Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The flow chart of the register method that the real name that Fig. 1 provides for the embodiment of the invention one authenticates.As shown in Figure 1, the register method of present embodiment comprises:
Step 11, the ID card information that obtains the registered user and registered user's first image information;
Concrete, use before real name identification method or instrument authenticate the user, the registration of real name authentication be need carry out to certificate server, and corresponding authentication means or authentication mode obtained; When certificate server is registered in user applies, require the registered user that the he or she is provided identity card, and obtain the relevant information on the identity card, be i.e. ID card information, for example name, image, address, ID card No. etc.Wherein, certificate server can carry out read operation to registered user's identity card by the identity card card reader, to obtain ID card information; Certificate server also can be taken registered user's identity card by equipment such as cameras, and adopts image recognition technology to obtain ID card information.
Further, in the present embodiment, when user applies was registered, certificate server also needed to obtain this registered user's image information; Wherein, registered user's image information is meant that generally certificate server passes through image capture device (for example camera, shooting first-class) and the registered user carried out IMAQ obtains.
Step 12, according to first image information and ID card information, the registered user is carried out identity legitimacy judges;
Wherein, comprise the personal images information on the identity card in the ID card information that certificate server obtains by identity card card reader reading identity card, i.e. second image information.Certificate server is compared the registered user's that obtains first image information and second image information in the ID card information; When comparison result is first image information when consistent with second image information, illustrate that the registered user is consistent with the ID card information that it is provided, this identity card is registered user's a identity card, and then explanation registered user identity is legal; Otherwise, when comparison result is first image information and second image information when inconsistent, illustrating that registered user and its ID card information that is provided do not meet, this identity card is not registered user's a identity card, and then explanation registered user identity is illegal.
Wherein, certificate server can carry out image recognition to first image information and second image information by image recognition technology, and the result of image recognition is compared.
Step 13, when judged result is registered user's identity when legal, generate the register account number of registered user's correspondence.Concrete, when certificate server is determined registered user's identity when legal according to first image information and second image information, certificate server generates corresponding register account number for this registered user, be that the registered user successfully registers wherein, when certificate server is determined registered user's identity when illegal according to first image information and second image information, can finish registered user's registration operation and send information to the registered user, to inform that the registered user must carry ID card information in person and register, promptly do not generate corresponding register account number for this registered user.
The register method of the real name authentication of present embodiment, carry out in the process of real name authentication registration the user, by obtaining user's image information, the image information obtained and the image information in the ID card information are compared, judge whether the registered user is consistent with its ID card information that is provided, with when the identity of judging the registered user is legal, allow registered user's registration, the situation of having avoided the registered user to use other users' ID card information to register, realized real name authentication truly, thereby improved the fail safe when authenticating by real name identification method.
The flow chart of the register method that the real name that Fig. 2 provides for the embodiment of the invention two authenticates.Present embodiment can realize that as shown in Figure 2, the method for present embodiment also comprises based on embodiment one after the register account number that generates registered user's correspondence:
Step 14, obtain registered user's characteristic information;
Step 15, according to characteristic information, generate the authentication information of registered user's correspondence.
After the registered user obtained register account number, certificate server also needed for this registered user provides corresponding authentication information, i.e. the foundation that authenticates in the follow-up business process of exchange of registered user.Wherein, certificate server is provided with level of security, and allows the registered user to select.For example when the user selected the lower security rank, certificate server can provide simple cipher authentication mode to the registered user; When the user selected high level of security, certificate server can obtain registered user's characteristic information, and generated authentication information according to characteristic information for this registered user.
Present embodiment selects high level of security to implement based on the registered user, and wherein, the registered user's who is obtained characteristic information can be image information, acoustic information, finger print information or iris information etc.Concrete, certificate server can be taken pictures to the registered user by camera etc., to obtain registered user's image information; Certificate server can be recorded registered user's language by sound pick-up outfit, video capture device etc., to obtain registered user's acoustic information; Certificate server can obtain registered user's finger print information by fingerprint scanner; Certificate server can be gathered registered user's iris information by iris capturing equipment.Wherein, the characteristic information that certificate server adopted can be above-mentioned a kind of information, also can be the combination in any of above-mentioned information.
Based on different characteristic information, certificate server is also inequality for the authentication information that the registered user generated.Concrete, certificate server is according to characteristic information, and the authentication information that generates registered user's correspondence is meant that certificate server is that the registered user generates the authentication information that comprises individual features information.For example: when characteristic information was image information, the authentication information that certificate server generates for the registered user comprised registered user's image information; When characteristic information was acoustic information, the authentication information that certificate server generates for the registered user comprised registered user's voiceprint; When characteristic information was finger print information, the authentication information that certificate server generates for the registered user comprised registered user's finger print information.
The register method of the real name authentication of present embodiment after certificate server provides login account for the registered user, by obtaining registered user's characteristic information, further generates the employed authentication information of registered user.Wherein, have uniqueness, therefore, have higher fail safe, make the authentication information that comprises characteristic information in verification process, have higher fail safe, registered user's fail safe in the time of can guaranteeing business transaction owing to characterize registered user's characteristic information.
The flow chart of the register method that the real name that Fig. 3 provides for the embodiment of the invention three authenticates.Present embodiment can realize that as shown in Figure 3, the register method of present embodiment also comprises based on the foregoing description after generating authentication information:
Step 16a, the generation authentication means related with authentication information, and authentication means is handed down to the registered user, carry out the real name authentication for the registered user according to authentication means.
Wherein, after certificate server generates authentication information for the registered user, the registered user can carry out the real name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server generates the authentication means that is associated with authentication information for the registered user, and is handed down to the registered user, so that the registered user uses authentication information to finish the real name authentication by authentication means.
Wherein, the authentication means of present embodiment and authentication information adapt.For example: when authentication information is password, this authentication means can be USB Key, certificate server is associated USB Key with registered user's password, require during by business transaction the registered user to carry out the real name authentication the registered user by USB Key input password, and authentication by after just can carry out subsequent operation; When authentication information comprises image information, authentication means can be image capture device, for example camera, camera etc., be used for gathering registered user's image information in registered user's business transaction process, and the image information of gathering reached certificate server for carrying out the real name authentication, and the real name authentication by after just can carry out subsequent operation; When authentication information comprises acoustic information, authentication means can be sound collection equipment, be used for gathering registered user's acoustic information in registered user's business transaction process, and the acoustic information of gathering reached certificate server for carrying out the real name authentication, and the real name authentication by after just can carry out subsequent operation; When authentication information comprises finger print information, authentication means can be fingerprint collecting equipment, be used for gathering registered user's finger print information in registered user's business transaction process, and the finger print information of gathering reached certificate server for carrying out the real name authentication, and the real name authentication by after just can carry out subsequent operation; When authentication information comprises iris information, authentication means can be iris capturing equipment, be used for gathering registered user's iris information in registered user's business transaction process, and the iris information of gathering reached certificate server for carrying out the real name authentication, and the real name authentication by after just can carry out subsequent operation.
Wherein, above-mentioned authentication means only is used for obtaining the required information of real name authentication in registered user's business transaction process, then the information of obtaining is sent to certificate server, finishes the real name authentication operation on the backstage by certificate server.In addition, certificate server carries out authentication information and authentication means when related, authentication information can also be stored in the corresponding authentication means, in registered user's business transaction process, obtain corresponding information by authentication means, and the information obtained and the authentication information of being stored compared, to finish the real name verification process.In this embodiment, authentication means has been shared the real name authentication function of certificate server, can alleviate the burden of certificate server.
The register method of the real name authentication of present embodiment, certificate server make the registered user to use authentication information to carry out the real name authentication by authentication means by generating authentication means and authentication means being handed down to the registered user, have improved the fail safe of business transaction.
The flow chart of the register method that the real name that Fig. 4 provides for the embodiment of the invention four authenticates.Present embodiment can realize that as shown in Figure 4, the register method of present embodiment also comprises based on the foregoing description after generating authentication information:
Step 16b, authentication information and registered user's portable terminal are carried out related, carry out real name authentication by portable terminal for the registered user.
Wherein, after certificate server generates authentication information for the registered user, the registered user can carry out the real name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server is associated authentication information (claiming binding again) with registered user's portable terminal, the registered user can use authentication information to carry out the real name authentication by its portable terminal like this.Certificate server specifically is meant authentication information and registered user's mobile terminal binding the mapping relations between sign, authentication information, registered user's the register account number of authentication server stores portable terminal.
Wherein, registered user's portable terminal can be mobile phone, personal digital assistant, personal computer etc., and corresponding mobile terminal identification is phone number, personal digital assistant's factory serial number, personal computer factory serial number etc., as long as can the unique identification portable terminal.
Wherein, be mobile phone with the portable terminal, mobile terminal identification is that phone number is an example, illustrates how the registered user carries out the real name authentication by portable terminal.Concrete, in registered user's business transaction process, when the needs registered user carries out the real name authentication, the registered user proposes authentication request by the business device in the business transaction process (for example webpage of the enterprising industry affair of traction equipment transaction) to certificate server, perhaps the registered user also can send note to propose authentication request to certificate server by mobile phone, and wherein authentication request comprises the physical number that the registered user binds; Certificate server according to authentication request to the mobile phone transmitting short message, to provide authentication password to the registered user; In the relevant device or interface in the authentication password incoming traffic process of exchange that the registered user receives mobile phone, by certificate server the registered user is carried out the real name authentication according to authentication password for this relevant device, after authentication was passed through, relevant device allowed the registered user to carry out subsequent operation; Otherwise relevant device points out the illegal or checking of identity information such as not pass through to the registered user, and end operation, to guarantee the fail safe of business transaction, protection business transaction user's interests.
The register method of the real name authentication of present embodiment, certificate server is by the mobile terminal binding with authentication information and registered user, provide a kind of approach that carries out the real name authentication to the registered user, make the registered user to use authentication information to carry out the real name authentication, improved the fail safe of business transaction by its portable terminal.
The flow chart of the register method that the real name that Fig. 5 provides for the embodiment of the invention five authenticates.Present embodiment can realize that as shown in Figure 5, the register method of present embodiment also comprises based on the foregoing description after generating authentication information:
Step 16c, the authentication information and the service card of registered user's portable terminal are carried out related, carry out the real name authentication for the service card of registered user by portable terminal.
Wherein, after certificate server generates authentication information for the registered user, the registered user can carry out the real name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server is associated authentication information (claiming binding again) with the service card of registered user's portable terminal, the registered user can use authentication information to carry out the real name authentication by the service card that its portable terminal and portable terminal use like this.Certificate server specifically is meant the binding of the service card of authentication information and registered user's portable terminal the mapping relations between sign, authentication information, registered user's the register account number of the service card of authentication server stores portable terminal.
Wherein, registered user's portable terminal can be mobile phone, personal digital assistant, personal computer etc., the service card of corresponding mobile terminal can be SIM card or sticker, various storage cards etc., but the sign of corresponding business card mainly is meant the information of unique identification service card, for example SIM card number etc.
Wherein, be mobile phone with the portable terminal, service card is that SIM card, service card are designated SIM card number and are example, illustrate the registered user how the service card by portable terminal carry out real name and authenticate.Concrete, in registered user's business transaction process, when the needs registered user carried out the real name authentication, the registered user proposed authentication request by traction equipment in the business transaction process or mobile phone to certificate server; Certificate server issues data SMS to SIM card, with the authentication password after providing encryption to the registered user; Registered user's SIM card receives the authentication password after encrypting, and is decrypted and gets access to authentication password, shows this authentication password by mobile phone to the registered user then; The registered user is with in the traction equipment in the authentication password incoming traffic process of exchange that receives, by certificate server the registered user is carried out the real name authentication according to authentication password for this traction equipment, after authentication was passed through, traction equipment allowed the registered user to carry out subsequent operation; Otherwise traction equipment points out the illegal or checking of identity information such as not pass through to the registered user, and end operation, to guarantee the fail safe of business transaction, protection business transaction user's interests.
The register method of the real name authentication of present embodiment, certificate server passes through the service card binding with authentication information and registered user's portable terminal, provide a kind of approach that carries out the real name authentication to the registered user, make the registered user to use authentication information to carry out the real name authentication, improved the fail safe of business transaction by its portable terminal.
The flow chart of the register method that the real name that Fig. 6 provides for the embodiment of the invention six authenticates.Present embodiment can realize that as shown in Figure 6, the register method of present embodiment also comprises based on the foregoing description after generating authentication information:
Step 16d, authentication information and registered user's password card are carried out related, stick into the authentication of capable real name by password for the registered user.
Wherein, after certificate server generates authentication information for the registered user, the registered user can carry out the real name authentication according to this authentication information, but need to realize by certain carrier, therefore, certificate server is associated authentication information (claiming binding again) with registered user's password card, the registered user can use authentication information to carry out the real name authentication by its password card like this.Certificate server is bound authentication information and registered user's password card the mapping relations between the sign that specifically is meant the authentication server stores password card, authentication information, registered user's the register account number.
Wherein, the transaction system when the employed password card of present embodiment carries out business transaction with the registered user is associated, and when the user carried out business transaction, password card can dynamically provide one group of password information; In the password information incoming traffic transaction system or employed traction equipment that the registered user provides password card, the password information of registered user's input is compared by certificate server by transaction system or traction equipment, when having only the password information of importing as the registered user correct, the registered user just can finish business transaction.
Wherein, password card can produce password information based on time, incident or challenging value; In addition, present embodiment also provides a kind of password card to produce the execution mode of password information based on business transaction information, and is that example describes the registered user sticks into capable real name authentication by password process in detail in this mode.Concrete, in registered user's business transaction process, when the needs registered user carries out the real name authentication, the portable terminal of registered user by traction equipment in the business transaction process or registered user etc. proposes authentication request to certificate server, comprises in this authentication request that registered user's password card sign and business transaction identifies; Certificate server is according to the password card in authentication request sign, sends the ciphertext of business transaction sign corresponding service Transaction Information to registered user's password card, and this business transaction information can comprise trading object title, type of transaction, exchange hour etc.; Registered user's password card obtains the ciphertext of business transaction information, and according to the key of encipher-decipher method of making an appointment or storage in advance the ciphertext of this business transaction information is decrypted, and obtains business transaction information; Registered user's password card generates password information according to the business transaction information of obtaining, and offers the registered user; The registered user imports password information in the traction equipment and by certificate server the registered user is carried out the real name authentication for traction equipment.Wherein, can generate business transaction according to the password information generating algorithm of making an appointment with password card on the certificate server and identify corresponding password information; The password information that password information that certificate server can generate itself and password card generate is compared, the registered user is carried out the real name authentication.
In the above-described embodiment, registered user's password card is decrypted processing to the ciphertext of business transaction information; If legal business transaction information is successfully deciphered and obtained to registered user's password card, then generate correct password information; If registered user's password card deciphering failure or the business transaction information of obtaining are illegal, then can not generate the password information of password information or generation error.This shows: the execution mode of the business transaction information of the passing through generation password information that present embodiment provides can further improve the fail safe of registered user's business transaction, guarantees registered user's legitimate interests.
In this explanation, owing to the process of carrying out the real name authentication by various authentication means or authentication mode is a prior art, therefore, the various embodiments described above are not elaborated to concrete verification process, specifically can implement with reference to prior art.
Further again, certificate server can also provide multiple authentication means or authentication mode to the registered user simultaneously according to the desired level of security of registered user.For example can to the registered user provide fingerprint collecting equipment, sound collection equipment and with the mode of handset binding; At this moment, in registered user's business transaction process, the registered user can provide authentication request to certificate server by traction equipment or portable terminal, obtain the authentication password that certificate server issues, and import finger print information and acoustic information respectively by fingerprint collecting equipment and sound collecting device, carry out the real name authentication according to authentication password, finger print information and acoustic information simultaneously for certificate server, guaranteed the fail safe of business transaction greatly.
The flow chart of the register method that the real name that Fig. 7 provides for the embodiment of the invention seven authenticates.Present embodiment can realize that as shown in Figure 7, the register method of present embodiment also comprises based on the foregoing description after generating authentication information:
Step 17, ID card information, first image information and register account number are shone upon, generate the account information mapping relations, and the account information mapping relations are stored in the identity account data storehouse.
The register method of the real name authentication of present embodiment, certificate server is provided with identity account data storehouse, can store each registered user's relevant information by this database certificate server, so that the registered user is managed and safeguards.
Further, based on the various embodiments described above, in order to guarantee the fail safe of authentication information, certificate server is generally each authentication information and is provided with useful life, and the useful life of authentication information generally is the useful life of authentication means or authentication mode.For example: certificate server brings into use the time for succeeding in registration day by what authentication means was set, and use concluding time of authentication means is set according to the useful life that allows, with the management of realization, but be not limited to this to authentication information or authentication means useful life.Wherein, use user's interests in order to guarantee authentication information or authentication means, certificate server allows to use user's application before the useful life of authentication information or authentication means finishes to prolong the useful life of this authentication information or authentication means.Following examples of the present invention describe the flow process that certificate server delays to operate according to registered user's extension request in detail.
The method flow diagram that Fig. 8 uses for the authentication information extension that the embodiment of the invention eight provides.Present embodiment can realize that as shown in Figure 8, the method for present embodiment comprises based on the foregoing description:
Step 18, reception registered user's extension request;
Concrete, the interface or the interface of the request of delaying is obtained in the certificate server setting.When the registered user need propose to delay request, can submit the request of delaying to by interface or interface that certificate server provides.
Step 19, according to the request of delaying, obtain registered user's ID card information and registered user's first image information;
Step 20, according to first image information and ID card information, the registered user is carried out identity legitimacy judges; When judged result is registered user's identity when legal, execution in step 21; Otherwise, execution in step 23.
Step 21, according to ID card information inquiry identity account data storehouse, and judge whether to inquire the register account number corresponding with ID card information; When in identity account data storehouse, inquiring the register account number corresponding with ID card information, execution in step 22; Otherwise, execution in step 23.
This step is used for specifically judging whether proposition extension requesting users is registered users, owing to have only registered users that the authority that proposes the extension request is just arranged.
Step 22, according to specifying extension length to upgrade the useful life of authentication information;
When judged result exists for the registered user's of the request of submit to delaying register account number, revise the useful life of authentication means, for example use the concluding time by revising, use with the phase that allows the user.Wherein, illegal as a result the time when occurring in the above-mentioned judged result, all do not allow authentication means is delayed, promptly execution in step 23.
Step 23, end delay to operate.
Wherein, in above-mentioned extension process to authentication means, certificate server is according to obtaining the ID card information and first image information, and the process of registered user's identity legitimacy being verified according to first image information and ID card information all can not repeat them here with reference to the description among the register method embodiment of above-mentioned real name authentication.The operation that authentication means is delayed that above-mentioned execution mode provides can guarantee the user's that asks for a postponement legitimacy, has improved authentication means the delay fail safe used and then the fail safe that has improved subsequent authentication procedure.
The embodiment of the invention nine provides a kind of certificate server, and this certificate server is mainly used in the flow process of carrying out said method embodiment.The certificate server of present embodiment is by in registered user's registration process, obtain registered user's image information, and the image information in image information and the ID card information compared, to judge whether the registered user is validated user, only when registered user's identity is legal, just allow the registered user to register, the situation of having avoided the registered user to use other users' ID card information to register, realized real name authentication truly, thereby improved the fail safe when authenticating by real name identification method.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.