CN106131833B - The authentication method and system that interconnects of identity-based identification card - Google Patents
The authentication method and system that interconnects of identity-based identification card Download PDFInfo
- Publication number
- CN106131833B CN106131833B CN201610487899.3A CN201610487899A CN106131833B CN 106131833 B CN106131833 B CN 106131833B CN 201610487899 A CN201610487899 A CN 201610487899A CN 106131833 B CN106131833 B CN 106131833B
- Authority
- CN
- China
- Prior art keywords
- image
- similarity
- server
- services device
- subscribed services
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/161—Detection; Localisation; Normalisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Oral & Maxillofacial Surgery (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Software Systems (AREA)
- Biomedical Technology (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of authentication method and system that interconnects of identity-based identification card, comprising: Website server reception includes the certification request with the one-to-one cell-phone number of identification card and is sent to subscribed services device;The attaching information of subscribed services device inquiry mobile phone number and when cell-phone number is not belonging to the corresponding operator of subscribed services device, the attaching information of cell-phone number is returned to Website server;The unsigned server that certification request is sent to by Website server according to attaching information;Certification request is sent to terminal corresponding with cell-phone number by unsigned server;Terminal receives certification request, and receives user authentication confirmation message and be sent to unsigned server;Unsigned server receives authenticate-acknowledge information and is sent to Website server;Website server is according to the complete verification process of authenticate-acknowledge information.
Description
Technical field
The invention belongs to internet of things field, and in particular to a kind of authentication method that interconnects of identity-based identification card
And system.
Background technique
With the continuous evolution of Information and Communication Technology, the introducing of the new technologies such as cloud computing, big data, people be can use
PC, mobile terminal carry out the various network services such as surfing on the net, resource access, e-commerce, mobile payment, social networks.Though
Right various network services facilitate user, but network user's personal secrets situation is further severe.In recent years, a series of network informations
Leakage event emerges one after another.In order to avoid the information of user is leaked, when user's Website login on PC, currently, frequent base
It is authenticated in identification cards such as the SIM cards of customer mobile terminal, specifically, user clicks authentication key on website, and defeated
Enter the corresponding cell-phone number of identification card, authenticate-acknowledge window will be will pop up on the mobile terminal of user later, user clicks true
Certification can be completed after recognizing, just can further access website in this way.
However, since most website possesses domestic the whole network user, i.e., domestic three provider customers, and each operator is recognized
Demonstrate,prove server admin respectively cell-phone number and identity information.To accelerate cooperation deployment, website enterprise may only be signed with an operator
Administration's cooperation deployment agreement (referred to as signing operator), the certificate server (referred to as subscribed services device) of the signing operator,
Carry out certification interaction between the Website server and user terminal, and server (the referred to as unsigned clothes of unsigned operator
Business device) then certification interaction will not be carried out with Website server and user terminal, also just it is unable to complete verification process.
Summary of the invention
The present invention is directed at least solve one of the technical problems existing in the prior art, a kind of identity-based identification is proposed
The authentication method and system that interconnects of card.
One of in order to solve the above problem, the present invention provides a kind of authentication method that interconnects of identity-based identification card,
Include: that Website server receives after certification request and is sent to subscribed services device, includes in the certification request and identification
Block one-to-one cell-phone number;The subscribed services device is inquired the attaching information of the cell-phone number and is not belonging in the cell-phone number
When the corresponding operator of the subscribed services device, Xiang Suoshu Website server returns to the attaching information of the cell-phone number;The net
The attaching information that site server is returned according to the subscribed services device, the certification request is sent to and the attaching information
Corresponding unsigned server;The unsigned server receives the certification request, and according to the certification request to institute
It states the corresponding terminal of cell-phone number and sends authenticate-acknowledge request;The terminal receives the authenticate-acknowledge request, and receives user and recognize
It demonstrate,proves confirmation message and is sent to the unsigned server;The unsigned server receives authenticate-acknowledge information and is sent to institute
State Website server;The Website server is according to the complete verification process of authenticate-acknowledge information.
Preferably, the unsigned server sends authenticate-acknowledge request to the corresponding terminal of the cell-phone number, comprising: institute
It states unsigned server and requests information in the certification request to the subscribed services device;Described in the unsigned server judgement
The information one in the certification request whether information in certification request that Website server is sent sends with the subscribed services device
It causes, if unanimously, sending authenticate-acknowledge request to terminal corresponding with the cell-phone number.
Preferably, in the certification request further include: the biological attribute data of user;The unsigned server to institute
It states the corresponding terminal of cell-phone number and sends authenticate-acknowledge request, comprising: the unsigned server is according to the certification request, Xiang Ji
Plinth database sends biological attribute data acquisition request, so that basic database receives the biological attribute data acquisition request
Afterwards, the corresponding biological attribute data of the active user is returned to the unsigned server;The unsigned server is to institute
It states subscribed services device and requests biological attribute data in the certification request;The unsigned server judges the subscribed services
Whether the biological attribute data and the biological attribute data that returns of the basic database that device is sent consistent, if unanimously, to
The corresponding terminal of the cell-phone number sends authenticate-acknowledge request.
Preferably, the biological attribute data is facial image;The unsigned server judges institute according to the following method
It states the biological attribute data that subscribed services device is sent and whether the biological attribute data that the basic database returns is consistent: by institute
The facial image for stating the transmission of subscribed services device is divided into the first image and the second image, and the first image is ocular figure
Picture, second image are the image in addition to the ocular image;The facial image that the basic database is returned
It is divided into third image and the 4th image, the third image is ocular image, and the 4th image is except the eye
Image except area image;Calculate the similarity between the first image and the third image and second image
Similarity between the 4th image;According to the similarity and described between the first image and the third image
Similarity between two images and the 4th image, to judge facial image and the basis that the subscribed services device is sent
Whether the facial image that database returns is consistent.
Preferably, the unsigned server calculates between the first image and the third image according to following manner
Similarity: the first image is divided into left-eye image and eye image, the third image is divided into left-eye image
And eye image;Calculate the first similarity between the left-eye image of the first image and the left-eye image of the third image
And the first image eye image and the third image eye image between the second similarity;According to described
One similarity and second similarity determine the similarity between the first image and the third image.
Preferably, the unsigned server according between the first image and the third image similarity and institute
State the similarity between the second image and the 4th image, come judge facial image that the subscribed services device is sent with it is described
Whether the facial image that basic database returns is consistent, comprising: the unsigned server calculates the power of first similarity
Weight, second similarity weight and second image and the 4th image between third similarity weight, and
According to first similarity, the weight of first similarity, second similarity, the weight of second similarity,
The weight of the third similarity and the third similarity, come judge biological attribute data that the subscribed services device is sent with
Whether the biological attribute data that the basic database returns is consistent.
Preferably, the unsigned server calculates first similarity or described second similar in the following way
Degree: according to the left-eye image pixel of the first image, the corresponding primary vector square of left-eye image of the first image is obtained
Battle array, and according to the left-eye image pixel of the third image, obtain the corresponding secondary vector of left-eye image of the third image
Matrix;Alternatively, obtaining the eye image corresponding first of the first image according to the eye image pixel of the first image
Vector matrix, and according to the eye image pixel of the third image, obtain the eye image corresponding of the third image
Two vector matrixs;Calculate the first mean value and the first covariance of the primary vector matrix;Calculate the secondary vector matrix
Second mean value and the second covariance;According to first mean value and first covariance, to construct the primary vector matrix
Probabilistic model be the first gaussian probability model;According to second mean value and second covariance, to construct described second
The probabilistic model of vector matrix is the second gaussian probability model;It is general according to the first gaussian probability model and second Gauss
Rate model, to calculate the average relative entropy between the primary vector matrix and the secondary vector matrix;According to described average
Relative entropy determines first similarity or second similarity.
Preferably, the unsigned server is calculated in the following way between second image and the 4th image
Similarity: extract the feature vector for the facial image that the subscribed services device is sent, obtain the first operator matrix, described in extraction
The feature vector for the facial image that basic database returns, obtains the second operator matrix, wherein each feature vector includes corresponding to
The abscissa and ordinate of the feature vector of character pixel and the character pixel;According to the abscissa of each character pixel and indulge
Coordinate rejects the left-eye image and right eye figure of the facial image returned from the subscribed services device from first operator matrix
The feature vector extracted as in, obtains the corresponding first object operator matrix of second image;And it is calculated from described second
The feature extracted from the left-eye image and eye image for the facial image that the basic database returns is rejected in submatrix
Vector obtains the corresponding second target operator matrix of the 4th image;Calculate the first object operator matrix and described
Inner product between two target operator matrixes;It is determined between second image and the 4th image according to the inner product result
Similarity.
The present invention also provides a kind of Verification Systems that interconnects of identity-based identification card, comprising: Website server, signing
Server, unsigned server and terminal, in which: the Website server, for receiving the certification request and being sent to institute
Subscribed services device is stated, includes in the certification request and the one-to-one cell-phone number of identification card;The subscribed services device is used
In receiving the certification request, the attaching information of the cell-phone number is inquired according to certification request and is not belonging to institute in the cell-phone number
When stating the corresponding operator of subscribed services device, Xiang Suoshu Website server returns to the attaching information of the cell-phone number;The website
Server is also used to the attaching information returned according to the subscribed services device, the certification request is sent to and is returned with this
Belong to information unsigned server accordingly;The unsigned server, for receiving the certification request, and according to the certification
It requests to send authenticate-acknowledge request to terminal corresponding with the cell-phone number;The terminal is asked for receiving the authenticate-acknowledge
It asks, and receives user authentication confirmation message and be sent to the unsigned server;The unsigned server, is also used to receive
Authenticate-acknowledge information is simultaneously sent to the Website server;The Website server is also used to be believed according to the authenticate-acknowledge
Breath, complete verification process.
Preferably, the unsigned server is also used to request information in the certification request to the subscribed services device;
Judge in certification request that whether information in certification request that the Website server is sent sends with the subscribed services device
Information it is consistent, if unanimously, to terminal corresponding with the cell-phone number send authenticate-acknowledge request.
Preferably, in the certification request further include: the biological attribute data of user;The unsigned server, is also used
According to the certification request, biological attribute data acquisition request is sent to basic database, so that the basic database exists
After receiving the biological attribute data acquisition request, to the corresponding biology of the active user of the unsigned server return
Characteristic;And biological attribute data in the certification request is requested to the subscribed services device;Judge the signing clothes
Whether the biological attribute data that business device is sent and the biological attribute data that the basic database returns are consistent, if unanimously, to
Terminal corresponding with the cell-phone number sends authenticate-acknowledge request.
Preferably, the biological attribute data is facial image;The unsigned server is configured to: using such as lower section
Method judges whether is biological attribute data that the biological attribute data that the subscribed services device is sent and the basic database return
It is consistent: the facial image that the subscribed services device is sent to be divided into the first image and the second image, the first image is eye
Portion's area image, second image are the image in addition to the ocular image;The basic database is returned
Facial image is divided into third image and the 4th image, and the third image is ocular image, the 4th image be except
Image except the ocular image;Calculate similarity between the first image and the third image and described
Similarity between second image and the 4th image;According to the similarity between the first image and the third image
And the similarity between second image and the 4th image, come judge facial image that the subscribed services device is sent with
Whether the facial image that the basic database returns is consistent.
Preferably, the unsigned server is configured to: calculating the first image and described the according to following manner
Similarity between three images: being divided into left-eye image and eye image for the first image, and the third image is divided
For left-eye image and eye image;It calculates between the left-eye image of the first image and the left-eye image of the third image
Second between the eye image of first similarity and the first image and the eye image of the third image is similar
Degree;It is determined according to first similarity and second similarity similar between the first image and the third image
Degree.
Preferably, the unsigned server is also used to calculate weight, second similarity of first similarity
Weight and second image and the 4th image between third similarity weight, and it is similar according to described first
Degree, the weight of first similarity, second similarity, the weight of second similarity, the third similarity and
The weight of the third similarity, the biological attribute data to judge that the subscribed services device is sent are returned with the basic database
Whether the biological attribute data returned is consistent.
Preferably, the unsigned server is configured to: using with as under type calculating as described in the first similarity or
Second similarity: according to the left-eye image pixel of the first image, the left-eye image for obtaining the first image is corresponding
Primary vector matrix obtain the left-eye image pair of the third image and according to the left-eye image pixel of the third image
The secondary vector matrix answered;Alternatively, obtaining the right eye figure of the first image according to the eye image pixel of the first image
As corresponding primary vector matrix, and according to the eye image pixel of the third image, the right eye of the third image is obtained
The corresponding secondary vector matrix of image;Calculate the first mean value and the first covariance of the primary vector matrix;Calculate described
The second mean value and the second covariance of two vector matrixs;It is described to construct according to first mean value and first covariance
The probabilistic model of primary vector matrix is the first gaussian probability model;According to second mean value and second covariance, come
The probabilistic model for constructing the secondary vector matrix is the second gaussian probability model;According to the first gaussian probability model and institute
The second gaussian probability model is stated, to calculate the average relative entropy between the primary vector matrix and the secondary vector matrix;
First similarity or second similarity are determined according to the average relative entropy.
Preferably, the unsigned server is configured to: calculating second image and described in the following way
Similarity between four images: the feature vector for the facial image that the subscribed services device is sent is extracted, the first Operator Moment is obtained
Battle array extracts the feature vector for the facial image that basic database returns, obtains the second operator matrix;Wherein, each feature vector
The abscissa and ordinate of feature vector and the character pixel including character pair pixel;According to the cross of each character pixel
Coordinate and ordinate reject the left-eye image of the facial image returned from the subscribed services device from first operator matrix
With the feature vector extracted in eye image, the corresponding first object operator matrix of second image is obtained;And from institute
It states to reject in the second operator matrix and be extracted from the left-eye image and eye image for the facial image that the basic database returns
The feature vector arrived obtains the corresponding second target operator matrix of the 4th image;Calculate the first object operator matrix
Inner product between the second target operator matrix;Second image and the 4th figure are determined according to the inner product result
Similarity as between.
The invention has the following advantages:
The authentication method and system that interconnects of identity-based identification card provided by the invention provides a kind of multiple operations
The authentication method and system of the identity-based identification card to interconnect between quotient, in this way, even if having part operator not with website
Enterprise signs cooperation agreement, but the user of the unsigned operator can also complete to authenticate with identity-based identification card, therefore,
Achievable the whole network user carries out certification and logs in.
Detailed description of the invention
Fig. 1 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 1 provides;
Fig. 2 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 2 provides
Cheng Tu;
Fig. 3 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 3 provides
Cheng Tu;
Fig. 4 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 4 provides;
Fig. 5 A is step S54 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 5 provides
Flow chart;
Fig. 5 B is a kind of schematic diagram that facial image is divided into ocular image and non-ocular image;
In the authentication method that interconnects for the identity-based identification card that Fig. 6 provides for the embodiment of the present invention 6 in step S542
Calculate the flow chart of the similarity between the first image and the third image;
Fig. 7 is step S5422 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 8 provides
Flow chart;
In the authentication method that interconnects for the identity-based identification card that Fig. 8 provides for the embodiment of the present invention 9 in step S543
Calculate the flow chart of the similarity between the second image and the 4th image;
Fig. 9 is the composition schematic diagram of the Verification System that interconnects for the identification card that the embodiment of the present invention 10 provides.
Specific embodiment
To make those skilled in the art more fully understand technical solution of the present invention, come with reference to the accompanying drawing to the present invention
The authentication method and system that interconnects of the identity-based identification card of offer is described in detail.
Embodiment 1
Fig. 1 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 1 provides;It please join
Fig. 1 is read, the authentication method that interconnects of identity-based identification card provided in this embodiment includes:
S1, Website server receive certification request, include and the one-to-one hand of identification card in the certification request
Machine number.
Wherein, targeted website is the website that user currently wants access to.The embodiment of the present invention is applied to accessing as user
When targeted website, the scene for needing user's identity-based identification card to be authenticated, the application scenarios can be login scene, payment
Scene etc..Identification card can be SIM card, UIM card etc..
Specifically, when user is when register, the operation that delivery operation etc. is authenticated are clicked in targeted website, i.e.,
Certification request is had sent to Website server by the terminal where targeted website.
S2, the Website server receive after the certification request and are sent to subscribed services device.
S3, the subscribed services device inquire the attaching information of the cell-phone number and are not belonging to the signing in the cell-phone number
When the corresponding operator of server, Xiang Suoshu Website server returns to the attaching information of the cell-phone number.
Wherein, the attaching information of cell-phone number is the information of operator belonging to the cell-phone number.
Specifically, the subscribed services device can first obtain number of the cell-phone number of its carrying when receiving certification request
Section, and determined if to belong to the corresponding operator of the subscribed services device according to the number section, if so, corresponding to the cell-phone number
Terminal send authenticate-acknowledge request, for user carry out authenticate-acknowledge;If it is not, then returning to cell-phone number to the Website server
Attaching information.
S4, the attaching information that the Website server is returned according to the subscribed services device, by the certification request
It is sent to unsigned server corresponding with the attaching information.
Step S3 and S4 are actually when cell-phone number is not belonging to the corresponding operator of subscribed services device, according to cell-phone number
Attaching information is redirected to unsigned server, and the certification request is sent the unsigned server.
S5, the unsigned server receive certification request, and according to certification request to end corresponding with the cell-phone number
End sends authenticate-acknowledge request.
Wherein, terminal corresponding with the cell-phone number is the terminal of the corresponding identification card of the installation cell-phone number, should
Terminal can be the mobile terminals such as mobile phone.
Specifically, authenticate-acknowledge request can be, but not limited to for " trust × website? yes/no ".
S6, the terminal receive the authenticate-acknowledge request, and receive user authentication confirmation message and be sent to it is described not
Subscribed services device.
Specifically, after the terminal receives the authenticate-acknowledge request, show that the authenticate-acknowledge is requested in a manner of pop-up;When
When user clicks "Yes" option, terminal receives user authentication confirmation message;Then, authenticate-acknowledge information is sent to institute by terminal
State unsigned server.
S7, the unsigned server receive authenticate-acknowledge information and are sent to the Website server.
S8, the Website server is according to the authenticate-acknowledge information, complete verification process.
From the foregoing, it will be observed that the present invention provides a kind of certifications of the identity-based identification card to interconnect between multiple operators
Method and system, in this way, even if thering is part operator not sign cooperation agreement, but the unsigned operator with website enterprise
User can also with identity-based identification card complete authenticate, therefore, it can be achieved that the whole network user carry out certification log in.
Embodiment 2
Fig. 2 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 2 provides
Cheng Tu.The authentication method that interconnects of identity-based identification card provided in this embodiment is with the offer of above-described embodiment 1 based on body
The authentication method that interconnects of part identification card is similar, equally includes step S1~S8, in embodiment 1 due to step S1~S8
It there has been and describe in detail, details are not described herein.The difference of the embodiment Yu above-described embodiment 1 is only described below.
Specifically, referring to Fig. 2, the step S5 includes:
S51, the unsigned server request information in the certification request to the subscribed services device.
That is, in this embodiment, the unsigned server is in the certification for receiving the Website server transmission
After request, information in the certification request further also is requested to the subscribed services device.
S52, the unsigned server judge the information in the certification request that the Website server is sent whether with institute
The information stated in the certification request of subscribed services device transmission is consistent, if unanimously, recognizing to terminal corresponding with cell-phone number transmission
Demonstrate,prove confirmation request.
In this embodiment, unsigned server is after receiving the certification request that the Website server is sent, by into
One step requests information in the certification request to the subscribed services device, and the two is compared, and can verify unsigned clothes
Whether the received certification request of device of being engaged in is the certification request redirected by subscribed services device, is asked with preventing hacker from sending certification
The unsigned server of fascination is sought, maloperation is caused.
Embodiment 3
Fig. 3 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 3 provides
Cheng Tu, the authentication method that interconnects of identity-based identification card provided in this embodiment is with the offer of above-described embodiment 1 based on body
The authentication method that interconnects of part identification card is similar, and details are not described herein for the identical point of the two.Only describe below the application with
The difference of above-described embodiment 1.
Specifically, in this embodiment, in the certification request in addition to including cell-phone number, further includes: the biology of user is special
Levy data.On this basis, referring to Fig. 3, the step S5 includes:
S51, the unsigned server send biological attribute data to basic database and obtain according to the certification request
Request, so that after basic database receives the biological attribute data acquisition request, to described in the unsigned server return
The corresponding biological attribute data of active user.
Wherein, the cell-phone number and corresponding biological attribute data of each user are stored in basic database.It is based on
Different biological attribute datas can be used for distinguishing different user.The type of biological attribute data can be vocal print, fingerprint or people
Face image.Due to often storing the biological attribute data of each user in Ministry of Public Security's database, basic database packet
It includes but is not limited to Ministry of Public Security's database.In addition, active user is to input the user of the cell-phone number in targeted website.
Specifically, due to simultaneously including cell-phone number in certification request, the basic database is based on the cell-phone number and is
The corresponding biological attribute data of cell-phone number therewith can be inquired.
S52, the unsigned server request the biological attribute data in the certification request to the subscribed services device.
S53, the unsigned server judge the biological attribute data that the subscribed services device is sent and the basic number
Whether the biological attribute data returned according to library is consistent, if unanimously, sending authenticate-acknowledge to terminal corresponding with the cell-phone number
Request.
Specifically, unsigned server judges the biological attribute data and the basic data that the subscribed services device is sent
The whether consistent mode of biological attribute data that library returns, can have different judgement sides based on different biological attribute datas
Formula, the present embodiment is herein without detailed description.
In this embodiment, unsigned server is after receiving the certification request that the Website server is sent, by into
One step requests the biological attribute data in the certification request to the subscribed services device, and the two is compared, both can be with
Verify whether the received certification request of unsigned server is the certification request redirected by subscribed services device, it is black to prevent
Visitor sends certification request and confuses unsigned server, causes maloperation;It can be verified whether again as the true of unsigned server
The certification request that user sends is stolen to step on after preventing criminal from taking user password and real user is pretended to be to initiate certification request.
Embodiment 4
Fig. 4 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 4 provides, this reality
The identity-based identification card of interconnect authentication method and the offer of above-described embodiment 1 of the identity-based identification card of example offer is provided
The authentication method that interconnects is similar, and details are not described herein for the identical point of the two.The application and above-described embodiment 1 are only described below
Difference.
Specifically, in this embodiment, referring to fig. 4, further include following step S9 and step S10 before step S6:
S9, the terminal send identification card certification activation to carrier authorization server belonging to its cell-phone number and ask
It asks.
S10, after carrier authorization server belonging to the cell-phone number receives the identification card certification activation request,
Unaware pushes identification card authentication module into the identification card of the terminal.Identification card is increased in terminal to recognize
After demonstrate,proving module, that is, have been assigned the function that identity-based identification card carries out authentication.
It is pushed by unaware, identification card identity authentication function can be assigned under the premise of leaving user alone, from
And it can be improved user experience.
On this basis, the step S6 includes: that the identification card authentication module receives the certification request, and connects
It receives user authentication confirmation message and is sent to the unsigned server.
Embodiment 5
Fig. 5 A is step S54 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 5 provides
Flow chart, interconnect authentication method and above-described embodiment 3 of identity-based identification card provided in this embodiment provide based on
The authentication method that interconnects of identification card is similar, and details are not described herein for the identical point of the two.The application is only described below
With the difference of above-described embodiment 3.
Specifically, in this embodiment, the biological attribute data is facial image.On this basis, Fig. 5 A is please referred to,
The step S54 includes the following steps S541 to step S543:
The facial image that the subscribed services device is sent is divided into the first image and the second image by S541, and described first
Image is ocular image, and second image is the image in addition to the ocular image;By the basic data
The facial image that library returns is divided into third image and the 4th image, and the third image is ocular image, and the described 4th
Image is the image in addition to the ocular image.
Since the facial image of user causes each eyes opening degree different due to blinking, i.e. ocular image has
Certain uncertainty and deformation behavior, and other regions in addition to ocular image are regarded as the quiet of rigid body (being not easy deformation)
State image, therefore, the embodiment of the present invention in facial image ocular image and other area images take different sides
Formula, it is whether consistent come the facial image that judges that facial image that the subscribed services device is sent and the basic database return,
To improve accuracy of identification.As shown in Figure 5 B, facial image is divided into ocular image and non-eye area it illustrates a kind of
The schematic diagram of area image.
S542 calculates similarity between the first image and the third image and second image and described
Similarity between 4th image.
Wherein, the mode for calculating similarity can be realized using image similarity calculation method, about specific similar
Degree calculation method is not specifically limited in the present embodiment.
S543, according to the similarity and second image and described between the first image and the third image
Similarity between four images, to judge the facial image that the subscribed services device is sent and the people that the basic database returns
Whether face image is consistent.
Specifically according to similarity and second image between the first image and the third image and described
Similarity between 4th image, to judge what the facial image of the subscribed services device transmission was returned with the basic database
The whether consistent mode of facial image can there are many kinds of.For example, if between the first image and the third image
It, can be with when similarity is greater than similarity between first threshold and second image and the 4th image and is greater than second threshold
Determine that facial image that the subscribed services device is sent is consistent with the facial image that the basic database returns, etc..
Embodiment 6
In the authentication method that interconnects for the identity-based identification card that Fig. 6 provides for the embodiment of the present invention 6 in step S542
Calculate the flow chart of the similarity between the first image and the third image, identity-based identification provided in this embodiment
The authentication method that interconnects for the identity-based identification card that interconnect authentication method and above-described embodiment 5 of card provide is similar
Seemingly, details are not described herein for the identical point of the two.The difference of the present embodiment Yu above-described embodiment 5 is only described below.
Specifically, in this embodiment, referring to Fig. 6, calculating the first image and described the in the step S542
Similarity between three images includes the following steps S5421 to step S5423:
The first image is divided into left-eye image and eye image by S5421, and the third image is divided into left eye
Image and eye image.
S5422 calculates the first phase between the left-eye image of the first image and the left-eye image of the third image
Like the second similarity spent and between the eye image of the first image and the eye image of the third image.
Wherein, the mode for calculating the first similarity or the second similarity can use existing image similarity calculation method,
It wouldn't be elaborated herein.
S5423 determines the first image and the third figure according to first similarity and second similarity
Similarity as between.
Wherein, the first image and the third image are determined according to first similarity and second similarity
Between similarity mode, can there are many.For example, assigning the according to the area ratio of the area of left-eye image and eye image
The one similarity weight different with the second similarity;Then, according to the first similarity, weight of the first similarity, second similar
The weight of degree and the second similarity, to determine the similarity between the first image and the third image.It specifically, can be with
Using the weight of weight the+the second similarity the second similarity of * of first the first similarity of similarity * as the first image and institute
State the similarity between third image.
Embodiment 7
The base of the interconnect authentication method and the offer of above-described embodiment 6 of the identity-based identification card that the present embodiment 7 provides
Similar in the authentication method that interconnects of identification card, details are not described herein for the identical point of the two.This Shen is only described below
Please with the difference of above-described embodiment 6.Specifically, step S543 concrete methods of realizing in the embodiment are as follows:
The unsigned server calculates the weight of first similarity, the weight of second similarity and described
The weight of third similarity between two images and the 4th image, and according to first similarity, described first similar
The weight of degree, second similarity, the weight of second similarity, the third similarity and the third similarity
Weight, to judge the biological attribute data that the subscribed services device is sent and the biological attribute data that the basic database returns
It is whether consistent.
Wherein, the weight of the weight of the first similarity and the second similarity can use left-eye image and eye image respectively
The ratio between picture element number (area) and entire facial image picture element number (area) determine, i.e.,
The weight of third similarity can be used entire facial image picture element number (area) and subtract left-eye image and the right side
The sum of picture element number (area) of eye image and the ratio between entire facial image picture element number (area) determine, it may be assumed that
Wherein l indicates the length of left-eye image or eye image, and w indicates that the width of left-eye image or eye image, f indicate
Entire facial image picture element number (area), ω1、ω1And ω3Respectively indicate weight, the second similarity of the first similarity
Weight and third similarity weight.
Further, the facial image that the facial image and the basic database that the subscribed services device is sent return it
Between similarity can indicate are as follows:
Wherein, S indicates the facial image that the subscribed services device is sent and the facial image that the basic database returns
Between similarity, DlIndicate the first similarity, DrIndicate the second similarity, C indicates third similarity.
Similarity S is value range between 0 to 1, closer to 1, illustrates that similarity is bigger, in the case, if
The similarity between facial image that the facial image and the basic database that the subscribed services device is sent return is greater than pre-
If when threshold value, it is believed that the biological characteristic that the biological attribute data and the basic database that the subscribed services device is sent return
Data are consistent.Wherein, the value of the preset threshold can be set as needed, such as desirable 0.8.
Embodiment 8
Fig. 7 is step S5422 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 8 provides
Flow chart, interconnect authentication method and above-described embodiment 6 of identity-based identification card provided in this embodiment provide based on
The authentication method that interconnects of identification card is similar, and details are not described herein for the identical point of the two.This implementation is only described below
Difference of the example from above-described embodiment 6.
Specifically, in this embodiment, referring to Fig. 7, step S5422 includes the following steps S54221 to step
S54224:
S54221, according to the left-eye image pixel of the first image, the left-eye image for obtaining the first image is corresponding
Primary vector matrix obtain the left-eye image pair of the third image and according to the left-eye image pixel of the third image
The secondary vector matrix answered;Alternatively, obtaining the right eye figure of the first image according to the eye image pixel of the first image
As corresponding primary vector matrix, and according to the eye image pixel of the third image, the right eye of the third image is obtained
The corresponding secondary vector matrix of image.
In conjunction with Fig. 5 B, if the left-eye image of the first image and eye image interception area are l × w, wherein l is eye
The length of image, w be eyes image width, set respectively left eye, right eye top left pixel point coordinate asWithThen the left eye upper right corner, the lower right corner, lower-left angular coordinate are respectivelyThe right eye upper right corner, the lower right corner, lower-left angular coordinate are respectively
By taking the left-eye image of the first image as an example, primary vector matrix Itest_eye_lAre as follows:
If the area of left-eye image and eye image is also l × w in third image, then the left-eye image pair of third image
The secondary vector matrix I answeredregist_eye_lAre as follows:
The representation method of picture element matrix about eye image, the representation method principle phase with left-eye image picture element matrix
Together, this is not described in detail herein.For ease of description, following each steps also with the left-eye image and in the first image
It is illustrated for left-eye image in three images.
S54222 calculates the first mean value and the first covariance and the secondary vector matrix of the primary vector matrix
Second mean value and the second covariance.
Firstly, by primary vector matrix Itest_eye_lWith secondary vector matrix Iregist_eye_lBecome one-dimensional vector, i.e., by two
Matrix distinguishes " pulling into " one-dimensional vector:
The dimension of the two vectors is 1 × (l × w), then the first mean value and the second mean value are respectively as follows:
First covariance and the second covariance are respectively as follows:
Wherein, Σtest_eye_l,Σregist_eye_lDimension be (l × w) × (l × w).
S54223, according to first mean value and first covariance, to construct the probability of the primary vector matrix
Model is the first gaussian probability model;According to second mean value and second covariance, to construct the secondary vector square
The probabilistic model of battle array is the second gaussian probability model.
Specifically, the first gaussian probability model are as follows:
Second gaussian probability model are as follows:
Why the embodiment of the present invention will construct gaussian probability model, be because are as follows:
(1) Gaussian Profile can be well reflected the true distribution of natural world;
(2) standard deviation of entropy extreme value can be solved using the model, and can be to average relative entropy KL (Kullback-
Leibler) distance limits the upper limit.
S54224, according to the first gaussian probability model and the second gaussian probability model, to calculate described first
Average relative entropy (Kullback-Leibler) between vector matrix and the secondary vector matrix;According to described average opposite
Entropy determines first similarity or the second similarity.
Wherein, the embodiment of the present invention uses value of the value of average relative entropy as similarity.
According to the probability distribution in the space of above two vector matrix, average KL distance (the average phase of two vector matrixs is calculated
To entropy).For convenience of, simplify description formula, test_eye_l is calculated as A by following the description, and regist_eye_l is recorded as B, then two
The average KL distance that vector matrix is calculated, i.e. the first similarity are as follows:
According to above formula, the first phase between the left-eye image of the first image and the left-eye image of third image can be calculated
Like degree Dl, which, closer to 1, illustrates the left eye figure that two left eye similarities are bigger, i.e. in the first image between 0 to 1
As more similar to the left-eye image in third image;Conversely, similarity is smaller.
Similarly, the eye image of the first image and the right side of third image can be calculated by S54221 to S54224 through the above steps
The second similarity D between eye imager, no longer this is described in detail herein.
Embodiment 9
In the authentication method that interconnects for the identity-based identification card that Fig. 8 provides for the embodiment of the present invention 9 in step S542
Calculate the flow chart of the similarity between the second image and the 4th image, the interconnection of identity-based identification card provided in this embodiment
Intercommunication authentication method is similar with the authentication method that interconnects of identity-based identification card that above-described embodiment 5 provides, the two
Details are not described herein for identical point.The difference of the present embodiment Yu above-described embodiment 5 is only described below.
Specifically, in this embodiment, referring to Fig. 8, being calculated in step S542 between the second image and the 4th image
The process of similarity includes the following steps S5421 ' to step S5423 ':
S5421 ' is extracted the SIFT feature vector for the facial image that the basic database returns by SIFT algorithm, obtained
To the 2nd SIFT operator matrix, wherein each SIFT feature vector includes the feature vector and the feature of character pair pixel
The abscissa and ordinate of pixel;According to the abscissa and ordinate of each character pixel, from the 2nd SIFT operator matrix
It is middle to reject the feature vector extracted from the left-eye image and eye image for the facial image that the basic database returns, it obtains
To the corresponding second target SIFT operator matrix of the 4th image.
About the specific implementation for the feature vector extracted by SIFT extraction algorithm in image, may refer to existing
SIFT extraction algorithm, the embodiment of the present invention are not specifically addressed this.
Specifically, if the facial image of basic database return is after SIFT algorithm extracts feature vector, final
It can be indicated to the 2nd SIFT operator matrix are as follows:
If the facial image that basic database returns extracts a SIFT feature vector altogether, for example, v1For image
First SIFT proposed describes subcharacter vector, and dimension is 1 × 128, x1With y1Pixel corresponding to SIFT feature respectively
Cross, ordinate.In embodiments of the present invention, the purpose for adding characteristic point position information is that remaining department's image mentions to face
After taking out characteristic point, it is special to reject the SIFT extracted in right and left eyes blank eye orbit areas in the facial image that basic database returns
Sign point and character pair vector.Kick-out condition are as follows: for any SIFT feature, if true according to the location information of this feature point
When fixed its is in left-eye image or eye image, it will be deleted in its first SIFT operator matrix, so that subsequent calculate
The similarity arrived is more accurate.
According to the above kick-out condition, it is related to can remove the facial image middle left and right eye white space that basic database returns
SIFT feature.Since the facial image (white space containing right and left eyes) that basic database returns proposes SIFT feature number altogether
For a, if the SIFT feature number that images of left and right eyes blank eye orbit areas extracts altogether is b, then the SIFT feature vector after rejecting,
That is the second target SIFT operator matrix are as follows:
The SIFT feature that above formula has extracted blank eye orbit areas is rejected.
S5422 ' is extracted the SIFT feature vector for the facial image that the subscribed services device is sent by SIFT algorithm, obtained
To the first SIFT operator matrix, wherein each SIFT feature vector includes the feature vector and the feature of character pair pixel
The abscissa and ordinate of pixel;According to the abscissa and ordinate of each character pixel, from the first SIFT operator matrix
It is middle to reject the feature vector extracted from the left-eye image and eye image for the facial image that the subscribed services device returns, it obtains
To the corresponding first object SIFT operator matrix of second image.
The principle of the step is consistent with the principle in above-mentioned steps S5421 ', and for details, reference can be made in above-mentioned steps S5421 '
Content, details are not described herein again.Similarly, the facial image for obtaining the transmission of subscribed services device picks out what right and left eyes white space obtained
SIFT feature vector set is combined into: set subscribed services device transmission facial image propose altogether SIFT feature number as c, images of left and right eyes
The SIFT feature number that blank eye orbit areas extracts altogether is d, then first object SIFT operator matrix can indicate are as follows:
S5423 ' is calculated interior between the first object SIFT operator matrix and the second target SIFT operator matrix
Product, is determined as the similarity between second image and the 4th image for the inner product.
The above two targets SIFT operator matrix is subjected to inner product calculating to get second image and the 4th image is arrived
Between similarity C:
According to definition of inner product, the value range of C is between 0 to 1, closer to 1, illustrates that similarity is bigger, i.e., and described
Two images and the 4th image are more similar;Conversely, similarity is smaller, i.e., described second image and the 4th image more not phase
Seemingly.
Embodiment 10
Fig. 9 is the composition schematic diagram of the Verification System that interconnects for the identification card that the embodiment of the present invention 10 provides, and is asked
Refering to Fig. 9, the Verification System that interconnects of the identification card, comprising: Website server 91, subscribed services device 92, unsigned
Server 93 and terminal 94, in which:
The Website server includes corresponding in the certification request with identification card for receiving certification request
Cell-phone number;It receives after the certification request and is sent to subscribed services device.
The subscribed services device inquires the attaching information of the cell-phone number and in the hand for receiving the certification request
The ownership letter of the cell-phone number is returned when machine number is not belonging to the subscribed services device corresponding operator to the Website server
Breath.
The Website server is also used to the attaching information returned according to the subscribed services device, and the certification is asked
It asks and is sent to the attaching information unsigned server accordingly.
The unsigned server for receiving the certification request, and according to the certification request to the cell-phone number
Corresponding terminal sends authenticate-acknowledge request.
The terminal for receiving authenticate-acknowledge request, and receive user authentication confirmation message and be sent to it is described not
Subscribed services device.
The unsigned server is also used to receive authenticate-acknowledge information and is sent to the Website server.
The Website server is also used to according to the complete verification process of authenticate-acknowledge information.
Optionally, the unsigned server is also used to request information in the certification request to the subscribed services device;
Judge in certification request that whether information in certification request that the Website server is sent sends with the subscribed services device
Information it is consistent, if unanimously, will to terminal corresponding with the cell-phone number send authenticate-acknowledge request.
Optionally, in the certification request further include: the biological attribute data of user;
The unsigned server is also used to send biological attribute data according to the certification request to basic database and obtain
Request is taken, so that basic database after receiving the biological attribute data acquisition request, is returned to the unsigned server
The corresponding biological attribute data of the active user;And judge biological attribute data and the base that the subscribed services device is sent
Whether the biological attribute data that plinth database returns is consistent, if unanimously, sending and authenticating to terminal corresponding with the cell-phone number
Confirmation request.
Optionally, the terminal is also used to send identification card to carrier authorization server belonging to its cell-phone number and recognize
Card activation request, so that carrier authorization server belonging to the cell-phone number is asked in the reception identification card certification activation
It asks, and unaware push identification card authentication module is into the identification card of the terminal.
The identification card authentication module receives user authentication confirmation message for receiving the authenticate-acknowledge request
And it is sent to the unsigned server.
Optionally, the biological attribute data is facial image;
The unsigned server is also used to judge according to the following method the biological characteristic number that the subscribed services device is sent
It is whether consistent according to the biological attribute data returned with the basic database:
The facial image that the subscribed services device is sent is divided into the first image and the second image, the first image is
Ocular image, second image are the image in addition to the ocular image;The basic database is returned
Facial image be divided into third image and the 4th image, the third image is ocular image, and the 4th image is
Image in addition to the ocular image.
Calculate the similarity and second image and the described 4th between the first image and the third image
Similarity between image.
According between the first image and the third image similarity and second image and the 4th figure
Similarity as between, to judge the facial image that the subscribed services device is sent and the face figure that the basic database returns
It seem no consistent.
Optionally, the unsigned server is also used to calculate the first image and the third figure according to following manner
Similarity as between:
The first image is divided into left-eye image and eye image, by the third image be divided into left-eye image and
Eye image.
Calculate the first image left-eye image and the third image left-eye image between the first similarity with
And the first image eye image and the third image eye image between the second similarity.
It is determined between the first image and the third image according to first similarity and second similarity
Similarity.
Optionally, the unsigned server calculates the weight of first similarity, the weight of second similarity
And the weight of the third similarity between second image and the 4th image, and according to first similarity, described
The weight of first similarity, second similarity, the weight of second similarity, the third similarity and the third
The weight of similarity, to judge the biological attribute data that the subscribed services device is sent and the biology that the basic database returns
Whether characteristic is consistent.
Optionally, the unsigned server is configured to, and calculates first similarity or institute in the following way
State the second similarity:
According to the left-eye image pixel of the first image, obtain the left-eye image corresponding first of the first image to
Moment matrix, and according to the left-eye image pixel of the third image, obtain the left-eye image corresponding second of the third image
Vector matrix;Alternatively, according to the eye image pixel of the first image, the eye image for obtaining the first image is corresponding
Primary vector matrix, and according to the eye image pixel of the third image, the eye image for obtaining the third image is corresponding
Secondary vector matrix.
Calculate the first mean value and the first covariance of the primary vector matrix.
Calculate the second mean value and the second covariance of the secondary vector matrix.
It is the to construct the probabilistic model of the primary vector matrix according to first mean value and first covariance
One gaussian probability model.
It is the to construct the probabilistic model of the secondary vector matrix according to second mean value and second covariance
Two gaussian probability models.
According to the first gaussian probability model and the second gaussian probability model, to calculate the primary vector matrix
Average relative entropy between the secondary vector matrix.
First similarity or second similarity are determined according to the average relative entropy.
Optionally, the unsigned server is further configured to calculate second image and described in the following way
Similarity between 4th image:
The SIFT feature vector that the facial image that the subscribed services device is sent is extracted by SIFT algorithm, obtains first
SIFT operator matrix, wherein each SIFT feature vector include character pair pixel feature vector and the character pixel
Abscissa and ordinate.
According to the abscissa and ordinate of each character pixel, reject from the first SIFT operator matrix from the label
The feature vector about extracted in the left-eye image and eye image of the facial image of server return, obtains second image
Corresponding first object SIFT operator matrix.
The SIFT feature vector that the facial image that the basic database returns is extracted by SIFT algorithm, obtains second
SIFT operator matrix, wherein each SIFT feature vector include character pair pixel feature vector and the character pixel
Abscissa and ordinate.
According to the abscissa and ordinate of each character pixel, reject from the 2nd SIFT operator matrix from the base
The feature vector extracted in the left-eye image and eye image of the facial image that plinth database returns, obtains the 4th image
Corresponding second target SIFT operator matrix.
Calculate the inner product between the first object SIFT operator matrix and the second target SIFT operator matrix.
The similarity between second image and the 4th image is determined according to the inner product.
The specific work process of the Verification System that interconnects about the identification card is in above-described embodiment 1 to implementation
It is described in detail in example 9, for details, reference can be made to content of the above-described embodiment 1 into embodiment 9, and details are not described herein.
The Verification System that interconnects of identification card provided in this embodiment is provided and is interconnected between a kind of operator
Identity-based identification card authentication method and system, on this basis, though have part operator not with Website server label
Cooperation agreement is ordered, user can also complete certification based on its identification card, not only expand the progress of identity-based identification card
The use scope of certification, and since the authentication mode can be applied to all provider customers, thus it is all with per family can be with
Based on the method access target net, so as to increase the amount of access of targeted website.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from
In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (16)
1. a kind of authentication method that interconnects of identity-based identification card characterized by comprising
Website server receives after certification request and is sent to subscribed services device, includes in the certification request and identification card
One-to-one cell-phone number;
The subscribed services device inquires the attaching information of the cell-phone number and is not belonging to the subscribed services device in the cell-phone number
When corresponding operator, Xiang Suoshu Website server returns to the attaching information of the cell-phone number;
The attaching information that the Website server is returned according to the subscribed services device, by the certification request be sent to
The attaching information unsigned server accordingly;
The unsigned server receives the certification request, and according to the certification request to end corresponding with the cell-phone number
End sends authenticate-acknowledge request;
The terminal receives the authenticate-acknowledge request, and receives user authentication confirmation message and be sent to the unsigned service
Device;
The unsigned server receives authenticate-acknowledge information and is sent to the Website server;
The Website server is according to the complete verification process of authenticate-acknowledge information.
2. the authentication method that interconnects of identity-based identification card according to claim 1, which is characterized in that described not sign
About server sends authenticate-acknowledge request to the corresponding terminal of the cell-phone number, comprising:
The unsigned server requests the information in the certification request to the subscribed services device;
The unsigned server judges whether the information in the certification request that the Website server is sent takes with the signing
The information being engaged in the certification request that device is sent is consistent, if unanimously, sending authenticate-acknowledge to terminal corresponding with the cell-phone number and asking
It asks.
3. the authentication method that interconnects of identity-based identification card according to claim 1, which is characterized in that the certification
In request further include: the biological attribute data of user;
The unsigned server sends authenticate-acknowledge request to terminal corresponding with the cell-phone number, comprising:
The unsigned server sends biological attribute data acquisition request according to the certification request, to basic database, with
After so that basic database is received the biological attribute data acquisition request, it is corresponding that active user is returned to the unsigned server
Biological attribute data;
The unsigned server requests the biological attribute data in the certification request to the subscribed services device;
The unsigned server judges that the biological attribute data that the subscribed services device is sent and the basic database return
Biological attribute data it is whether consistent, if unanimously, to terminal corresponding with the cell-phone number send authenticate-acknowledge request.
4. the authentication method that interconnects of identity-based identification card according to claim 3, which is characterized in that the biology
Characteristic is facial image;
The unsigned server judges the biological attribute data and the base that the subscribed services device is sent according to the following method
Whether the biological attribute data that plinth database returns is consistent:
The facial image that the subscribed services device is sent is divided into the first image and the second image, the first image is eye
Area image, second image are the image in addition to the ocular image;The people that the basic database is returned
Face image is divided into third image and the 4th image, and the third image is ocular image, and the 4th image is except institute
State the image except ocular image;
Similarity and second image and the 4th image between calculating the first image and the third image
Between similarity;
According between the first image and the third image similarity and second image and the 4th image it
Between similarity, the facial image to judge that the facial image that the subscribed services device is sent is returned with the basic database is
It is no consistent.
5. the authentication method that interconnects of identity-based identification card according to claim 4, which is characterized in that described not sign
About server calculates the similarity between the first image and the third image according to following manner:
The first image is divided into left-eye image and eye image, the third image is divided into left-eye image and right eye
Image;
Calculate the first similarity between the left-eye image of the first image and the left-eye image of the third image and institute
State the second similarity between the eye image of the first image and the eye image of the third image;
The phase between the first image and the third image is determined according to first similarity and second similarity
Like degree.
6. the authentication method that interconnects of identity-based identification card according to claim 5, which is characterized in that described not sign
About server according between the first image and the third image similarity and second image and the 4th figure
Similarity as between, to judge the facial image that the subscribed services device is sent and the face figure that the basic database returns
It seem no consistent, comprising:
The unsigned server calculates the weight of first similarity, the weight of second similarity and second figure
The weight of third similarity between picture and the 4th image, and according to first similarity, first similarity
Weight, second similarity, the weight of second similarity, the power of the third similarity and the third similarity
Weight, the biological attribute data to judge that the biological attribute data that the subscribed services device is sent is returned with the basic database are
It is no consistent.
7. the authentication method that interconnects of identity-based identification card according to claim 5, which is characterized in that described not sign
About server calculates first similarity or second similarity in the following way:
According to the left-eye image pixel of the first image, the corresponding primary vector square of left-eye image of the first image is obtained
Battle array, and according to the left-eye image pixel of the third image, obtain the corresponding secondary vector of left-eye image of the third image
Matrix;Alternatively, obtaining the eye image corresponding first of the first image according to the eye image pixel of the first image
Vector matrix, and according to the eye image pixel of the third image, obtain the eye image corresponding of the third image
Two vector matrixs;
Calculate the first mean value and the first covariance of the primary vector matrix;
Calculate the second mean value and the second covariance of the secondary vector matrix;
It is first high to construct the probabilistic model of the primary vector matrix according to first mean value and first covariance
This probabilistic model;
It is second high to construct the probabilistic model of the secondary vector matrix according to second mean value and second covariance
This probabilistic model;
According to the first gaussian probability model and the second gaussian probability model, to calculate the primary vector matrix and institute
State the average relative entropy between secondary vector matrix;
First similarity or second similarity are determined according to the average relative entropy.
8. the authentication method that interconnects of identity-based identification card according to claim 4, which is characterized in that described not sign
About server calculates the similarity between second image and the 4th image in the following way:
The feature vector for extracting the facial image that the subscribed services device is sent, obtains the first operator matrix, extracts the basis
The feature vector for the facial image that database returns, obtains the second operator matrix, wherein each feature vector includes character pair
The abscissa and ordinate of the feature vector of pixel and the character pixel;
According to the abscissa and ordinate of each character pixel, reject from first operator matrix from the subscribed services device
The feature vector extracted in the left-eye image and eye image of the facial image of return obtains second image corresponding
One target operator matrix;And a left side for the facial image returned from the basic database is rejected from second operator matrix
The feature vector extracted in eye image and eye image, obtains the corresponding second target operator matrix of the 4th image;
Calculate the inner product between the first object operator matrix and the second target operator matrix;
The similarity between second image and the 4th image is determined according to the inner product result.
9. a kind of Verification System that interconnects of identity-based identification card characterized by comprising Website server, signing clothes
Business device, unsigned server and terminal, in which:
The Website server, for receiving the certification request and being sent to the subscribed services device, in the certification request
Including with the one-to-one cell-phone number of identification card;
The subscribed services device inquires the attaching information of the cell-phone number according to certification request for receiving the certification request
And when the cell-phone number is not belonging to the corresponding operator of the subscribed services device, Xiang Suoshu Website server returns to the mobile phone
Number attaching information;
The Website server is also used to the attaching information returned according to the subscribed services device, by the certification request
It is sent to unsigned server corresponding with the attaching information;
The unsigned server, for receiving the certification request, and according to the certification request to the cell-phone number pair
The terminal answered sends authenticate-acknowledge request;
The terminal for receiving authenticate-acknowledge request, and receives user authentication confirmation message and is sent to and described do not sign
About server;
The unsigned server is also used to receive authenticate-acknowledge information and is sent to the Website server;
The Website server is also used to according to the authenticate-acknowledge information, complete verification process.
10. the Verification System that interconnects of identity-based identification card according to claim 9, which is characterized in that it is described not
Subscribed services device is also used to request information in the certification request to the subscribed services device;Judge the Website server hair
Whether the information in certification request sent is consistent with the information in the certification request that the subscribed services device is sent, if unanimously, to
Terminal corresponding with the cell-phone number sends authenticate-acknowledge request.
11. the Verification System that interconnects of identity-based identification card according to claim 9, which is characterized in that described to recognize
In card request further include: the biological attribute data of user;
The unsigned server is also used to send biological attribute data according to the certification request to basic database and obtain
Request, so that the basic database returns after receiving the biological attribute data acquisition request to the unsigned server
The corresponding biological attribute data of active user returned;And request the biology in the certification request special to the subscribed services device
Levy data;Judge the biological attribute data that the subscribed services device is sent and the biological attribute data that the basic database returns
It is whether consistent, if unanimously, sending authenticate-acknowledge request to terminal corresponding with the cell-phone number.
12. the Verification System that interconnects of identity-based identification card according to claim 11, which is characterized in that the life
Object characteristic is facial image;
The unsigned server is configured to: judging the biological attribute data that the subscribed services device is sent with the following method
Whether the biological attribute data returned with the basic database is consistent:
The facial image that the subscribed services device is sent is divided into the first image and the second image, the first image is eye
Area image, second image are the image in addition to the ocular image;The people that the basic database is returned
Face image is divided into third image and the 4th image, and the third image is ocular image, and the 4th image is except institute
State the image except ocular image;
Similarity and second image and the 4th image between calculating the first image and the third image
Between similarity;
According between the first image and the third image similarity and second image and the 4th image it
Between similarity, the facial image to judge that the facial image that the subscribed services device is sent is returned with the basic database is
It is no consistent.
13. the Verification System that interconnects of identity-based identification card according to claim 12, which is characterized in that it is described not
Subscribed services device is configured to: the similarity between the first image and the third image is calculated according to following manner:
The first image is divided into left-eye image and eye image, the third image is divided into left-eye image and right eye
Image;
Calculate the first similarity between the left-eye image of the first image and the left-eye image of the third image and institute
State the second similarity between the eye image of the first image and the eye image of the third image;
The phase between the first image and the third image is determined according to first similarity and second similarity
Like degree.
14. the Verification System that interconnects of identity-based identification card according to claim 13, which is characterized in that it is described not
Subscribed services device is also used to calculate the weight of first similarity, the weight of second similarity and second image
The weight of third similarity between the 4th image, and according to first similarity, the power of first similarity
Weight, second similarity, the weight of second similarity, the weight of the third similarity and the third similarity,
To judge whether are the biological attribute data that the subscribed services device is sent and the biological attribute data that the basic database returns
Unanimously.
15. the Verification System that interconnects of identity-based identification card according to claim 13, which is characterized in that it is described not
Subscribed services device is configured to: it uses with the first similarity or second similarity as described in calculating under type:
According to the left-eye image pixel of the first image, the corresponding primary vector square of left-eye image of the first image is obtained
Battle array, and according to the left-eye image pixel of the third image, obtain the corresponding secondary vector of left-eye image of the third image
Matrix;Alternatively, obtaining the eye image corresponding first of the first image according to the eye image pixel of the first image
Vector matrix, and according to the eye image pixel of the third image, obtain the eye image corresponding of the third image
Two vector matrixs;
Calculate the first mean value and the first covariance of the primary vector matrix;
Calculate the second mean value and the second covariance of the secondary vector matrix;
It is first high to construct the probabilistic model of the primary vector matrix according to first mean value and first covariance
This probabilistic model;
It is second high to construct the probabilistic model of the secondary vector matrix according to second mean value and second covariance
This probabilistic model;
According to the first gaussian probability model and the second gaussian probability model, to calculate the primary vector matrix and institute
State the average relative entropy between secondary vector matrix;
First similarity or second similarity are determined according to the average relative entropy.
16. the Verification System that interconnects of identity-based identification card according to claim 12, which is characterized in that it is described not
Subscribed services device is configured to: the similarity between second image and the 4th image is calculated in the following way:
The feature vector for extracting the facial image that the subscribed services device is sent obtains the first operator matrix, extracts basic data
The feature vector for the facial image that library returns, obtains the second operator matrix;Wherein, each feature vector includes character pair pixel
Feature vector and the character pixel abscissa and ordinate;
According to the abscissa and ordinate of each character pixel, reject from first operator matrix from the subscribed services device
The feature vector extracted in the left-eye image and eye image of the facial image of return obtains second image corresponding
One target operator matrix;And a left side for the facial image returned from the basic database is rejected from second operator matrix
The feature vector extracted in eye image and eye image, obtains the corresponding second target operator matrix of the 4th image;
Calculate the inner product between the first object operator matrix and the second target operator matrix;
The similarity between second image and the 4th image is determined according to the inner product result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610487899.3A CN106131833B (en) | 2016-06-28 | 2016-06-28 | The authentication method and system that interconnects of identity-based identification card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610487899.3A CN106131833B (en) | 2016-06-28 | 2016-06-28 | The authentication method and system that interconnects of identity-based identification card |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106131833A CN106131833A (en) | 2016-11-16 |
CN106131833B true CN106131833B (en) | 2019-10-01 |
Family
ID=57284197
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610487899.3A Active CN106131833B (en) | 2016-06-28 | 2016-06-28 | The authentication method and system that interconnects of identity-based identification card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106131833B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109977930B (en) * | 2019-04-29 | 2021-04-02 | 中国电子信息产业集团有限公司第六研究所 | Fatigue driving detection method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101401385A (en) * | 2006-01-31 | 2009-04-01 | 松下电器产业株式会社 | Method for personal network management across multiple operators |
CN101867589A (en) * | 2010-07-21 | 2010-10-20 | 深圳大学 | Network identification authentication server and authentication method and system thereof |
CN104113462A (en) * | 2014-07-09 | 2014-10-22 | 桂林高德科技有限责任公司 | PPPOE method of accessing shared link by multiple operators |
CN105099700A (en) * | 2015-07-27 | 2015-11-25 | 中国联合网络通信集团有限公司 | Authentication method, authentication server, and system |
CN106817347A (en) * | 2015-11-27 | 2017-06-09 | 中兴通讯股份有限公司 | Third-party application authentication method, certificate server, terminal and management server |
-
2016
- 2016-06-28 CN CN201610487899.3A patent/CN106131833B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101401385A (en) * | 2006-01-31 | 2009-04-01 | 松下电器产业株式会社 | Method for personal network management across multiple operators |
CN101867589A (en) * | 2010-07-21 | 2010-10-20 | 深圳大学 | Network identification authentication server and authentication method and system thereof |
CN104113462A (en) * | 2014-07-09 | 2014-10-22 | 桂林高德科技有限责任公司 | PPPOE method of accessing shared link by multiple operators |
CN105099700A (en) * | 2015-07-27 | 2015-11-25 | 中国联合网络通信集团有限公司 | Authentication method, authentication server, and system |
CN106817347A (en) * | 2015-11-27 | 2017-06-09 | 中兴通讯股份有限公司 | Third-party application authentication method, certificate server, terminal and management server |
Non-Patent Citations (1)
Title |
---|
"沃互联"统一认证技术研究;刘镝等;《电信科学》;20150620;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106131833A (en) | 2016-11-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11301555B2 (en) | Authentication system | |
US9813909B2 (en) | Cloud server for authenticating the identity of a handset user | |
KR101214839B1 (en) | Authentication method and authentication system | |
EP3693878A1 (en) | Wireless biometric authentication system and method | |
US10528710B2 (en) | System and method for user identity verification, and client and server by use thereof | |
CN104834839B (en) | A kind of code generating method, method for authenticating and associated terminal based on bar code | |
CN106330850A (en) | Biological characteristic-based security verification method, client and server | |
US20130023241A1 (en) | Authentication method and system using portable terminal | |
CN110326251A (en) | The system and method that the general dispersion solution of user is verified using cross validation feature are provided | |
CN105608621A (en) | Remote account opening method, server and system | |
CN109670291B (en) | Verification code implementation method and device and storage medium | |
CN108022100B (en) | Cross authentication system and method based on block chain technology | |
US11521208B2 (en) | System and method for authenticating transactions from a mobile device | |
CN105635113B (en) | Teleaction service based on SDK handles method and system | |
CN106303599A (en) | A kind of information processing method, system and server | |
CN103986577A (en) | Electronic trading authentication method based on facial recognition | |
Mtaho | Improving mobile money security with two-factor authentication | |
CN110753029B (en) | Identity verification method and biological identification platform | |
CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
CN106131833B (en) | The authentication method and system that interconnects of identity-based identification card | |
CN112687042A (en) | Authentication method, authentication device and electronic equipment | |
CN109992942A (en) | Secret protection face authentication method and system, intelligent terminal based on privacy sharing | |
CN104182664A (en) | Two-dimensional-code-based authentication method and system for non-networked environment | |
CN111010395B (en) | Credit-based information identifier generation method and device | |
Miller et al. | Mobile e-commerce to drive voice-based authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |