WO2018098686A1 - Safety verification method and device, terminal apparatus, and server - Google Patents

Safety verification method and device, terminal apparatus, and server Download PDF

Info

Publication number
WO2018098686A1
WO2018098686A1 PCT/CN2016/108028 CN2016108028W WO2018098686A1 WO 2018098686 A1 WO2018098686 A1 WO 2018098686A1 CN 2016108028 W CN2016108028 W CN 2016108028W WO 2018098686 A1 WO2018098686 A1 WO 2018098686A1
Authority
WO
WIPO (PCT)
Prior art keywords
iris information
iris
information
terminal device
server
Prior art date
Application number
PCT/CN2016/108028
Other languages
French (fr)
Chinese (zh)
Inventor
骆磊
张涛
郭宁
王振凯
Original Assignee
深圳前海达闼云端智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海达闼云端智能科技有限公司 filed Critical 深圳前海达闼云端智能科技有限公司
Priority to CN201680002714.3A priority Critical patent/CN106797386B/en
Priority to PCT/CN2016/108028 priority patent/WO2018098686A1/en
Publication of WO2018098686A1 publication Critical patent/WO2018098686A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • the present disclosure relates to the field of communications, and in particular, to a security verification method, apparatus, terminal device, and server.
  • Iris recognition technology is a biometric recognition technology based on human iris texture. Because iris recognition technology is used to identify user identity with uniqueness, high stability, strong collectability, etc., iris recognition technology is widely used. Used in a variety of scenarios, such as iris payment, iris access control, and more.
  • the way to verify the iris is usually that the user's iris is collected by the terminal device and verified. If the verification is passed, the terminal device will send the verified information to the server, and the server can directly complete the corresponding function after receiving the information, such as payment. , open the door, and so on.
  • illegal personnel may take some means to bypass the iris verification and send information directly to the server server indicating that the verification has been used, so that the server performs payment, opening the door, and the like based on the false confirmation information. It can be seen that the existing iris verification method is relatively weak.
  • the present disclosure provides a security verification method, apparatus, terminal device, and server for improving the security of iris verification.
  • a security verification method for a terminal device, the method comprising:
  • the destination network address is set to further verify the iris information.
  • the method further includes:
  • the network address is decrypted and set to the destination network address.
  • the method further includes:
  • the time stamped confirmation information is sent to the destination network address.
  • a security verification method for application to an iris server, the method comprising:
  • Verifying whether the iris information is legal iris information wherein if the iris information is legal iris information, the security verification is passed.
  • the method further includes:
  • the iris information If it is verified that the iris information is legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption, it is confirmed that the iris information passes the security verification.
  • a security verification method which is applied to a security verification system, the method comprising:
  • the terminal device detecting whether the iris information collected by the terminal device matches the preset iris information
  • the iris information is sent to the iris server by the terminal device;
  • the security verification is passed.
  • sending, by the terminal device, the iris information to the iris server including:
  • the iris information is sent to the address of the iris server.
  • the method further includes:
  • the terminal device when verifying that the iris information matches the preset iris information, sending the confirmation information encrypted by the timestamp encryption method to the iris server;
  • the iris server when it is verified that the iris information is legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption, it is confirmed that the iris information passes the security verification.
  • a security verification apparatus for use in a terminal device, the apparatus comprising:
  • the detecting module is configured to detect whether the iris information collected by the terminal device matches the preset iris information
  • the first sending module is configured to send the iris information to the set destination network address when the iris information matches the preset iris information to further verify the iris information.
  • the device further includes:
  • the obtaining module is configured to obtain the encrypted network address by using a short-range wireless communication technology
  • the decryption module is configured to decrypt the network address and set the destination network address.
  • the device further includes:
  • the second sending module is configured to send the time stamped confirmation information to the destination network address when the iris information matches the preset iris information.
  • a security verification apparatus applied to an iris server comprising:
  • a first receiving module configured to receive iris information sent by the terminal device
  • the verification module is configured to verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  • the device further includes:
  • the second receiving module is configured to receive the time-stamped acknowledgment information sent by the terminal device, where the acknowledgment information is used to indicate that the terminal device verifies that the iris information matches the preset iris information;
  • the confirmation module is configured to confirm that the iris information passes the security verification if the iris information is verified to be legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption.
  • a non-transitory computer readable storage medium comprising one or more programs for performing The above security verification method.
  • a terminal device comprising: a non-transitory computer readable storage medium; and one or more processors for executing in the non-transitory computer readable storage medium
  • a program for storing the above-described secure authentication method applied to the terminal device is stored in the non-transitory computer readable storage medium.
  • a server comprising: a non-transitory computer readable storage medium; and one or more processors for executing a program in the non-transitory computer readable storage medium Useful for storing in the non-transitory computer readable storage medium
  • the above instructions for applying the security verification method applied to the iris server are performed.
  • the terminal device in the disclosure can detect whether the collected iris information matches the preset iris information. When matching, the terminal device further sends the collected iris information to the set destination network address, and further collects the iris. The information is verified. In this way, when verifying the iris information, it needs to be verified once at the terminal device, and the iris information is sent to the destination network address for verification once again, and the illegal personnel cannot bypass the iris verification, and the verification method is more secure and reliable.
  • FIG. 1 is a schematic diagram of a security verification system involved in various embodiments of the present disclosure.
  • FIG. 2 is a flow chart showing a security verification method applied to a security verification system, according to an exemplary embodiment.
  • FIG. 3 is a flowchart of a security verification method applied to a terminal device, according to an exemplary embodiment.
  • FIG. 4 is a flowchart of a security verification method applied to an iris server, according to an exemplary embodiment.
  • FIG. 5 is a block diagram of a security verification apparatus, according to an exemplary embodiment.
  • FIG. 6 is a block diagram of a security verification apparatus, according to an exemplary embodiment.
  • FIG. 7 is a block diagram of a security verification apparatus, according to an exemplary embodiment.
  • FIG. 1 is a schematic diagram of a security verification system according to various embodiments of the present disclosure.
  • the security verification system may include: a terminal device 100, and an iris server 200.
  • the terminal device 100 can be any smart device, for example, a smart phone, a PC (Personal Computer), a PAD (Portable Android Device), and the like.
  • FIG. 1 is an example in which the terminal device 100 is a smart phone.
  • the iris server 200 can include a server, or a cluster of servers consisting of several servers, or can be a cloud computing service center.
  • FIG. 2 is a flowchart of a security verification method applied to a security verification system according to an exemplary embodiment. As shown in FIG. 2, the method includes the following steps, in which the following steps S21 to S22 are performed by the terminal device, and the following step S23 is performed by the iris server.
  • Step S21 detecting whether the iris information collected by the terminal device matches the preset iris information
  • Step S22 When the verification iris information matches the preset iris information, the iris information is sent to the iris server through the terminal device;
  • Step S23 Verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  • the preset iris information is stored in the terminal device. It can be considered that the preset iris information is the iris information of the user who legally uses the terminal device, such as the iris information of the owner of the terminal device, and the like.
  • the terminal device can collect the iris information of the user currently using the terminal device, and then compare the collected iris information with the preset iris information to determine whether the user currently using the terminal device is a legitimate user.
  • the manner in which the terminal device collects the iris information is not limited in the embodiment of the present disclosure, for example, may be collected by an image capturing unit of the terminal device, and the like.
  • the terminal device verifies that the currently collected iris information matches the preset iris information, the collected iris information may be sent to the iris server, and the iris server will verify the iris information sent by the terminal device again, and when the iris server verification is also passed, Security verification is complete.
  • the security verification method is applied to the access control system of the XX company, and the iris server of the XX company stores the iris information of each employee of the company, and the terminal device is, for example, the mobile phone of the user A.
  • the access control system is turned on, the iris information of the user A is collected by the mobile phone.
  • the mobile phone sends the collected iris information of the user A to the iris server, the iris server.
  • the access control system is only turned on when the mobile terminal and the iris server end are verified.
  • the terminal device and the iris server will double-verify the iris information to prevent illegal personnel from bypassing the iris verification, thereby improving the security and reliability of the iris verification.
  • the iris information is sent to the iris server through the terminal device, and the address of the encrypted iris server is obtained by NFC (Near Field Communication), and then the address of the encrypted iris server is decrypted. If the decryption is successful, the iris information is sent to the address of the iris server. The address of the encrypted iris server needs to be decrypted by the matching terminal device.
  • NFC Near Field Communication
  • the terminal device needs to obtain the collected iris information from the iris server, and the address of the iris server needs to be obtained first.
  • the address of the iris server may be an encrypted address.
  • the embodiment of the present disclosure does not The limitation can be obtained, for example, by NFC.
  • the security verification method is applied to the access control system, and the NFC tag can be set on the door, and the encrypted device can obtain the encrypted iris server address when the terminal device is close to the tag.
  • the matched terminal After obtaining the encrypted iris server address, the matched terminal needs to be able to decrypt the encrypted address. For example, you can set the XX company's iris server address to be decrypted only by the terminal device held by the company's employees, and so on. In this way, only specific terminal settings The backup can be used for security verification, which further enhances the security and reliability of the security verification method.
  • the confirmation message encrypted by the time stamp encryption method is sent to the iris server, and if the iris information is verified as the legal iris information at the iris server, And the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time of the time stamp encryption, and it is confirmed that the iris information passes the security verification.
  • the terminal device may send the collected iris information and the confirmation information encrypted by the timestamp method to the iris server, for example, the encryption time of the confirmation information is 2 seconds.
  • the iris server needs to satisfy the following two conditions to pass the security verification: 1. verify that the iris information is legal iris information; 2. the time when the confirmation information is received The time difference between the current moments is less than 2 seconds. In this way, the security and reliability of the security verification method can be further improved.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the security verification method is applied to the access control system of the XX company, and the terminal device is the mobile phone of the user A.
  • the user A can have the following processes when performing security verification through the access control system.
  • User A can use the mobile phone to brush NFC outside the door of the access control system to obtain the destination network address (that is, the address of the iris server, which can be the encrypted address).
  • User A scans the iris through the mobile phone.
  • the application can be scanned by an application installed in the mobile phone.
  • the mobile phone can perform live detection on the user A, and collect the collected iris information and the pre-stored information in the mobile phone. Set the iris information for comparison.
  • the iris information of the user A is consistent with the preset iris information
  • the iris information of the collected user A is sent to the iris server corresponding to the destination network address, and the time stamp encryption duration is, for example, 2 seconds of confirmation information; or
  • the mobile phone compares the user's iris information with the preset iris information, the mobile phone may not process or send an indication to the iris server that the verification fails. information.
  • the iris server can compare whether the received user A's iris information is related to the iris information stored in the iris server (for example, it can be XX). Each employee of the company matches the iris information entered at the time of entry. If the difference between the timestamp of the matching confirmation and the current time is less than 2 seconds, the security server passes the iris server to send a message indicating the opening of the door to the access control. Then it does not work, or sends a message that the verification failed to the access control.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the security verification method is applied to the access control system of the XX company, and the terminal device is the mobile phone of the user A.
  • the address of the iris server that is, the destination network address, can be pre-stored in the mobile phone. For example, when user A passes the security verification of the access control system, for example, the following process can be performed.
  • User A scans the iris through the mobile phone, for example, by using an application installed in the mobile phone.
  • the mobile phone performs live detection on the user A during the iris scanning process, and compares the collected iris information of the user A with the preset iris information stored in the mobile phone, and sets the mobile phone for opening the door when comparing and matching.
  • the NFC information of the virtual door card is in an available state, and the collected iris information of the user A is sent to the destination network address; when the comparison does not match, the mobile phone end may not operate, or send the matching error information to the destination network address.
  • the iris server will receive the iris information sent by the mobile phone, and the iris server can compare the received iris information of the user A with the iris information stored in the iris server (for example, it can be XX company) Each employee's iris information entered at the time of entry matches. If the match can send the verification pass information to the access control; if it does not match, it can send the verification failure message to the access control, or it does not work.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the security verification method is applied to electronic payment, and the terminal device is the mobile phone of user A.
  • User A swipes the mobile phone NFC when he wants to pay, and obtains transaction information (including transaction number, transaction amount, etc.) provided by the merchant.
  • User A scans the iris through the mobile phone, for example, can scan through a special application (the application for payment can input the user's iris information and bind with the payment card when first used), and the mobile phone is in the iris scanning process.
  • the user A is inspected in vivo, and the collected iris information of the user A is compared with the preset iris information stored in the mobile phone (the comparison can be performed in the trustzone to improve security).
  • the mobile phone sends the information such as the iris information, the payment card information, and the current transaction number to the destination network address, for example, the address of the iris server of the payment platform, which can of course be sent by encryption; the comparison does not match.
  • the mobile terminal does not operate or sends a matching error message to the destination network address.
  • the iris server of the payment platform will receive the iris information, payment card information, transaction number, etc. of the user A sent by the mobile phone, and the iris server can re-verify the received iris information and store it in the iris server. Whether the iris information corresponding to the user A or the payment card matches in the iris server (the iris information of the holder can be recorded when the card is opened, and the iris server of the payment platform can store the iris information of a large number of users).
  • the iris server of the payment platform passes the verification, the transaction corresponding to the current transaction number is completed, and is synchronized with the device of the merchant payment point; if the verification fails, the transaction is terminated, and the verification failure information is sent to the device of the merchant payment point.
  • FIG. 3 is a flowchart of a security verification method applied to a terminal device according to an exemplary embodiment. As shown in FIG. 3, the method includes the following steps.
  • Step S31 Detect whether the iris information collected by the terminal device matches the preset iris information.
  • Step S32 When the iris information matches the preset iris information, the iris information is sent to the set destination network address to further verify the iris information.
  • the encrypted network address can also be obtained through the short-range wireless communication technology, and then the network address is decrypted and set as the destination network address.
  • the time-stamped confirmation information may be sent to the destination network address when the iris information matches the preset iris information.
  • the destination network address may be the address of the iris server shown in FIG. 1.
  • FIG. 4 is a flowchart of a security verification method applied to an iris server according to an exemplary embodiment. As shown in FIG. 4, the method includes the following steps.
  • Step S41 receiving iris information sent by the terminal device
  • Step S42 Verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  • the time-stamped confirmation information sent by the terminal device is further received, where the confirmation information is used to indicate that the terminal device verifies that the iris information matches the preset iris information. If the iris information is verified as legal iris information, and the time difference between the time of decrypting the confirmation information and the current time is less than the encryption time of the time stamp encryption, it is confirmed that the iris information passes the security verification.
  • FIG. 5 is a block diagram of a security verification apparatus 500, which may be applied to a terminal device, such as the terminal device 100 shown in FIG. 1, according to an exemplary embodiment.
  • the apparatus 500 can include:
  • the detecting module 501 is configured to detect whether the iris information collected by the terminal device matches the preset iris information
  • the first sending module 502 is configured to send the iris information to the set destination network address when the iris information matches the preset iris information to further verify the iris information.
  • the apparatus 500 further includes:
  • the obtaining module is configured to obtain the encrypted network address by using a short-range wireless communication technology
  • the decryption module is configured to decrypt the network address and set it as the destination network address.
  • the apparatus 500 further includes:
  • the second sending module is configured to send the time-stamped confirmation information to the destination network address when the iris information matches the preset iris information.
  • FIG. 6 is a block diagram of a security verification device 600, which may be applied to an iris server, such as the iris server 200 shown in FIG. 1, according to an exemplary embodiment.
  • the apparatus 600 can include:
  • the first receiving module 601 is configured to receive iris information sent by the terminal device
  • the verification module 602 is configured to verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  • the device 600 further includes:
  • the second receiving module is configured to receive the time-stamped confirmation information sent by the terminal device, where the confirmation information is used to indicate that the terminal device verifies that the iris information matches the preset iris information;
  • the confirmation module is configured to verify that the iris information is legal iris information and decrypt the confirmation The time difference between the time of the information and the current time is less than the encryption time of the time stamp encryption, and it is confirmed that the iris information passes the security verification.
  • FIG. 7 is another block diagram of a security verification device 700, which may be an iris server, according to an exemplary embodiment.
  • the apparatus 700 can include a processor 701, a memory 702, a multimedia component 703, an input/output (I/O) interface 704, and a communication component 705.
  • the processor 701 is configured to control the overall operation of the apparatus 700 to complete all or part of the steps in the foregoing security verification method.
  • Memory 702 is used to store various types of data to support operations at the device 700, such as may include instructions for any application or method operating on the device 700, as well as application related data, such as Contact data, sent and received messages, pictures, audio, video, and more.
  • the memory 702 can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as a static random access memory (SRAM), an electrically erasable programmable read only memory ( Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read Only Read-Only Memory (ROM), magnetic memory, flash memory, disk or optical disk.
  • the multimedia component 703 can include a screen and an audio component.
  • the screen may be, for example, a touch screen, and the audio component is used to output and/or input an audio signal.
  • the audio component can include a microphone for receiving an external audio signal.
  • the received audio signal may be further stored in memory 702 or transmitted via communication component 705.
  • the audio component also includes at least one speaker for outputting an audio signal.
  • the I/O interface 704 provides an interface between the processor 701 and other interface modules, and the other interface modules may be keys. Disk, mouse, button, etc. These buttons can be virtual buttons or physical buttons.
  • Communication component 705 is used for wired or wireless communication between the device 700 and other devices. Wireless communication, such as Wi-Fi, Bluetooth, Near Field Communication (NFC), 2G, 3G or 4G, or a combination of one or more of them, so the corresponding communication component 705 can include: Wi-Fi module, Bluetooth module, NFC module.
  • the device 700 may be configured by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), and digital signal processing devices (Digital Signal Processors).
  • ASICs Application Specific Integrated Circuits
  • DSPs Digital Signal Processors
  • Digital Signal Processors Digital Signal Processors
  • DSPD Processing Device
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • controller microcontroller, microprocessor or other electronic components Used to perform the above security verification method.
  • a computer program product comprising a computer program executable by a programmable device, the computer program having when executed by the programmable device The code portion used to perform the security verification method described above.
  • non-transitory computer readable storage medium comprising instructions, such as a memory 702 comprising instructions executable by processor 701 of apparatus 700 to perform the security verification method described above .
  • the non-transitory computer readable storage medium can be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, and an optical data storage device.
  • a terminal device comprising a non-transitory computer readable storage medium; and one or more processors for executing in the non-transitory computer readable storage medium
  • a program for storing the above-described secure authentication method applied to the terminal device is stored in the non-transitory computer readable storage medium.
  • a server comprising: a non-transitory computer readable storage medium; and one or more processors for executing in the non-transitory computer readable storage medium
  • a program for storing the above-described secure authentication method applied to the iris server is stored in the non-transitory computer readable storage medium.

Abstract

Disclosed are a safety verification method and device, a terminal apparatus, and a server, used for improving safety of iris verification. The method comprises: at a terminal apparatus, detecting whether iris information collected by the terminal apparatus matches preset iris information or not; and if the iris information matches the preset iris information, sending the iris information to a set destination network address so as to further verify the iris information.

Description

安全验证方法、装置、终端设备及服务器Security verification method, device, terminal device and server 技术领域Technical field
本公开涉及通信领域,具体涉及一种安全验证方法、装置、终端设备及服务器。The present disclosure relates to the field of communications, and in particular, to a security verification method, apparatus, terminal device, and server.
背景技术Background technique
虹膜识别技术是一种以人的虹膜纹理为依据的生物识别技术,由于采用虹膜识别技术识别用户身份具有唯一性高、稳定性高、可采集性强,等等特点,因此虹膜识别技术被广泛应用于各种场景,比如虹膜支付、虹膜门禁,等等。Iris recognition technology is a biometric recognition technology based on human iris texture. Because iris recognition technology is used to identify user identity with uniqueness, high stability, strong collectability, etc., iris recognition technology is widely used. Used in a variety of scenarios, such as iris payment, iris access control, and more.
目前,验证虹膜的方式通常是,由终端设备采集用户的虹膜并进行验证,如果验证通过,终端设备将发送验证通过的信息给服务器,服务器在接收到信息后可以直接完成相应的功能,比如支付,开门,等等。然而,在实际应用中,非法人员可能会采取一些手段来绕开虹膜验证,直接向服务器服务器发送指示验证用过的信息,使得服务器基于虚假的确认信息进行支付、开门等等。可见,现有的虹膜验证方式安全性较弱。At present, the way to verify the iris is usually that the user's iris is collected by the terminal device and verified. If the verification is passed, the terminal device will send the verified information to the server, and the server can directly complete the corresponding function after receiving the information, such as payment. , open the door, and so on. However, in practical applications, illegal personnel may take some means to bypass the iris verification and send information directly to the server server indicating that the verification has been used, so that the server performs payment, opening the door, and the like based on the false confirmation information. It can be seen that the existing iris verification method is relatively weak.
发明内容Summary of the invention
为克服相关技术中存在的问题,本公开提供一种安全验证方法、装置、终端设备及服务器,用于提高虹膜验证的安全性。To overcome the problems in the related art, the present disclosure provides a security verification method, apparatus, terminal device, and server for improving the security of iris verification.
根据本公开实施例的第一方面,提供一种安全验证方法,应用于终端设备,所述方法包括:According to a first aspect of the embodiments of the present disclosure, a security verification method is provided for a terminal device, the method comprising:
检测所述终端设备采集到的虹膜信息与预设虹膜信息是否匹配;Detecting whether the iris information collected by the terminal device matches the preset iris information;
在所述虹膜信息与所述预设虹膜信息匹配时,将所述虹膜信息发送至 设定的目的网络地址,以进一步验证所述虹膜信息。Sending the iris information to the iris information when it matches the preset iris information The destination network address is set to further verify the iris information.
可选的,所述方法还包括:Optionally, the method further includes:
通过近距离无线通讯技术获取加密后的网络地址;Obtain an encrypted network address through short-range wireless communication technology;
对网络地址进行解密后并设定为所述目的网络地址。The network address is decrypted and set to the destination network address.
可选的,所述方法还包括:Optionally, the method further includes:
在所述虹膜信息与所述预设虹膜信息匹配时,将带有时间戳的确认信息发送至所述目的网络地址。When the iris information matches the preset iris information, the time stamped confirmation information is sent to the destination network address.
根据本公开实施例的第二方面,提供一种安全验证方法,应用于虹膜服务器,所述方法包括:According to a second aspect of the embodiments of the present disclosure, a security verification method is provided for application to an iris server, the method comprising:
接收由终端设备发送的虹膜信息;Receiving iris information sent by the terminal device;
验证所述虹膜信息是否为合法的虹膜信息,其中,若所述虹膜信息为合法的虹膜信息,则安全验证通过。Verifying whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
可选的,所述方法还包括:Optionally, the method further includes:
接收由所述终端设备发送的带有时间戳的确认信息,其中,所述确认信息用于指示所述终端设备验证所述虹膜信息与预设虹膜信息匹配;Receiving the time-stamped confirmation information sent by the terminal device, where the confirmation information is used to instruct the terminal device to verify that the iris information matches the preset iris information;
若验证所述虹膜信息为合法的虹膜信息,且解密所述确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认所述虹膜信息通过安全验证。If it is verified that the iris information is legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption, it is confirmed that the iris information passes the security verification.
根据本公开实施例的第三方面,提供一种安全验证方法,应用于安全验证系统,所述方法包括:According to a third aspect of the embodiments of the present disclosure, a security verification method is provided, which is applied to a security verification system, the method comprising:
在所述终端设备处,检测所述终端设备采集到的虹膜信息与预设虹膜信息是否匹配;At the terminal device, detecting whether the iris information collected by the terminal device matches the preset iris information;
在验证所述虹膜信息与所述预设虹膜信息匹配时,通过所述终端设备将所述虹膜信息发送给所述虹膜服务器;When it is verified that the iris information matches the preset iris information, the iris information is sent to the iris server by the terminal device;
在所述虹膜服务器处,验证所述虹膜信息是否为合法的虹膜信息,其 中,若所述虹膜信息为合法的虹膜信息,则安全验证通过。At the iris server, verifying whether the iris information is legal iris information, If the iris information is legal iris information, the security verification is passed.
可选的,通过所述终端设备将所述虹膜信息发送给所述虹膜服务器,包括:Optionally, sending, by the terminal device, the iris information to the iris server, including:
通过近距离无线通讯技术获取加密后的所述虹膜服务器的地址,其中,加密后的所述虹膜服务器的地址需由匹配的终端设备进行解密;Acquiring the encrypted address of the iris server by using a short-range wireless communication technology, wherein the encrypted address of the iris server needs to be decrypted by the matched terminal device;
对加密后的所述虹膜服务器的地址进行解密;Decrypting the encrypted address of the iris server;
在解密成功时,向所述虹膜服务器的地址发送所述虹膜信息。When the decryption is successful, the iris information is sent to the address of the iris server.
可选的,所述方法还包括:Optionally, the method further includes:
在所述终端设备处,在验证所述虹膜信息与所述预设虹膜信息匹配时,向所述虹膜服务器发送经时间戳加密方式加密后的确认信息;At the terminal device, when verifying that the iris information matches the preset iris information, sending the confirmation information encrypted by the timestamp encryption method to the iris server;
在所述虹膜服务器处,在验证所述虹膜信息为合法的虹膜信息,且解密所述确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长时,确认所述虹膜信息通过安全验证。At the iris server, when it is verified that the iris information is legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption, it is confirmed that the iris information passes the security verification.
根据本公开实施例的第四方面,提供一种安全验证装置,应用于终端设备,所述装置包括:According to a fourth aspect of the embodiments of the present disclosure, a security verification apparatus is provided for use in a terminal device, the apparatus comprising:
检测模块,被配置为检测所述终端设备采集到的虹膜信息与预设虹膜信息是否匹配;The detecting module is configured to detect whether the iris information collected by the terminal device matches the preset iris information;
第一发送模块,被配置为在所述虹膜信息与所述预设虹膜信息匹配时,将所述虹膜信息发送至设定的目的网络地址,以进一步验证所述虹膜信息。The first sending module is configured to send the iris information to the set destination network address when the iris information matches the preset iris information to further verify the iris information.
可选的,所述装置还包括:Optionally, the device further includes:
获取模块,被配置为通过近距离无线通讯技术获取加密后的网络地址;The obtaining module is configured to obtain the encrypted network address by using a short-range wireless communication technology;
解密模块,被配置为对网络地址进行解密后并设定为所述目的网络地址。 The decryption module is configured to decrypt the network address and set the destination network address.
可选的,所述装置还包括:Optionally, the device further includes:
第二发送模块,被配置为在所述虹膜信息与所述预设虹膜信息匹配时,将带有时间戳的确认信息发送至所述目的网络地址。The second sending module is configured to send the time stamped confirmation information to the destination network address when the iris information matches the preset iris information.
根据本公开实施例的第五方面,提供一种安全验证装置,应用于虹膜服务器,所述装置包括:According to a fifth aspect of the embodiments of the present disclosure, there is provided a security verification apparatus applied to an iris server, the apparatus comprising:
第一接收模块,被配置为接收由终端设备发送的虹膜信息;a first receiving module configured to receive iris information sent by the terminal device;
验证模块,被配置为验证所述虹膜信息是否为合法的虹膜信息,其中,若所述虹膜信息为合法的虹膜信息,则安全验证通过。The verification module is configured to verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
可选的,所述装置还包括:Optionally, the device further includes:
第二接收模块,别配置为接收由所述终端设备发送的带有时间戳的确认信息,其中,所述确认信息用于指示所述终端设备验证所述虹膜信息与预设虹膜信息匹配;The second receiving module is configured to receive the time-stamped acknowledgment information sent by the terminal device, where the acknowledgment information is used to indicate that the terminal device verifies that the iris information matches the preset iris information;
确认模块,被配置为若验证所述虹膜信息为合法的虹膜信息,且解密所述确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认所述虹膜信息通过安全验证。The confirmation module is configured to confirm that the iris information passes the security verification if the iris information is verified to be legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption.
根据本公开实施例的第六方面,提供一种非临时性计算机可读存储介质,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行上述安全验证方法。According to a sixth aspect of the embodiments of the present disclosure, there is provided a non-transitory computer readable storage medium comprising one or more programs for performing The above security verification method.
根据本公开实施例的第七方面,提供一种终端设备,包括:非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序;所述非临时性计算机可读存储介质中存储有用于执行上述应用于终端设备的安全验证方法的指令。According to a seventh aspect of the embodiments of the present disclosure, there is provided a terminal device comprising: a non-transitory computer readable storage medium; and one or more processors for executing in the non-transitory computer readable storage medium A program for storing the above-described secure authentication method applied to the terminal device is stored in the non-transitory computer readable storage medium.
根据本公开实施例的第八方面,提供一种服务器,包括:非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序;所述非临时性计算机可读存储介质中存储有用 于执行上述应用于虹膜服务器的安全验证方法的指令。According to an eighth aspect of the embodiments of the present disclosure, there is provided a server comprising: a non-transitory computer readable storage medium; and one or more processors for executing a program in the non-transitory computer readable storage medium Useful for storing in the non-transitory computer readable storage medium The above instructions for applying the security verification method applied to the iris server are performed.
本公开的实施例提供的技术方案可以包括以下有益效果:The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects:
本公开中的终端设备可以检测采集到的虹膜信息是否与预设虹膜信息匹配,在匹配时,终端设备还要将采集到的虹膜信息发送给设定的目的网络地址,进一步对采集到的虹膜信息进行验证。通过这样的方式,在验证虹膜信息时需要在终端设备处验证一次,还要将虹膜信息发送给目的网络地址再验证一次,非法人员无法绕过虹膜验证,验证方式更为安全、可靠。The terminal device in the disclosure can detect whether the collected iris information matches the preset iris information. When matching, the terminal device further sends the collected iris information to the set destination network address, and further collects the iris. The information is verified. In this way, when verifying the iris information, it needs to be verified once at the terminal device, and the iris information is sent to the destination network address for verification once again, and the illegal personnel cannot bypass the iris verification, and the verification method is more secure and reliable.
附图说明DRAWINGS
附图是用来提供对本公开的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本公开,但并不构成对本公开的限制。在附图中:The drawings are intended to provide a further understanding of the disclosure, and are in the In the drawing:
图1是本公开各个实施例所涉及的安全验证系统的示意图。1 is a schematic diagram of a security verification system involved in various embodiments of the present disclosure.
图2是根据一示例性实施例示出的一种应用于安全验证系统的安全验证方法的流程图。2 is a flow chart showing a security verification method applied to a security verification system, according to an exemplary embodiment.
图3是根据一示例性实施例示出的一种应用于终端设备的安全验证方法的流程图。FIG. 3 is a flowchart of a security verification method applied to a terminal device, according to an exemplary embodiment.
图4是根据一示例性实施例示出的一种应用于虹膜服务器的安全验证方法的流程图。FIG. 4 is a flowchart of a security verification method applied to an iris server, according to an exemplary embodiment.
图5是根据一示例性实施例示出的一种安全验证装置的框图。FIG. 5 is a block diagram of a security verification apparatus, according to an exemplary embodiment.
图6是根据一示例性实施例示出的一种安全验证装置的框图。FIG. 6 is a block diagram of a security verification apparatus, according to an exemplary embodiment.
图7是根据一示例性实施例示出的一种安全验证装置的框图。FIG. 7 is a block diagram of a security verification apparatus, according to an exemplary embodiment.
具体实施方式 detailed description
以下结合附图对本公开的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本公开,并不用于限制本公开。The specific embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are not to be construed
在介绍本公开提供的路径规划的方法之前,首先对本公开所涉及的应用场景,也就是安全验证系统进行介绍,图1是本公开各个实施例所涉及的一种安全验证系统的示意图。参见图1,该安全验证系统可以包括:终端设备100,以及虹膜服务器200。终端设备100可以是任意的智能设备,例如,智能手机、PC(Personal Computer,个人计算机)、PAD(Portable Android Device,平板电脑),等等,图1以终端设备100为智能手机为例。虹膜服务器200可以包括一台服务器,或者由若干台服务器组成的服务器集群,或者可以是一个云计算服务中心。Before introducing the method for path planning provided by the present disclosure, the application scenario involved in the present disclosure, that is, the security verification system, is first introduced. FIG. 1 is a schematic diagram of a security verification system according to various embodiments of the present disclosure. Referring to FIG. 1, the security verification system may include: a terminal device 100, and an iris server 200. The terminal device 100 can be any smart device, for example, a smart phone, a PC (Personal Computer), a PAD (Portable Android Device), and the like. FIG. 1 is an example in which the terminal device 100 is a smart phone. The iris server 200 can include a server, or a cluster of servers consisting of several servers, or can be a cloud computing service center.
请参考图2,图2是根据一示例性实施例示出的一种应用于安全验证系统的安全验证方法的流程图。如图2所示,该方法包括以下步骤,其中,由终端设备执行下述步骤S21-步骤S22,由虹膜服务器执行下述步骤S23。Please refer to FIG. 2. FIG. 2 is a flowchart of a security verification method applied to a security verification system according to an exemplary embodiment. As shown in FIG. 2, the method includes the following steps, in which the following steps S21 to S22 are performed by the terminal device, and the following step S23 is performed by the iris server.
步骤S21:检测终端设备采集到的虹膜信息与预设虹膜信息是否匹配;Step S21: detecting whether the iris information collected by the terminal device matches the preset iris information;
步骤S22:在验证虹膜信息与预设虹膜信息匹配时,通过终端设备将虹膜信息发送给虹膜服务器;Step S22: When the verification iris information matches the preset iris information, the iris information is sent to the iris server through the terminal device;
步骤S23:验证虹膜信息是否为合法的虹膜信息,其中,若虹膜信息为合法的虹膜信息,则安全验证通过。Step S23: Verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
在终端设备中存储有预设虹膜信息,可以认为,预设虹膜信息是合法使用终端设备的用户的虹膜信息,比如可以是该终端设备的所有人的虹膜信息,等等。终端设备可以采集当前使用终端设备的用户的虹膜信息,然后将采集到的虹膜信息与预设虹膜信息进行比较,进而确定当前使用终端设备的用户是否为合法的用户。终端设备采集虹膜信息的方式本公开实施例不作限定,例如,可以通过终端设备的图像采集单元进行采集,等等。 The preset iris information is stored in the terminal device. It can be considered that the preset iris information is the iris information of the user who legally uses the terminal device, such as the iris information of the owner of the terminal device, and the like. The terminal device can collect the iris information of the user currently using the terminal device, and then compare the collected iris information with the preset iris information to determine whether the user currently using the terminal device is a legitimate user. The manner in which the terminal device collects the iris information is not limited in the embodiment of the present disclosure, for example, may be collected by an image capturing unit of the terminal device, and the like.
如果终端设备验证当前采集的虹膜信息与预设虹膜信息匹配,可以将采集到的虹膜信息发送给虹膜服务器,虹膜服务器将对终端设备发送的虹膜信息再次进行验证,在虹膜服务器验证也通过时,安全验证才完成。If the terminal device verifies that the currently collected iris information matches the preset iris information, the collected iris information may be sent to the iris server, and the iris server will verify the iris information sent by the terminal device again, and when the iris server verification is also passed, Security verification is complete.
例如,将安全验证方法应用在XX公司的门禁系统中,XX公司的虹膜服务器存储有公司每个员工的虹膜信息,终端设备比如为用户A的手机。在开启门禁系统时,先通过手机采集用户A的虹膜信息,在用户A的虹膜信息与手机中存储的预设虹膜信息匹配时,手机将采集的用户A的虹膜信息发送给虹膜服务器,虹膜服务器通过对比虹膜信息,进一步验证用户A是否为XX公司员工,只有在手机端和虹膜服务器端均验证通过时,门禁系统才会开启。For example, the security verification method is applied to the access control system of the XX company, and the iris server of the XX company stores the iris information of each employee of the company, and the terminal device is, for example, the mobile phone of the user A. When the access control system is turned on, the iris information of the user A is collected by the mobile phone. When the iris information of the user A matches the preset iris information stored in the mobile phone, the mobile phone sends the collected iris information of the user A to the iris server, the iris server. By comparing the iris information, it is further verified whether the user A is an employee of the XX company, and the access control system is only turned on when the mobile terminal and the iris server end are verified.
通过以上的方式,终端设备与虹膜服务器将对虹膜信息进行双重验证,避免非法人员绕过虹膜验证,提高了虹膜验证的安全性和可靠性。Through the above manner, the terminal device and the iris server will double-verify the iris information to prevent illegal personnel from bypassing the iris verification, thereby improving the security and reliability of the iris verification.
可选的,通过终端设备将虹膜信息发送给虹膜服务器,可以通过NFC(Near Field Communication,近距离无线通讯技术)获取加密后的虹膜服务器的地址,然后对加密后的虹膜服务器的地址进行解密,如果解密成功,再向虹膜服务器的地址发送虹膜信息。其中,加密后的虹膜服务器的地址需由匹配的终端设备进行解密。Optionally, the iris information is sent to the iris server through the terminal device, and the address of the encrypted iris server is obtained by NFC (Near Field Communication), and then the address of the encrypted iris server is decrypted. If the decryption is successful, the iris information is sent to the address of the iris server. The address of the encrypted iris server needs to be decrypted by the matching terminal device.
也就是说,终端设备要向虹膜服务器发送采集的虹膜信息,需要先获取虹膜服务器的地址,虹膜服务器的地址可以是加密的地址,对于获取加密后的虹膜服务器地址的方式,本公开实施例不作限定,例如可以通过NFC获取,那么比如,安全验证方法应用于门禁系统,可以在门上设置NFC标签,终端设备靠近标签便能够获取加密后的虹膜服务器地址。That is, the terminal device needs to obtain the collected iris information from the iris server, and the address of the iris server needs to be obtained first. The address of the iris server may be an encrypted address. For the manner of obtaining the encrypted iris server address, the embodiment of the present disclosure does not The limitation can be obtained, for example, by NFC. For example, the security verification method is applied to the access control system, and the NFC tag can be set on the door, and the encrypted device can obtain the encrypted iris server address when the terminal device is close to the tag.
获取加密后的虹膜服务器地址后,需要由匹配的终端才能够对加密后的地址进行解密。比如,可以设定XX公司的虹膜服务器地址只能由该公司员工持有的终端设备才能够解密,等等。通过这样的方式,只有特定的终端设 备才能够进行安全验证,进一步提升了安全验证方法的安全性和可靠性。After obtaining the encrypted iris server address, the matched terminal needs to be able to decrypt the encrypted address. For example, you can set the XX company's iris server address to be decrypted only by the terminal device held by the company's employees, and so on. In this way, only specific terminal settings The backup can be used for security verification, which further enhances the security and reliability of the security verification method.
可选的,还可以在终端设备验证虹膜信息与预设虹膜信息匹配时,向虹膜服务器发送经时间戳加密方式加密后的确认信息,在虹膜服务器处,若验证虹膜信息为合法的虹膜信息,且解密确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认虹膜信息通过安全验证。Optionally, when the terminal device verifies that the iris information matches the preset iris information, the confirmation message encrypted by the time stamp encryption method is sent to the iris server, and if the iris information is verified as the legal iris information at the iris server, And the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time of the time stamp encryption, and it is confirmed that the iris information passes the security verification.
即,终端设备在验证采集到的虹膜信息与预设虹膜信息匹配时,可以向虹膜服务器发送采集到的虹膜信息以及通过时间戳方式加密后的确认信息,比如,确认信息的加密时长为2秒,那么虹膜服务器在接收到终端设备发送的虹膜信息和确认消息后,需要同时满足以下两个条件才能通过安全验证:1、验证虹膜信息为合法的虹膜信息;2、接收到确认信息的时刻与当前时刻的时间差小于2秒。通过这样的方式,能够进一步提升安全验证方法的安全性和可靠性。That is, when verifying that the collected iris information matches the preset iris information, the terminal device may send the collected iris information and the confirmation information encrypted by the timestamp method to the iris server, for example, the encryption time of the confirmation information is 2 seconds. After receiving the iris information and the confirmation message sent by the terminal device, the iris server needs to satisfy the following two conditions to pass the security verification: 1. verify that the iris information is legal iris information; 2. the time when the confirmation information is received The time difference between the current moments is less than 2 seconds. In this way, the security and reliability of the security verification method can be further improved.
以下将通过具体的实施例对本公开的安全验证方法进行举例说明。The security verification method of the present disclosure will be exemplified below by way of specific embodiments.
实施例一:Embodiment 1:
安全验证方法应用于XX公司的门禁系统,终端设备为用户A的手机,用户A在通过门禁系统的安全验证时例如可以有以下流程。The security verification method is applied to the access control system of the XX company, and the terminal device is the mobile phone of the user A. For example, the user A can have the following processes when performing security verification through the access control system.
1、用户A可以在门禁系统的门外使用手机刷NFC,获取目的网络地址(即为虹膜服务器的地址,可以是加密后的地址)。1. User A can use the mobile phone to brush NFC outside the door of the access control system to obtain the destination network address (that is, the address of the iris server, which can be the encrypted address).
2、用户A通过手机进行虹膜扫描,比如可以通过预先安装在手机中的应用程序进行扫描,扫描过程中手机可以对用户A进行活体检测,并将采集到的虹膜信息与存储在手机中的预设虹膜信息进行对比。2. User A scans the iris through the mobile phone. For example, the application can be scanned by an application installed in the mobile phone. During the scanning process, the mobile phone can perform live detection on the user A, and collect the collected iris information and the pre-stored information in the mobile phone. Set the iris information for comparison.
3、在手机对比用户A的虹膜信息与预设虹膜信息一致时,向目的网络地址对应的虹膜服务器发送采集到的用户A的虹膜信息,以及时间戳加密时长比如为2秒的确认信息;或者,在手机对比用户A的虹膜信息与预设虹膜信息不一致时,手机可以不做处理或者向虹膜服务器发送指示验证不通过的 信息。3. When the iris information of the user A is consistent with the preset iris information, the iris information of the collected user A is sent to the iris server corresponding to the destination network address, and the time stamp encryption duration is, for example, 2 seconds of confirmation information; or When the mobile phone compares the user's iris information with the preset iris information, the mobile phone may not process or send an indication to the iris server that the verification fails. information.
4、在手机端验证通过的情况下,虹膜服务器将收到虹膜信息以及确认信息,那么虹膜服务器可以对比接收到的用户A的虹膜信息是否与存储在虹膜服务器中的虹膜信息(比如可以是XX公司的每个员工在入职时录入的虹膜信息)匹配,如果匹配且解密确认信息的时间戳与当前时刻之差小于2秒,安全验证通过,虹膜服务器可以向门禁发送指示开门的信息,反之,则不动作,或者向门禁发送验证失败的信息。4. In the case that the mobile terminal verifies that the iris server will receive the iris information and the confirmation information, the iris server can compare whether the received user A's iris information is related to the iris information stored in the iris server (for example, it can be XX). Each employee of the company matches the iris information entered at the time of entry. If the difference between the timestamp of the matching confirmation and the current time is less than 2 seconds, the security server passes the iris server to send a message indicating the opening of the door to the access control. Then it does not work, or sends a message that the verification failed to the access control.
实施例二:Embodiment 2:
安全验证方法应用于XX公司的门禁系统,终端设备为用户A的手机,手机中可以预先存储有虹膜服务器的地址,也就是目的网络地址。用户A在通过门禁系统的安全验证时例如可以有以下流程。The security verification method is applied to the access control system of the XX company, and the terminal device is the mobile phone of the user A. The address of the iris server, that is, the destination network address, can be pre-stored in the mobile phone. For example, when user A passes the security verification of the access control system, for example, the following process can be performed.
1、用户A通过手机进行虹膜扫描,比如可以通过安装在手机中的应用程序进行扫描。1. User A scans the iris through the mobile phone, for example, by using an application installed in the mobile phone.
2、手机在虹膜扫描过程中对用户A进行活体检测,并将采集到的用户A的虹膜信息与手机中存储的预设虹膜信息进行比对,在对比匹配时,设置手机中用于开门的虚拟门卡NFC信息为可用状态,将采集到的用户A的虹膜信息发送给目的网络地址;在对比不匹配时,手机端可以不动作,或者向目的网络地址发送匹配错误的信息。2. The mobile phone performs live detection on the user A during the iris scanning process, and compares the collected iris information of the user A with the preset iris information stored in the mobile phone, and sets the mobile phone for opening the door when comparing and matching. The NFC information of the virtual door card is in an available state, and the collected iris information of the user A is sent to the destination network address; when the comparison does not match, the mobile phone end may not operate, or send the matching error information to the destination network address.
3、在手机端验证通过的情况下,虹膜服务器将收到手机发送的虹膜信息,虹膜服务器可以对比接收到的用户A的虹膜信息是否与存储在虹膜服务器中的虹膜信息(比如可以是XX公司的每个员工在入职时录入的虹膜信息)匹配,如果匹配可以向门禁发送验证通过的信息;如果不匹配可以向门禁发送验证不通过的信息,或者不动作。3. In the case that the mobile terminal verifies, the iris server will receive the iris information sent by the mobile phone, and the iris server can compare the received iris information of the user A with the iris information stored in the iris server (for example, it can be XX company) Each employee's iris information entered at the time of entry matches. If the match can send the verification pass information to the access control; if it does not match, it can send the verification failure message to the access control, or it does not work.
4、在门禁接收到虹膜服务器发送的验证通过的信息后,可以启动等待刷卡的程序,比如设置等待5秒刷卡动作,那么如果手机中的虚拟门卡NFC 信息为可用状态且门禁在5秒内接收到了用户的刷卡动作,安全验证通过,则开门,反正则无动作。4. After receiving the verification information sent by the iris server at the access control, you can start the program waiting for the card to be swiped, such as setting the wait for 5 seconds to swipe the card, then if the virtual door card in the mobile phone is NFC The information is available and the access control has received the user's swipe action within 5 seconds. If the security verification is passed, the door is opened, and there is no action anyway.
实施例三:Embodiment 3:
安全验证方法应用于电子支付,终端设备为用户A的手机。The security verification method is applied to electronic payment, and the terminal device is the mobile phone of user A.
1、用户A在要支付时刷手机NFC,获取商家提供的交易信息(包括交易号、交易金额,等等)。1. User A swipes the mobile phone NFC when he wants to pay, and obtains transaction information (including transaction number, transaction amount, etc.) provided by the merchant.
2、用户A通过手机进行虹膜扫描,比如可以通过专门的应用程序进行扫描(用于进行支付的应用程序在首次使用时可以录入用户的虹膜信息并与支付卡绑定),手机在虹膜扫描过程中对用户A进行活体检测,并将采集到的用户A的虹膜信息与手机中存储的预设虹膜信息进行比对(比对可以在trustzone中进行,以提高安全性)。在比对匹配时,手机将虹膜信息、支付卡信息、当前交易号等信息发送到目的网络地址,比如可以是支付平台的虹膜服务器的地址,当然可以通过加密的方式发送;在比对不匹配时,手机端可以不动作或者向目的网络地址发送匹配错误的信息。2. User A scans the iris through the mobile phone, for example, can scan through a special application (the application for payment can input the user's iris information and bind with the payment card when first used), and the mobile phone is in the iris scanning process. The user A is inspected in vivo, and the collected iris information of the user A is compared with the preset iris information stored in the mobile phone (the comparison can be performed in the trustzone to improve security). When the comparison is matched, the mobile phone sends the information such as the iris information, the payment card information, and the current transaction number to the destination network address, for example, the address of the iris server of the payment platform, which can of course be sent by encryption; the comparison does not match. When the mobile terminal does not operate or sends a matching error message to the destination network address.
3、在手机端验证通过的情况下,支付平台的虹膜服务器将收到手机发送的用户A的虹膜信息、支付卡信息、交易号等等,虹膜服务器可以再验证接收到的虹膜信息与存储在虹膜服务器中的对应于用户A或对应于支付卡的虹膜信息是否匹配(在开卡时可以录入持有人的虹膜信息,支付平台的虹膜服务器可以存储有大量用户的虹膜信息)。3. In the case that the mobile terminal verifies, the iris server of the payment platform will receive the iris information, payment card information, transaction number, etc. of the user A sent by the mobile phone, and the iris server can re-verify the received iris information and store it in the iris server. Whether the iris information corresponding to the user A or the payment card matches in the iris server (the iris information of the holder can be recorded when the card is opened, and the iris server of the payment platform can store the iris information of a large number of users).
4、支付平台的虹膜服务器如果验证通过,完成当前交易号对应的交易,并与商家支付点的设备同步;如果验证不通过,终止交易,向商家支付点的设备发送验证失败的信息。4. If the iris server of the payment platform passes the verification, the transaction corresponding to the current transaction number is completed, and is synchronized with the device of the merchant payment point; if the verification fails, the transaction is terminated, and the verification failure information is sent to the device of the merchant payment point.
通过上述的安全验证方法,在验证虹膜信息时需要在终端设备处验证一次,还要将虹膜信息发送给目的网络地址再验证一次,非法人员无法绕过虹膜验证,虹膜验证更为安全、可靠。 Through the above-mentioned security verification method, when verifying the iris information, it is necessary to verify once at the terminal device, and the iris information is sent to the destination network address for verification once again, and the illegal personnel cannot bypass the iris verification, and the iris verification is safer and more reliable.
请参考图3,图3是根据一示例性实施例示出的一种应用于终端设备的安全验证方法的流程图。如图3所示,该方法包括以下步骤。Please refer to FIG. 3. FIG. 3 is a flowchart of a security verification method applied to a terminal device according to an exemplary embodiment. As shown in FIG. 3, the method includes the following steps.
步骤S31:检测终端设备采集到的虹膜信息与预设虹膜信息是否匹配。Step S31: Detect whether the iris information collected by the terminal device matches the preset iris information.
步骤S32:在虹膜信息与预设虹膜信息匹配时,将虹膜信息发送至设定的目的网络地址,以进一步验证虹膜信息。Step S32: When the iris information matches the preset iris information, the iris information is sent to the set destination network address to further verify the iris information.
可选的,还可以通过近距离无线通讯技术获取加密后的网络地址,然后对网络地址进行解密后并设定为目的网络地址。Optionally, the encrypted network address can also be obtained through the short-range wireless communication technology, and then the network address is decrypted and set as the destination network address.
可选的,还可以在虹膜信息与预设虹膜信息匹配时,将带有时间戳的确认信息发送至目的网络地址。Optionally, the time-stamped confirmation information may be sent to the destination network address when the iris information matches the preset iris information.
目的网络地址可以是图1所示的虹膜服务器的地址,应用于终端设备的安全验证方法请参见上述应用于安全验证系统的安全验证方法中关于终端设备侧的说明,在此不再赘述。The destination network address may be the address of the iris server shown in FIG. 1. For the security verification method applied to the terminal device, refer to the description of the terminal device side in the above-mentioned security verification method applied to the security verification system, and details are not described herein again.
请参考图4,图4是根据一示例性实施例示出的一种应用于虹膜服务器的安全验证方法的流程图。如图4所示,该方法包括以下步骤。Please refer to FIG. 4. FIG. 4 is a flowchart of a security verification method applied to an iris server according to an exemplary embodiment. As shown in FIG. 4, the method includes the following steps.
步骤S41:接收由终端设备发送的虹膜信息;Step S41: receiving iris information sent by the terminal device;
步骤S42:验证虹膜信息是否为合法的虹膜信息,其中,若虹膜信息为合法的虹膜信息,则安全验证通过。Step S42: Verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
可选的,还可以接收由终端设备发送的带有时间戳的确认信息,其中,确认信息用于指示终端设备验证虹膜信息与预设虹膜信息匹配。若验证虹膜信息为合法的虹膜信息,且解密确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认虹膜信息通过安全验证。Optionally, the time-stamped confirmation information sent by the terminal device is further received, where the confirmation information is used to indicate that the terminal device verifies that the iris information matches the preset iris information. If the iris information is verified as legal iris information, and the time difference between the time of decrypting the confirmation information and the current time is less than the encryption time of the time stamp encryption, it is confirmed that the iris information passes the security verification.
应用于虹膜服务器的安全验证方法请参见上述应用于安全验证系统的安全验证方法中关于虹膜服务器侧的说明,在此不再赘述。For the security verification method applied to the iris server, refer to the description of the iris server side in the above-mentioned security verification method applied to the security verification system, and details are not described herein again.
图5是根据一示例性实施例示出的一种安全验证装置500的框图,其中,该装置500可以应用于终端设备,例如,图1所示的终端设备100。如 图5所示,该装置500可以包括:FIG. 5 is a block diagram of a security verification apparatus 500, which may be applied to a terminal device, such as the terminal device 100 shown in FIG. 1, according to an exemplary embodiment. Such as As shown in FIG. 5, the apparatus 500 can include:
检测模块501,被配置为检测终端设备采集到的虹膜信息与预设虹膜信息是否匹配;The detecting module 501 is configured to detect whether the iris information collected by the terminal device matches the preset iris information;
第一发送模块502,被配置为在虹膜信息与预设虹膜信息匹配时,将虹膜信息发送至设定的目的网络地址,以进一步验证虹膜信息。The first sending module 502 is configured to send the iris information to the set destination network address when the iris information matches the preset iris information to further verify the iris information.
可选的,装置500还包括:Optionally, the apparatus 500 further includes:
获取模块,被配置为通过近距离无线通讯技术获取加密后的网络地址;The obtaining module is configured to obtain the encrypted network address by using a short-range wireless communication technology;
解密模块,被配置为对网络地址进行解密后并设定为目的网络地址。The decryption module is configured to decrypt the network address and set it as the destination network address.
可选的,装置500还包括:Optionally, the apparatus 500 further includes:
第二发送模块,被配置为在虹膜信息与预设虹膜信息匹配时,将带有时间戳的确认信息发送至目的网络地址。The second sending module is configured to send the time-stamped confirmation information to the destination network address when the iris information matches the preset iris information.
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。With regard to the apparatus in the above embodiments, the specific manner in which the respective modules perform the operations has been described in detail in the embodiment relating to the method, and will not be explained in detail herein.
图6是根据一示例性实施例示出的一种安全验证装置600的框图,其中,该装置600可以应用于虹膜服务器,例如,图1所示的虹膜服务器200。如图6所示,该装置600可以包括:FIG. 6 is a block diagram of a security verification device 600, which may be applied to an iris server, such as the iris server 200 shown in FIG. 1, according to an exemplary embodiment. As shown in FIG. 6, the apparatus 600 can include:
第一接收模块601,被配置为接收由终端设备发送的虹膜信息;The first receiving module 601 is configured to receive iris information sent by the terminal device;
验证模块602,被配置为验证虹膜信息是否为合法的虹膜信息,其中,若虹膜信息为合法的虹膜信息,则安全验证通过。The verification module 602 is configured to verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
可选的,装置600还包括:Optionally, the device 600 further includes:
第二接收模块,别配置为接收由终端设备发送的带有时间戳的确认信息,其中,确认信息用于指示终端设备验证虹膜信息与预设虹膜信息匹配;The second receiving module is configured to receive the time-stamped confirmation information sent by the terminal device, where the confirmation information is used to indicate that the terminal device verifies that the iris information matches the preset iris information;
确认模块,被配置为若验证虹膜信息为合法的虹膜信息,且解密确认 信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认虹膜信息通过安全验证。The confirmation module is configured to verify that the iris information is legal iris information and decrypt the confirmation The time difference between the time of the information and the current time is less than the encryption time of the time stamp encryption, and it is confirmed that the iris information passes the security verification.
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。With regard to the apparatus in the above embodiments, the specific manner in which the respective modules perform the operations has been described in detail in the embodiment relating to the method, and will not be explained in detail herein.
图7是根据一示例性实施例示出的一种安全验证装置700的另一框图,该装置700可以是虹膜服务器。如图7所示,该装置700可以包括:处理器701,存储器702,多媒体组件703,输入/输出(I/O)接口704,以及通信组件705。FIG. 7 is another block diagram of a security verification device 700, which may be an iris server, according to an exemplary embodiment. As shown in FIG. 7, the apparatus 700 can include a processor 701, a memory 702, a multimedia component 703, an input/output (I/O) interface 704, and a communication component 705.
其中,处理器701用于控制该装置700的整体操作,以完成上述的安全验证方法中的全部或部分步骤。存储器702用于存储各种类型的数据以支持在该装置700的操作,这些数据的例如可以包括用于在该装置700上操作的任何应用程序或方法的指令,以及应用程序相关的数据,例如联系人数据、收发的消息、图片、音频、视频等等。该存储器702可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,例如静态随机存取存储器(Static Random Access Memory,简称SRAM),电可擦除可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,简称EEPROM),可擦除可编程只读存储器(Erasable Programmable Read-Only Memory,简称EPROM),可编程只读存储器(Programmable Read-Only Memory,简称PROM),只读存储器(Read-Only Memory,简称ROM),磁存储器,快闪存储器,磁盘或光盘。多媒体组件703可以包括屏幕和音频组件。其中屏幕例如可以是触摸屏,音频组件用于输出和/或输入音频信号。例如,音频组件可以包括一个麦克风,麦克风用于接收外部音频信号。所接收的音频信号可以被进一步存储在存储器702或通过通信组件705发送。音频组件还包括至少一个扬声器,用于输出音频信号。I/O接口704为处理器701和其他接口模块之间提供接口,上述其他接口模块可以是键 盘,鼠标,按钮等。这些按钮可以是虚拟按钮或者实体按钮。通信组件705用于该装置700与其他设备之间进行有线或无线通信。无线通信,例如Wi-Fi,蓝牙,近场通信(Near Field Communication,简称NFC),2G、3G或4G,或它们中的一种或几种的组合,因此相应的该通信组件705可以包括:Wi-Fi模块,蓝牙模块,NFC模块。The processor 701 is configured to control the overall operation of the apparatus 700 to complete all or part of the steps in the foregoing security verification method. Memory 702 is used to store various types of data to support operations at the device 700, such as may include instructions for any application or method operating on the device 700, as well as application related data, such as Contact data, sent and received messages, pictures, audio, video, and more. The memory 702 can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as a static random access memory (SRAM), an electrically erasable programmable read only memory ( Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read Only Read-Only Memory (ROM), magnetic memory, flash memory, disk or optical disk. The multimedia component 703 can include a screen and an audio component. The screen may be, for example, a touch screen, and the audio component is used to output and/or input an audio signal. For example, the audio component can include a microphone for receiving an external audio signal. The received audio signal may be further stored in memory 702 or transmitted via communication component 705. The audio component also includes at least one speaker for outputting an audio signal. The I/O interface 704 provides an interface between the processor 701 and other interface modules, and the other interface modules may be keys. Disk, mouse, button, etc. These buttons can be virtual buttons or physical buttons. Communication component 705 is used for wired or wireless communication between the device 700 and other devices. Wireless communication, such as Wi-Fi, Bluetooth, Near Field Communication (NFC), 2G, 3G or 4G, or a combination of one or more of them, so the corresponding communication component 705 can include: Wi-Fi module, Bluetooth module, NFC module.
在一示例性实施例中,装置700可以被一个或多个应用专用集成电路(Application Specific Integrated Circuit,简称ASIC)、数字信号处理器(Digital Signal Processor,简称DSP)、数字信号处理设备(Digital Signal Processing Device,简称DSPD)、可编程逻辑器件(Programmable Logic Device,简称PLD)、现场可编程门阵列(Field Programmable Gate Array,简称FPGA)、控制器、微控制器、微处理器或其他电子元件实现,用于执行上述的安全验证方法。In an exemplary embodiment, the device 700 may be configured by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), and digital signal processing devices (Digital Signal Processors). Processing Device (DSPD), Programmable Logic Device (PLD), Field Programmable Gate Array (FPGA), controller, microcontroller, microprocessor or other electronic components Used to perform the above security verification method.
在另一示例性实施例中,还提供了一种计算机程序产品,所述计算机程序产品包含能够由可编程的装置执行的计算机程序,所述计算机程序具有当由所述可编程的装置执行时用于执行上述的安全验证方法的代码部分。In another exemplary embodiment, there is also provided a computer program product comprising a computer program executable by a programmable device, the computer program having when executed by the programmable device The code portion used to perform the security verification method described above.
在另一示例性实施例中,还提供了一种包括指令的非临时性计算机可读存储介质,例如包括指令的存储器702,上述指令可由装置700的处理器701执行以完成上述的安全验证方法。示例地,该非临时性计算机可读存储介质可以是ROM、随机存取存储器(Random Access Memory,简称RAM)、CD-ROM、磁带、软盘和光数据存储设备等。In another exemplary embodiment, there is also provided a non-transitory computer readable storage medium comprising instructions, such as a memory 702 comprising instructions executable by processor 701 of apparatus 700 to perform the security verification method described above . By way of example, the non-transitory computer readable storage medium can be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, and an optical data storage device.
在另一示例性实施例中,还提供了一种终端设备,包括非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序;所述非临时性计算机可读存储介质中存储有用于执行上述应用于终端设备的安全验证方法的指令。 In another exemplary embodiment, there is also provided a terminal device comprising a non-transitory computer readable storage medium; and one or more processors for executing in the non-transitory computer readable storage medium A program for storing the above-described secure authentication method applied to the terminal device is stored in the non-transitory computer readable storage medium.
在另一示例性实施例中,还提供了一种服务器,包括:非临时性计算机可读存储介质;以及一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序;所述非临时性计算机可读存储介质中存储有用于执行上述应用于虹膜服务器的安全验证方法的指令。In another exemplary embodiment, there is also provided a server comprising: a non-transitory computer readable storage medium; and one or more processors for executing in the non-transitory computer readable storage medium A program for storing the above-described secure authentication method applied to the iris server is stored in the non-transitory computer readable storage medium.
以上结合附图详细描述了本公开的优选实施方式,但是,本公开并不限于上述实施方式中的具体细节,在本公开的技术构思范围内,可以对本公开的技术方案进行多种简单变型,这些简单变型均属于本公开的保护范围。The preferred embodiments of the present disclosure have been described in detail above with reference to the accompanying drawings. However, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solutions of the present disclosure within the scope of the technical idea of the present disclosure. These simple variations are all within the scope of the disclosure.
另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行组合。为了避免不必要的重复,本公开对各种可能的组合方式不再另行说明。It should be further noted that the specific technical features described in the above specific embodiments may be combined in any suitable manner without contradiction. In order to avoid unnecessary repetition, the present disclosure will not be further described in various possible combinations.
此外,本公开的各种不同的实施方式之间也可以进行任意组合,只要其不违背本公开的思想,其同样应当视为本公开所公开的内容。 In addition, any combination of various embodiments of the present disclosure may be made as long as it does not deviate from the idea of the present disclosure, and should also be regarded as the disclosure of the present disclosure.

Claims (17)

  1. 一种安全验证方法,其特征在于,包括:在终端设备处:A security verification method, comprising: at a terminal device:
    检测所述终端设备采集到的虹膜信息与预设虹膜信息是否匹配;Detecting whether the iris information collected by the terminal device matches the preset iris information;
    在所述虹膜信息与所述预设虹膜信息匹配时,将所述虹膜信息发送至设定的目的网络地址,以进一步验证所述虹膜信息。When the iris information matches the preset iris information, the iris information is sent to a set destination network address to further verify the iris information.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    通过近距离无线通讯技术获取加密后的网络地址;Obtain an encrypted network address through short-range wireless communication technology;
    对网络地址进行解密后并设定为所述目的网络地址。The network address is decrypted and set to the destination network address.
  3. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    在所述虹膜信息与所述预设虹膜信息匹配时,将带有时间戳的确认信息发送至所述目的网络地址。When the iris information matches the preset iris information, the time stamped confirmation information is sent to the destination network address.
  4. 一种安全验证方法,其特征在于,包括:在虹膜服务器处:A security verification method, comprising: at an iris server:
    接收由终端设备发送的虹膜信息;Receiving iris information sent by the terminal device;
    验证所述虹膜信息是否为合法的虹膜信息,其中,若所述虹膜信息为合法的虹膜信息,则安全验证通过。Verifying whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method of claim 4, wherein the method further comprises:
    接收由所述终端设备发送的带有时间戳的确认信息,其中,所述确认信息用于指示所述终端设备验证所述虹膜信息与预设虹膜信息匹配;Receiving the time-stamped confirmation information sent by the terminal device, where the confirmation information is used to instruct the terminal device to verify that the iris information matches the preset iris information;
    若验证所述虹膜信息为合法的虹膜信息,且解密所述确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认所述虹膜信息通过安全验证。 If it is verified that the iris information is legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption, it is confirmed that the iris information passes the security verification.
  6. 一种安全验证方法,应用于安全验证系统,所述安全验证系统包括终端设备和云端的虹膜服务器,其特征在于,包括:A security verification method is applied to a security verification system, where the security verification system includes a terminal device and an iris server in the cloud, and the method includes:
    在所述终端设备处,检测所述终端设备采集到的虹膜信息与预设虹膜信息是否匹配;At the terminal device, detecting whether the iris information collected by the terminal device matches the preset iris information;
    在验证所述虹膜信息与所述预设虹膜信息匹配时,通过所述终端设备将所述虹膜信息发送给所述虹膜服务器;When it is verified that the iris information matches the preset iris information, the iris information is sent to the iris server by the terminal device;
    在所述虹膜服务器处,验证所述虹膜信息是否为合法的虹膜信息,其中,若所述虹膜信息为合法的虹膜信息,则安全验证通过。At the iris server, it is verified whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  7. 根据权利要求6所述的方法,其特征在于,通过所述终端设备将所述虹膜信息发送给所述虹膜服务器,包括:The method according to claim 6, wherein the sending, by the terminal device, the iris information to the iris server comprises:
    通过近距离无线通讯技术获取加密后的所述虹膜服务器的地址,其中,加密后的所述虹膜服务器的地址需由匹配的终端设备进行解密;Acquiring the encrypted address of the iris server by using a short-range wireless communication technology, wherein the encrypted address of the iris server needs to be decrypted by the matched terminal device;
    对加密后的所述虹膜服务器的地址进行解密;Decrypting the encrypted address of the iris server;
    在解密成功时,向所述虹膜服务器的地址发送所述虹膜信息。When the decryption is successful, the iris information is sent to the address of the iris server.
  8. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method of claim 6 wherein the method further comprises:
    在所述终端设备处,在验证所述虹膜信息与所述预设虹膜信息匹配时,向所述虹膜服务器发送经时间戳加密方式加密后的确认信息;At the terminal device, when verifying that the iris information matches the preset iris information, sending the confirmation information encrypted by the timestamp encryption method to the iris server;
    在所述虹膜服务器处,在验证所述虹膜信息为合法的虹膜信息,且解密所述确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长时,确认所述虹膜信息通过安全验证。At the iris server, when it is verified that the iris information is legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption, it is confirmed that the iris information passes the security verification.
  9. 一种安全验证装置,其特征在于,应用于终端设备,所述装置包 括:A security verification device, which is applied to a terminal device, the device package include:
    检测模块,被配置为检测所述终端设备采集到的虹膜信息与预设虹膜信息是否匹配;The detecting module is configured to detect whether the iris information collected by the terminal device matches the preset iris information;
    第一发送模块,被配置为在所述虹膜信息与所述预设虹膜信息匹配时,将所述虹膜信息发送至设定的目的网络地址,以进一步验证所述虹膜信息。The first sending module is configured to send the iris information to the set destination network address when the iris information matches the preset iris information to further verify the iris information.
  10. 根据权利要求9所述的装置,其特征在于,所述装置还包括:The device according to claim 9, wherein the device further comprises:
    获取模块,被配置为通过近距离无线通讯技术获取加密后的网络地址;The obtaining module is configured to obtain the encrypted network address by using a short-range wireless communication technology;
    解密模块,被配置为对网络地址进行解密后并设定为所述目的网络地址。The decryption module is configured to decrypt the network address and set the destination network address.
  11. 根据权利要求9所述的装置,其特征在于,所述装置还包括:The device according to claim 9, wherein the device further comprises:
    第二发送模块,被配置为在所述虹膜信息与所述预设虹膜信息匹配时,将带有时间戳的确认信息发送至所述目的网络地址。The second sending module is configured to send the time stamped confirmation information to the destination network address when the iris information matches the preset iris information.
  12. 一种安全验证装置,其特征在于,应用于虹膜服务器,所述装置包括:A security verification device is characterized in that it is applied to an iris server, and the device includes:
    第一接收模块,被配置为接收由终端设备发送的虹膜信息;a first receiving module configured to receive iris information sent by the terminal device;
    验证模块,被配置为验证所述虹膜信息是否为合法的虹膜信息,其中,若所述虹膜信息为合法的虹膜信息,则安全验证通过。The verification module is configured to verify whether the iris information is legal iris information, wherein if the iris information is legal iris information, the security verification is passed.
  13. 根据权利要求12所述的装置,其特征在于,所述装置还包括:The device of claim 12, wherein the device further comprises:
    第二接收模块,别配置为接收由所述终端设备发送的带有时间戳的确 认信息,其中,所述确认信息用于指示所述终端设备验证所述虹膜信息与预设虹膜信息匹配;a second receiving module, configured to receive the timestamp sent by the terminal device The confirmation information is used to indicate that the terminal device verifies that the iris information matches the preset iris information;
    确认模块,被配置为若验证所述虹膜信息为合法的虹膜信息,且解密所述确认信息的时刻与当前时刻的时间差小于时间戳加密的加密时长,则确认所述虹膜信息通过安全验证。The confirmation module is configured to confirm that the iris information passes the security verification if the iris information is verified to be legal iris information, and the time difference between the time when the confirmation information is decrypted and the current time is less than the encryption time length of the time stamp encryption.
  14. 一种计算机程序产品,其特征在于,所述计算机程序产品包含能够由可编程的装置执行的计算机程序,所述计算机程序具有当由所述可编程的装置执行时用于执行权利要求1至8中任一项所述的方法的代码部分。A computer program product, comprising: a computer program executable by a programmable device, the computer program having instructions for performing claims 1 to 8 when executed by the programmable device The code portion of the method of any of the preceding claims.
  15. 一种非临时性计算机可读存储介质,其特征在于,所述非临时性计算机可读存储介质中包括一个或多个程序,所述一个或多个程序用于执行权利要求1至8中任一项所述的方法。A non-transitory computer readable storage medium, characterized in that the non-transitory computer readable storage medium comprises one or more programs for performing any of claims 1 to 8. One of the methods described.
  16. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    非临时性计算机可读存储介质;以及Non-transitory computer readable storage medium;
    一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序;所述非临时性计算机可读存储介质中存储有用于执行如权利要求1-3任一项所述的方法的指令。One or more processors for executing a program in the non-transitory computer readable storage medium; the non-transitory computer readable storage medium storing for performing the method of any of claims 1-3 The instructions of the method.
  17. 一种服务器,其特征在于,包括:A server, comprising:
    非临时性计算机可读存储介质;以及Non-transitory computer readable storage medium;
    一个或者多个处理器,用于执行所述非临时性计算机可读存储介质中的程序;所述非临时性计算机可读存储介质中存储有用于执行如权利要求4或5任一项所述的方法的指令。 One or more processors for executing a program in the non-transitory computer readable storage medium; the non-transitory computer readable storage medium storing for performing the method of any one of claims 4 or 5 The instructions of the method.
PCT/CN2016/108028 2016-11-30 2016-11-30 Safety verification method and device, terminal apparatus, and server WO2018098686A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201680002714.3A CN106797386B (en) 2016-11-30 2016-11-30 Security verification method and device, terminal equipment and server
PCT/CN2016/108028 WO2018098686A1 (en) 2016-11-30 2016-11-30 Safety verification method and device, terminal apparatus, and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/108028 WO2018098686A1 (en) 2016-11-30 2016-11-30 Safety verification method and device, terminal apparatus, and server

Publications (1)

Publication Number Publication Date
WO2018098686A1 true WO2018098686A1 (en) 2018-06-07

Family

ID=58952327

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/108028 WO2018098686A1 (en) 2016-11-30 2016-11-30 Safety verification method and device, terminal apparatus, and server

Country Status (2)

Country Link
CN (1) CN106797386B (en)
WO (1) WO2018098686A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108414000A (en) * 2017-12-29 2018-08-17 北京清大国华环境股份有限公司 A kind of quality determining method of flat film product, system, storage medium and equipment
CN110413110A (en) * 2019-07-05 2019-11-05 深圳市工匠社科技有限公司 The control method and Related product of virtual role
CN112287320A (en) * 2020-11-02 2021-01-29 刘高峰 Identity verification method and device based on biological characteristics and client

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
CN102004901A (en) * 2010-11-11 2011-04-06 中兴通讯股份有限公司 Fingerprint identification method, terminal and system
CN103714599A (en) * 2013-11-25 2014-04-09 南京艾思鸥光电科技有限公司 WLAN-based iris entrance guard system and communication method
US20160127364A1 (en) * 2014-10-30 2016-05-05 Dell Products, Lp Apparatus and Method for Host Abstracted Networked Authorization

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU6816101A (en) * 2000-06-05 2001-12-17 Phoenix Tech Ltd Systems, methods and software for remote password authentication using multiple servers
CN101442407B (en) * 2007-11-22 2011-05-04 杭州中正生物认证技术有限公司 Method and system for identification authentication using biology characteristics
CN103942579A (en) * 2013-01-18 2014-07-23 深圳市华营数字商业有限公司 Double-meaning NFC label source data coding method and NFC label generation and application method
CN104683399A (en) * 2013-11-29 2015-06-03 株式会社日立制作所 Equipment control system and equipment control method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
CN102004901A (en) * 2010-11-11 2011-04-06 中兴通讯股份有限公司 Fingerprint identification method, terminal and system
CN103714599A (en) * 2013-11-25 2014-04-09 南京艾思鸥光电科技有限公司 WLAN-based iris entrance guard system and communication method
US20160127364A1 (en) * 2014-10-30 2016-05-05 Dell Products, Lp Apparatus and Method for Host Abstracted Networked Authorization

Also Published As

Publication number Publication date
CN106797386B (en) 2021-09-03
CN106797386A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
WO2017032263A1 (en) Identity authentication method and apparatus
KR102307665B1 (en) identity authentication
KR102358546B1 (en) System and method for authenticating a client to a device
TWI635409B (en) Query system, method and non-transitory machine-readable medium to determine authentication capabilities
US11765177B1 (en) System and method for providing a web service using a mobile device capturing dual images
US9781105B2 (en) Fallback identity authentication techniques
US9218473B2 (en) Creation and authentication of biometric information
US10339366B2 (en) System and method for facial recognition
US20140165171A1 (en) Method and apparatus of account login
US20080305769A1 (en) Device Method & System For Facilitating Mobile Transactions
WO2018102985A1 (en) Method, device, and server for security verification
WO2017067381A1 (en) Payment method, terminal and payment server
US9792421B1 (en) Secure storage of fingerprint related elements
WO2018072588A1 (en) Approval signature verification method, mobile device, terminal device, and system
WO2017206524A1 (en) Electronic device control method, terminal and control system
KR20210142180A (en) System and method for efficient challenge-response authentication
WO2018103687A1 (en) Secure payment method and system based on fingerprint identification
WO2018098686A1 (en) Safety verification method and device, terminal apparatus, and server
CN107231338B (en) Network connection method, device and device for network connection
WO2017016038A1 (en) Payment method, payment apparatus, terminal and payment system
US11303632B1 (en) Two-way authentication system and method
KR102392147B1 (en) Method for Converging Facing and Non-facing Certification
US11128620B2 (en) Online verification method and system for verifying the identity of a subject
CN105516069B (en) Data processing method, device and system
US20240129128A1 (en) Enrolling biometrics with mutual trust through 3rd party

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16922743

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15/10/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16922743

Country of ref document: EP

Kind code of ref document: A1