WO2017167093A1 - 基于生物特征的身份注册、认证的方法和装置 - Google Patents
基于生物特征的身份注册、认证的方法和装置 Download PDFInfo
- Publication number
- WO2017167093A1 WO2017167093A1 PCT/CN2017/077686 CN2017077686W WO2017167093A1 WO 2017167093 A1 WO2017167093 A1 WO 2017167093A1 CN 2017077686 W CN2017077686 W CN 2017077686W WO 2017167093 A1 WO2017167093 A1 WO 2017167093A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- biometric
- server
- service
- registration
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Definitions
- a registration information response unit configured to receive, from the service server, a registration information request message from the user equipment, where the registration information request message includes a service account identifier; generate a virtual account identifier corresponding to the service account identifier, and set the virtual account
- the identifier and the server public key are encapsulated in the registration information response message, and the registration information response message is signed by the server private key corresponding to the server public key, and then sent to the service server for the service server to register the information response message. Forwarded to the user equipment;
- a first embodiment of the present application describes a biometric-based identity registration method.
- the process applied to the user equipment is as shown in FIG. 2, and the process applied to the authentication server is as shown in FIG. 3.
- the service server receives a registration information request message from the user equipment, where the registration information request message includes a service account identifier, generates a virtual account identifier corresponding to the service account identifier, and sets the virtual account identifier and the server.
- the public key is encapsulated in the registration information response message, and the server private key pair registration information corresponding to the server public key is adopted. After the response packet is signed, it is sent to the service server, and the service server forwards the registration information response message to the user equipment.
- the service client of the user equipment sends a registration information request message to the service server, where the registration information request message includes a service account identifier.
- the service account identifier is information on the service server that uniquely corresponds to the user account for identity registration, and may be, for example, the name, code, etc. of the user account in the service system.
- the registration information request message may further include a device identifier of the user equipment.
- the service server forwards the registration information request message to the authentication server.
- the biometric client utilizes the biometric data therein to perform biometric verification of the user's identity.
- the specific manner of the biometric verification may be implemented by referring to the biometric identification method of the user equipment in the prior art, for example, by comparing with the pre-preserved sample data on the user equipment, if the matching degree satisfies certain predetermined conditions, Biometric verification was successful.
- the biometric authentication client encapsulates the verification result passed in the local biometric authentication response and returns the biometric authentication middleware, and the biometric authentication middleware returns the local biometric authentication response to the service client.
- step 630 the authentication request message is verified by using the registered service public key, and the user is authenticated according to the biometric token and the registered biometric token in the authentication request message.
- the user equipment is a trusted device by pre-preserving the device private key and the device public key on the user equipment, and the reliability of the service server is verified by the server public key and the server private key.
- the device identifier, the virtual account identifier, the biometric authentication type, the biometric token, and the service public key of the user equipment are securely registered on the authentication server for subsequent identity authentication, thereby improving the security of the identity registration process.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Biodiversity & Conservation Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Power Engineering (AREA)
- Collating Specific Patterns (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Mobile Radio Communication Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (20)
- 一种基于生物特征的身份注册方法,应用在用户设备上,其特征在于,所述用户设备上运行有业务客户端、生物认证中间件、生物认证客户端、身份认证检验器和令牌及密钥管理器,所述方法包括:业务客户端向生物认证中间件发起设备信息请求,生物认证中间件将所述设备信息请求转发给生物认证客户端,生物认证客户端将所述设备信息请求转发给身份认证检验器,身份认证检验器获取所述用户设备包括设备标识的设备信息并将所述设备信息携带在设备信息响应中返回给生物认证客户端,生物认证客户端将所述设备信息响应返回给生物认证中间件,生物认证中间件将所述设备信息响应返回给业务客户端;业务客户端向业务服务器发送包括业务账户标识的注册信息请求报文,接收业务服务器返回的注册信息响应报文;所述注册信息响应报文由认证服务器采用服务器私钥签名后发送给业务服务器,其中包括认证服务器在收到业务服务器转发的注册信息请求报文后生成的对应于所述业务账户标识的虚拟账户标识、与所述服务器私钥相对应的服务器公钥;业务客户端确定用户的生物认证类型,获取所述生物认证类型的用户的生物数据,将生物数据携带在本地生物认证请求中发送给生物认证中间件,生物认证中间件将所述本地生物认证请求转发给生物认证客户端,生物认证客户端利用所述生物数据对用户身份进行生物特征校验并将校验结果在本地生物认证响应中返回给生物认证中间件,生物认证中间件将所述本地生物认证响应返回给业务客户端;在本地生物特征校验结果为通过时,业务客户端将注册信息响应报文发送给生物认证中间件,生物认证中间件将所述注册信息响应报文转发给生物认证客户端;生物认证客户端将所述注册信息响应报文转发给 身份认证检验器,身份认证检验器采用所述服务器公钥对注册信息响应报文进行验签,在验签通过后从令牌及密钥管理器获取与用户最近一次通过本地生物校验时所采用生物数据对应的生物特征令牌,生成相对应的业务公钥和业务私钥,保存虚拟账户标识、生物认证类型、生物认证令牌和业务私钥的对应关系;身份认证检验器将设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥封装在注册请求报文中,并交由令牌及密钥管理器采用所述用户设备的设备私钥对注册请求报文进行签名后,将注册请求报文返回给生物认证客户端,生物认证客户端将所述注册请求报文返回给生物认证中间件,生物认证中间件将所述注册请求报文返回给业务客户端;业务客户端将所述注册请求报文发送业务服务器,所述注册请求报文由业务服务器转发给认证服务器,供认证服务器在交由生物认证中心服务器采用所述用户设备的设备公钥进行验签后,保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系,以用来对所述账户进行身份认证。
- 根据权利要求1所述的方法,其特征在于,所述注册信息响应报文中还包括:认证服务器生成的所述虚拟账户的注册挑战码;所述注册请求报文中还包括:由身份认证检验器封装的所述注册挑战码,供认证服务器在收到注册请求报文后,根据所述注册挑战码以及发送注册信息响应报文和收到注册请求报文的时间间隔,对注册请求报文进行验证。
- 根据权利要求1所述的方法,其特征在于,所述身份认证检验器和令牌及密钥管理器运行在所述用户设备上的安全环境中。
- 一种基于生物特征的身份注册方法,应用在认证服务器上,其特征在于,包括:从业务服务器接收来自用户设备的注册信息请求报文,所述注册信息请求报文中包括业务账户标识;生成对应于所述业务账户标识的虚拟账户标识,将虚拟账户标识和服务器公钥封装在注册信息响应报文中,采用与所述服务器公钥相对应的服务器私钥对注册信息响应报文签名后,发送给业务服务器,供业务服务器将注册信息响应报文转发给用户设备;从业务服务器接收来自用户设备的注册请求报文,所述注册请求报文中包括用户设备的设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥,并采用所述用户设备的设备密钥进行签名;将所述注册请求报文发送给生物认证中心服务器,接收生物认证中心服务器采用所述设备标识对应的设备公钥对注册请求报文进行验签后返回的验签结果;在注册请求报文通过验签后,保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系,以用来对所述账户进行身份认证。
- 根据权利要求4所述的方法,其特征在于,所述方法还包括:生成所述虚拟账户的注册挑战码;所述注册信息响应报文中还包括:所生成的注册挑战码;所述注册请求报文中还包括:注册挑战码;所述保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系,包括:当注册请求报文中的注册挑战码与为注册请求报文中虚拟账户生成的注册挑战码相同、并且发送注册信息响应报文和收到注册请求报文的时间间隔在第一预定时长范围内时,保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系。
- 一种基于生物特征的身份认证方法,应用在用户设备上,其特征在于,所述用户设备上运行有业务客户端、生物认证中间件、生物认证客户端、身份认证检验器和令牌及密钥管理器,包括:业务客户端向生物认证中间件发起设备信息请求,生物认证中间件将所述设备信息请求转发给生物认证客户端,生物认证客户端将所述设备信息请求转发给身份认证检验器,身份认证检验器获取所述用户设备包括设备标识的设备信息并将所述设备信息携带在设备信息响应中返回给生物认证客户端,生物认证客户端将所述设备信息响应返回给生物认证中间件,生物认证中间件将所述设备信息响应返回给业务客户端;业务客户端向业务服务器发送包括设备标识的认证信息请求报文,接收业务服务器返回的认证信息响应报文;所述认证信息响应报文由认证服务器采用服务器私钥签名后发送给业务服务器,其中包括认证服务器在收到业务服务器转发的认证信息请求报文后获取的与所述设备标识对应的虚拟账户标识、和与所述服务器私钥相对应的服务器公钥;业务客户端获取注册时所采用生物认证类型的用户的生物数据,将生物数据携带在本地生物认证请求中发送给生物认证中间件,生物认证中间件将所述本地生物认证请求转发给生物认证客户端,生物认证客户端利用所述生物数据对用户身份进行生物特征校验并将校验结果在本地生物认证响应中返回给生物认证中间件,生物认证中间件将所述本地生物认证响应返回给业务客户端;在本地生物特征校验结果为通过时,业务客户端将认证信息响应报文发送给生物认证中间件,生物认证中间件将所述认证信息响应报文转发给生物认证客户端;生物认证客户端将所述认证信息响应报文转发给身份认证检验器,身份认证检验器采用所述服务器公钥对认证信息响应报文进行验签,在验签通过后从令牌及密钥管理器获取与用户最近一次 通过本地生物校验时所采用生物数据对应的生物特征令牌,在保存的虚拟账户标识、生物认证类型、生物特征令牌、和业务私钥的对应关系中获取与所述生物认证类型、认证信息响应报文中的虚拟账户标识和生物特征令牌对应的业务私钥,将设备标识、虚拟账户标识、生物认证类型和生物特征令牌封装在认证请求报文中,并采用业务私钥对认证请求报文签名后,返回给生物认证客户端;生物认证客户端将所述认证请求报文返回给生物认证中间件,生物认证中间件将所述认证请求报文返回给业务客户端;业务客户端将所述认证请求报文发送业务服务器,所述认证请求报文由业务服务器转发给认证服务器,供认证服务器根据与虚拟账户标识、设备标识和生物认证类型对应的已注册生物特征令牌和已注册业务公钥对用户进行身份认证。
- 根据权利要求6所述的方法,其特征在于,所述认证信息响应报文中还包括:认证服务器生成的所述虚拟账户的认证挑战码;所述认证请求报文中还包括:由身份认证检验器封装的所述认证挑战码,供认证服务器在收到认证请求报文后,根据所述认证挑战码以及发送认证信息响应报文和收到认证请求报文的时间间隔,对认证请求报文进行验证。
- 根据权利要求6所述的方法,其特征在于,所述身份认证检验器和令牌及密钥管理器运行在所述用户设备上的安全环境中。
- 一种基于生物特征的身份认证方法,应用在认证服务器上,其特征在于,包括:从业务服务器接收来自用户设备的认证信息请求报文,所述认证信息请求报文中包括用户设备的设备标识;获取对应于所述设备标识的虚拟账户标识,将虚拟账户标识和服务器公钥封装在认证信息响应报文中, 采用与所述服务器公钥相对应的服务器私钥对认证信息响应报文签名后,发送给业务服务器,供业务服务器将认证信息响应报文转发给用户设备;从业务服务器接收来自用户设备的认证请求报文,所述认证请求报文中包括用户设备的设备标识、虚拟账户标识、生物认证类型和生物特征令牌,并采用业务公钥进行签名;获取与认证请求报文中的设备标识、虚拟账户标识和生物认证类型对应的已注册生物特征令牌和已注册业务公钥;采用已注册业务公钥对认证请求报文进行验签,并根据认证请求报文中的生物特征令牌和已注册生物特征令牌对用户进行身份认证。
- 根据权利要求9所述的方法,其特征在于,所述方法还包括:生成所述虚拟账户的认证挑战码;所述认证信息响应报文中还包括:所生成的认证挑战码;所述认证请求报文中还包括:认证挑战码;所述采用已注册业务公钥对认证请求报文进行验签,并根据认证请求报文中的生物特征令牌和已注册生物特征令牌对用户进行身份认证,包括:当认证请求报文中的认证挑战码与为认证请求报文中虚拟账户生成的认证挑战码相同、并且发送认证信息响应报文和收到认证请求报文的时间间隔在第二预定时长范围内时,采用已注册业务公钥对认证请求报文进行验签,并根据认证请求报文中的生物特征令牌和已注册生物特征令牌对用户进行身份认证。
- 一种基于生物特征的身份注册装置,应用在用户设备上,其特征在于,包括:业务客户端,用于向生物认证中间件发起设备信息请求,接收生物认证中间件返回的带有设备标识的设备信息响应;向业务服务器发送包 括业务账户标识的注册信息请求报文,接收业务服务器返回的注册信息响应报文;所述注册信息响应报文由认证服务器采用服务器私钥签名后发送给业务服务器,其中包括认证服务器在收到业务服务器转发的注册信息请求报文后生成的对应于所述业务账户标识的虚拟账户标识、与所述服务器私钥相对应的服务器公钥;确定用户的生物认证类型,获取所述生物认证类型的用户的生物数据,将生物数据携带在本地生物认证请求中发送给生物认证中间件,接收生物认证中间件返回的带有本地生物校验结果的本地生物认证响应;在本地生物特征校验结果为通过时,将注册信息响应报文发送给生物认证中间件,接收生物认证中间件返回的注册请求报文,所述注册请求报文包括设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥,并采用所述用户设备的设备私钥进行签名;将注册请求报文发送给业务服务器,所述注册请求报文由业务服务器转发给认证服务器,供认证服务器在交由生物认证中心服务器采用所述用户设备的设备公钥进行验签后,保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系,以用来对所述账户进行身份认证;生物认证中间件,用于从业务客户端接收并向生物认证客户端转发设备信息请求,从生物认证客户端接收并向业务客户端转发设备信息响应;从业务客户端接收并向生物认证客户端转发本地生物认证请求,从生物认证客户端接收并向业务客户端转发本地生物认证响应;从业务客户端接收并向生物认证客户端转发注册信息响应报文,从生物认证客户端接收并向业务客户端转发注册请求报文;生物认证客户端,用于从生物认证中间件接收并向身份认证检验器转发设备信息请求,从身份认证检验器接收并向生物认证中间件转发设备信息响应;从生物认证中间件接收本地生物认证请求,利用本地生物 认证请求中的生物数据对用户身份进行生物特征校验并将校验结果在本地生物认证响应中返回给生物认证中间件;从生物认证中间件接收并向身份认证检验器转发注册信息响应报文,从身份认证检验器接收并向生物认证中间件转发注册请求报文;身份认证检验器,用于在收到生物认证客户端转发的设备信息请求后,获取所述用户设备包括设备标识的设备信息并将所述设备信息携带在设备信息响应中返回给生物认证客户端;在收到生物认证客户端转发的注册信息响应报文后,采用注册信息响应报文中的服务器公钥对注册信息响应报文进行验签,在验签通过后从令牌及密钥管理器获取与用户最近一次通过本地生物校验时所采用生物数据对应的生物特征令牌,生成相对应的业务公钥和业务私钥,保存虚拟账户标识、生物认证类型、生物认证令牌和业务私钥的对应关系,将设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥封装在注册请求报文中,并交由令牌及密钥管理器采用所述用户设备的设备私钥对注册请求报文进行签名后,将注册请求报文返回给生物认证客户端;令牌及密钥管理器,用于向身份认证检验器提供与用户最近一次通过本地生物校验时所采用生物数据对应的生物特征令牌;在收到来自身份认证检验器的注册请求报文后采用保存的所述用户设备的设备私钥对注册请求报文进行签名后返回给身份认证检验器。
- 根据权利要求11所述的装置,其特征在于,所述注册信息响应报文中还包括:认证服务器生成的所述虚拟账户的注册挑战码;所述注册请求报文中还包括:所述注册挑战码,供认证服务器在收到注册请求报文后,根据所述注册挑战码以及发送注册信息响应报文和收到注册请求报文的时间间隔,对注册请求报文进行验证。
- 根据权利要求11所述的装置,其特征在于,所述身份认证检 验器和令牌及密钥管理器运行在所述用户设备上的安全环境中。
- 一种基于生物特征的身份注册装置,应用在认证服务器上,其特征在于,包括:注册信息响应单元,用于从业务服务器接收来自用户设备的注册信息请求报文,所述注册信息请求报文中包括业务账户标识;生成对应于所述业务账户标识的虚拟账户标识,将虚拟账户标识和服务器公钥封装在注册信息响应报文中,采用与所述服务器公钥相对应的服务器私钥对注册信息响应报文签名后,发送给业务服务器,供业务服务器将注册信息响应报文转发给用户设备;注册请求接收单元,用于从业务服务器接收来自用户设备的注册请求报文,所述注册请求报文中包括用户设备的设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥,并采用所述用户设备的设备密钥进行签名;将所述注册请求报文发送给生物认证中心服务器,接收生物认证中心服务器采用所述设备标识对应的设备公钥对注册请求报文进行验签后返回的验签结果;注册信息保存单元,用于在注册请求报文通过验签后,保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系,以用来对所述账户进行身份认证。
- 根据权利要求14所述的装置,其特征在于,所述装置还包括:注册挑战码生成单元,用于生成所述虚拟账户的注册挑战码;所述注册信息响应报文中还包括:所生成的注册挑战码;所述注册请求报文中还包括:注册挑战码;所述注册信息保存单元具体用于:在注册请求报文通过验签后,当注册请求报文中的注册挑战码与为注册请求报文中虚拟账户生成的注册挑战码相同、并且发送注册信息响应报文和收到注册请求报文的时间 间隔在第一预定时长范围内时,保存所述设备标识、虚拟账户标识、生物认证类型、生物特征令牌和业务公钥的对应关系。
- 一种基于生物特征的身份认证装置,应用在用户设备上,其特征在于,包括:业务客户端,用于向生物认证中间件发起设备信息请求,接收生物认证中间件返回的带有设备标识的设备信息响应;向业务服务器发送包括设备标识的认证信息请求报文,接收业务服务器返回的认证信息响应报文,所述认证信息响应报文由认证服务器采用服务器私钥签名后发送给业务服务器,其中包括认证服务器在收到业务服务器转发的认证信息请求报文后获取的与所述设备标识对应的虚拟账户标识、和与所述服务器私钥相对应的服务器公钥;获取注册时所采用生物认证类型的用户的生物数据,将生物数据携带在本地生物认证请求中发送给生物认证中间件,接收生物认证中间件返回的带有本地生物校验结果的本地生物认证响应;在本地生物特征校验结果为通过时,将认证信息响应报文发送给生物认证中间件,接收生物认证中间件返回的认证请求报文,所述认证请求报文包括设备标识、虚拟账户标识、生物认证类型和生物特征令牌,并采用业务私钥进行签名;将认证请求报文发送给业务服务器,所述认证请求报文由业务服务器转发给认证服务器,供认证服务器根据与虚拟账户标识、设备标识和生物认证类型对应的已注册生物特征令牌和已注册业务公钥对用户进行身份认证;生物认证中间件,用于从业务客户端接收并向生物认证客户端转发设备信息请求,从生物认证客户端接收并向业务客户端转发设备信息响应;从业务客户端接收并向生物认证客户端转发本地生物认证请求,从生物认证客户端接收并向业务客户端转发本地生物认证响应;从业务客户端接收并向生物认证客户端转发认证信息响应报文,从生物认证客户 端接收并向业务客户端转发认证请求报文;生物认证客户端,用于从生物认证中间件接收并向身份认证检验器转发设备信息请求,从身份认证检验器接收并向生物认证中间件转发设备信息响应;从生物认证中间件接收本地生物认证请求,利用本地生物认证请求中的生物数据对用户身份进行生物特征校验并将校验结果在本地生物认证响应中返回给生物认证中间件;从生物认证中间件接收并向身份认证检验器转发认证信息响应报文,从身份认证检验器接收并向生物认证中间件转发认证请求报文;身份认证检验器,用于在收到生物认证客户端转发的设备信息请求后,获取所述用户设备包括设备标识的设备信息并将所述设备信息携带在设备信息响应中返回给生物认证客户端;在收到生物认证客户端转发的认证信息响应报文后,采用认证信息响应报文中的服务器公钥对认证信息响应报文进行验签,在验签通过后从令牌及密钥管理器获取与用户最近一次通过本地生物校验时所采用生物数据对应的生物特征令牌,在保存的虚拟账户标识、生物认证类型、生物特征令牌、和业务私钥的对应关系中获取与所述生物认证类型、认证信息响应报文中的虚拟账户标识和生物特征令牌对应的业务私钥,将设备标识、虚拟账户标识、生物认证类型和生物特征令牌封装在认证请求报文中,并采用业务私钥对认证请求报文签名后,返回给生物认证客户端;令牌及密钥管理器,用于向身份认证检验器提供与用户最近一次通过本地生物校验时所采用生物数据对应的生物特征令牌。
- 根据权利要求16所述的装置,其特征在于,所述认证信息响应报文中还包括:认证服务器生成的所述虚拟账户的认证挑战码;所述认证请求报文中还包括:由身份认证检验器封装的所述认证挑战码,供认证服务器在收到认证请求报文后,根据所述认证挑战码以及 发送认证信息响应报文和收到认证请求报文的时间间隔,对认证请求报文进行验证。
- 根据权利要求16所述的装置,其特征在于,所述身份认证检验器和令牌及密钥管理器运行在所述用户设备上的安全环境中。
- 一种基于生物特征的身份认证装置,应用在认证服务器上,其特征在于,包括:认证信息响应单元,用于从业务服务器接收来自用户设备的认证信息请求报文,所述认证信息请求报文中包括用户设备的设备标识;获取对应于所述设备标识的虚拟账户标识,将虚拟账户标识和服务器公钥封装在认证信息响应报文中,采用与所述服务器公钥相对应的服务器私钥对认证信息响应报文签名后,发送给业务服务器,供业务服务器将认证信息响应报文转发给用户设备;认证请求接收单元,用于从业务服务器接收来自用户设备的认证请求报文,所述认证请求报文中包括用户设备的设备标识、虚拟账户标识、生物认证类型和生物特征令牌,并采用业务公钥进行签名;获取与认证请求报文中的设备标识、虚拟账户标识和生物认证类型对应的已注册生物特征令牌和已注册业务公钥;验签及认证单元,用于采用已注册业务公钥对认证请求报文进行验签,并根据认证请求报文中的生物特征令牌和已注册生物特征令牌对用户进行身份认证。
- 根据权利要求19所述的装置,其特征在于,所述装置还包括:认证挑战码生成单元,用于生成所述虚拟账户的认证挑战码;所述认证信息响应报文中还包括:所生成的认证挑战码;所述认证请求报文中还包括:认证挑战码;所述验签及认证单元具体用于:当认证请求报文中的认证挑战码与 为认证请求报文中虚拟账户生成的认证挑战码相同、并且发送认证信息响应报文和收到认证请求报文的时间间隔在第二预定时长范围内时,采用已注册业务公钥对认证请求报文进行验签,并根据认证请求报文中的生物特征令牌和已注册生物特征令牌对用户进行身份认证。
Priority Applications (15)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP17773123.9A EP3439230B1 (en) | 2016-03-30 | 2017-03-22 | Method and device for registering biometric identity and authenticating biometric identity |
MX2018011978A MX2018011978A (es) | 2016-03-30 | 2017-03-22 | Metodo y dispositivo para registrar identidad biometrica y autenticar identidad biometrica. |
AU2017242765A AU2017242765C1 (en) | 2016-03-30 | 2017-03-22 | Method and device for registering biometric identity and authenticating biometric identity |
BR112018070205-6A BR112018070205B1 (pt) | 2016-03-30 | 2017-03-22 | Método para registrar uma identidade biométrica e dispositivo para registrar uma identidade biométrica |
JP2018551819A JP6877460B2 (ja) | 2016-03-30 | 2017-03-22 | バイオメトリックアイデンティティを登録し、バイオメトリックアイデンティティを認証する方法及びデバイス |
PL17773123T PL3439230T3 (pl) | 2016-03-30 | 2017-03-22 | Sposób i urządzenie do rejestracji tożsamości biometrycznej i uwierzytelniania tożsamości biometrycznej |
KR1020187030773A KR102194060B1 (ko) | 2016-03-30 | 2017-03-22 | 생체 식별정보를 등록하고 생체 식별정보를 인증하기 위한 방법 및 디바이스 |
ES17773123T ES2865398T3 (es) | 2016-03-30 | 2017-03-22 | Método y dispositivo para registrar identidad biométrica y autenticar identidad biométrica |
SG11201808543TA SG11201808543TA (en) | 2016-03-30 | 2017-03-22 | Method and device for registering biometric identity and authenticating biometric identity |
RU2018137991A RU2730087C2 (ru) | 2016-03-30 | 2017-03-22 | Способ и устройство для регистрации биометрической идентификации и аутентификации биометрической идентификации |
CA3020059A CA3020059C (en) | 2016-03-30 | 2017-03-22 | Method and device for registering biometric identity and authenticating biometric identity |
US16/135,835 US11025619B2 (en) | 2016-03-30 | 2018-09-19 | Biometric identity registration and authentication |
PH12018502092A PH12018502092A1 (en) | 2016-03-30 | 2018-09-28 | Method and device for registering biometric identity and authenticating biometric identity |
ZA2018/07220A ZA201807220B (en) | 2016-03-30 | 2018-10-29 | Method and device for registering biometric identity and authenticating biometric identity |
US16/722,876 US10893044B2 (en) | 2016-03-30 | 2019-12-20 | Biometric identity registration and authentication |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610192200.0A CN107294721B (zh) | 2016-03-30 | 2016-03-30 | 基于生物特征的身份注册、认证的方法和装置 |
CN201610192200.0 | 2016-03-30 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/135,835 Continuation US11025619B2 (en) | 2016-03-30 | 2018-09-19 | Biometric identity registration and authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017167093A1 true WO2017167093A1 (zh) | 2017-10-05 |
Family
ID=59963504
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/077686 WO2017167093A1 (zh) | 2016-03-30 | 2017-03-22 | 基于生物特征的身份注册、认证的方法和装置 |
Country Status (16)
Country | Link |
---|---|
US (2) | US11025619B2 (zh) |
EP (1) | EP3439230B1 (zh) |
JP (1) | JP6877460B2 (zh) |
KR (1) | KR102194060B1 (zh) |
CN (2) | CN107294721B (zh) |
AU (1) | AU2017242765C1 (zh) |
BR (1) | BR112018070205B1 (zh) |
CA (1) | CA3020059C (zh) |
ES (1) | ES2865398T3 (zh) |
MX (1) | MX2018011978A (zh) |
PH (1) | PH12018502092A1 (zh) |
PL (1) | PL3439230T3 (zh) |
RU (1) | RU2730087C2 (zh) |
SG (1) | SG11201808543TA (zh) |
WO (1) | WO2017167093A1 (zh) |
ZA (1) | ZA201807220B (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111144895A (zh) * | 2019-12-31 | 2020-05-12 | 中国银联股份有限公司 | 一种数据处理方法、装置与系统 |
Families Citing this family (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294721B (zh) | 2016-03-30 | 2019-06-18 | 阿里巴巴集团控股有限公司 | 基于生物特征的身份注册、认证的方法和装置 |
JP2018190354A (ja) * | 2017-05-11 | 2018-11-29 | レノボ・シンガポール・プライベート・リミテッド | 情報処理装置、認証手段決定方法及び認証手段決定プログラム |
JP6759152B2 (ja) * | 2017-05-24 | 2020-09-23 | キヤノン株式会社 | 画像処理装置、方法、プログラム及びシステム |
JP6882080B2 (ja) * | 2017-05-31 | 2021-06-02 | キヤノン株式会社 | 画像処理装置、方法、プログラム及びシステム |
JP7066380B2 (ja) * | 2017-11-17 | 2022-05-13 | キヤノン株式会社 | システム、システムにおける方法、情報処理装置、情報処理装置における方法、およびプログラム |
CN108962360B (zh) * | 2018-08-20 | 2021-06-22 | 北京旷视科技有限公司 | 核验方法、装置及服务器、应用服务器、实名制核验系统 |
US10929516B2 (en) * | 2018-10-08 | 2021-02-23 | Advanced New Technologies Co., Ltd. | Dynamic grip signature for personal authentication |
WO2020116916A1 (ko) * | 2018-12-05 | 2020-06-11 | 엘지전자 주식회사 | 무선 통신 시스템에서 생체정보를 이용하여 인증을 하기 위한 방법 및 장치 |
WO2020123192A1 (en) | 2018-12-14 | 2020-06-18 | Mastercard International Incorporated | Systems, methods, and non-transitory computer-readable media for secure individual identification |
CN111526112A (zh) * | 2019-02-02 | 2020-08-11 | 京东方科技集团股份有限公司 | 跨域设备注册方法、装置和计算机可读存储介质 |
CN111818516B (zh) | 2019-04-12 | 2022-10-18 | 华为技术有限公司 | 认证方法、装置及设备 |
KR102322435B1 (ko) | 2019-05-13 | 2021-11-10 | 고려대학교 산학협력단 | 퍼지 데이터로부터 동일한 키를 추출하는 방법 및 이를 이용한 사용자 인증 방법 |
KR102561689B1 (ko) * | 2019-05-29 | 2023-08-01 | 삼성에스디에스 주식회사 | 생체 정보 등록 장치 및 방법, 생체 인증 장치 및 방법 |
CN110688364A (zh) * | 2019-09-05 | 2020-01-14 | Oppo(重庆)智能科技有限公司 | 数据转移方法、装置、存储介质及电子设备 |
CN110730073A (zh) * | 2019-09-05 | 2020-01-24 | 贝壳技术有限公司 | 旁路验签方法和系统、服务端、签名管理平台、介质 |
CN110570569B (zh) * | 2019-09-11 | 2022-02-11 | 广州小鹏汽车科技有限公司 | 虚拟钥匙配置信息的激活方法、移动终端及服务器 |
JP7372527B2 (ja) * | 2019-09-26 | 2023-11-01 | 富士通株式会社 | 通信中継プログラム、中継装置、及び通信中継方法 |
US11556665B2 (en) | 2019-12-08 | 2023-01-17 | Western Digital Technologies, Inc. | Unlocking a data storage device |
US11366933B2 (en) | 2019-12-08 | 2022-06-21 | Western Digital Technologies, Inc. | Multi-device unlocking of a data storage device |
CN113055157B (zh) * | 2019-12-27 | 2023-03-10 | 京东科技控股股份有限公司 | 生物特征验证方法、装置、存储介质与电子设备 |
TWI725696B (zh) * | 2020-01-07 | 2021-04-21 | 緯創資通股份有限公司 | 行動裝置、驗證終端裝置及身分驗證方法 |
US11469885B2 (en) | 2020-01-09 | 2022-10-11 | Western Digital Technologies, Inc. | Remote grant of access to locked data storage device |
US11334677B2 (en) | 2020-01-09 | 2022-05-17 | Western Digital Technologies, Inc. | Multi-role unlocking of a data storage device |
US11606206B2 (en) | 2020-01-09 | 2023-03-14 | Western Digital Technologies, Inc. | Recovery key for unlocking a data storage device |
US11265152B2 (en) | 2020-01-09 | 2022-03-01 | Western Digital Technologies, Inc. | Enrolment of pre-authorized device |
US11831752B2 (en) | 2020-01-09 | 2023-11-28 | Western Digital Technologies, Inc. | Initializing a data storage device with a manager device |
CN111401901B (zh) * | 2020-03-23 | 2021-06-04 | 腾讯科技(深圳)有限公司 | 生物支付设备的认证方法、装置、计算机设备和存储介质 |
KR102334900B1 (ko) * | 2020-04-01 | 2021-12-03 | 이데아텍(주) | 음파 통신을 이용한 생체 정보 기반 대리 인증 서비스 시스템 및 방법 |
KR102307361B1 (ko) * | 2020-04-21 | 2021-09-29 | 문지명 | 웹 기반 인증 방법, 상기 인증 방법을 위한 컴퓨터 프로그램, 기록매체 및 서버 장치 |
US11860688B1 (en) * | 2020-04-28 | 2024-01-02 | T-Mobile Innovations Llc | Network generated precision time |
CN111526166B (zh) * | 2020-07-03 | 2020-12-15 | 支付宝(杭州)信息技术有限公司 | 一种信息验证方法、装置及设备 |
CN112383912B (zh) * | 2020-11-02 | 2022-08-02 | 中国联合网络通信集团有限公司 | 开户方法、服务器、系统及存储介质 |
CN112287319A (zh) * | 2020-11-02 | 2021-01-29 | 刘高峰 | 一种基于生物特征的身份验证方法、客户端、服务端及系统 |
CN112580010B (zh) * | 2020-12-23 | 2024-01-30 | 四川虹微技术有限公司 | 一种生物特征共享方法、装置、电子设备及存储介质 |
CN114827175B (zh) * | 2021-01-18 | 2023-08-22 | 成都质数斯达克科技有限公司 | 注册方法、电子设备及可读存储介质 |
CN113285808B (zh) * | 2021-05-18 | 2024-03-26 | 挂号网(杭州)科技有限公司 | 一种身份信息核验方法、装置、设备和存储介质 |
CN113591057B (zh) * | 2021-08-05 | 2024-05-14 | 国民认证科技(北京)有限公司 | 生物特征离线身份识别方法及系统 |
CN113992411A (zh) * | 2021-11-01 | 2022-01-28 | 令牌云(上海)科技有限公司 | 一种基于可信设备的用户身份认证方法和装置 |
CN113971274B (zh) * | 2021-12-02 | 2022-12-27 | 国家石油天然气管网集团有限公司 | 一种身份识别方法及装置 |
CN115001786B (zh) * | 2022-05-26 | 2024-01-12 | 浙江零跑科技股份有限公司 | 一种智能座舱人脸关联个性应用账号的实现方法 |
EP4300885A1 (en) * | 2022-07-01 | 2024-01-03 | Bayerische Motoren Werke Aktiengesellschaft | Secure element, trusted authority, device, key management server, backend, method and computer program |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664885A (zh) * | 2012-04-18 | 2012-09-12 | 南京邮电大学 | 一种基于生物特征加密和同态算法的身份认证方法 |
CN103067390A (zh) * | 2012-12-28 | 2013-04-24 | 青岛爱维互动信息技术有限公司 | 一种基于人脸特征的用户注册认证方法和系统 |
CN103346888A (zh) * | 2013-07-02 | 2013-10-09 | 山东科技大学 | 一种基于密码、智能卡和生物特征的远程身份认证方法 |
US20130318359A1 (en) * | 2012-05-22 | 2013-11-28 | Partnet, Inc. | Systems and methods for verifying uniqueness in anonymous authentication |
Family Cites Families (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020157090A1 (en) * | 2001-04-20 | 2002-10-24 | Anton, Jr. Francis M. | Automated updating of access points in a distributed network |
KR20050083594A (ko) * | 2002-07-03 | 2005-08-26 | 오로라 와이어리스 테크놀로지즈 리미티드 | 바이오메트릭 개인키 인프라스트럭처 |
US7386878B2 (en) * | 2002-08-14 | 2008-06-10 | Microsoft Corporation | Authenticating peer-to-peer connections |
JP2005085102A (ja) * | 2003-09-10 | 2005-03-31 | Canon Inc | 保証システム |
JP2005115583A (ja) * | 2003-10-07 | 2005-04-28 | Hitachi Ltd | ユーザ認証システム |
US7427024B1 (en) * | 2003-12-17 | 2008-09-23 | Gazdzinski Mark J | Chattel management apparatus and methods |
KR20060063590A (ko) * | 2004-12-07 | 2006-06-12 | 한국전자통신연구원 | 생체인식을 이용한 통합 인증 방법 및 그 시스템 |
US20070061590A1 (en) * | 2005-09-13 | 2007-03-15 | Boye Dag E | Secure biometric authentication system |
US20070220274A1 (en) * | 2005-10-17 | 2007-09-20 | Saflink Corporation | Biometric authentication system |
US7623659B2 (en) * | 2005-11-04 | 2009-11-24 | Cisco Technology, Inc. | Biometric non-repudiation network security systems and methods |
US20090235086A1 (en) * | 2005-11-29 | 2009-09-17 | Lai Yau S | Server-side biometric authentication |
KR100759813B1 (ko) * | 2005-12-12 | 2007-09-20 | 한국전자통신연구원 | 생체정보를 이용한 사용자 인증 방법 |
JP2007172507A (ja) * | 2005-12-26 | 2007-07-05 | Sharp Corp | ユーザ認証システム、ユーザ認証方法、認証情報格納装置、および、認証情報格納プログラム |
EP1982288A2 (en) * | 2006-01-26 | 2008-10-22 | Imprivata, Inc. | Systems and methods for multi-factor authentication |
WO2007092715A2 (en) * | 2006-02-06 | 2007-08-16 | Solidus Networks, Inc. | Method and system for providing online authentication utilizing biometric data |
WO2007094165A1 (ja) * | 2006-02-15 | 2007-08-23 | Nec Corporation | 本人確認システムおよびプログラム、並びに、本人確認方法 |
CN100518068C (zh) * | 2006-06-02 | 2009-07-22 | 阿里巴巴集团控股有限公司 | 一种通过浏览器实现即时通信的方法及系统 |
US20100242102A1 (en) * | 2006-06-27 | 2010-09-23 | Microsoft Corporation | Biometric credential verification framework |
JP4996904B2 (ja) * | 2006-10-04 | 2012-08-08 | 株式会社日立製作所 | 生体認証システム、登録端末、認証端末、及び認証サーバ |
US20080086771A1 (en) * | 2006-10-04 | 2008-04-10 | Kang Li | Apparatus, system, and method for authenticating users of digital communication devices |
US20080120707A1 (en) * | 2006-11-22 | 2008-05-22 | Alexander Ramia | Systems and methods for authenticating a device by a centralized data server |
US20080120698A1 (en) * | 2006-11-22 | 2008-05-22 | Alexander Ramia | Systems and methods for authenticating a device |
CN101291220B (zh) * | 2007-04-16 | 2010-08-18 | 华为技术有限公司 | 一种身份安全认证的系统、装置及方法 |
US20080289020A1 (en) * | 2007-05-15 | 2008-11-20 | Microsoft Corporation | Identity Tokens Using Biometric Representations |
US20090193507A1 (en) * | 2008-01-28 | 2009-07-30 | Wael Ibrahim | Authentication messaging service |
US8159328B2 (en) * | 2008-07-16 | 2012-04-17 | George William Luckhardt | Biometric authentication and verification |
US20100217975A1 (en) * | 2009-02-25 | 2010-08-26 | Garret Grajek | Method and system for secure online transactions with message-level validation |
US8260262B2 (en) * | 2009-06-22 | 2012-09-04 | Mourad Ben Ayed | Systems for three factor authentication challenge |
US8850554B2 (en) * | 2010-02-17 | 2014-09-30 | Nokia Corporation | Method and apparatus for providing an authentication context-based session |
CN102281311B (zh) * | 2010-06-10 | 2014-06-04 | 阿里巴巴集团控股有限公司 | 一种基于开放应用编程接口实现网络业务的方法、系统及装置 |
US8739260B1 (en) * | 2011-02-10 | 2014-05-27 | Secsign Technologies Inc. | Systems and methods for authentication via mobile communication device |
US8924712B2 (en) * | 2011-11-14 | 2014-12-30 | Ca, Inc. | Using QR codes for authenticating users to ATMs and other secure machines for cardless transactions |
KR20140097467A (ko) * | 2011-12-21 | 2014-08-06 | 인텔 코오퍼레이션 | 이동 장치 전자 상거래 트랜잭션들을 위한 생체 데이터를 사용한 인증 방법 |
US8751794B2 (en) * | 2011-12-28 | 2014-06-10 | Pitney Bowes Inc. | System and method for secure nework login |
US8984276B2 (en) * | 2012-01-10 | 2015-03-17 | Jpmorgan Chase Bank, N.A. | System and method for device registration and authentication |
US20130262873A1 (en) * | 2012-03-30 | 2013-10-03 | Cgi Federal Inc. | Method and system for authenticating remote users |
SG11201405282RA (en) * | 2012-04-01 | 2014-09-26 | Authentify Inc | Secure authentication in a multi-party system |
US9208492B2 (en) * | 2013-05-13 | 2015-12-08 | Hoyos Labs Corp. | Systems and methods for biometric authentication of transactions |
PL2885904T3 (pl) * | 2012-08-03 | 2018-09-28 | Vasco Data Security International Gmbh | Dogodny dla użytkownika sposób uwierzytelniania i urządzenie stosujące mobilną aplikację uwierzytelniania |
CN104685824B (zh) | 2012-09-26 | 2018-07-10 | 株式会社东芝 | 生物体参照信息登记系统、装置及方法 |
US20140136419A1 (en) * | 2012-11-09 | 2014-05-15 | Keith Shoji Kiyohara | Limited use tokens granting permission for biometric identity verification |
US9130929B2 (en) * | 2013-03-15 | 2015-09-08 | Aol Inc. | Systems and methods for using imaging to authenticate online users |
US10270748B2 (en) * | 2013-03-22 | 2019-04-23 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
US9003196B2 (en) * | 2013-05-13 | 2015-04-07 | Hoyos Labs Corp. | System and method for authorizing access to access-controlled environments |
CA2917708C (en) * | 2013-07-25 | 2021-12-28 | Nymi Inc. | Preauthorized wearable biometric device, system and method for use thereof |
US9979751B2 (en) * | 2013-09-20 | 2018-05-22 | Open Text Sa Ulc | Application gateway architecture with multi-level security policy and rule promulgations |
US20150180869A1 (en) * | 2013-12-23 | 2015-06-25 | Samsung Electronics Company, Ltd. | Cloud-based scalable authentication for electronic devices |
US9537661B2 (en) * | 2014-02-28 | 2017-01-03 | Verizon Patent And Licensing Inc. | Password-less authentication service |
US9635010B2 (en) * | 2014-06-13 | 2017-04-25 | Verizon Patent And Licensing Inc. | Network-based authentication for third party content |
US9559847B2 (en) * | 2014-07-24 | 2017-01-31 | Airwatch Llc | Content access for duration of calendar events |
US10148630B2 (en) * | 2014-07-31 | 2018-12-04 | Nok Nok Labs, Inc. | System and method for implementing a hosted authentication service |
US9935789B2 (en) * | 2015-02-11 | 2018-04-03 | Dell Products L.P. | Centralized pluggable authentication and authorization |
FR3033205B1 (fr) * | 2015-02-27 | 2018-04-06 | C.E.S.A.M.E.S Groupe | Procede de transaction sans support physique d'un identifiant de securite et sans jeton, securise par decouplage structurel des identifiants personnels et de services. |
US9787678B2 (en) * | 2015-07-30 | 2017-10-10 | Verizon Patent And Licensing Inc. | Multifactor authentication for mail server access |
CN106487511B (zh) * | 2015-08-27 | 2020-02-04 | 阿里巴巴集团控股有限公司 | 身份认证方法及装置 |
US9939908B2 (en) * | 2015-09-28 | 2018-04-10 | Paypal, Inc. | Multi-device authentication |
US10084780B2 (en) * | 2015-12-15 | 2018-09-25 | Verizon Patent And Licensing Inc. | Network-based authentication and security services |
US9992198B2 (en) * | 2015-12-15 | 2018-06-05 | Verizon Patent And Licensing Inc. | Network-based frictionless two-factor authentication service |
CN107294721B (zh) | 2016-03-30 | 2019-06-18 | 阿里巴巴集团控股有限公司 | 基于生物特征的身份注册、认证的方法和装置 |
-
2016
- 2016-03-30 CN CN201610192200.0A patent/CN107294721B/zh active Active
- 2016-03-30 CN CN201910284426.7A patent/CN110166246B/zh active Active
-
2017
- 2017-03-22 RU RU2018137991A patent/RU2730087C2/ru active
- 2017-03-22 BR BR112018070205-6A patent/BR112018070205B1/pt active IP Right Grant
- 2017-03-22 MX MX2018011978A patent/MX2018011978A/es unknown
- 2017-03-22 WO PCT/CN2017/077686 patent/WO2017167093A1/zh active Application Filing
- 2017-03-22 PL PL17773123T patent/PL3439230T3/pl unknown
- 2017-03-22 EP EP17773123.9A patent/EP3439230B1/en active Active
- 2017-03-22 CA CA3020059A patent/CA3020059C/en active Active
- 2017-03-22 KR KR1020187030773A patent/KR102194060B1/ko active IP Right Grant
- 2017-03-22 AU AU2017242765A patent/AU2017242765C1/en active Active
- 2017-03-22 ES ES17773123T patent/ES2865398T3/es active Active
- 2017-03-22 SG SG11201808543TA patent/SG11201808543TA/en unknown
- 2017-03-22 JP JP2018551819A patent/JP6877460B2/ja active Active
-
2018
- 2018-09-19 US US16/135,835 patent/US11025619B2/en active Active
- 2018-09-28 PH PH12018502092A patent/PH12018502092A1/en unknown
- 2018-10-29 ZA ZA2018/07220A patent/ZA201807220B/en unknown
-
2019
- 2019-12-20 US US16/722,876 patent/US10893044B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664885A (zh) * | 2012-04-18 | 2012-09-12 | 南京邮电大学 | 一种基于生物特征加密和同态算法的身份认证方法 |
US20130318359A1 (en) * | 2012-05-22 | 2013-11-28 | Partnet, Inc. | Systems and methods for verifying uniqueness in anonymous authentication |
CN103067390A (zh) * | 2012-12-28 | 2013-04-24 | 青岛爱维互动信息技术有限公司 | 一种基于人脸特征的用户注册认证方法和系统 |
CN103346888A (zh) * | 2013-07-02 | 2013-10-09 | 山东科技大学 | 一种基于密码、智能卡和生物特征的远程身份认证方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3439230A4 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111144895A (zh) * | 2019-12-31 | 2020-05-12 | 中国银联股份有限公司 | 一种数据处理方法、装置与系统 |
CN111144895B (zh) * | 2019-12-31 | 2023-10-31 | 中国银联股份有限公司 | 一种数据处理方法、装置与系统 |
Also Published As
Publication number | Publication date |
---|---|
US10893044B2 (en) | 2021-01-12 |
JP2019510444A (ja) | 2019-04-11 |
JP6877460B2 (ja) | 2021-05-26 |
KR20180128451A (ko) | 2018-12-03 |
EP3439230A4 (en) | 2019-09-04 |
US11025619B2 (en) | 2021-06-01 |
BR112018070205B1 (pt) | 2022-03-15 |
CN110166246B (zh) | 2022-07-08 |
PH12018502092A1 (en) | 2019-07-29 |
US20190036917A1 (en) | 2019-01-31 |
BR112018070205A2 (pt) | 2019-01-29 |
ZA201807220B (en) | 2021-02-24 |
CA3020059A1 (en) | 2017-10-05 |
AU2017242765A1 (en) | 2018-11-15 |
EP3439230A1 (en) | 2019-02-06 |
EP3439230B1 (en) | 2021-02-17 |
ES2865398T3 (es) | 2021-10-15 |
CN107294721A (zh) | 2017-10-24 |
PL3439230T3 (pl) | 2021-08-30 |
RU2018137991A (ru) | 2020-04-30 |
CA3020059C (en) | 2020-06-23 |
US20200128008A1 (en) | 2020-04-23 |
RU2018137991A3 (zh) | 2020-06-19 |
RU2730087C2 (ru) | 2020-08-17 |
CN107294721B (zh) | 2019-06-18 |
AU2017242765B2 (en) | 2020-07-23 |
AU2017242765C1 (en) | 2020-12-10 |
SG11201808543TA (en) | 2018-10-30 |
KR102194060B1 (ko) | 2020-12-23 |
MX2018011978A (es) | 2019-09-11 |
CN110166246A (zh) | 2019-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017167093A1 (zh) | 基于生物特征的身份注册、认证的方法和装置 | |
CN113114624B (zh) | 基于生物特征的身份认证方法和装置 | |
JP6992105B2 (ja) | 認証能力を決定するためのクエリシステム及び方法 | |
US10735182B2 (en) | Apparatus, system, and methods for a blockchain identity translator | |
WO2020134942A1 (zh) | 身份核实方法及其系统 | |
TWI668589B (zh) | Identity registration method and device | |
US9613205B2 (en) | Alternate authentication | |
US9398009B2 (en) | Device driven user authentication | |
US9577999B1 (en) | Enhanced security for registration of authentication devices | |
US9083689B2 (en) | System and method for implementing privacy classes within an authentication framework | |
US11003760B2 (en) | User account recovery techniques using secret sharing scheme with trusted referee | |
US11218464B2 (en) | Information registration and authentication method and device | |
EP3206329B1 (en) | Security check method, device, terminal and server | |
US20170206525A1 (en) | Online transaction authorization via a mobile device application | |
KR102284876B1 (ko) | 생체 인식 기반의 통합 인증 시스템 및 방법 | |
WO2018109014A1 (en) | Authentication systems and methods | |
TWI612436B (zh) | 自然人憑證認證方法 | |
US20240106823A1 (en) | Sharing a biometric token across platforms and devices for authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 3020059 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2018/011978 Country of ref document: MX |
|
ENP | Entry into the national phase |
Ref document number: 2018551819 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11201808543T Country of ref document: SG |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112018070205 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 20187030773 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2017773123 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2017773123 Country of ref document: EP Effective date: 20181030 |
|
ENP | Entry into the national phase |
Ref document number: 2017242765 Country of ref document: AU Date of ref document: 20170322 Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17773123 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 112018070205 Country of ref document: BR Kind code of ref document: A2 Effective date: 20181001 |