WO2018090183A1

WO2018090183A1 - Identity authentication method, terminal device, authentication server and electronic device

Info

Publication number: WO2018090183A1
Application number: PCT/CN2016/105886
Authority: WO
Inventors: 张站朝; 王振凯; 鄂鹏; 陈超; 李静; 李坤
Original assignee: 深圳达闼科技控股有限公司
Priority date: 2016-11-15
Filing date: 2016-11-15
Publication date: 2018-05-24
Also published as: CN107079034B; CN107079034A

Abstract

An identity authentication method, a terminal device, an authentication server and an electronic device. The method comprises: receiving an input biological feature of a first user, and acquiring account information about the first user and a device identifier of a terminal device; sending an identity authentication request to an authentication server; receiving identity confirmation information returned by the authentication server; receiving an input biological feature of a second user; sending a verification request to the authentication server; and receiving a login code returned by the authentication server, so that the second user performs login by using the login code. By means of the method, on a terminal device where a first user is successfully authenticated, the terminal device can be taken as a device for authentication and login of a second user, and identities of the first user and the second user are sequentially authenticated on the same device, so that the second user can successfully perform login only on the premise that the first user provides a guarantee, ensuring that the second user uses a security device for login and thereby ensuring the security and reliability.

Description

Method for identity authentication, terminal device, authentication server and electronic device

Technical field

The present invention relates to the field of computer technologies, and in particular, to a method, a terminal device, an authentication server, and an electronic device.

Background technique

Mobile office refers to an office mode in which a terminal device wirelessly accesses a mobile communication network for office work. As mobile office gets rid of time and place limitations, office workers can carry out company management and communication at any time, greatly improving the efficiency of office workers. Therefore, mobile office is very popular.

For areas with high security requirements, such as the financial sector, if office workers use terminal equipment for office work, the risk of financial confidentiality will increase. In order to improve the security of mobile office in the financial field, the terminal equipment is usually configured for office workers who need to move the office, and the fingerprints of the terminal equipment, the office personnel, and the account of the office personnel are authenticated and bound, and only the office personnel are allowed to use the binding. The terminal device and account are used for office work. However, in the financial field, the supervisor usually handles the authentication and authorization processing of the subordinates. If the supervisor and the subordinates go out and the supervisor does not carry the terminal equipment configured by himself, the subordinates cannot be authorized to process, even the subordinates themselves. The configured terminal device is a reliable device, but the supervisor still cannot use the terminal device configured by the subordinate itself. The supervisor can only return to the office or retrieve the terminal device configured by itself to perform authentication and authorization processing, which greatly affects office efficiency.

Summary of the invention

The technical problem to be solved by the present invention is to provide a method for identity authentication, a terminal device, an authentication server and an electronic device, and the purpose thereof is to solve the existing method for identity authentication only for independent personal authentication, when an authenticator is required for identity authentication. The technology that the certifier cannot perform identity authentication or authorization through other terminal devices when the certifier's terminal device is not around. problem.

In order to solve the above technical problem, a technical solution adopted by the present invention is to provide a method for authenticating an identity, comprising: receiving a first biometric of a first user input on a terminal device, and acquiring the first user The account information and the device identifier of the terminal device; sending an identity authentication request to the authentication server according to the account information, the device identifier, and the first biometric feature; and receiving the authentication server to confirm the first user according to the identity authentication request Identity confirmation information returned after the legal identity; receiving a second biometric of the second user input on the terminal device; transmitting an authentication request to the authentication server according to the second biometric; receiving the authentication server A login code returned after confirming the legality of the second biometric according to the verification request, so that the second user logs in in conjunction with the login code.

Optionally, the identity authentication request is generated by encrypting the account information, the first biometric, and the device identifier according to the private key bound by the first biometric.

Optionally, the private key is obtained after the first biometric is verified to pass.

Optionally, the verification request is generated by encrypting the second biometric according to a private key bound by the first biometric.

In order to solve the above technical problem, another technical solution adopted by the present invention is to provide a method for identity authentication, including: receiving identity authentication information sent by a terminal device, where the identity authentication information carries account information of the first user, a first biometric of the first user and a device identifier of the terminal device; after confirming the legal identity of the first user according to the identity authentication information, returning identity confirmation information to the terminal device; receiving the terminal device a verification request sent, the verification request carrying a second biometric of the second user; after confirming the legality of the second biometric according to the verification request, generating a login code corresponding to the second user; The terminal device sends the login code to enable the second user to log in in conjunction with the login code.

Optionally, the identity confirmation information is generated when the account information, the first biometric feature of the first user, and the device identifier have a corresponding relationship.

In order to solve the above technical problem, another technical solution adopted by the present invention is to provide a The terminal device includes: a biometric identification module, configured to perform biometric identification; a first receiving module, configured to receive a first biometric feature of the first user input on the terminal device; and a first acquiring module, configured to acquire the The account information of the first user and the device identifier of the terminal device; the first sending module is configured to send an identity authentication request to the authentication server according to the account information, the device identifier, and the first biometric feature; and the second receiving module uses Receiving the identity confirmation information returned by the authentication server after confirming the legal identity of the first user according to the identity authentication request; the third receiving module is configured to receive the second user of the second user input on the terminal device a second sending module, configured to send an authentication request to the authentication server according to the second biometric feature, and a fourth receiving module, configured to receive, by the authentication server, the second The login code returned after the legality of the biometric is such that the second user logs in in conjunction with the login code.

Optionally, the terminal device further includes: a first encryption module, configured to encrypt the account information, the first biometric feature, and the device identifier according to the private key bound by the first biometric.

Optionally, the terminal device further includes: a second acquiring module, configured to acquire the private key after the first biometric is verified to pass.

Optionally, the terminal device further includes: a second encryption module, configured to encrypt the second biometric according to a private key bound by the first biometric.

In order to solve the above technical problem, another technical solution adopted by the present invention is to provide an authentication server, including: a first receiving module, configured to receive identity authentication information sent by the terminal device, where the identity authentication information carries the first a user's account information, a first biometric feature of the first user, and a device identifier of the terminal device; a first returning module, configured to: after confirming the legal identity of the first user according to the identity authentication information, The terminal device returns the identity confirmation information; the second receiving module is configured to receive the verification request sent by the terminal device, where the verification request carries the second biometric feature of the second user; and the generating module is configured to confirm according to the verification request After the legality of the second biometric, a login code corresponding to the second user is generated; a second returning module is configured to send the login code to the terminal device, so that the second user is combined with the second user Register the login code.

In order to solve the above technical problem, another technical solution adopted by the present invention is to provide an electronic device including: at least one processor; and communicating with the at least one processor Connected memory; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the method described above.

In order to solve the above technical problem, another technical solution adopted by the present invention is to provide a non-transitory computer readable storage medium storing computer executable instructions, the computer executable instructions being Or a plurality of processors are executed to enable the at least one processor to perform the above method.

In order to solve the above technical problem, another technical solution adopted by the present invention is to provide a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising Program instructions that are executed by one or more processors to cause the at least one processor to perform the methods described above.

The beneficial effects of the present invention are: different from the prior art, the present invention can first collect the first biometric feature of the first user by the terminal device, obtain the account information of the first user, and the device identifier of the terminal device, and then Determining the legal identity of the first user according to the first biometric, the account information, and the device identifier, and determining that the terminal device belongs to the first user, thereby determining the reliability of the terminal device, and the first user is in the right The subsequent verification of the identity of the second user serves as a guarantee. The second user enables the reliable mobile terminal to collect the second biometric feature of the second user and perform authentication, which is beneficial to ensure the security of the data of the second user, and effectively The risk of the second user's data being stolen is reduced. In addition, the second user can perform biometric authentication by using the reliable second-party terminal device, so that the second user can perform biometric authentication from the forcibly configured terminal device, which is convenient for the second user. operating.

DRAWINGS

1 is an application scenario diagram of identity authentication according to Embodiment 1 of the present invention;

2 is a flowchart of a first user registering with an authentication server by using a terminal device according to Embodiment 1 of the present invention;

3 is a schematic structural diagram of an implementation manner of a terminal device according to Embodiment 2 of the present invention;

4 is a schematic structural diagram of an implementation manner of an authentication server according to Embodiment 3 of the present invention;

FIG. 5 is a schematic flowchart of an identity authentication method according to Embodiment 4 of the present invention; FIG.

6 is a schematic flowchart of an identity authentication method according to Embodiment 5 of the present invention;

7 is a schematic flowchart of an identity authentication method according to Embodiment 6 of the present invention;

FIG. 8 is a schematic structural diagram of an electronic device for performing identity authentication according to Embodiment 7 of the present invention.

detailed description

The invention will now be described in detail in conjunction with the drawings and embodiments.

Embodiment 1

Referring to FIG. 1, FIG. 1 is an application scenario diagram of identity authentication according to an embodiment of the present invention. The identity authentication system 20 includes a terminal device 21 and an authentication server 22, wherein the terminal device 21 is configured with a biometric identification module for identifying biometrics, wherein the biometrics refer to uniquely identifying the user. Features, in this embodiment, the biometric features may include features such as a fingerprint, an image, an iris, or a palm print. The terminal device 21 can be a smartphone, a tablet, a PDA (Personal Digital Assistant, a handheld computer) or the like.

The terminal device 21 accepts the input first biometric of the first user, and acquires the account information of the first user and the device identifier of the terminal device 21. For example, in the embodiment, the terminal device 21 is configured with a fingerprint identification module, and the fingerprint recognition module can recognize the fingerprint. The first user first enters the fingerprint identification interface on the terminal device 21, and the biometric identification module acquires the fingerprint information by scanning the interface finger, and verifies the fingerprint information. After the first biometric feature of the first user is successfully verified, the terminal device 21 obtains the account information corresponding to the fingerprint information by using the fingerprint information, and the specific account information may be: the first user's name, gender, age, Information such as job positions. The terminal device 21 further obtains the device identifier of the device. For example, if the terminal device 21 is a smart phone, the mobile phone model, the mobile phone name, the factory serial number, the production date, and the like of the smart phone are used to prove the device identifier of the smart phone. In this embodiment, the account information of the first user can also be obtained by direct input.

After acquiring the account information, the biometrics, and the device identifier of the device, the terminal device 21 further sends an identity authentication request to the authentication server 22, where the The authentication request carries the account information of the first user, the biometric feature, and the device identifier of the terminal device.

The authentication server 22 verifies whether the identity of the first user is true according to the acquired account information, the biometrics, and the device identifier of the terminal device 21, and determines whether the first user is the owner of the terminal device 21, and the identity of the first user. The owner of the terminal device 21 is authentic and returns an identity authentication pass message to the terminal device 21.

The terminal device 21 receives the identity authentication pass message returned by the authentication server 22. By authenticating the first user, it is verified that the identity of the first user is true, and the first user is the owner of the terminal device 21, thereby ensuring the reliability of the terminal device 21.

The terminal device 21 further receives the input biometric of the second user through the biometric identification module to obtain the biometric feature of the second user, and the specific acquiring method is the same as the acquiring method of the first user. After the second biometric acquisition of the second user is successful, the verification request is sent to the authentication server 22, wherein the verification request carries the biometric of the second user, and the authentication server 22 can verify the legality of the second biometric by the verification request. Sex to determine if the identity of the second user is true.

Further, after confirming the legality of the second biometric, the authentication server 22 generates a login code corresponding to the second user, and returns the login code to the terminal device 21. The terminal device 21 receives the login code returned by the authentication server 22, and the second user can log in to the terminal device 21 by using the login code. Specifically, the login code can be a two-dimensional code or a short message verification code.

The embodiment of the present invention performs identity authentication on the owner of the terminal device 21, that is, the first user, and then receives the biometric feature of the second user after confirming that the identity of the first user is authentic and is the owner of the terminal device 21. And authenticating the second user according to the biometric of the second user. After the identity verification of the second user is passed, the second user can further log in the terminal device as the logged-in device to solve the problem that the terminal device is not in the vicinity and cannot log in. By authenticating the identity of the first user and the second user on the same device, the second user can successfully log in under the premise that the first user provides the guarantee, so that the second user can log in using the security device, thereby ensuring security and reliability.

In order to improve the security of data transmitted between the terminal device 21 and the authentication server 22, The data transmitted between the terminal device 21 and the authentication server 22 can be encrypted. Specifically, the terminal device 21 first verifies the first biometric feature of the first user, and after the verification is passed, the account information of the first user, the first biometric feature, and the device of the terminal device 21 according to the private key bound by the first biometric feature. The identification is encrypted, the first encrypted data is generated, and an identity authentication request is generated based on the first encrypted data.

Further, the terminal device 21 transmits the identity authentication request to the authentication server 22. Specifically, the step of the terminal device 21 transmitting the identity authentication request to the authentication server 22 includes: the terminal device 21 transmitting an identity authentication request carrying the first encrypted data to the authentication server 22; the authentication server 22, after receiving the identity authentication request, authenticating the identity The request is interpreted, the first encrypted data is obtained, and the first encrypted data is decrypted through the preset public key to obtain the account information of the first user, the first biometric feature, and the device identifier of the terminal device 21, and then according to the first user. The account information, the first biometric, and the device identification of the terminal device 21 authenticate the identity of the first user.

Of course, the biometrics of the second user can also be encrypted by the preset key and sent to the authentication server for verification. Specifically, the terminal device 21 first encrypts the biometric feature of the second user by using a preset private key, generates second encrypted data, and generates an authentication request according to the second encrypted data, and sends the verification request to the authentication server 22, where The verification request carries the second encrypted data. The authentication server 22 decrypts the second encrypted data according to the preset public key to obtain the biometric of the second user.

It should be noted that the public key and the private key are obtained when the user registers on the authentication service. The public key and the private key referred to in this embodiment are presets, wherein the preset public key and the preset private key are pairing keys, and the preset private key is paired with the authentication server 22, and the preset public key is preset. Pairing with the terminal device 21. Upon receiving the identity authentication request, the authentication server 22 selects the paired preset public key according to the source address of the identity authentication request. The first user and the second user both have the terminal device 21 bound to the terminal device 21, and the authentication server 22 records the binding relationship. The binding relationship recorded by the authentication server 22 and the paired preset public key can be directly input by the administrator. To the authentication server 22, the first user and the second user may register with the authentication server 22 by themselves. The following describes the process of registering the first user to the authentication server 22 by itself. Referring to FIG. 2, the method includes:

Step S101: Receive, by the first user, the registered device identifier, account information, and password on the terminal device 21;

Step S102: Send the device identifier, account information, and password to the authentication server 22;

Step S103: the authentication server 22 verifies the device identifier, the account information, and the password;

Step S104: after the verification is passed, return the account verification message to the terminal device 21 and send a random code;

Step S105: Receive a biometric feature entered by the first user in the terminal device 21;

Step S106: The terminal device 21 generates a corresponding public key and a private key according to the biometric characteristics of the first user;

Step S107: Send the public key and the biometric value generated by the first user to the authentication server 22.

Step S108: The authentication server 22 establishes a binding relationship between the first user and the terminal device 21 according to the device identifier and the account information of the first user. The authentication server 22 establishes a correspondence relationship with the first user according to the biometric value of the first user.

That is, the device identifier of the mobile device terminal device 21, the user identifier of the user, and the biometric feature of the user establish a binding relationship, and the device identifier of the mobile device terminal device 21 establishes a corresponding relationship with the received public key.

Optionally, after the first user successfully registers with the authentication server 22, the terminal device 21 may also retain the biometric feature of the first user locally, and firstly determine the received biometric when receiving the biometric feature of the input first user. Whether the feature matches the biometrics stored locally by the terminal device 21, if the matching, the local authentication passes, and if not, the current user is not prompted by the owner of the terminal device 21.

Optionally, after the authentication server 22 confirms the legality of the second biometric according to the verification request, the login code corresponding to the second user is generated, and the login code is returned to the terminal device 21, where the login code may further carry the second user. Account information. After receiving the login code, the terminal device 21 may also display the account information of the second user, so that the first user knows who the current second user is and whether the second user is reliable.

Optionally, the authentication server 22 confirms the legality of the second biometric according to the verification request. After the sex, the login code corresponding to the second user is generated, and the login code is returned to the terminal device 21. The authentication server 22 can also return to the terminal device 21 the information that the terminal device 21 is authenticated as the second user to log in.

Optionally, the terminal device 21 may send the login information of the second user to the authentication server 22, and the authentication server 22 determines, according to the login information, that the second user is not logged in by the device that is bound by itself, but is authenticated by other reliable The terminal device 21 logs in.

It is worth noting that each operation performed on the terminal device 21 and each operation performed on the authentication server 22 are recorded by a log to facilitate the time when the audit trail can be checked, who can be authenticated, and which device is used. The entire process of identity authentication and other operations.

The embodiment of the present invention performs identity authentication on the owner of the terminal device 21, that is, the first user, and then receives the biometric feature of the second user after confirming that the identity of the first user is authentic and is the owner of the terminal device 21. And authenticating the second user according to the biometric of the second user. After the identity verification of the second user is passed, the second user can further log in the terminal device as the logged-in device to solve the problem that the terminal device is not in the vicinity and cannot log in. By authenticating the identity of the first user and the second user on the same device, the second user can successfully log in under the premise that the first user provides the guarantee, thereby ensuring the security and reliability of the entire authentication process.

During the entire identity authentication request for the first user and the authentication request of the second user, the authentication server encrypts the login code by using the public key previously sent by the terminal device, and sends the password to the terminal device, because the private key of the terminal device only exists. In the terminal device, even if the plaintext encrypted by the public key is intercepted maliciously, the interceptor cannot parse the ciphertext by parsing the symmetric password, thereby ensuring that the ciphertext of the login code can be secure. Only the terminal device that owns the private key resolves the correct login code. At the same time, the public key, whether it is an authentication server or a terminal device, is public, so there is no need to consider using a reliable channel for password distribution, which greatly reduces the development difficulty.

Embodiment 2

Referring to FIG. 3, FIG. 3 is a schematic structural diagram of a terminal device according to Embodiment 2 of the present invention. The terminal device 30 includes a biometric identification module 301, a first receiving module 302, and a An acquisition module 303, a first sending module 304, a second receiving module 305, a third receiving module 306, a second sending module 307, and a fourth receiving module 308.

The biometric identification module 301 is configured to perform biometric identification. The biometric feature refers to a feature that uniquely identifies the user. In this embodiment, the biometric feature may include features such as a fingerprint, an image, an iris, or a palm print. The terminal device 21 can be a smartphone, a tablet, a PDA (Personal Digital Assistant, a handheld computer) or the like.

The first receiving module 302 is configured to receive the input biometric of the first user by the biometric identification module 301.

The first obtaining module 303 is configured to obtain account information of the first user and a device identifier of the terminal device. The specific account information may be information such as the first user's name, gender, age, job title, and the like. When the terminal device is, for example, a smart phone, the mobile phone model, the mobile phone name, the factory serial number, the production date, and the like of the smart phone are obtained to prove the device identifier of the smart phone.

The first sending module 304 is configured to send an identity authentication request to the authentication server, where the identity authentication request carries the biometric of the first user, the account information, and the device identifier of the terminal device.

The second receiving module 305 is configured to receive an identity authentication pass message returned by the authentication server after successfully authenticating the identity of the first user according to the biometrics of the first user, the account information, and the device identifier of the terminal device.

The third receiving module 306 is configured to receive the input biometric of the second user by the biometric identification module 301.

The second sending module 307 is configured to send an authentication request to the authentication server, where the verification request carries the biometric of the second user.

The fourth receiving module 308 is configured to receive a login code that is returned by the authentication server after confirming the validity of the second biometric according to the verification request, and the second user may log in according to the login code.

In order to improve the security of the data transmitted between the terminal device and the authentication server, the data transmitted between the terminal device and the authentication server may be encrypted. The terminal device 30 may further include a first encryption module 309, a second acquisition module 310, and a Two encryption module 311.

The first encryption module 309 is configured to encrypt the account information, the first biometric feature, and the device identifier according to the private key bound by the first biometric.

The second obtaining module 310 is configured to acquire the private key after the first biometric is verified.

The second encryption module 311 is configured to encrypt the second biometric according to the private key bound by the first biometric.

The terminal device provided in this embodiment, after confirming that the identity of the first user is authentic and is the owner of the terminal device 21, receives the biometric feature of the second user, and performs identity on the second user according to the biometric feature of the second user. verification. After the identity verification of the second user is passed, the second user can further log in the terminal device as the logged-in device to solve the problem that the terminal device is not in the vicinity and cannot log in. At the same time, the account information of the first user, the first biometric feature and the device identifier, and the second biometric feature of the second user are encrypted by using the private key to ensure the security of the transmission, and the file is maliciously intercepted when sent to the receiving end. It also guarantees security.

Embodiment 3

Referring to FIG. 4, FIG. 4 is a schematic diagram of an authentication server according to Embodiment 3 of the present invention. The authentication server 40 includes a first receiving module 401, a first returning module 402, a second receiving module 403, a generating module 404, and a second returning module 405.

The first receiving module 401 is configured to receive the identity authentication information sent by the terminal device, where the identity authentication information carries the account information of the first user, the first biometric feature of the first user, and the device identifier of the terminal device.

The first returning module 402 is configured to return the identity confirmation information to the terminal device after confirming the legal identity of the first user according to the identity authentication information.

The second receiving module 403 is configured to receive an authentication request sent by the terminal device, where the verification request carries the second biometric feature of the second user.

The generating module 404 is configured to generate a login code corresponding to the second user after confirming the legality of the second biometric according to the verification request.

The second returning module 405 is configured to send the login code to the terminal device, so that the second user logs in in conjunction with the login code.

The authentication server provided in this embodiment performs identity authentication on the first user and authenticates the second user. After the identity verification of the second user is passed, the second user can successfully log in after the first user provides the guarantee. To ensure the safety and reliability of the entire certification process.

Embodiment 4

Referring to FIG. 5, FIG. 5 is a schematic flowchart of an identity authentication method according to Embodiment 4 of the present invention, where the method includes:

Step S501: Receive a first biometric feature of the first user input on the terminal device, and acquire account information of the first user and a device identifier of the terminal device;

The terminal device 21 is configured with a biometric identification module for identifying a biometric feature, wherein the biometric feature refers to a feature that uniquely identifies the user. In this embodiment, the biometric feature may include a fingerprint and a facial image. Features such as iris or palm print. The terminal device 21 can be a smartphone, a tablet, a PDA (Personal Digital Assistant, a handheld computer) or the like. The terminal device 21 accepts the input first biometric of the first user, and acquires the account information of the first user and the device identifier of the terminal device 21. For example, in the embodiment, the terminal device 21 is configured with a fingerprint identification module, and the fingerprint recognition module can recognize the fingerprint. The first user first enters the fingerprint identification interface on the terminal device 21, and the biometric identification module acquires the fingerprint information by scanning the interface finger, and verifies the fingerprint information. After the first biometric feature of the first user is successfully verified, the terminal device 21 obtains the account information corresponding to the fingerprint information by using the fingerprint information, and the specific account information may be: the first user's name, gender, age, Information such as job positions. The terminal device 21 further obtains the device identifier of the device. For example, if the terminal device 21 is a smart phone, the mobile phone model, the mobile phone name, the factory serial number, the production date, and the like of the smart phone are used to prove the device identifier of the smart phone. In this embodiment, the account information of the first user can also be obtained by direct input.

Step S502: Send an identity authentication request to the authentication server according to the account information, the device identifier, and the first biometric feature.

After acquiring the account information, the biometrics, and the device identifier of the device of the first user, the terminal device 21 further sends an identity authentication request to the authentication server 22, where the identity authentication is performed. The requesting user is used to request authentication of the identity of the first user from the authentication server. The identity authentication request carries the account information, the biometric feature, and the device identifier of the terminal device of the first user. The authentication server 22 verifies whether the identity of the first user is true and determines whether the first user is the owner of the terminal device 21 according to the acquired account information, the biometric, and the device identifier of the terminal device 21.

Step S503: Receiving the identity confirmation information returned by the authentication server after confirming the legal identity of the first user according to the identity authentication request;

Step S504: Receive a second biometric of the second user input on the terminal device.

The terminal device 21 further receives the input biometric of the second user through the biometric identification module to obtain the biometric feature of the second user, and the specific acquiring method is the same as the acquiring method of the first user.

Step S505: Send an authentication request to the authentication server according to the second biometric feature;

After the second biometric acquisition of the second user is successful, the verification request is sent to the authentication server 22, wherein the verification request carries the biometric of the second user, and the authentication server 22 can verify the legality of the second biometric by the verification request. Sex.

Step S506: Receive a login code returned by the authentication server after confirming the legality of the second biometric according to the verification request, so that the second user logs in in conjunction with the login code.

Specifically, the login code may be a two-dimensional code, or may be a short message verification code.

Embodiment 5

Referring to FIG. 6, FIG. 6 is a schematic flowchart of an identity authentication method according to Embodiment 5 of the present invention. The explanation of each step in the foregoing embodiment is also applicable in this embodiment. In the embodiment, the method for identity authentication is not described in the same manner as in the foregoing embodiment, and the method for different methods of identity authentication is mainly described. The method includes:

Step S601: Receive a biometric of the first user input on the mobile device.

Step S602: Acquire a biometric stored locally by the mobile device.

Step S603: It is determined whether the biometrics of the first user match the biometrics stored locally by the mobile device, if not, step S604 is performed, and if yes, step S605 is performed.

S604: The first user does not have the usage permission information prompt.

When the biometric of the first user matches the biometric stored locally by the terminal device, it is proved that the first user is the owner of the terminal device, and if there is no match, the usage right is not used.

S605: Acquire account information of the first user and a device identifier of the terminal device.

S606: Encrypt the first biometric feature, the account information, and the device identifier of the terminal device by using a preset private key to generate an encrypted data, and generate an identity authentication request according to the encrypted data.

S607: Send an identity authentication request to the authentication server.

Sending an identity authentication request carrying the first encrypted data to the authentication server, so that the authentication server decrypts the first encrypted data by using the preset public key to obtain the biometric feature of the first user, the account information, and the device identifier of the terminal device, and according to The biometrics of the first user, the account information, and the device identifier of the terminal device authenticate the identity of the first user, where the preset public key and the preset private key are pairing keys, and the preset private key is pre-stored in the terminal device. The preset public key is pre-stored in the authentication server, and the authentication server stores the preset public key corresponding to the terminal device. After receiving the identity authentication request, the authentication server obtains the identity authentication by obtaining the source address of the identity authentication request. The terminal device from which the request originates is obtained, thereby obtaining a preset public key corresponding to the terminal device for decryption.

It should be noted that before the first user and the terminal device are used, the authentication server needs to register with the authentication server, and the authentication server only allows the authenticated terminal device and the first user to access the authentication server to ensure the reliability of the terminal device and the first user. Sex, which improves security. The preset private key and the preset public key may be generated when the first user registers with the authentication server through the terminal device, and the preset private key is stored locally at the terminal device, and the preset public key is stored in the authentication server. When the first user registers with the authentication server through the terminal device, the authentication server enters the biometrics of the first user, the account information, and the device identifier of the terminal device. Line binding, when performing identity authentication, mainly through the binding relationship between biometrics, account information, and device identification.

S608: Receive identity confirmation information returned by the authentication server after confirming the legal identity of the first user according to the identity authentication request.

S609: Receive a second biometric of the second user input on the terminal device.

S610: Send an authentication request to the authentication server according to the second biometric.

Encrypting the biometric of the second user by using a preset private key, generating second encrypted data, generating an authentication request according to the second encrypted data, and transmitting a soot request to the authentication server, wherein the verification request carries the second Encrypt data.

S611: Receive a login code returned by the authentication server after confirming the legality of the second biometric according to the verification request, so that the second user logs in in conjunction with the login code.

The embodiment of the present invention performs identity authentication on the owner of the terminal device, that is, the first user, and after receiving the identity of the first user and being the owner of the terminal device, receiving the biometric of the second user, according to The biometric of the second user authenticates the second user. After the identity verification of the second user is passed, the second user can further log in the terminal device as the logged-in device to solve the problem that the terminal device is not in the vicinity and cannot log in. By authenticating the identity of the first user and the second user on the same device, the second user can successfully log in under the premise that the first user provides the guarantee, thereby ensuring the security and reliability of the entire authentication process.

Embodiment 6

Referring to FIG. 7, FIG. 7 is a flow of an identity authentication method according to Embodiment 5 of the present invention. Schematic diagram, the method includes:

Step S701: Receive identity authentication information sent by the terminal device, where the identity authentication information carries the account information of the first user, the first biometric feature of the first user, and the device identifier of the terminal device.

It should be noted that the authentication server pre-stores the binding relationship between the biometrics of the first user, the device identifier, and the device identifier of the terminal device, and the binding relationship may be performed by the first user to the authentication server through the terminal device. It can also be directly input by the management personnel when it is generated during registration. The authentication server authenticates the identity of the first user by determining whether the biometric of the first user, the device identifier, and the device identifier of the terminal device have a binding relationship.

Step S702: After confirming the legal identity of the first user according to the identity authentication information, returning the identity confirmation information to the terminal device;

Step S703: Receive an authentication request sent by the terminal device, where the verification request carries the second biometric feature of the second user.

Step S704: After confirming the legality of the second biometric according to the verification request, generating a login code corresponding to the second user.

Step S705: Send a login code to the terminal device, so that the second user logs in in conjunction with the login code.

Example 7

Please refer to FIG. 8. FIG. 8 is a schematic structural diagram of an electronic device for performing identity authentication according to Embodiment 7 of the present invention.

The electronic device 80 includes one or more processors 81 and a memory 82, and one processor 81 is exemplified in FIG.

The processor 81 and the memory 82 can be connected by a bus or other means, as shown in FIG. Take the bus connection as an example.

The memory 82 is a non-volatile computer readable storage medium, and can be used for storing non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions corresponding to the identity authentication method in the embodiment of the present invention. / Module (for example, modules 301-311 shown in Figure 3, modules 401-405 shown in Figure 4). The processor 81 executes various functional applications of the server and data processing by executing non-volatile software programs, instructions, and modules stored in the memory 82, that is, a method of reading the file of the above-described method embodiments.

The memory 82 may include a storage program area that stores an operating system, an application required for at least one function, and a storage data area that stores data created according to usage of the data storage device, and the like. Moreover, memory 82 can include high speed random access memory, and can also include non-volatile memory, such as at least one memory storage device, flash memory device, or other non-volatile solid state memory device. In some embodiments, memory 82 can optionally include memory remotely located relative to processor 81, which can be connected to the data storage device over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The one or more modules are stored in the memory 82, and when executed by the one or more processors 81, perform an identity authentication method in any of the above method embodiments, for example, performing the above described FIG. The method steps S501 to S506, the method steps S601 to S611 in FIG. 6, and the method steps S701 to S705 in FIG. 7 implement the functions of the modules 301-311 and the modules 401-405 in FIG.

The above product can perform the method provided by the embodiment of the present invention, and has the corresponding functional modules and beneficial effects of the execution method. For technical details that are not described in detail in this embodiment, reference may be made to the method provided by the embodiments of the present application.

The electronic device in the embodiment of the present application may be a server, that is, a device that provides a computing service. The server consists of a processor, a hard disk, a memory, a system bus, etc. The server is similar to a general-purpose computer architecture, but because of the need to provide highly reliable services, processing power, stability, reliability, security, scalability, The requirements for manageability and other aspects are high.

The electronic device provided in this embodiment is capable of performing the authentication and login of the terminal device as the second user on the terminal device that is successfully authenticated by the first user, and is in the same device. The first user and the second user are authenticated in succession, and the second user can successfully log in under the premise that the first user provides the guarantee, thereby ensuring the security and reliability of the entire authentication process.

Embodiments of the present invention provide a non-transitory computer readable storage medium storing computer-executable instructions that are executed by one or more processors, such as in FIG. a processor 81, which may cause the one or more processors to perform the method of file reading in any of the above method embodiments, for example, perform the method steps S501 to S506 in FIG. 5 described above, in FIG. The method steps S601 to S611 and the method steps S701 to S705 in FIG. 7 implement the functions of the modules 301-311 and the modules 401-405 in FIG.

The embodiment of the present invention provides a computer program product, when the computer program is executed, the method for implementing data storage in any of the foregoing method embodiments, for example, performing the method steps S501 to S506 in FIG. 5 described above, FIG. 6 The method steps S601 to S611 in FIG. 7 and the method steps S701 to S705 in FIG. 7 implement the functions of the modules 301-311 and the modules 401-405 in FIG.

The device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie may be located A place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

Through the description of the above embodiments, those skilled in the art can clearly understand that the embodiments can be implemented by means of software plus a general hardware platform, and of course, by hardware. A person skilled in the art can understand that all or part of the process of implementing the above embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Finally, it should be noted that the above embodiments are only used to explain the technical solutions of the present application, and are not limited thereto; under the idea of the present application, the technical solutions in the above embodiments or different embodiments The combinations may also be combined, the steps may be carried out in any order, and there are many other variations of the various aspects of the present application as described above, which are not provided in the details for the sake of brevity; although the application is detailed with reference to the foregoing embodiments It should be understood by those skilled in the art that the technical solutions described in the foregoing embodiments may be modified, or some of the technical features may be equivalently replaced; and the modifications or replacements do not make the corresponding technical solutions. The essence of the present invention departs from the scope of the technical solutions of the embodiments of the present application.

It is to be noted that the preferred embodiments of the present invention are described in the specification of the present invention, and the present invention may be embodied in many different forms and not limited to the embodiments described herein. These examples are not intended to be limiting as to the scope of the present invention, which is intended to provide a more thorough understanding of the present disclosure. Further, the above various technical features are further combined with each other to form various embodiments not enumerated above, and are considered as the scope of the description of the present invention; further, those skilled in the art can improve or change according to the above description. All such improvements and modifications are intended to be included within the scope of the appended claims.

Claims

A method for identity authentication, comprising:

Receiving a first biometric feature of the first user input on the terminal device, and acquiring account information of the first user and a device identifier of the terminal device;

Sending an identity authentication request to the authentication server according to the account information, the device identifier, and the first biometric feature;

Receiving identity confirmation information returned by the authentication server after confirming the legal identity of the first user according to the identity authentication request;

Receiving a second biometric of the second user input on the terminal device;

Sending a verification request to the authentication server according to the second biometric;

Receiving a login code returned by the authentication server after confirming the legality of the second biometric according to the verification request, so that the second user logs in in conjunction with the login code.
The method of claim 1 wherein

The identity authentication request is generated by encrypting the account information, the first biometric feature, and the device identifier according to the private key bound to the first biometric.
The method of claim 2 wherein:

The private key is obtained after the first biometric is verified to pass.
Method according to claim 2 or 3, characterized in that

The verification request is generated by encrypting the second biometric according to a private key bound by the first biometric.
A method for identity authentication, comprising:

Receiving the identity authentication information sent by the terminal device, where the identity authentication information carries the account information of the first user, the first biometric feature of the first user, and the device identifier of the terminal device;

After confirming the legal identity of the first user according to the identity authentication information, returning identity confirmation information to the terminal device;

Receiving an authentication request sent by the terminal device, where the verification request carries a second user Second biological characteristic;

After confirming the legality of the second biometric according to the verification request, generating a login code corresponding to the second user;

Sending the login code to the terminal device, so that the second user logs in in conjunction with the login code.
The method of claim 5 wherein:

The identity confirmation information is generated when the account information is determined, the first biometric feature of the first user, and the device identifier have a corresponding relationship.
The method of claim 5 wherein:

The confirming the legality of the second biometric includes:

Determining a biometric inventory in the second biometric.
A terminal device, comprising:

a biometric identification module for performing biometric identification;

a first receiving module, configured to receive a first biometric feature of the first user input on the terminal device;

a first acquiring module, configured to acquire account information of the first user and a device identifier of the terminal device;

a first sending module, configured to send an identity authentication request to the authentication server according to the account information, the device identifier, and the first biometric feature;

a second receiving module, configured to receive identity confirmation information returned by the authentication server after confirming the legal identity of the first user according to the identity authentication request;

a third receiving module, configured to receive a second biometric feature of the second user input on the terminal device;

a second sending module, configured to send a verification request to the authentication server according to the second biometric feature;

And a fourth receiving module, configured to receive a login code returned by the authentication server after confirming the legality of the second biometric according to the verification request, so that the second user logs in according to the login code.
The terminal device according to claim 8, wherein the terminal device further comprises:

The first encryption module is configured to encrypt the account information, the first biometric feature, and the device identifier according to the private key bound by the first biometric.
The terminal device according to claim 9, wherein the terminal device further comprises:

a second obtaining module, configured to acquire the private key after the first biometric is verified to pass.
The terminal device according to claim 9 or 10, wherein the terminal device further comprises:

And a second encryption module, configured to encrypt the second biometric according to a private key bound by the first biometric.
An authentication server, comprising:

a first receiving module, configured to receive identity authentication information sent by the terminal device, where the identity authentication information carries account information of the first user, a first biometric feature of the first user, and a device identifier of the terminal device;

a first returning module, configured to return identity confirmation information to the terminal device after confirming the legal identity of the first user according to the identity authentication information;

a second receiving module, configured to receive an authentication request sent by the terminal device, where the verification request carries a second biometric feature of the second user;

a generating module, configured to generate a login code corresponding to the second user after confirming the legality of the second biometric according to the verification request;

And a second returning module, configured to send the login code to the terminal device, so that the second user logs in in conjunction with the login code.
An electronic device, comprising:

At least one processor; and,

a memory communicatively coupled to the at least one processor; wherein

The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to execute an entitlement The method of any of claims 1-4.
An electronic device, comprising:

At least one processor; and,

a memory communicatively coupled to the at least one processor; wherein

The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the method of any of claims 5-7 method.
A computer program product, comprising: a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by an electronic device The electronic device is caused to perform the method of any of claims 1-4.
A computer program product, comprising: a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by an electronic device The electronic device is caused to perform the method of any of claims 5-7.