[0042] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
[0043] figure 1 This is a flowchart of the first embodiment of an authentication method provided by an embodiment of the present invention. In the embodiment of the present invention, the authentication method is applied to a server, and the server can be used to provide an identity authentication function. The user uses a terminal to access the server through the network, and completes operations such as transfer and payment through interaction with the server. Those skilled in the art can understand that the terminal can be an electronic device such as a smart phone, a tablet computer, a computer, and the server can be a device provided by a bank or a payment institution to provide services, or it can be other devices involving identity authentication functions. The embodiment of the present invention is not limited to this. The authentication method includes the following steps S101-S104.
[0044] In step S101, when an identity authentication request sent by a terminal is received, a verification code is sent to the terminal.
[0045] Specifically, when the server receives the identity authentication request sent by the terminal, it first generates source authentication information. The method of generating the source verification information may be randomly generated or generated according to a preset rule, and this embodiment is not limited to this. After the source verification information is generated, the source verification information is encrypted using pre-stored legal user biometric information to obtain a verification code. In this embodiment, the server stores the biometric information of the legal user. The legal user refers to the user who has been determined to have access rights. The biometric information includes: hand shape, fingerprint, face shape, iris, retina, pulse, auricle, signature , Sound and keystroke, etc. Biometric information is used to identify the user's identity for easy identification. In this embodiment, the biometric information of the legal user is encoded to form an encryption key, and the source verification information is encrypted to obtain the verification code. After obtaining the verification code, the server sends the verification code to the terminal. Wherein, the sending method may be a short message method or other methods, and this embodiment is not limited to this.
[0046] In step S102, receiving the code to be verified and the biometric information of the user to be authenticated input by the terminal according to the verification code.
[0047] Specifically, after receiving the verification code, the terminal will receive the verification code input by the user to be authenticated. The terminal further sends the code to be verified and the biometric information of the user to be authenticated to the server.
[0048] In step S103, the input code to be verified is decrypted using the biometric information of the user to be authenticated to obtain target verification information.
[0049] Specifically, after receiving the code to be verified and the biometric information of the user to be authenticated, the biometric information of the user to be authenticated is used as a decryption key to decrypt the code to be verified to obtain target verification information.
[0050] In step S104, the target verification information is compared with the source verification information, and the identity verification result of the user to be authenticated is determined according to the comparison result.
[0051] Specifically, the target verification information obtained in step S103 is compared with the source verification message, and the identity verification result of the user to be authenticated is determined according to the comparison result. In this embodiment, since the verification code sent to the terminal is encrypted with the biometric information of the legal user as the encryption key, when the user to be authenticated is also a legal user, the biometric information of the user to be authenticated is used as the decryption key The obtained target verification information should be consistent with the source verification information. Therefore, by comparing the target verification information with the source verification information, it can be determined whether the user to be authenticated is a legitimate user, that is, the identity authentication result is obtained. If the target verification information is consistent with the source verification information, it is determined that the user to be authenticated is a legitimate user, and the identity authentication of the user to be authenticated is successful; if the target verification information is inconsistent with the source verification information, it is determined The user to be authenticated is an illegal user, and the identity authentication of the user to be authenticated fails.
[0052] It can be seen from the above that the authentication method in the embodiment of the present invention, when performing identity authentication, encrypts the verification code with biometric information and then sends it to the user to be authenticated, and then uses the biometric information of the user to be authenticated to input it The code to be verified is decrypted, and the authentication is passed by judging whether the two are the same. In this way, even if the verification code is intercepted by others, others cannot complete the verification, which improves the security, can better confirm the user's identity, and eliminates security risks.
[0053] figure 2 This is a flowchart of the second embodiment of an authentication method according to an embodiment of the present invention. The method includes the following steps S201-S205. Wherein, the steps of S202-S205 in this embodiment are the same as the steps of S101-S104 in the first embodiment, and will not be repeated here.
[0054] In step S201, the legal user account, the legal password and the legal user biometric information sent by the terminal are received and stored.
[0055] Specifically, before performing identity authentication, the relevant information of the legal user needs to be stored on the server, including: legal user account, legal password, and legal user biometric information. The legal user enters the legal user account number and legal password on the terminal, and inputs the legal user's biometric information through the terminal, and the terminal sends the above information to the server. The server receives and stores the legal user account, legal password, and legal user biometric information sent by the terminal.
[0056] In step S202, when the identity authentication request sent by the terminal is received, the verification code is sent to the terminal.
[0057] In step S203, receiving the code to be verified and the biometric information of the user to be authenticated input by the terminal according to the verification code.
[0058] In step S204, the input code to be verified is decrypted using the biometric information of the user to be authenticated to obtain target verification information.
[0059] In step S205, the target verification information is compared with the source verification information, and the identity verification result of the user to be authenticated is determined according to the comparison result.
[0060] It can be seen from the above that the authentication method in the embodiment of the present invention, when performing identity authentication, encrypts the verification code with biometric information and then sends it to the user to be authenticated, and then uses the biometric information of the user to be authenticated to input it The code to be verified is decrypted, and the authentication is passed by judging whether the two are the same. In this way, even if the verification code is intercepted by others, others cannot complete the verification, which improves the security, can better confirm the user's identity, and eliminates security risks.
[0061] image 3 This is a flowchart of the third embodiment of an authentication method according to an embodiment of the present invention. The method includes the following steps S301-S307. Among them, the steps of S301 in this embodiment are the same as the steps of S201 in the second embodiment, and the steps of S305-S307 in this embodiment are the same as the steps of S203-S205 in the second embodiment, which will not be repeated here.
[0062] In step S301, the legal user account, the legal password and the legal user biometric information sent by the terminal are received and stored.
[0063] In step S302, an identity authentication request sent by the terminal is received.
[0064] Specifically, in this embodiment, the identity authentication request sent by the terminal carries the user account and password of the user to be authenticated, or carries the biometric information of the user to be authenticated. That is, when a user requests identity authentication on the terminal, the terminal will receive the user account and password entered by the user, or collect the user's biometric information, and transmit the above information to the server.
[0065] In step S303, a legal user account and a legal password are used to verify the carried user account and password; or, it is judged whether the biometric information of the user to be authenticated matches the pre-stored legal user biometric information.
[0066] Specifically, since the legal user's information is stored in step S301, in this step, the legal user's information is used for preliminary verification of the user to be authenticated. The specific verification operation may be to verify the carried user account and password using a legal user account and a legal password; or to determine whether the biometric information of the user to be authenticated matches the biometric information of the legal user stored in advance. When the verification passes, step S304 is entered; if the verification fails, prompt information such as user password mismatch or user mismatch is output, and this identity authentication request is ignored.
[0067] In step S304, source verification information is generated and encrypted, and the verification code obtained after encryption is sent to the terminal.
[0068] Specifically, after the verification is passed, source verification information is generated. And further use the biometric information of the legal user as the encryption key to encrypt the source verification information to obtain the verification code. After obtaining the verification code, the server sends the verification code to the terminal.
[0069] In step S305, receiving the code to be verified and the biometric information of the user to be authenticated input by the terminal according to the verification code.
[0070] In step S306, the input code to be verified is decrypted using the biometric information of the user to be authenticated to obtain target verification information.
[0071] In step S307, the target verification information is compared with the source verification information, and the identity verification result of the user to be authenticated is determined according to the comparison result.
[0072] It can be seen from the above that the authentication method in the embodiment of the present invention, when performing identity authentication, encrypts the verification code with biometric information and then sends it to the user to be authenticated, and then uses the biometric information of the user to be authenticated to input it The code to be verified is decrypted, and the authentication is passed by judging whether the two are the same. At the same time, further preliminary verification of the user to be authenticated before generating the verification code can better confirm the user's identity and further improve security.
[0073] Figure 4 This is a flowchart of the first embodiment of another authentication method provided by an embodiment of the present invention. In the embodiment of the present invention, the authentication method is applied to the terminal. The user uses the terminal to access the server through the network, and completes operations such as transfer and payment through interaction with the server. Those skilled in the art can understand that the terminal can be an electronic device such as a smart phone, a tablet computer, a computer, and the server can be a device provided by a bank or a payment institution to provide services, or it can be other devices involving identity authentication functions. The embodiment of the present invention is not limited to this. The authentication method includes the following steps S401-S404.
[0074] In step S401, an identity authentication request is sent to the server and a verification code returned by the server is received.
[0075] Specifically, in this embodiment, when the user to be authenticated wants to perform identity authentication, the terminal sends an identity authentication request, and the terminal sends the identity authentication request to the server. After receiving the request, the server replies with a corresponding verification code, and the terminal receives the verification code and displays it to the user to be authenticated. Among them, the user to be authenticated can directly select and submit the identity authentication request through related options on the terminal.
[0076] In other embodiments, the identity authentication request may also be in other ways. The identity authentication request can carry preliminary authentication information, such as a user account and password, or the user's biometric information. At this time, the terminal first receives the user account and password input by the user to be authenticated or collects the biometric information of the user to be authenticated; then forwards the input user name and password or the biometric information of the user to be authenticated to the server.
[0077] In step S402, the to-be-verified code input by the to-be-authenticated user according to the verification code is received and the biometric information of the to-be-authenticated user is collected.
[0078] Specifically, in step S401, the terminal receives the verification code and displays it to the user to be authenticated, and the user to be authenticated inputs the code to be verified according to the verification code. Generally, if the user to be authenticated receives the verification code, the entered verification code will be the same as the verification code. At the same time, the terminal is also used to collect the biometric information of the user to be authenticated at this time. The biometric information includes: hand shape, fingerprint, face shape, iris, retina, pulse, auricle, signature, voice, and key strength. Corresponding to different biometric information, there can be many ways to collect biometric information, for example, fingerprints can be collected through a fingerprint sensor; face shape, iris, etc. can be collected through a camera, and the present invention is not limited to this. Biometric information is used to identify the user's identity for easy identification.
[0079] In step S403, the code to be verified and the biometric information of the user to be authenticated are sent to the server.
[0080] Specifically, the terminal sends the received code to be verified and the collected biometric information of the user to be authenticated to the server.
[0081] It can be seen from the above that the authentication method in the embodiment of the present invention, when performing identity authentication, further collects the biometric information of the user to be authenticated on the basis of the verification code for subsequent server verification, so as to better confirm User identity improves security.
[0082] Figure 5 This is a flowchart of the second embodiment of another authentication method provided by an embodiment of the present invention. The method includes the following steps S501-S505. Among them, the steps S503-S505 in this embodiment are the same as the steps S401-S403 in the first embodiment, and will not be repeated here.
[0083] In step S501, the inputted legal user account and legal password are received, and the biometric information of the legal user is collected.
[0084] Specifically, before performing identity authentication, the terminal first collects relevant information of the legal user, such as receiving the input of the legal user account and legal password, and collecting the biometric information of the legal user. The information of the legal user is used for subsequent identity authentication.
[0085] In step S502, the legal user account, the legal password, and the legal user's biometric information are sent to the server.
[0086] Specifically, after collecting relevant information of the legitimate user, the relevant information is sent to the server for storage, so as to facilitate subsequent identity authentication.
[0087] In step S503, an identity authentication request is sent to the server and the verification code returned by the server is received.
[0088] In step S504, the to-be-verified code input by the to-be-authenticated user according to the verification code is received, and the biometric information of the to-be-authenticated user is collected.
[0089] In step S505, the code to be verified and the biometric information of the user to be authenticated are sent to the server.
[0090] It can be seen from the above that the authentication method in the embodiment of the present invention, when performing identity authentication, further collects the biometric information of the user to be authenticated on the basis of the verification code for subsequent server verification, so as to better confirm User identity improves security.
[0091] Image 6 This is a schematic structural diagram of a first embodiment of a server according to an embodiment of the present invention. The server may be used to provide an identity authentication function. The user uses a terminal to access the server through the network, and completes operations such as transfer and payment through interaction with the server. Those skilled in the art can understand that the server may be a device provided by a bank or a payment institution for providing services, or may be other devices involving identity authentication functions, and the embodiment of the present invention is not limited thereto. The server includes: a verification module 601, a receiving module 602, a decryption module 603, and a judgment module 604.
[0092] The verification module 601 is configured to send a verification code to the terminal when the identity authentication request sent by the terminal is received.
[0093] Specifically, when the verification module 601 receives the identity verification request sent by the terminal, it first generates source verification information. The method of generating the source verification information may be randomly generated or generated according to a preset rule, and this embodiment is not limited to this. After the source verification information is generated, the verification module 601 encrypts the source verification information using pre-stored legal user biometric information to obtain a verification code. In this embodiment, the verification module 601 saves the biometric information of the legal user. The legal user refers to the user who has been determined to have access rights. The biometric information includes: hand shape, fingerprint, face shape, iris, retina, pulse, auricle , Signature, sound and keystroke, etc. Biometric information is used to identify the user's identity for easy identification.
[0094] In this embodiment, the verification module 601 encodes the biometric information of the legal user to form an encryption key, and encrypts the source verification information to obtain a verification code. After obtaining the verification code, the verification module 601 sends the verification code to the terminal. Wherein, the sending method may be a short message method or other methods, and this embodiment is not limited to this.
[0095] In other embodiments, the verification module 601 is further configured to receive and store the legal user account, the legal password, and the legal user biometric information sent by the terminal. Specifically, before performing identity authentication, the relevant information of the legal user needs to be stored on the server, including: legal user account, legal password, and legal user biometric information. The legal user inputs the legal user account number and the legal password on the terminal, and inputs the legal user's biometric information through the terminal, and the terminal sends the above information to the verification module 601. The verification module 601 receives and stores the legal user account, the legal password, and the legal user biometric information sent by the terminal.
[0096] In other embodiments, the identity authentication request carries the user account and password, or carries the biometric information of the user to be authenticated. The verification module 601 uses a legal user account and a legal password to verify the carried user account and password; alternatively, the verification module 601 determines whether the biometric information of the user to be authenticated matches the pre-stored biometric information of the legal user; if verified If a match is passed or judged, the verification module 601 sends a verification code to the terminal.
[0097] The receiving module 602 is configured to receive the code to be verified input by the terminal according to the verification code and the biometric information of the user to be authenticated.
[0098] Specifically, after receiving the verification code, the terminal will receive the verification code input by the user to be authenticated. The terminal further sends the code to be verified and the biometric information of the user to be authenticated to the receiving module 602.
[0099] The decryption module 603 is configured to use the biometric information of the user to be authenticated to decrypt the input to-be-verified code to obtain target verification information.
[0100] Specifically, after receiving the code to be verified and the biometric information of the user to be authenticated, the decryption module 603 uses the biometric information of the user to be authenticated as a decryption key to decrypt the code to be verified to obtain target verification information.
[0101] The judgment module 604 is configured to compare the target verification information with the source verification information, and determine the identity verification result of the user to be authenticated according to the comparison result.
[0102] Specifically, the judgment module 604 compares the target verification information with the source verification message, and determines the identity verification result of the user to be authenticated according to the comparison result. In this embodiment, since the verification code sent to the terminal is encrypted with the biometric information of the legal user as the encryption key, when the user to be authenticated is also a legal user, the biometric information of the user to be authenticated is used as the decryption key The obtained target verification information should be consistent with the source verification information. Therefore, by comparing the target verification information with the source verification information, the judgment module 604 can determine whether the user to be authenticated is a legitimate user, that is, obtain the identity authentication result. If the target verification information is consistent with the source verification information, the judgment module 604 determines that the user to be authenticated is a legitimate user, and the identity authentication of the user to be authenticated is successful; if the target verification information is inconsistent with the source verification information , The judgment module 604 determines that the user to be authenticated is an illegal user, and the identity authentication of the user to be authenticated fails.
[0103] It can be seen from the above that, when performing identity authentication, the server in the embodiment of the present invention encrypts the verification code by using biometric information and then sends it to the user to be authenticated, and then uses the biometric information of the user to be authenticated to input it. The code to be verified is decrypted, and the authentication is passed by judging whether the two are the same. In this way, even if the verification code is intercepted by others, others cannot complete the verification, which improves the security, can better confirm the user's identity, and eliminates security risks.
[0104] Figure 7 This is a schematic structural diagram of a first embodiment of a terminal according to an embodiment of the present invention. In the embodiment of the present invention, the user uses a terminal to access the server through the network, and completes operations such as transfer and payment through interaction with the server. Those skilled in the art can understand that the terminal may be an electronic device such as a smart phone, a tablet computer, or a computer, and the embodiment of the present invention is not limited thereto. The terminal includes: a transceiver module 701 and an acquisition module 702.
[0105] The transceiver module 701 is configured to send an identity authentication request to the server and receive a verification code returned by the server.
[0106] Specifically, in this embodiment, when the user to be authenticated wants to perform identity authentication, an identity authentication request is sent through the terminal, and the transceiver module 701 sends the identity authentication request to the server. After receiving the request, the server replies with a corresponding verification code, and the transceiver module 701 receives the verification code and displays it to the user to be authenticated. Among them, the user to be authenticated can directly select and submit the identity authentication request through related options on the terminal.
[0107] The collection module 702 is configured to receive the to-be-verified code input by the user-to-be-authenticated according to the verification code and collect biometric information of the user-to-be-authenticated.
[0108] Specifically, after the transceiver module 701 receives the verification code and displays it to the user to be authenticated, the user to be authenticated inputs the code to be verified according to the verification code. Generally, if the user to be authenticated receives the verification code, the entered verification code will be the same as the verification code. At the same time, the collection module 702 is also used to collect the biometric information of the user to be authenticated at this time. The biometric information includes: hand shape, fingerprint, face shape, iris, retina, pulse, auricle, signature, voice, and key strength. Corresponding to different biometric information, the collection module 702 can collect biometric information in many ways, for example, fingerprints can be collected through a fingerprint sensor; face shapes, iris, etc. can be collected through a camera, and the present invention is not limited to this. Biometric information is used to identify the user's identity for easy identification.
[0109] The transceiver module 701 is also used to send the code to be verified and the biometric information of the user to be authenticated to the server.
[0110] Specifically, the transceiver module 701 is further configured to send the received code to be verified and the collected biometric information of the user to be authenticated to the server.
[0111] In other embodiments, before performing identity authentication, the collection module 702 is also used to receive the inputted legal user account, legal password, and to collect the biometric information of the legal user; the transceiver module 701 is also used to transfer the legal user account, legal The password and the biometric information of the legal user are sent to the server. The information of the legal user is used for subsequent identity authentication.
[0112] In other embodiments, the identity authentication request may also be in other ways. The identity authentication request can carry preliminary authentication information, such as a user account and password, or the user's biometric information. At this time, the collection module 702 first receives the user account and password input by the user to be authenticated or collects the biometric information of the user to be authenticated; then the transceiver module 701 converts the input user name and password or the biometric information of the user to be authenticated The information is forwarded to the server.
[0113] It can be seen from the above that when performing identity authentication, the terminal in the embodiment of the present invention further collects the biometric information of the user to be authenticated on the basis of the verification code for subsequent server verification, so as to better confirm the use The identity of the person, which improves security.
[0114] A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The program can be stored in a computer readable storage medium. During execution, it may include the procedures of the above-mentioned method embodiments. Wherein, the storage medium can be a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
[0115] The above-disclosed are only preferred embodiments of the present invention. Of course, the scope of rights of the present invention cannot be limited by this. Therefore, equivalent changes made according to the claims of the present invention still fall within the scope of the present invention.
