WO2023092345A1 - Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme - Google Patents

Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme Download PDF

Info

Publication number
WO2023092345A1
WO2023092345A1 PCT/CN2021/132871 CN2021132871W WO2023092345A1 WO 2023092345 A1 WO2023092345 A1 WO 2023092345A1 CN 2021132871 W CN2021132871 W CN 2021132871W WO 2023092345 A1 WO2023092345 A1 WO 2023092345A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
character
identity authentication
background server
conversion
Prior art date
Application number
PCT/CN2021/132871
Other languages
English (en)
Chinese (zh)
Inventor
李岩
Original Assignee
百果园技术(新加坡)有限公司
李岩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 百果园技术(新加坡)有限公司, 李岩 filed Critical 百果园技术(新加坡)有限公司
Priority to CN202180003552.6A priority Critical patent/CN114467283B/zh
Priority to PCT/CN2021/132871 priority patent/WO2023092345A1/fr
Publication of WO2023092345A1 publication Critical patent/WO2023092345A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L15/00Speech recognition
    • G10L15/22Procedures used during a speech recognition process, e.g. man-machine dialogue
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification techniques
    • G10L17/22Interactive procedures; Man-machine interfaces
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification techniques
    • G10L17/22Interactive procedures; Man-machine interfaces
    • G10L17/24Interactive procedures; Man-machine interfaces the user being prompted to utter a password or a predefined phrase
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the embodiments of the present application relate to the field of cloud security technologies, and in particular to an identity authentication method, device, terminal, storage medium, and program product.
  • Two-factor Authentication refers to a method that combines two different types of authentication factors (such as account passwords, SMS verification codes, biometrics, etc.) to authenticate user identities. During the authentication process, users need to provide two different authentication factors to prove their identity, which can better protect user certificates and accessible resources than using a single-factor authentication method.
  • two different types of authentication factors such as account passwords, SMS verification codes, biometrics, etc.
  • two-factor identity authentication usually adopts two of the following three authentication factors: 1. user private information, such as user password (password), personal identification code (Personal Identification Number, PIN); 2. user biometric information , such as voiceprint features, face features, fingerprint features, etc.; 3. User personal items, such as Short Message Service (Short Message Service, SMS) verification codes, electronic tokens, etc.
  • user private information such as user password (password), personal identification code (Personal Identification Number, PIN)
  • PIN Personal Identification Number
  • user biometric information such as voiceprint features, face features, fingerprint features, etc.
  • User personal items such as Short Message Service (Short Message Service, SMS) verification codes, electronic tokens, etc.
  • SMS Short Message Service
  • the identity authentication methods in the related art whether based on two biometrics, password and password, or biometrics and user private information, require the user to perform at least two rounds of input verification operations, such as respectively Inputting voiceprint and fingerprint, or inputting fingerprint and password separately, etc., the verification operation is more cumbersome and the verification process is longer.
  • Embodiments of the present application provide an identity authentication method, device, terminal, storage medium, and program product. Described technical scheme is as follows:
  • an embodiment of the present application provides an identity authentication method, the method comprising:
  • display password conversion prompt information In response to the identity verification instruction, display password conversion prompt information, the password conversion prompt information is used to prompt the conversion of the password characters in the original password, and the password character conversion mode indicated by the password conversion prompt information is randomly generated;
  • Identity authentication is performed based on the original password and the voiceprint feature data.
  • an identity authentication device the device includes:
  • the first display module is configured to display password conversion prompt information in response to an identity verification instruction, the password conversion prompt information is used to prompt conversion of the password characters in the original password, and the password character conversion indicated by the password conversion prompt information
  • the method is randomly generated
  • the voice recognition module is used to carry out voice recognition to the vocal signal collected by the microphone to obtain an instant password
  • a feature extraction module configured to extract voiceprint features from the vocal signal to obtain voiceprint feature data
  • a password conversion module configured to perform password conversion on the instant password based on the character conversion method of the password to obtain the original password
  • An identity authentication module configured to perform identity authentication based on the original password and the voiceprint feature data.
  • an embodiment of the present application provides a terminal, the terminal includes a processor and a memory; at least one instruction, at least one program, a code set or an instruction set are stored in the memory, and the at least one instruction, the The at least one program, the code set or the instruction set is loaded and executed by the processor to implement the identity authentication method as described in the above aspect.
  • an embodiment of the present application provides a computer-readable storage medium, where at least one computer program is stored in the computer-readable storage medium, and the computer program is loaded and executed by a processor to implement the above aspects. authentication method.
  • a computer program product or computer program comprising computer instructions stored in a computer readable storage medium.
  • the processor of the terminal reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the terminal executes the identity authentication method provided in various optional implementation manners of the above aspect.
  • an identity authentication mechanism based on two authentication factors of user password and voiceprint feature is provided.
  • the user only needs one voice entry to complete the input of password and voiceprint at the same time, which can simplify the user identity
  • the authentication process improves the efficiency of identity authentication; a random password character conversion method is provided, so that the user enters the instant password obtained by converting the original password.
  • a random password character conversion method is provided, so that the user enters the instant password obtained by converting the original password.
  • the instant password obtained based on the correct original password can make the authentication successful, which can protect the voiceprint verification from forged voiceprint attacks, thereby improving the security and accuracy of identity authentication.
  • FIG. 1 is a schematic diagram of an implementation environment shown in an exemplary embodiment of the present application
  • FIG. 2 shows a flowchart of an identity authentication method provided by an exemplary embodiment of the present application
  • FIG. 3 shows a flowchart of an identity authentication method provided by another exemplary embodiment of the present application
  • Fig. 4 is a schematic diagram of a virtual keyboard shown in an exemplary embodiment of the present application.
  • FIG. 5 shows a flowchart of an identity authentication method provided by another exemplary embodiment of the present application.
  • FIG. 6 shows a flowchart of an identity authentication method provided by another exemplary embodiment of the present application.
  • Fig. 7 shows a structural block diagram of an identity authentication device provided by an exemplary embodiment of the present application.
  • the "plurality” mentioned herein means two or more.
  • “And/or” describes the association relationship of associated objects, indicating that there may be three types of relationships, for example, A and/or B may indicate: A exists alone, A and B exist simultaneously, and B exists independently.
  • the character “/” generally indicates that the contextual objects are an "or” relationship.
  • two-factor identity authentication usually uses two of the following three authentication factors: 1. User private information, such as user password and PIN; 2. User biometric information, such as voiceprint features, face features, and fingerprint features etc.; 3. User personal items, such as SMS verification codes, electronic tokens, etc.
  • the 2FA method based on voiceprint and other biometric features (such as fingerprints and faces) requires that the user equipment be provided with additional special sensors (such as fingerprint sensors) or external software and hardware tokens;
  • the 2FA solution for passwords and graphic codes often requires users to perform multiple rounds of information input.
  • the user needs to perform at least two rounds of input verification operations, such as inputting voiceprint and fingerprint respectively, or inputting fingerprints separately and passwords, etc., the verification operation is more cumbersome and the verification process is longer.
  • Fig. 1 shows a schematic diagram of an implementation environment provided by an embodiment of the present application.
  • the implementation environment may include: a terminal 110 and a background server 120 .
  • the terminal 110 includes a password conversion module 111 and a feature extraction module 112 .
  • the password conversion module 111 When receiving the identity verification instruction, the password conversion module 111 generates a character conversion mode of the password, and the character conversion mode of the password is randomly generated.
  • the terminal 110 displays the password character conversion method through the interface, and the user converts the original password according to this method, and records the instant password by voice, and the terminal 110 performs voice recognition on the human voice signal collected by the microphone.
  • the password conversion module 111 restores the recognized instant password based on the password character conversion method to obtain the original password; the feature extraction module 112 performs voiceprint feature extraction on the human voice signal to obtain voiceprint feature data.
  • Terminal 110 sends the original password and voiceprint feature data to background server 120 for identity authentication. In this way, the entry of two authentication factors can be completed at one time of user data, and the user operation process can be simplified.
  • the background server 120 After the background server 120 receives the original password and voiceprint feature data, it performs identity authentication based on the database, and returns the authentication result to the terminal 110 . Only one terminal 110 is shown in FIG. 1 , and more terminals may communicate with the background server 120 for identity authentication during actual application.
  • the background server 120 stores original passwords and voiceprint feature data corresponding to each account.
  • the identity authentication method can be implemented as an online payment function in applications such as shopping application programs and online payment application programs, or in webpages, so as to complete the two-factor identity authentication process through one input.
  • the terminal randomly generates the password character conversion method, displays the password character conversion method through the interface, and starts the microphone to collect the sound signal at the same time.
  • the user converts the original password of his account into an instant password, and records the instant password by voice.
  • the terminal restores the instant password to obtain the original password, it performs identity authentication based on the original password and the voiceprint feature, and completes the payment operation when the double authentication is successful.
  • the above identity authentication method can be used for identity authentication during login.
  • the user enters the account ID and starts the identity authentication process, and enters the original password and voiceprint features at one time through the voice input instant password for identity authentication.
  • the identity authentication method can be applied not only to the account login of the application program in the terminal, but also to the account login scenario in the web page.
  • Fig. 2 shows a flowchart of an identity authentication method provided by an exemplary embodiment of the present application. This embodiment is described by taking the method applied to a terminal with voice collection and voice recognition functions as an example, and the method includes the following steps.
  • Step 201 display password conversion prompt information in response to the identity verification instruction.
  • the password conversion prompt information is used to prompt to convert the password characters in the original password, and the password character conversion mode indicated by the password conversion prompt information is randomly generated.
  • identity authentication needs to obtain two authentication factors of user password and voiceprint feature.
  • the embodiment of this application adopts the method of voice input user password, so as to realize the above two authentication factors at one time input.
  • the terminal receives the identity verification instruction, it will provide the user with a password character conversion method by displaying a password conversion prompt message.
  • the user needs to convert the original password of his account into an instant password according to the password character conversion method provided by the terminal, and then record it by voice.
  • the password character conversion method is randomly generated, not a fixed conversion method, so it will not be cracked, and the terminal provides it through interface display, which can also avoid the leakage of the conversion method.
  • the password character conversion method can realize the conversion between characters of the same type, such as mapping each number within a certain range to other random numbers within the range, or mapping each letter to another letter; the password character conversion method It is also possible to convert between different types of characters, such as mapping numbers to Chinese characters, or mapping letters to numbers, etc.
  • the password character conversion method can convert one character into a corresponding character so that the number of characters in the instant password is the same as that of the original password; the password character conversion method can also convert a character into multiple characters so that the characters of the instant password The numbers do not match. This embodiment of the present application does not limit it.
  • Step 202 performing speech recognition on the human voice signal collected by the microphone to obtain an instant password.
  • the terminal After the terminal displays the password conversion prompt information, it collects sound signals through the microphone. After the sound signal is collected, the terminal performs voice recognition on the human voice signal, and obtains the instant password input by the user's voice.
  • the terminal automatically turns on the microphone to collect human voice signals after receiving the identity verification instruction, or, when the terminal displays a password conversion prompt message and receives a password input confirmation operation (such as a trigger operation on a voice input control), turns on the microphone to collect human voice signals. acoustic signal.
  • the terminal turns off the microphone to end voice collection when the microphone is turned on for a duration threshold, or, the terminal turns off the microphone when receiving a password entry completion operation (such as triggering the voice entry completion control), or, the terminal performs a real-time analysis of the collected sound signal Perform speech recognition, and automatically turn off the microphone when no human voice signal is detected within the determined target time.
  • a password entry completion operation such as triggering the voice entry completion control
  • Step 203 performing voiceprint feature extraction on the human voice signal to obtain voiceprint feature data.
  • the terminal After obtaining the instant password, the terminal performs voiceprint feature extraction on the human voice signal corresponding to the instant password to obtain voiceprint feature data.
  • the user may have different voiceprint features for different characters.
  • the terminal performs feature extraction on the vocal signals of each password character to obtain the voice signal corresponding to each password character. texture feature data.
  • Step 204 Perform password conversion on the instant password based on the password character conversion method to obtain the original password.
  • the terminal After the terminal obtains the instant password, based on the password character conversion method provided by this identity authentication, the instant password is reversely converted (that is, the password is restored, and it is determined which character or characters are converted according to the password character conversion method to obtain the instant password. Characters in ) to get the original password.
  • Fig. 2 only shows a possible execution flow of the method, but there is no strict sequence between step 203 and step 204, and the terminal may execute step 203 first, or step 204 first, or at the same time The above two steps are performed, which is not limited in this embodiment of the present application.
  • Step 205 perform identity authentication based on the original password and voiceprint feature data.
  • the terminal performs identity authentication based on two factors: the original password and the voiceprint characteristic data. Only when the original password is consistent with the registration password corresponding to the account, and the voiceprint characteristic data is consistent with the registration voiceprint characteristic data corresponding to the account, will the identity authentication be confirmed Success, if there is an inconsistency in one of the factors, it will be determined that the identity authentication has failed.
  • the terminal after the terminal obtains the original password and voiceprint feature data, it performs identity authentication locally, or the terminal sends the original password and voiceprint feature data to the cloud, and the cloud server performs identity authentication and returns the authentication result.
  • an identity authentication mechanism based on two authentication factors of user password and voiceprint feature is provided.
  • the user only needs one voice input to complete the input of password and voiceprint at the same time.
  • a random password character conversion method so that the user enters the instant password obtained after converting the original password, on the one hand, it can ensure that the user's original password is in the voice input stage
  • the instant password obtained based on the correct original password can make the authentication successful, which can protect the voiceprint verification from forged voiceprint attacks, thereby improving the security and accuracy of identity authentication.
  • the terminal determines the password character conversion mode based on a random mapping function, and displays the password character conversion mode through a virtual keyboard.
  • Fig. 3 shows a flowchart of an identity authentication method provided by another exemplary embodiment of the present application. This embodiment is described by taking the method applied to a terminal with voice collection and voice recognition functions as an example, and the method includes the following steps.
  • Step 301 generating a target random mapping function in response to an identity verification instruction.
  • a random mapping function is a function that randomly maps a character to another character.
  • X is the character before mapping
  • Y is the character after mapping, that is, X is mapped to Y, and this function is randomly generated by the terminal.
  • the characters before mapping and the characters after mapping can be the same, and the random mapping function can be understood as mapping each character in one character set to each character in another character set, and the two character sets equal.
  • the characters used to set the password are numbers 0 to 9, and the terminal generates a target random mapping function:
  • step 302 a virtual keyboard is displayed based on the random mapping function, and password conversion prompt information corresponding to the random mapping function is displayed on the virtual keyboard.
  • the terminal displays password conversion prompt information in the form of a virtual keyboard, and displays the mapping relationship of a group of characters in the same key position of the virtual keyboard. Based on the original password, the user can first find the character in the original password, and then record the character mapped by the character in the random mapping function by voice.
  • step 302 includes the following steps:
  • a character pair is determined based on the random mapping function, and the character pair includes a first character and a second character corresponding to the first character in the random mapping function.
  • the terminal determines a character pair consisting of the first character and the second character based on the random mapping function. Based on the first character in the original password and the character pair displayed by the terminal, the user converts the original password into an instant password composed of the second character.
  • the terminal determines that the character pairs include (1,0), (2,4), (3,8), (4,1), (5,5), (6,3), (7 ,6), (8,9), (9,,2), (0,7).
  • the character pair may further include one first character and multiple second characters.
  • Step 302b based on the first display mode corresponding to the first character and the second display mode corresponding to the second character, the first display mode and the second display mode of the characters displayed on the virtual keyboard are different.
  • the terminal uses two different display modes to distinguish Displays the first character and the second character.
  • the difference between the first display mode and the second display mode includes at least one of the following:
  • the display color of the first character is different from the display color of the second character; the display font of the first character is different from the display font of the second character; the display font size of the first character is different from the display font size of the second character; the display of the first character
  • the special effect is different from the display special effect of the second character.
  • Fig. 4 shows a schematic diagram of a virtual keyboard.
  • the virtual keyboard includes 10 key positions, each key position displays a character pair, the character pair displayed on the left is the first character, and the character pair displayed on the right is the second character.
  • the second character compared with the first character, the second character has two additional display effects of bold and underline.
  • the second character can also be of a different color from the first character, for example, the first character is black and the second character is red.
  • Figure 4 shows the virtual keyboard by taking the virtual number key as an example.
  • the virtual keyboard can also be a virtual letter keyboard, and a pair of letters with a mapping relationship is displayed in each key, or the virtual keyboard can also be It is a Chinese character keyboard, and a pair of Chinese characters with a mapping relationship is displayed in each key position.
  • the first character and the second character may be synchronously displayed on the virtual keyboard, and the above step 302b may specifically include the following steps:
  • Step 1 determine the first keyboard position of the first character on the virtual keyboard.
  • Step 2 Based on the first display mode and the second display mode, character pairs corresponding to each first character are displayed in the virtual keyboard according to the first keyboard position.
  • the display position of the first character on the virtual keyboard is fixed, and the terminal first determines the first keyboard position of the first character on the virtual keyboard, and then displays the character pair corresponding to the first character on the first keyboard position.
  • the first character displays numbers 1 to 0 in order from top to bottom and left to right each time.
  • the terminal first determines the first keyboard position of the 10 first characters based on the order, and then displays the 10 character pairs corresponding to the 10 first characters at the corresponding first keyboard position, that is, the character pair corresponding to the number 1 (1 , 0) is displayed in the upper left corner, and the character pair (2, 4) corresponding to the number 2 is displayed in the middle of the first row.
  • step 302b may also include the following steps:
  • Step 3 Display the first character on the virtual keyboard based on the first keyboard position of the first character on the virtual keyboard and the first display mode.
  • the terminal displays the first character at the first keyboard position in the virtual keyboard according to the default order, which allows the user to quickly determine the display position of each first character in the original password in a familiar position, which is convenient for determining the instant password as soon as possible. password.
  • Step 4 in response to the conversion mode display operation, based on the first character corresponding to the second character in the character pair, determine the second keyboard position of the second character on the virtual keyboard.
  • the display operation of the conversion mode is performed, so that the terminal displays the second character on the virtual keyboard, and the display of the character pair is completed.
  • the conversion mode display operation may be a trigger operation on the conversion confirmation control, or may be the user's voice input of a conversion password, such as "password conversion” and the like. This embodiment of the present application does not limit it.
  • the terminal After receiving the switching mode display operation, the terminal determines the second keyboard position of each second character based on the first character corresponding to the second character in the character pair and the first keyboard position of the first character.
  • the terminal first displays the first character on the left side of each key position, and then displays the second character that is bold and underlined on the right side after receiving the conversion mode display operation.
  • the corresponding character pair is (4, 1), and the terminal determines the first keyboard position of the first character "4" as the second keyboard position of the second character "1".
  • the corresponding character pair is (9, 2), and the terminal determines the first keyboard position of the first character "9” in the character pair as the second keyboard position of the second character "2".
  • Step 5 based on the second display manner, display the second character on the virtual keyboard according to the second keyboard position.
  • the terminal After determining the second keyboard positions of all the second characters, the terminal displays the second characters on the virtual keyboard, so that the user can determine the instant password.
  • the above steps are to display the virtual keyboard by fixing the display position of the first character, that is, the display position of the character pair is determined by the first keyboard position of the first character, and the first keyboard position is a fixed position, which is convenient for users to follow the familiar Keypad positions quickly determine instant passwords.
  • the first keyboard position may also be random.
  • Step 303 performing speech recognition on the human voice signal collected by the microphone to obtain an instant password.
  • Step 304 performing voiceprint feature extraction on the human voice signal to obtain voiceprint feature data.
  • steps 303 to 304 For specific implementation manners of steps 303 to 304, reference may be made to the foregoing steps 202 to 203, and details are not repeated in this embodiment of the present application.
  • Step 305 Perform password conversion on the instant password based on the random mapping function to obtain the original password.
  • each second character in the instant password is reversely converted (restored) according to the random mapping function generated this time to obtain the first character corresponding to each second character, and then the original password is determined.
  • Step 306 perform identity authentication based on the original password and voiceprint feature data.
  • step 306 For the specific implementation manner of step 306, reference may be made to the foregoing step 205, and details are not described here in this embodiment of the present application.
  • the terminal generates a random mapping function, determines the conversion method of password characters, and visually displays the character pairs indicated by the random mapping function in the form of a virtual keyboard, so that users can quickly and correctly convert passwords and improve password input efficiency and accuracy.
  • Fig. 5 shows a flowchart of an identity authentication method provided by another exemplary embodiment of the present application. This embodiment is described by taking the method applied to a terminal with voice collection and voice recognition functions as an example, and the method includes the following steps.
  • Step 501 in response to the voiceprint entry instruction, display a character set, which includes all characters that can be used to set a password.
  • the user needs to pre-register his own voiceprint before he can activate the above-mentioned two-factor authentication function.
  • the terminal may randomly convert the first character in the original password to any character in the character set, and the user's vocal characteristics for different characters, that is, the voiceprint characteristics may be different, in order to improve the accuracy of voiceprint recognition In this case, the terminal needs to obtain the user's voice for all characters.
  • the terminal displays the character set, which contains all the characters that can be used to set the password.
  • the terminal will display ten numbers from 0 to 9, and display a prompt message for instructing voice input of the ten numbers, and the user needs to follow the prompt information and character Display the above ten numbers by voice input in sequence.
  • the terminal displays 26 English letters, and the user also needs to input the above 26 characters by voice in the order displayed on the terminal.
  • Step 502 performing feature extraction on the human voice signal collected by the microphone to obtain voiceprint feature data.
  • the terminal In the voiceprint feature registration stage, the terminal also performs feature extraction on the collected vocal signals to obtain voiceprint feature data.
  • the terminal may also directly send the collected human voice signal to the background server, and the background server performs feature extraction and stores voiceprint feature data.
  • Step 503 sending the voiceprint characteristic data and the account ID to the background server, and the background server is used to update the database containing the corresponding relationship between the account number, the voiceprint characteristic data, and the original password.
  • the terminal sends the voiceprint feature data and the account ID to the background server, and the background server adds the corresponding relationship between the account ID and the voiceprint feature data in the database after receiving the voiceprint feature data and the account ID.
  • Information such as account IDs, voiceprint feature data, and original passwords of each account is stored in the data. It is used in the subsequent identity authentication stage to perform identity authentication based on the database and the received authentication information.
  • the user also needs to enter the original password.
  • the original password can be entered by voice or manually.
  • the input of original password can be carried out before voiceprint characteristic data input, also can carry out after voiceprint characteristic data input. This embodiment of the present application does not limit it.
  • Step 504 display password conversion prompt information in response to the identity verification instruction.
  • Step 505 performing speech recognition on the human voice signal collected by the microphone to obtain an instant password.
  • Step 506 performing voiceprint feature extraction on the human voice signal to obtain voiceprint feature data.
  • Step 507 Perform password conversion on the instant password based on the password character conversion method to obtain the original password.
  • steps 504 to 507 For the specific implementation manners of steps 504 to 507, reference may be made to the above steps 201 to 204, and details will not be repeated here in this embodiment of the present application.
  • Step 508 sending the original password and voiceprint feature data to the background server, and the background server is used for identity authentication based on the original password and voiceprint feature data.
  • the terminal in addition to sending the original password and voiceprint feature data, the terminal also sends an instant password, so that the background server can obtain the voiceprint feature data of corresponding characters from the database based on the instant password for voiceprint comparison.
  • the terminal After the terminal obtains the original password and voiceprint feature data entered by the authenticator, it sends the two authentication information to the background server synchronously, so that the background server can perform two authentications at the same time, and determine the final password based on the two authentication results.
  • Identity authentication results after the terminal obtains the original password and voiceprint feature data entered by the authenticator, it can also send one of the authentication information to the background server first.
  • the background server After the background server confirms that the authentication is successful based on the authentication information, the terminal then Send another type of authentication information to the background server. If the first type of authentication information fails to be authenticated, the terminal does not need to send the second type of authentication information, and directly confirms that the authentication has failed, thereby improving the accuracy and security of identity authentication. Improve authentication efficiency.
  • step 508 may include the following steps:
  • Step 508a sending the original password and the account identifier of the current login account to the background server, and the background server is used to determine the first identity authentication result based on the target original password corresponding to the current login account in the database.
  • the terminal sends the account identifier (for example, user name) of the currently logged-in account and the converted original password to the background server.
  • the background server queries the database based on the received account ID, obtains the target original password corresponding to the account ID, and compares the target original password with the original password sent by the terminal. If the two are completely consistent, the background server confirms that the password authentication is successful. If the two are not completely consistent, the background server confirms that the password authentication fails.
  • the background server sends the first identity authentication result to the terminal.
  • Step 508b in response to receiving the first identity authentication result sent by the background server, and the first identity authentication result indicates that the password authentication is successful, send the voiceprint feature data to the background server, and the background server is used to identify the target account corresponding to the current login account in the database.
  • the voiceprint feature data determines the second identity authentication result.
  • the terminal After receiving the first identity authentication result indicating successful password authentication, the terminal sends the voiceprint feature data to the background server.
  • the background server queries the database based on the account ID, and obtains target voiceprint feature data corresponding to the account ID.
  • the background server compares the target voiceprint feature data with the voiceprint feature data of the authenticator sent by the terminal to determine the second identity authentication result.
  • a similarity threshold is set in the background server, and if the similarity between the target voiceprint feature data and the voiceprint feature data of the authenticator sent by the terminal is higher than the similarity threshold, the confirmation voice If the fingerprint authentication is successful, if the similarity between the two is lower than the similarity threshold, it is confirmed that the voiceprint authentication has failed.
  • the background server sends the second identity authentication result to the terminal.
  • the identity authentication method provided by the embodiment of the present application further includes the following steps:
  • the terminal When the first identity authentication result indicates that the password authentication fails, the terminal no longer sends voiceprint characteristic data, and directly confirms that the final result is authentication failure, so as to reduce the amount of transmitted data and improve the efficiency of identity authentication.
  • the terminal may first send voiceprint feature data for voiceprint authentication, and step 508 may also include the following steps:
  • Step 508c Send the voiceprint feature data and the account identifier of the current login account to the background server, and the background server is used to determine the third identity authentication result based on the target voiceprint feature data corresponding to the current login account in the database.
  • the terminal sends the account identifier (for example, user name) of the currently logged-in account and the extracted voiceprint feature data to the background server.
  • the background server queries the database based on the received account ID, and obtains target voiceprint characteristic data corresponding to the account ID.
  • the background server compares the target voiceprint feature data with the voiceprint feature data of the authenticator sent by the terminal to determine the third identity authentication result.
  • Step 508d in response to receiving the third identity authentication result sent by the background server, and the third identity authentication result indicates that the voiceprint authentication is successful, send the original password to the background server, and the background server uses the target original password corresponding to the current login account in the database.
  • the password determines the fourth identity authentication result.
  • the terminal After receiving the third identity authentication result indicating that the voiceprint authentication is successful, the terminal sends the original password to the background server.
  • the background server queries the database based on the account ID, obtains the target original password corresponding to the account ID, and compares the target original password with the original password sent by the terminal. If the two are completely consistent, the background server confirms that the password authentication is successful. If they are not completely consistent, the background server confirms that the password authentication fails.
  • the background server sends the fourth identity authentication result to the terminal.
  • the identity authentication method provided by the embodiment of the present application further includes the following steps:
  • Step 509 receiving an identity authentication result sent by the background server, where the identity authentication result is used to indicate authentication success or authentication failure.
  • the terminal determines whether the authentication succeeds or fails based on the identity authentication result returned by the background server once. If the terminal first sends a kind of authentication information, it will immediately determine that the identity authentication fails when receiving the first identity authentication result or the third identity authentication result and indicating that the authentication fails, or determine based on the second identity authentication result or the fourth identity authentication result Authentication succeeded or authentication failed.
  • the terminal sends the original password and voiceprint feature data to the background server, so that the background server performs identity authentication based on the database, so as to improve the security and confidentiality of user information; in addition, the terminal can first send a kind of authentication information To the background server, judge whether to send the second authentication information based on the authentication result of the first authentication information, and directly determine the authentication result when the authentication of the first authentication information fails, which can reduce data transmission and leakage as much as possible, and can improve identity Authentication efficiency.
  • Step 601 displaying a virtual keyboard based on the character conversion method of the password.
  • step 602 a human voice signal is collected through a microphone.
  • Step 603 perform speech recognition on the collected human voice signal, obtain the original password, and extract voiceprint characteristic data of the human voice signal.
  • Step 604 sending the original password, voiceprint feature data and account ID to the background server.
  • Step 605 perform identity authentication based on the voiceprint characteristic data and the original password.
  • Step 606 sending the identity authentication result to the terminal.
  • Figure 7 is a structural block diagram of a cell selection device provided in an exemplary embodiment of the present application, the device includes:
  • the first display module 701 is configured to display password conversion prompt information in response to an identity verification instruction, the password conversion prompt information is used to prompt conversion of the password characters in the original password, and the password characters indicated by the password conversion prompt information
  • the conversion method is randomly generated
  • Speech recognition module 702 is used for carrying out speech recognition to the vocal signal that microphone collects, obtains instant password
  • a feature extraction module 703, configured to perform voiceprint feature extraction on the human voice signal to obtain voiceprint feature data
  • a password conversion module 704 configured to perform password conversion on the instant password based on the character conversion method of the password to obtain the original password
  • An identity authentication module 705, configured to perform identity authentication based on the original password and the voiceprint feature data.
  • the first display module 701 includes:
  • a generating unit configured to generate a target random mapping function in response to the identity verification instruction, wherein the random mapping function is a function that randomly maps a character to another character;
  • a display unit configured to display a virtual keyboard based on the random mapping function, in which the password conversion prompt information corresponding to the random mapping function is displayed;
  • the password conversion module 704 includes:
  • a conversion unit configured to perform password conversion on the instant password based on the random mapping function to obtain the original password.
  • the display unit is also used for:
  • the character pair including a first character and a second character corresponding to the first character in the random mapping function
  • the display unit is also used for:
  • the display unit is also used for:
  • the second character is displayed on the virtual keyboard according to the second keyboard position.
  • the difference between the first display manner and the second display manner includes at least one of the following:
  • the display color of the first character is different from the display color of the second character
  • the display font of the first character is different from the display font of the second character
  • the display font size of the first character is different from the display font size of the second character
  • the display effect of the first character is different from the display effect of the second character.
  • the device also includes:
  • the second display module is used to display a character set in response to the voiceprint input instruction, and the character set includes all characters that can be used to set the password;
  • the feature collection module is used for feature extraction of the human voice signal collected by the microphone to obtain voiceprint feature data
  • An information sending module configured to send the voiceprint feature data and account ID to a backend server, and the backend server is used to update a database containing correspondence between account numbers, voiceprint feature data, and the original password.
  • the identity authentication module 705 includes:
  • An information sending unit configured to send the original password and the voiceprint feature data to the background server, and the background server is used to perform identity authentication based on the original password and the voiceprint feature data;
  • the information receiving unit is configured to receive the identity authentication result sent by the background server, and the identity authentication result is used to indicate authentication success or authentication failure.
  • the information sending unit is also used for:
  • the background server is configured to determine a first identity authentication result based on a target original password corresponding to the current login account in the database
  • the background server In response to receiving the first identity authentication result sent by the background server, and the first identity authentication result indicates that the password authentication is successful, sending the voiceprint feature data to the background server, the background server is used to determining a second identity authentication result based on the target voiceprint feature data corresponding to the current login account in the database;
  • the device also includes:
  • the first determination module is configured to determine that the identity authentication fails and stop sending the voiceprint feature in response to receiving the first identity authentication result sent by the background server, and the first identity authentication result indicates a password authentication failure data.
  • the information sending unit is also used for:
  • the device also includes:
  • the second determination module is configured to determine that identity authentication fails and stop sending the original password in response to receiving the third identity authentication result sent by the background server, and the third identity authentication result indicates voiceprint authentication failure .
  • an identity authentication mechanism based on two authentication factors of user password and voiceprint feature is provided.
  • the user only needs one voice input to complete the input of password and voiceprint at the same time.
  • a random password character conversion method so that the user enters the instant password obtained after converting the original password, on the one hand, it can ensure that the user's original password is in the voice input stage
  • the instant password obtained based on the correct original password can make the authentication successful, which can protect the voiceprint verification from forged voiceprint attacks, thereby improving the security and accuracy of identity authentication.
  • a terminal in an exemplary embodiment, includes a processor and a memory, the memory stores at least one instruction, at least one program, a code set or an instruction set, the at least one instruction, At least one program, code set or instruction set is loaded and executed by the processor to implement the identity authentication method performed by the terminal as provided in the above embodiments.
  • the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores at least one instruction, and the at least one instruction is loaded and executed by a processor to implement the identity authentication method described in each of the above embodiments .
  • a computer program product or computer program comprising computer instructions stored in a computer readable storage medium.
  • the processor of the terminal reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the terminal executes the identity authentication method provided in various optional implementation manners of the above aspect.
  • the functions described in the embodiments of the present application may be implemented by hardware, software, firmware or any combination thereof.
  • the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable storage medium.
  • Computer-readable storage media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a storage media may be any available media that can be accessed by a general purpose or special purpose computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Acoustics & Sound (AREA)
  • Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

L'invention concerne un procédé et un appareil d'authentification d'identité, et un terminal, un support de stockage et un produit de programme, qui appartiennent au domaine technique de la sécurité en nuage. Le procédé comprend les étapes suivantes : en réponse à une instruction de vérification d'identité, affichage d'informations d'invite de conversion de mot de passe (201) ; réalisation d'une reconnaissance vocale sur un signal vocal humain collecté par un microphone, de façon à obtenir un mot de passe instantané (202) ; réalisation d'une extraction de caractéristique d'empreinte vocale sur le signal vocal humain, de façon à obtenir des données de caractéristique d'empreinte vocale (203) ; réalisation d'une conversion de mot de passe sur le mot de passe instantané sur la base d'un mode de conversion de caractère de mot de passe, de façon à obtenir un mot de passe d'origine (204) ; et réalisation d'une authentification d'identité sur la base du mot de passe d'origine et des données de caractéristique d'empreinte vocale (205). Au moyen du procédé, de l'appareil, du terminal, du support de stockage et du produit de programme, un processus d'authentification d'identité d'utilisateur peut être simplifié, il est garanti qu'un mot de passe d'utilisateur ne peut pas être divulgué dans une étape d'entrée vocale, et la vérification d'empreinte vocale est protégée contre une attaque par empreinte vocale falsifiée.
PCT/CN2021/132871 2021-11-24 2021-11-24 Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme WO2023092345A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202180003552.6A CN114467283B (zh) 2021-11-24 2021-11-24 身份认证方法、装置、终端、存储介质及程序产品
PCT/CN2021/132871 WO2023092345A1 (fr) 2021-11-24 2021-11-24 Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/132871 WO2023092345A1 (fr) 2021-11-24 2021-11-24 Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme

Publications (1)

Publication Number Publication Date
WO2023092345A1 true WO2023092345A1 (fr) 2023-06-01

Family

ID=81407889

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/132871 WO2023092345A1 (fr) 2021-11-24 2021-11-24 Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme

Country Status (2)

Country Link
CN (1) CN114467283B (fr)
WO (1) WO2023092345A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115565539B (zh) * 2022-11-21 2023-02-07 中网道科技集团股份有限公司 一种实现自助矫正终端防伪身份验证的数据处理方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060277043A1 (en) * 2005-06-06 2006-12-07 Edward Tomes Voice authentication system and methods therefor
CN101964792A (zh) * 2010-09-27 2011-02-02 华南理工大学 一种基于多状态映射的强认证方法
CN105991280A (zh) * 2015-02-02 2016-10-05 中国移动通信集团湖北有限公司 一种用户认证方法及系统
US20190189127A1 (en) * 2017-12-18 2019-06-20 Samsung Electronics Co., Ltd. Electronic apparatus, electronic system and control method thereof
CN113051536A (zh) * 2021-03-23 2021-06-29 深圳市声扬科技有限公司 语音认证方法、装置、电子设备及存储介质

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698392B2 (en) * 2005-09-28 2010-04-13 Photobucket Corporation Method and system for establishing a user-friendly data transfer service application executing within a heterogeneous distributed service application execution environment
CN102354419B (zh) * 2011-06-20 2014-04-02 北京拉手网络技术有限公司 团购券认证终端、认证系统及认证方法
CN103546622A (zh) * 2012-07-12 2014-01-29 百度在线网络技术(北京)有限公司 基于声纹的识别登录控制方法、装置及系统
CN104158664A (zh) * 2014-08-11 2014-11-19 北京唐桓科技发展有限公司 一种身份认证方法及系统
TR201500128A1 (tr) * 2015-01-06 2016-07-21 Netas Telekomuenikasyon Anonim Sirketi Kripto atlamalı webrtc tabanlı, sesli ve/veya görüntülü iletişim yöntemi.
CN105553962B (zh) * 2015-12-10 2018-08-28 黄信开 一种智能手机的信息存储和下载方法
CN107634834A (zh) * 2017-09-05 2018-01-26 四川中电启明星信息技术有限公司 一种基于多终端多场景的可信身份认证方法
CN110769419B (zh) * 2019-10-21 2020-09-15 南京创维信息技术研究院有限公司 一种智能设备的语音配网方法及系统
CN112751838A (zh) * 2020-12-25 2021-05-04 中国人民解放军陆军装甲兵学院 身份认证方法、装置及身份认证系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060277043A1 (en) * 2005-06-06 2006-12-07 Edward Tomes Voice authentication system and methods therefor
CN101964792A (zh) * 2010-09-27 2011-02-02 华南理工大学 一种基于多状态映射的强认证方法
CN105991280A (zh) * 2015-02-02 2016-10-05 中国移动通信集团湖北有限公司 一种用户认证方法及系统
US20190189127A1 (en) * 2017-12-18 2019-06-20 Samsung Electronics Co., Ltd. Electronic apparatus, electronic system and control method thereof
CN113051536A (zh) * 2021-03-23 2021-06-29 深圳市声扬科技有限公司 语音认证方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
CN114467283A (zh) 2022-05-10
CN114467283B (zh) 2024-02-09

Similar Documents

Publication Publication Date Title
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
US11847199B2 (en) Remote usage of locally stored biometric authentication data
CN106330850B (zh) 一种基于生物特征的安全校验方法及客户端、服务器
CN106100848B (zh) 基于智能手机和用户口令的双因子身份认证系统及方法
CN111241517B (zh) 一种生物特征验证问答库的构建方法和装置
US11271745B2 (en) Method and system for operating internet of things device
CN106549973A (zh) 一种基于生物特征识别的客户端及其工作方法
CN108881310A (zh) 一种注册系统及其工作方法
JP2007525767A (ja) ユーザ認証
EP2150915B1 (fr) Protocole d'ouverture de session sécurisée
CN109802942A (zh) 一种隐私保护的声纹认证方法及系统、移动终端
CN107533598B (zh) 应用程序的登录密码的输入方法、装置和终端
WO2021244531A1 (fr) Procédé et appareil de paiement basés sur la reconnaissance faciale
CN110990811A (zh) 一种身份认证方法及装置
WO2023092345A1 (fr) Procédé et appareil d'authentification d'identité, et terminal, support de stockage et produit de programme
CN107517180A (zh) 登录方法和装置
KR101027228B1 (ko) 인터넷 보안을 위한 본인인증 장치, 그 방법 및 이를 기록한 기록매체
CN106997432A (zh) 图片密码认证方法和图片密码认证装置
CN107885986A (zh) 一种表单填充方法、表单数据保存方法及装置
Sonwalkar Captcha: Novel approach to secure user
WO2023159462A1 (fr) Procédé et appareil d'authentification d'identité, terminal, support de stockage et produit-programme
CN111181981A (zh) 一种处理方法、装置及计算机设备
WO2016112792A1 (fr) Procédé et dispositif d'authentification d'identité
JP2006302116A (ja) 認証システム、認証サーバ、端末装置、認証方法およびプログラム
JP2004013865A (ja) 連想記憶による本人認証方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21965083

Country of ref document: EP

Kind code of ref document: A1