payment, and whether preset fingerprint information has been stored in the fingerprint sensor.
- the confirmation instruction may be triggered by the user selecting "I already understand” after viewing the displayed legal copy.
- the payment client sends a provisioning request to the payment server, that is, by calling the service: getBiometricRegRequestRPC (device id, mobile device model, logged-in user uid), sending a provisioning request to the payment server for the payment server to send to the security server.
- getBiometricRegRequestRPC device id, mobile device model, logged-in user uid
- the second invocation message for example, the payment server sends a second invocation message by calling the service mobileBiometricService.getRegRequest, and after receiving the second invocation message, the security server generates a random string according to the current timestamp and the like, and uses the pre-storage
- the security server private key that is, the preset security server private key
- the security server After reading the authentication challenge information, the server forwards the authentication challenge information to the payment client, and the security client checks the authentication challenge information to confirm whether the currently received authentication challenge information is sent by the security server. And in order to confirm the current reception Whether the authentication challenge information is modified.
- the security client confirms that the currently received authentication challenge information is sent by the security server, and the sent authentication challenge information is not modified, the data between the security client and the security server is described.
- the channel is safe, so that the second acquisition instruction can be sent to the fingerprint sensor (ie, the acquisition module), and the collection module collects the second biometric authentication information of the user after receiving the second collection instruction.
- Step 1102 When the second biometric authentication information is compared with the preset biometric authentication information, generate the digital signature certificate private key corresponding to the second biometric authentication information, and the digital signature certificate. Key, and save the digital signature certificate private key.
- the collection module collects the second biometric authentication information of the user according to the collection instruction
- the second biometric authentication information is returned to the security client, so that the security client performs the second biometric authentication information and the preset biometric authentication information. And comparing, and when the comparison is consistent, generating the digital signature certificate private key corresponding to the second biometric authentication information and the digital signature certificate public key, and saving the digital signature certificate private key.
- the method may further include: before the security client performs the generating the digital signature certificate private key and the digital signature certificate public key corresponding to the second biometric authentication information, the method may further include:
- the security client Receiving, by the security client, the first message sent by the payment client, where the first message carries a unique identifier (ID) of the user and an ID of the terminal device;
- ID unique identifier
- the ID of the user may be information generated by the payment system for uniquely identifying a user.
- the ID of the user may be directly read from the Session; and the ID of the terminal device may be an International Mobile Equipment Identification Number (IMEI).
- IMEI International Mobile Equipment Identification Number
- the digital signature certificate public key and the digital signature certificate private key are generated when the security client compares the second biometric authentication information with the preset biometric authentication information, so it is also referred to as the second biometric authentication information.
- the corresponding digital signature certificate private key and the digital signature certificate public key is also referred to as the second biometric authentication information. It should be noted that the result information that is consistent with the above comparison is the result information that the second biometric authentication information is consistent with the preset biometric authentication information.
- the secure client After generating the digital signature certificate public key and the digital signature certificate private key, the secure client stores the digital signature certificate private key.
- the digital signature certificate private key may be stored in a trusted execution environment TEE of the secure client.
- the terminal device may directly generate a digital signature certificate corresponding to the biometric authentication information.
- the key and the digital signature certificate private key do not need to compare the second biometric authentication information with the preset biometric authentication information, and the step of generating is performed when the comparison is consistent.
- Step 1103 After performing the digital signature on the opening request according to the first preset private key, generating a provisioning request message, where the opening request message carries the digital signature certificate public key.
- the first preset private key may be a preset security client private key, that is, the security client uses the preset security client private key to digitally sign the provisioning request, and then generates a provisioning request message.
- the foregoing activation request may simultaneously include the authentication challenge information, that is, the authentication challenge information and the digital signature certificate public key are simultaneously digitally signed to generate a provisioning request message.
- Step 1104 Send the open request message to the server, so that the server saves the digital signature certificate public key after the server approves the opening request message according to the first preset public key.
- the first preset private key corresponds to the first preset public key.
- the first preset public key may be a preset security client public key, that is, the security client sends a provisioning request message to the payment client, and the payment client passes the payment server.
- the opening request message is forwarded to the security server, and the digital signature certificate public key is stored after the security server verifies the opening request message according to the preset security client public key.
- the sending the request to the server in the step 1104, the method includes:
- the terminal device verifies whether the user is a legitimate user
- the original payment password is verified, and the activation request message is sent to the server when the verification is successful.
- the payment client may first obtain a mobile phone number bound to the current user, send a short message to the mobile phone of the mobile phone number, and receive a original payment password input by the user when receiving the message indicating the confirmation, and in the When the original payment password verification succeeds, the opening request message is forwarded to the security server by the payment server. From this, you can verify whether the current user is a support Paying the user of the client can improve the security of the payment operation.
- the payment client may specifically send a provisioning request message to the payment server by calling the service register BiometricRPC (device id, mobile device model, fingerprint open notification, logged-in user uid), and the payment server reports the opening request.
- the security server parses and stores the digital signature certificate public key in the provisioning request message after the authentication request packet is passed according to the preset security client public key.
- the preset security client private key corresponds to the preset security client public key.
- the payment verification server may return a message that the verification is passed, and then the payment server returns the message of the verification verification to the payment client, thereby paying the client. It is possible to display to the user that the authentication identity can be input by inputting fingerprint information, face image information or voice information in the process of payment, and the amount of payment is corresponding to the security level of different terminal devices.
- the user After performing the above-mentioned step of generating and storing the digital signature certificate private key and the digital signature certificate public key, the user can input fingerprint information, head image information, and sound information when making an order payment through the payment system. Perform identity authentication and perform payment operations after the identity authentication is passed.
- Step 120 Compare the first biometric authentication information with preset biometric authentication information, and read the pre-stored digital signature certificate private key when the comparison is consistent.
- the security client compares the first biometric authentication information with the preset biometric authentication information, and reads the pre-stored digital signature certificate private key when the comparison is consistent.
- Step 130 Perform digital signature on the service request according to the digital signature certificate private key, and generate a biometric information verification message.
- the foregoing service request may be a payment request, that is, the security client digitally signs the payment request according to the read digital signature certificate private key, and generates a biometric information verification message; then the biometric client generates the biometric The information verification message is sent to the payment client.
- Step 140 Send the biometric information verification message to the server, so that the server reads the pre-stored digital signature certificate public key corresponding to the digital signature certificate private key, and makes the service After verifying the biometric information verification packet according to the digital signature certificate public key, the terminal returns the authentication result information to the terminal device.
- the payment client sends the biometric information verification message to the payment server, and the payment server reads, from the security server, the pre-selected digital signature certificate public key corresponding to the digital signature certificate private key, according to the After the digital signature certificate public key checks the biometric information verification message, the authentication result information is returned to the payment client.
- the payment server needs to verify the biometric information verification certificate according to the digital signature certificate public key, and then according to a preset algorithm, The encrypted service request itself is decrypted, and the result information of the authentication success or not is returned to the payment client only after the decryption is successful.
- the identity authentication method and device provided by the application when the collected biometric authentication information is consistent with the preset biometric authentication information, the terminal device sends a biometric information verification report signed by the pre-stored digital signature certificate private key to the server.
- the server verifies the biometric information verification message according to the pre-stored digital signature certificate public key, thereby achieving the purpose of verifying the identity of the user, thereby improving the security and convenience of the business operation performed by the user.
- the following embodiment will be used to open a fingerprint payment, and after the fingerprint payment is opened, the identity of the user is authenticated by verifying the fingerprint information as an example.
- FIG. 2 is an information interaction diagram of an identity authentication method according to another embodiment of the present application. As shown in FIG. 2, the method may specifically include:
- Step 210 The payment client sends a first call message to the security client according to the received provisioning request.
- the first call message is used to indicate whether the security client verifies whether the terminal device currently used by the user supports fingerprint payment, and whether preset fingerprint information has been stored in the fingerprint sensor.
- step 220 the security client returns the supported information to the payment client.
- step 230 the payment client sends a provisioning request to the payment server.
- the payment client sends a provisioning request to the payment server through the service: getBiometricRegRequestRPC (device id, mobile device model, logged-in user uid).
- Step 240 The payment server sends a second call message to the security server according to the received provisioning request.
- the payment server sends a second call message to the secure server by calling the service mobileBiometricService.getRegRequest.
- Step 250 The security server generates a random string, and digitally signs the generated random string by using a preset security server private key to generate authentication challenge information.
- Step 260 The security server returns the generated authentication challenge information to the payment server.
- Step 270 The payment server forwards the authentication challenge information to the payment client.
- Step 280 The payment client sends the authentication challenge information to the security client.
- Step 290 The security client performs verification on the authentication challenge information according to the preset security server public key, and sends a second collection instruction to the fingerprint sensor of the terminal device after the verification is passed.
- Step 2100 The fingerprint sensor of the terminal device sends the first fingerprint information of the user collected in real time to the security client.
- Step 2110 When the security client compares the first fingerprint information collected in real time with the preset fingerprint information, the digital signature certificate private key corresponding to the first fingerprint information of the user and the digital signature certificate public key are generated, and the number is saved. Signature certificate private key.
- the security client receives the first message sent by the payment client, where the first message carries the unique identifier ID of the user and the ID of the terminal device;
- the security client generates a digital signature certificate private key corresponding to the first fingerprint information of the user and a digital signature certificate public key according to the ID of the user, the ID of the terminal device, and the result information of the comparison.
- the result information that is consistent with the above comparison is the result information that is consistent with the preset fingerprint information and the preset fingerprint information.
- the security client uses the preset security client private key to digitally sign the authentication challenge information, and then generates a provisioning request message, wherein the provisioning request message carries the digital signature certificate public key.
- step 2130 the security client sends a provisioning request message to the payment client.
- Step 2140 The payment client sends a verification request to the terminal device.
- Step 2150 The terminal device sends a response message indicating the acknowledgement to the payment client.
- Step 2160 The payment client receives the original payment password input by the user, and forwards the opening request message to the security server through the payment server when the original payment password is correct.
- Step 2170 After the security server verifies the opening request message according to the preset security client public key, the security server stores the digital signature certificate public key in the opening request message.
- step 2180 the security server returns a message that the verification is passed to the payment server.
- Step 2190 The payment server forwards the message of the above verification pass to the payment client.
- Step 2200 The payment client sends a first collection instruction to the fingerprint sensor of the terminal device through the security client according to the received payment request.
- the first collection instruction is used to instruct the fingerprint sensor to collect and return the second fingerprint information of the user to the security client.
- Step 2210 the security client receives the second fingerprint information collected by the fingerprint sensor in real time, and The second fingerprint information is compared with the preset fingerprint information.
- Step 2220 When the comparison is consistent, the pre-stored digital signature certificate private key is read, and the payment request message is digitally signed using the digital signature certificate private key, and then the biometric information verification message is generated.
- step 2230 the security client sends a biometric information verification message to the payment server through the payment client.
- Step 2240 The payment server reads the pre-selected stored digital signature certificate public key from the security server, and validates the biometric information verification message according to the digital signature certificate public key.
- Step 2250 The payment client receives a message indicating whether the authentication is successful by the payment server, and performs a payment operation after receiving the message that the authentication is successful.
- the identity authentication method provided by the present application unlocks the digital signature certificate private key stored in the security client when collecting the fingerprint information of the user, and replaces the fingerprint with the digital signature certificate private key in the process of identity authentication.
- the information is verified so that the purpose of replacing the original payment password can be achieved, and the security and convenience of the user's payment operation can be improved.
- step 210 to step 2190 in the embodiment of the present application may also be referred to as a fingerprint payment opening process, and the fingerprint payment opening process may be applied to any biometric and identity authentication process, such as iris, face, and Identity authentication at various security levels such as bracelets.
- biometric and identity authentication process such as iris, face, and Identity authentication at various security levels such as bracelets.
- an identity authentication device is also provided in the embodiment of the present application. As shown in FIG. 3, the device includes: an acquisition unit 301, a reading unit 302, a generating unit 303, and a sending unit 304.
- the collecting unit 301 is configured to receive a service request, and collect the first biometric authentication information of the user according to the service request.
- the biometric authentication information includes one or more of the following: fingerprint information, facial image information, and sound information.
- the reading unit 302 is configured to compare the first biometric authentication information collected by the collection unit 301 with the preset biometric authentication information, and read the pre-stored digital signature certificate private key when the comparison is consistent.
- the generating unit 303 is configured to digitally sign the service request according to the digital signature certificate private key read by the reading unit 302, and generate a biometric information verification message.
- the sending unit 304 is configured to send, to the server, the biometric information verification message generated by the generating unit 303, so that the server reads the pre-stored digital signature certificate public key corresponding to the digital signature certificate private key. After the server verifies the biometric information verification message according to the digital signature certificate public key, the server returns the authentication result information to the terminal device.
- the collecting unit 301 is further configured to receive the opening request, and collect the second biometric authentication information of the user according to the opening request.
- the collecting unit 301 is specifically configured to: send the opening request to the server; receive a response message returned by the server according to the opening request; perform verification on the response message, and collect the user after the verification is passed Second biometric authentication information.
- the generating unit 303 is further configured to: when the second biometric authentication information collected by the collecting unit 301 is aligned with the preset biometric authentication information, generate the digital signature certificate private corresponding to the second biometric authentication information The key and the digital signature certificate public key, and the digital signature certificate private key is saved.
- the generating unit 303 is specifically configured to: generate, according to the ID of the user, the ID of the terminal device, and the result information of the comparison, the digital signature certificate private key corresponding to the second biometric authentication information, and the number Signing certificate public key.
- the generating unit 303 is further configured to: after the digital signature of the opening request, generate a provisioning request message according to the first preset private key, where the opening request message carries the digital signature certificate public key.
- the sending unit 304 is further configured to send, to the server, the opening request message generated by the generating unit 303, so that the server verifies the opening request message according to the first preset public key. And saving the digital signature certificate public key, wherein the first preset private key corresponds to the first preset public key.
- the sending unit 304 is specifically configured to: verify whether the user is a legitimate user; when the user is a user, the original payment password is verified, and the activation request message is sent to the server when the verification is successful.
- the identity authentication device may be used for identity authentication in a payment process, and the service request is a payment request.
- the collecting unit 301 receives the service request, and collects the first biometric authentication information of the user according to the service request; the reading unit 302 compares the first biometric authentication information with the preset biometric authentication information. And, when the comparison is consistent, reading the pre-stored digital signature certificate private key; the generating unit 303 digitally signs the service request according to the digital signature certificate private key, and generates a biological information verification message; The unit 304 sends the biometric information verification message to the server, so that the server reads the pre-stored digital signature certificate public key corresponding to the digital signature certificate private key, and causes the server to perform the After the digital signature certificate public key checks the biometric information verification message, the authentication result information is returned to the terminal device. Thereby, the security and convenience of the user's payment operation can be improved.
- the steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented in hardware, a software module executed by a processor, or a combination of both.
- the software module can be placed in random access memory (RAM), memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field.
- RAM random access memory
- ROM read only memory
- electrically programmable ROM electrically erasable programmable ROM
- registers hard disk, removable disk, CD-ROM, or technical field.
Abstract
Description
Claims (14)
- 一种身份认证方法,其特征在于,该方法包括:终端设备接收业务请求,根据所述业务请求采集用户的第一生物认证信息;将所述第一生物认证信息与预设的生物认证信息进行比对,并在比对一致时,读取预先存储的数字签名证书私钥;根据所述数字签名证书私钥,对所述业务请求进行数字签名,并生成生物信息验证报文;向服务端发送所述生物信息验证报文,以使所述服务端读取预先存储的与所述数字签名证书私钥对应的数字签名证书公钥,并使所述服务端根据所述数字签名证书公钥对所述生物信息验证报文验签后,向所述终端设备返回认证结果信息。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:生成并存储所述数字签名证书私钥以及所述数字签名证书公钥的步骤,包括:所述终端设备接收开通请求,根据所述开通请求采集用户的第二生物认证信息;将所述第二生物认证信息与所述预设的生物认证信息比对一致时,生成与所述第二生物认证信息对应的所述数字签名证书私钥以及所述数字签名证书公钥,并保存所述数字签名证书私钥;根据第一预设的私钥,对所述开通请求进行数字签名后,生成开通请求报文,其中,所述开通请求报文携带所述数字签名证书公钥;向所述服务端发送所述开通请求报文,以使所述服务端根据第一预设的公钥对所述开通请求报文验签通过后,保存所述数字签名证书公钥,其中,所述第一预设的私钥与所述第一预设的公钥相对应。
- 根据权利要求1或2所述的方法,其特征在于,所述生物认证信息包括以下一种或多种:指纹信息、脸部图像信息以及声音信息。
- 根据权利要求2所述的方法,其特征在于,所述生成与所述第二生物认证信息对应的所述数字签名证书私钥以及所述数字签名证书公钥,包括:根据所述用户的ID、所述终端设备的ID以及比对一致的结果信息,生成与所述第二生物认证信息对应的所述数字签名证书私钥以及所述数字签名证书公钥。
- 根据权利要求2所述的方法,其特征在于,所述终端设备接收开通请求,根据所述开通请求采集用户的第二生物认证信息,包括:所述终端设备向所述服务端发送所述开通请求;接收所述服务端根据所述开通请求返回的响应消息;对所述响应消息进行验签,并在验签通过后采集用户的第二生物认证信息。
- 根据权利要求2所述的方法,其特征在于,所述向所述服务端发送所述开通请求报文,包括:所述终端设备验证所述用户是否为合法用户;当所述用户为合法用户时,对原始支付密码进行校验,并在校验成功时向所述服务端发送所述开通请求报文。
- 根据权利要求1、2、4-6任一项所述的方法,其特征在于,所述方法应用于支付过程中的身份认证,所述业务请求为支付请求。
- 一种身份认证装置,其特征在于,该装置包括:采集单元、读取单元、生成单元和发送单元;所述采集单元,用于接收业务请求,根据所述业务请求采集用户的第一生物认证信息;所述读取单元,用于将所述采集单元采集的所述第一生物认证信息与预设的生物认证信息进行比对,并在比对一致时,读取预先存储的数字签名证书私钥;所述生成单元,用于根据所述读取单元读取的所述数字签名证书私钥,对 所述业务请求进行数字签名,并生成生物信息验证报文;所述发送单元,用于向服务端发送所述生成单元生成的所述生物信息验证报文,以使所述服务端读取预先存储的与所述数字签名证书私钥对应的数字签名证书公钥,并使所述服务端根据所述数字签名证书公钥对所述生物信息验证报文验签后,向所述终端设备返回认证结果信息。
- 根据权利要求8所述的装置,其特征在于,所述采集单元,还用于接收开通请求,根据所述开通请求采集用户的第二生物认证信息;所述生成单元,还用将所述采集单元采集的所述第二生物认证信息与所述预设的生物认证信息比对一致时,生成与所述第二生物认证信息对应的所述数字签名证书私钥以及所述数字签名证书公钥,并保存所述数字签名证书私钥;所述生成单元,还用于根据第一预设的私钥,对所述开通请求进行数字签名后,生成开通请求报文,其中,所述开通请求报文携带所述数字签名证书公钥;所述发送单元,还用于向所述服务端发送所述生成单元生成的所述开通请求报文,以使所述服务端根据第一预设的公钥对所述开通请求报文验签通过后,保存所述数字签名证书公钥,其中,所述第一预设的私钥与所述第一预设的公钥相对应。
- 根据权利要求8或9所述的装置,其特征在于,所述生物认证信息包括以下一种或多种:指纹信息、脸部图像信息以及声音信息。
- 根据权利要求9所述的装置,其特征在于,所述生成单元具体用于:根据所述用户的ID、所述终端设备的ID以及比对一致的结果信息,生成与所述第二生物认证信息对应的所述数字签名证书私钥以及所述数字签名证书公钥。
- 根据权利要求9所述的装置,其特征在于,所述采集单元具体用于:向所述服务端发送所述开通请求;接收所述服务端根据所述开通请求返回的响应消息;对所述响应消息进行验签,并在验签通过后采集用户的第二生物认证信息。
- 根据权利要求9所述的装置,其特征在于,所述发送单元具体用于:验证所述用户是否为合法用户;当所述用户为合法用户时,对原始支付密码进行校验,并在校验成功时向所述服务端发送所述开通请求报文。
- 根据权利要求8、9、11-13任一项所述的装置,其特征在于,所述装置用于支付过程中的身份认证,所述业务请求为支付请求。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020187008503A KR20180048793A (ko) | 2015-08-27 | 2016-08-18 | 신원 인증 방법 및 장치 |
EP16838522.7A EP3343831B1 (en) | 2015-08-27 | 2016-08-18 | Identity authentication method and apparatus |
JP2018510966A JP2018532301A (ja) | 2015-08-27 | 2016-08-18 | 本人認証方法及び装置 |
SG11201801435QA SG11201801435QA (en) | 2015-08-27 | 2016-08-18 | Identity authentication method and apparatus |
US15/903,801 US11294993B2 (en) | 2015-08-27 | 2018-02-23 | Identity authentication using biometrics |
US17/712,976 US20220229893A1 (en) | 2015-08-27 | 2022-04-04 | Identity authentication using biometrics |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510534755.4A CN106487511B (zh) | 2015-08-27 | 2015-08-27 | 身份认证方法及装置 |
CN201510534755.4 | 2015-08-27 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/903,801 Continuation US11294993B2 (en) | 2015-08-27 | 2018-02-23 | Identity authentication using biometrics |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017032263A1 true WO2017032263A1 (zh) | 2017-03-02 |
Family
ID=58099613
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/095855 WO2017032263A1 (zh) | 2015-08-27 | 2016-08-18 | 身份认证方法及装置 |
Country Status (7)
Country | Link |
---|---|
US (2) | US11294993B2 (zh) |
EP (1) | EP3343831B1 (zh) |
JP (1) | JP2018532301A (zh) |
KR (1) | KR20180048793A (zh) |
CN (1) | CN106487511B (zh) |
SG (2) | SG10202101487PA (zh) |
WO (1) | WO2017032263A1 (zh) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109409295A (zh) * | 2018-10-29 | 2019-03-01 | 北京枭龙科技有限公司 | 多终端立体化智能人证核验系统 |
CN111381962A (zh) * | 2020-02-28 | 2020-07-07 | 中国科学院信息工程研究所 | 一种边缘服务迁移方法及装置 |
CN112019503A (zh) * | 2018-03-01 | 2020-12-01 | 北京华为数字技术有限公司 | 一种获得设备标识的方法、通信实体、通信系统及存储介质 |
CN112035806A (zh) * | 2020-07-21 | 2020-12-04 | 杜晓楠 | 区块链中基于指纹识别生成分布式身份的方法和计算机可读介质 |
CN112637131A (zh) * | 2020-12-01 | 2021-04-09 | 百果园技术(新加坡)有限公司 | 用户身份认证方法、装置、设备和存储介质 |
Families Citing this family (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110166246B (zh) * | 2016-03-30 | 2022-07-08 | 创新先进技术有限公司 | 基于生物特征的身份注册、认证的方法和装置 |
US20210374283A1 (en) * | 2017-05-31 | 2021-12-02 | Intuit Inc. | System for managing transactional data |
WO2019018046A1 (en) * | 2017-07-17 | 2019-01-24 | Hrl Laboratories, Llc | EXTRACTOR OF PRACTICAL REUSABLE APPROXIMATE VALUES BASED ON ERROR ASSUMPTION HYPOTHESIS AND RANDOM ORACLE |
DE102017119406A1 (de) * | 2017-08-24 | 2019-02-28 | Samson Aktiengesellschaft | Kommunikationsverfahren für ein Stellgerät |
CN107370601B (zh) * | 2017-09-18 | 2023-09-05 | 确信信息股份有限公司 | 一种集成多种安全认证的智能终端、系统及方法 |
JP7066380B2 (ja) * | 2017-11-17 | 2022-05-13 | キヤノン株式会社 | システム、システムにおける方法、情報処理装置、情報処理装置における方法、およびプログラム |
US11240233B2 (en) | 2017-12-22 | 2022-02-01 | Mastercard International Incorporated | Systems and methods for provisioning biometric image templates to devices for use in user authentication |
US10650632B2 (en) * | 2017-12-22 | 2020-05-12 | Mastercard International Incorporated | Systems and methods for provisioning digital identities to authenticate users |
CN109960916A (zh) * | 2017-12-22 | 2019-07-02 | 苏州迈瑞微电子有限公司 | 一种身份认证的方法和系统 |
WO2020031429A1 (ja) * | 2018-08-07 | 2020-02-13 | 日本電気株式会社 | 端末装置、認証サーバ、端末装置の制御方法、認証方法及びプログラム |
CN109040088B (zh) * | 2018-08-16 | 2022-02-25 | 腾讯科技(深圳)有限公司 | 认证信息传输方法、密钥管理客户端及计算机设备 |
CN109684806A (zh) * | 2018-08-31 | 2019-04-26 | 深圳壹账通智能科技有限公司 | 基于生理特征信息的身份验证方法、装置、系统和介质 |
CN108777694A (zh) * | 2018-09-06 | 2018-11-09 | 山西特信环宇信息技术有限公司 | 基于证件链技术的数字签名管控系统及方法 |
CN109213889B (zh) * | 2018-09-27 | 2022-01-25 | 中国银行股份有限公司 | 一种客户信息合并的方法及装置 |
CN112805702A (zh) * | 2019-03-07 | 2021-05-14 | 华为技术有限公司 | 仿冒app识别方法及装置 |
US10467398B1 (en) * | 2019-03-14 | 2019-11-05 | Alibaba Group Holding Limited | Authentication by transmitting information through a human body |
CN109874141A (zh) * | 2019-03-14 | 2019-06-11 | 公安部第一研究所 | 一种手机终端安全接入信息网络的方法及装置 |
CN110035071A (zh) * | 2019-03-26 | 2019-07-19 | 南瑞集团有限公司 | 一种面向工控系统的远程双因子双向认证方法、客户端及服务端 |
AU2019204723C1 (en) | 2019-03-29 | 2021-10-28 | Advanced New Technologies Co., Ltd. | Cryptographic key management based on identity information |
CA3058242C (en) | 2019-03-29 | 2022-05-31 | Alibaba Group Holding Limited | Managing cryptographic keys based on identity information |
AU2019204711B2 (en) | 2019-03-29 | 2020-07-02 | Advanced New Technologies Co., Ltd. | Securely performing cryptographic operations |
JP6756056B2 (ja) | 2019-03-29 | 2020-09-16 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 身元検証による暗号チップ |
CN110620763B (zh) * | 2019-08-27 | 2021-11-26 | 广东南粤银行股份有限公司 | 一种基于移动端app的移动身份认证方法及系统 |
CN110516435B (zh) * | 2019-09-02 | 2021-01-22 | 国网电子商务有限公司 | 一种基于生物特征的私钥管理方法及装置 |
AU2020370497A1 (en) * | 2019-10-23 | 2022-06-09 | Signicat As | Method and system for completing cross-channel transactions |
CN113055157B (zh) * | 2019-12-27 | 2023-03-10 | 京东科技控股股份有限公司 | 生物特征验证方法、装置、存储介质与电子设备 |
CN111414599A (zh) * | 2020-02-26 | 2020-07-14 | 北京奇艺世纪科技有限公司 | 身份验证方法、装置、终端、服务端以及可读存储介质 |
CN111401901B (zh) * | 2020-03-23 | 2021-06-04 | 腾讯科技(深圳)有限公司 | 生物支付设备的认证方法、装置、计算机设备和存储介质 |
CN113497805B (zh) * | 2020-04-01 | 2023-08-04 | 支付宝(杭州)信息技术有限公司 | 注册处理方法、装置、设备及系统 |
US11537701B2 (en) * | 2020-04-01 | 2022-12-27 | Toyota Motor North America, Inc. | Transport related n-factor authentication |
SG10202003630VA (en) * | 2020-04-21 | 2021-09-29 | Grabtaxi Holdings Pte Ltd | Authentication and validation procedure for improved security in communications systems |
CN111541775B (zh) * | 2020-05-09 | 2023-06-16 | 飞天诚信科技股份有限公司 | 一种认证报文的安全转换方法及系统 |
CN111800377B (zh) * | 2020-05-20 | 2023-03-24 | 中国电力科学研究院有限公司 | 一种基于安全多方计算的移动终端身份认证系统 |
CN111709747B (zh) * | 2020-06-10 | 2023-08-18 | 中国工商银行股份有限公司 | 智能终端认证方法及系统 |
CN111726365A (zh) * | 2020-06-29 | 2020-09-29 | 深圳前海微众银行股份有限公司 | 一种在线身份认证的方法及装置 |
CN111914308B (zh) * | 2020-07-27 | 2024-02-13 | 万达信息股份有限公司 | 一种利用智能卡内ca证书进行移动数据签名的方法 |
CN111899029A (zh) * | 2020-08-13 | 2020-11-06 | 北京字节跳动网络技术有限公司 | 用于电子支付的身份验证方法和装置 |
CN114666081A (zh) * | 2020-12-23 | 2022-06-24 | 中国移动通信有限公司研究院 | 预警消息输出方法、预警消息分发方法、装置及相关设备 |
CN112580010B (zh) * | 2020-12-23 | 2024-01-30 | 四川虹微技术有限公司 | 一种生物特征共享方法、装置、电子设备及存储介质 |
CN114696999A (zh) * | 2020-12-26 | 2022-07-01 | 西安西电捷通无线网络通信股份有限公司 | 一种身份鉴别方法和装置 |
CN112866236B (zh) * | 2021-01-15 | 2023-03-31 | 云南电网有限责任公司电力科学研究院 | 一种基于简化数字证书的物联网身份认证系统 |
CN112953970B (zh) * | 2021-04-01 | 2023-04-18 | 国民认证科技(北京)有限公司 | 一种身份认证方法及身份认证系统 |
CN113159771A (zh) * | 2021-04-27 | 2021-07-23 | 中国工商银行股份有限公司 | 一种安全支付装置、方法及计算机设备和可读存储介质 |
CN114679293A (zh) * | 2021-06-15 | 2022-06-28 | 腾讯云计算(北京)有限责任公司 | 基于零信任安全的访问控制方法、设备及存储介质 |
CN113409055A (zh) * | 2021-06-30 | 2021-09-17 | 深圳市商汤科技有限公司 | 支付方法、系统、电子设备及存储介质 |
CN113626787B (zh) * | 2021-08-27 | 2024-01-30 | 京东方科技集团股份有限公司 | 设备指纹生成方法及相关设备 |
CN113742705A (zh) * | 2021-08-30 | 2021-12-03 | 北京一砂信息技术有限公司 | 一种基于ifaa号码认证服务实现的方法及系统 |
CN114553405A (zh) * | 2022-02-10 | 2022-05-27 | 国网山东省电力公司电力科学研究院 | 基于国密sm9算法的5g二次认证方法和系统 |
CN114679276B (zh) * | 2022-02-18 | 2024-04-23 | 支付宝(杭州)信息技术有限公司 | 基于时间的一次性密码算法的身份认证方法和装置 |
CN114745180A (zh) * | 2022-04-11 | 2022-07-12 | 中国南方电网有限责任公司 | 接入认证方法、装置和计算机设备 |
CN115051812B (zh) * | 2022-07-11 | 2024-03-08 | 安徽大学 | 一种基于二维码和生物特征的用户身份双重识别方法 |
CN115834074B (zh) * | 2022-10-18 | 2023-07-21 | 支付宝(杭州)信息技术有限公司 | 一种身份认证方法、装置及设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060176146A1 (en) * | 2005-02-09 | 2006-08-10 | Baldev Krishan | Wireless universal serial bus memory key with fingerprint authentication |
CN101101686A (zh) * | 2006-07-03 | 2008-01-09 | 上海交通大学 | 电子银行认证方法,及采用该方法的系统和智能卡 |
CN101340285A (zh) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | 利用指纹USBkey进行身份验证的方法及系统 |
CN102880960A (zh) * | 2012-09-26 | 2013-01-16 | 深圳市亚略特生物识别科技有限公司 | 基于指纹识别手机的短信支付方法及系统 |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
JP2002222022A (ja) * | 2001-01-29 | 2002-08-09 | Toshiba Corp | 電子機器システム及び電子機器システムの起動方法 |
KR20050083594A (ko) * | 2002-07-03 | 2005-08-26 | 오로라 와이어리스 테크놀로지즈 리미티드 | 바이오메트릭 개인키 인프라스트럭처 |
JP4462863B2 (ja) * | 2003-07-16 | 2010-05-12 | 株式会社エヌ・ティ・ティ・データ | 本人認証装置、生体特徴情報更新方法およびプログラム |
US20070050303A1 (en) * | 2005-08-24 | 2007-03-01 | Schroeder Dale W | Biometric identification device |
JPWO2007094165A1 (ja) * | 2006-02-15 | 2009-07-02 | 日本電気株式会社 | 本人確認システムおよびプログラム、並びに、本人確認方法 |
JP4975478B2 (ja) * | 2007-02-22 | 2012-07-11 | 富士通株式会社 | 自動取引装置及び自動取引装置の取引処理方法 |
CN101101656A (zh) | 2007-06-20 | 2008-01-09 | 上海灵慧软件销售有限公司 | 基于按销售额提成付费模式的电信产品网络营销方法 |
CN100543792C (zh) | 2007-07-12 | 2009-09-23 | 黄晖 | 对数据采集监控设备远程控制的方法和系统 |
JP5107731B2 (ja) * | 2008-01-18 | 2012-12-26 | 株式会社日立製作所 | 生体情報登録システム |
US8438385B2 (en) * | 2008-03-13 | 2013-05-07 | Fujitsu Limited | Method and apparatus for identity verification |
JP5560011B2 (ja) * | 2009-09-24 | 2014-07-23 | 株式会社みずほフィナンシャルグループ | リモートアクセス制御方法及びリモートアクセス制御システム |
US20110083018A1 (en) * | 2009-10-06 | 2011-04-07 | Validity Sensors, Inc. | Secure User Authentication |
US20140156531A1 (en) * | 2010-12-14 | 2014-06-05 | Salt Technology Inc. | System and Method for Authenticating Transactions Through a Mobile Device |
US8719952B1 (en) * | 2011-03-25 | 2014-05-06 | Secsign Technologies Inc. | Systems and methods using passwords for secure storage of private keys on mobile devices |
KR20140138271A (ko) * | 2012-03-15 | 2014-12-03 | 미코 코포레이션 | 생체 측정 인증 시스템 |
WO2014176539A1 (en) * | 2013-04-26 | 2014-10-30 | Interdigital Patent Holdings, Inc. | Multi-factor authentication to achieve required authentication assurance level |
JP2015036847A (ja) | 2013-08-12 | 2015-02-23 | 株式会社東芝 | 半導体装置 |
WO2016038729A1 (ja) * | 2014-09-12 | 2016-03-17 | 株式会社東芝 | 認証システム、利用者端末、制御装置、サービス提供装置、プログラム、および認証方法 |
US20160105285A1 (en) * | 2014-10-14 | 2016-04-14 | Qualcomm Incorporated | Deriving cryptographic keys from biometric parameters |
CN104899488B (zh) * | 2014-12-31 | 2016-12-28 | 深圳市腾讯计算机系统有限公司 | 数值转移方法及装置 |
-
2015
- 2015-08-27 CN CN201510534755.4A patent/CN106487511B/zh active Active
-
2016
- 2016-08-18 SG SG10202101487PA patent/SG10202101487PA/en unknown
- 2016-08-18 WO PCT/CN2016/095855 patent/WO2017032263A1/zh active Application Filing
- 2016-08-18 JP JP2018510966A patent/JP2018532301A/ja active Pending
- 2016-08-18 KR KR1020187008503A patent/KR20180048793A/ko not_active IP Right Cessation
- 2016-08-18 EP EP16838522.7A patent/EP3343831B1/en active Active
- 2016-08-18 SG SG11201801435QA patent/SG11201801435QA/en unknown
-
2018
- 2018-02-23 US US15/903,801 patent/US11294993B2/en active Active
-
2022
- 2022-04-04 US US17/712,976 patent/US20220229893A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060176146A1 (en) * | 2005-02-09 | 2006-08-10 | Baldev Krishan | Wireless universal serial bus memory key with fingerprint authentication |
CN101101686A (zh) * | 2006-07-03 | 2008-01-09 | 上海交通大学 | 电子银行认证方法,及采用该方法的系统和智能卡 |
CN101340285A (zh) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | 利用指纹USBkey进行身份验证的方法及系统 |
CN102880960A (zh) * | 2012-09-26 | 2013-01-16 | 深圳市亚略特生物识别科技有限公司 | 基于指纹识别手机的短信支付方法及系统 |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019503A (zh) * | 2018-03-01 | 2020-12-01 | 北京华为数字技术有限公司 | 一种获得设备标识的方法、通信实体、通信系统及存储介质 |
CN112019503B (zh) * | 2018-03-01 | 2023-11-07 | 北京华为数字技术有限公司 | 一种获得设备标识的方法、通信实体、通信系统及存储介质 |
CN109409295A (zh) * | 2018-10-29 | 2019-03-01 | 北京枭龙科技有限公司 | 多终端立体化智能人证核验系统 |
CN111381962A (zh) * | 2020-02-28 | 2020-07-07 | 中国科学院信息工程研究所 | 一种边缘服务迁移方法及装置 |
CN111381962B (zh) * | 2020-02-28 | 2023-05-30 | 中国科学院信息工程研究所 | 一种边缘服务迁移方法及装置 |
CN112035806A (zh) * | 2020-07-21 | 2020-12-04 | 杜晓楠 | 区块链中基于指纹识别生成分布式身份的方法和计算机可读介质 |
CN112035806B (zh) * | 2020-07-21 | 2023-12-08 | 杜晓楠 | 区块链中基于指纹识别生成分布式身份的方法和计算机可读介质 |
CN112637131A (zh) * | 2020-12-01 | 2021-04-09 | 百果园技术(新加坡)有限公司 | 用户身份认证方法、装置、设备和存储介质 |
CN112637131B (zh) * | 2020-12-01 | 2023-04-18 | 百果园技术(新加坡)有限公司 | 用户身份认证方法、装置、设备和存储介质 |
Also Published As
Publication number | Publication date |
---|---|
KR20180048793A (ko) | 2018-05-10 |
US20220229893A1 (en) | 2022-07-21 |
SG10202101487PA (en) | 2021-03-30 |
US11294993B2 (en) | 2022-04-05 |
CN106487511A (zh) | 2017-03-08 |
CN106487511B (zh) | 2020-02-04 |
SG11201801435QA (en) | 2018-03-28 |
EP3343831B1 (en) | 2022-06-29 |
EP3343831A1 (en) | 2018-07-04 |
US20180181739A1 (en) | 2018-06-28 |
EP3343831A4 (en) | 2019-04-10 |
JP2018532301A (ja) | 2018-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017032263A1 (zh) | 身份认证方法及装置 | |
US11489673B2 (en) | System and method for device registration and authentication | |
US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
CN106664208B (zh) | 使用安全传输协议建立信任的系统和方法 | |
WO2017197974A1 (zh) | 一种基于生物特征的安全认证方法、装置及电子设备 | |
CN106575416B (zh) | 用于向装置验证客户端的系统和方法 | |
CN106464673B (zh) | 用于验证装置注册的增强的安全性 | |
KR101918827B1 (ko) | 결제 검증 시스템, 방법 및 장치 | |
WO2017071496A1 (zh) | 实现会话标识同步的方法及装置 | |
US20200280550A1 (en) | System and method for endorsing a new authenticator | |
CN110086608A (zh) | 用户认证方法、装置、计算机设备及计算机可读存储介质 | |
AU2013205396B2 (en) | Methods and Systems for Conducting Smart Card Transactions | |
KR20170043520A (ko) | 비대칭 암호화를 이용하여 otp를 구현하기 위한 시스템 및 방법 | |
TW201430607A (zh) | 判定認證能力之查詢系統及方法 | |
WO2015188424A1 (zh) | 一种密钥存储设备及其使用方法 | |
EP3206329B1 (en) | Security check method, device, terminal and server | |
US9882719B2 (en) | Methods and systems for multi-factor authentication | |
WO2021190197A1 (zh) | 生物支付设备的认证方法、装置、计算机设备和存储介质 | |
WO2018072588A1 (zh) | 一种审批签名验证方法、移动设备、终端设备及系统 | |
CN113711560A (zh) | 用于有效质询-响应验证的系统和方法 | |
US10333707B1 (en) | Systems and methods for user authentication | |
US20210120417A1 (en) | Systems and methods for securing communication between a native application and an embedded hybrid component on an electronic device | |
JP2006155547A (ja) | 本人認証システム、端末装置、およびサーバ | |
US20130166911A1 (en) | Implementation process for the use of cryptographic data of a user stored in a data base | |
WO2018098686A1 (zh) | 安全验证方法、装置、终端设备及服务器 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16838522 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2018510966 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20187008503 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016838522 Country of ref document: EP |