CN106131833B - The authentication method and system that interconnects of identity-based identification card - Google Patents

The authentication method and system that interconnects of identity-based identification card Download PDF

Info

Publication number
CN106131833B
CN106131833B CN201610487899.3A CN201610487899A CN106131833B CN 106131833 B CN106131833 B CN 106131833B CN 201610487899 A CN201610487899 A CN 201610487899A CN 106131833 B CN106131833 B CN 106131833B
Authority
CN
China
Prior art keywords
image
similarity
server
services device
subscribed services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610487899.3A
Other languages
Chinese (zh)
Other versions
CN106131833A (en
Inventor
刘镝
王志军
张尼
王笑帝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201610487899.3A priority Critical patent/CN106131833B/en
Publication of CN106131833A publication Critical patent/CN106131833A/en
Application granted granted Critical
Publication of CN106131833B publication Critical patent/CN106131833B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/161Detection; Localisation; Normalisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Software Systems (AREA)
  • Biomedical Technology (AREA)
  • Power Engineering (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of authentication method and system that interconnects of identity-based identification card, comprising: Website server reception includes the certification request with the one-to-one cell-phone number of identification card and is sent to subscribed services device;The attaching information of subscribed services device inquiry mobile phone number and when cell-phone number is not belonging to the corresponding operator of subscribed services device, the attaching information of cell-phone number is returned to Website server;The unsigned server that certification request is sent to by Website server according to attaching information;Certification request is sent to terminal corresponding with cell-phone number by unsigned server;Terminal receives certification request, and receives user authentication confirmation message and be sent to unsigned server;Unsigned server receives authenticate-acknowledge information and is sent to Website server;Website server is according to the complete verification process of authenticate-acknowledge information.

Description

The authentication method and system that interconnects of identity-based identification card
Technical field
The invention belongs to internet of things field, and in particular to a kind of authentication method that interconnects of identity-based identification card And system.
Background technique
With the continuous evolution of Information and Communication Technology, the introducing of the new technologies such as cloud computing, big data, people be can use PC, mobile terminal carry out the various network services such as surfing on the net, resource access, e-commerce, mobile payment, social networks.Though Right various network services facilitate user, but network user's personal secrets situation is further severe.In recent years, a series of network informations Leakage event emerges one after another.In order to avoid the information of user is leaked, when user's Website login on PC, currently, frequent base It is authenticated in identification cards such as the SIM cards of customer mobile terminal, specifically, user clicks authentication key on website, and defeated Enter the corresponding cell-phone number of identification card, authenticate-acknowledge window will be will pop up on the mobile terminal of user later, user clicks true Certification can be completed after recognizing, just can further access website in this way.
However, since most website possesses domestic the whole network user, i.e., domestic three provider customers, and each operator is recognized Demonstrate,prove server admin respectively cell-phone number and identity information.To accelerate cooperation deployment, website enterprise may only be signed with an operator Administration's cooperation deployment agreement (referred to as signing operator), the certificate server (referred to as subscribed services device) of the signing operator, Carry out certification interaction between the Website server and user terminal, and server (the referred to as unsigned clothes of unsigned operator Business device) then certification interaction will not be carried out with Website server and user terminal, also just it is unable to complete verification process.
Summary of the invention
The present invention is directed at least solve one of the technical problems existing in the prior art, a kind of identity-based identification is proposed The authentication method and system that interconnects of card.
One of in order to solve the above problem, the present invention provides a kind of authentication method that interconnects of identity-based identification card, Include: that Website server receives after certification request and is sent to subscribed services device, includes in the certification request and identification Block one-to-one cell-phone number;The subscribed services device is inquired the attaching information of the cell-phone number and is not belonging in the cell-phone number When the corresponding operator of the subscribed services device, Xiang Suoshu Website server returns to the attaching information of the cell-phone number;The net The attaching information that site server is returned according to the subscribed services device, the certification request is sent to and the attaching information Corresponding unsigned server;The unsigned server receives the certification request, and according to the certification request to institute It states the corresponding terminal of cell-phone number and sends authenticate-acknowledge request;The terminal receives the authenticate-acknowledge request, and receives user and recognize It demonstrate,proves confirmation message and is sent to the unsigned server;The unsigned server receives authenticate-acknowledge information and is sent to institute State Website server;The Website server is according to the complete verification process of authenticate-acknowledge information.
Preferably, the unsigned server sends authenticate-acknowledge request to the corresponding terminal of the cell-phone number, comprising: institute It states unsigned server and requests information in the certification request to the subscribed services device;Described in the unsigned server judgement The information one in the certification request whether information in certification request that Website server is sent sends with the subscribed services device It causes, if unanimously, sending authenticate-acknowledge request to terminal corresponding with the cell-phone number.
Preferably, in the certification request further include: the biological attribute data of user;The unsigned server to institute It states the corresponding terminal of cell-phone number and sends authenticate-acknowledge request, comprising: the unsigned server is according to the certification request, Xiang Ji Plinth database sends biological attribute data acquisition request, so that basic database receives the biological attribute data acquisition request Afterwards, the corresponding biological attribute data of the active user is returned to the unsigned server;The unsigned server is to institute It states subscribed services device and requests biological attribute data in the certification request;The unsigned server judges the subscribed services Whether the biological attribute data and the biological attribute data that returns of the basic database that device is sent consistent, if unanimously, to The corresponding terminal of the cell-phone number sends authenticate-acknowledge request.
Preferably, the biological attribute data is facial image;The unsigned server judges institute according to the following method It states the biological attribute data that subscribed services device is sent and whether the biological attribute data that the basic database returns is consistent: by institute The facial image for stating the transmission of subscribed services device is divided into the first image and the second image, and the first image is ocular figure Picture, second image are the image in addition to the ocular image;The facial image that the basic database is returned It is divided into third image and the 4th image, the third image is ocular image, and the 4th image is except the eye Image except area image;Calculate the similarity between the first image and the third image and second image Similarity between the 4th image;According to the similarity and described between the first image and the third image Similarity between two images and the 4th image, to judge facial image and the basis that the subscribed services device is sent Whether the facial image that database returns is consistent.
Preferably, the unsigned server calculates between the first image and the third image according to following manner Similarity: the first image is divided into left-eye image and eye image, the third image is divided into left-eye image And eye image;Calculate the first similarity between the left-eye image of the first image and the left-eye image of the third image And the first image eye image and the third image eye image between the second similarity;According to described One similarity and second similarity determine the similarity between the first image and the third image.
Preferably, the unsigned server according between the first image and the third image similarity and institute State the similarity between the second image and the 4th image, come judge facial image that the subscribed services device is sent with it is described Whether the facial image that basic database returns is consistent, comprising: the unsigned server calculates the power of first similarity Weight, second similarity weight and second image and the 4th image between third similarity weight, and According to first similarity, the weight of first similarity, second similarity, the weight of second similarity, The weight of the third similarity and the third similarity, come judge biological attribute data that the subscribed services device is sent with Whether the biological attribute data that the basic database returns is consistent.
Preferably, the unsigned server calculates first similarity or described second similar in the following way Degree: according to the left-eye image pixel of the first image, the corresponding primary vector square of left-eye image of the first image is obtained Battle array, and according to the left-eye image pixel of the third image, obtain the corresponding secondary vector of left-eye image of the third image Matrix;Alternatively, obtaining the eye image corresponding first of the first image according to the eye image pixel of the first image Vector matrix, and according to the eye image pixel of the third image, obtain the eye image corresponding of the third image Two vector matrixs;Calculate the first mean value and the first covariance of the primary vector matrix;Calculate the secondary vector matrix Second mean value and the second covariance;According to first mean value and first covariance, to construct the primary vector matrix Probabilistic model be the first gaussian probability model;According to second mean value and second covariance, to construct described second The probabilistic model of vector matrix is the second gaussian probability model;It is general according to the first gaussian probability model and second Gauss Rate model, to calculate the average relative entropy between the primary vector matrix and the secondary vector matrix;According to described average Relative entropy determines first similarity or second similarity.
Preferably, the unsigned server is calculated in the following way between second image and the 4th image Similarity: extract the feature vector for the facial image that the subscribed services device is sent, obtain the first operator matrix, described in extraction The feature vector for the facial image that basic database returns, obtains the second operator matrix, wherein each feature vector includes corresponding to The abscissa and ordinate of the feature vector of character pixel and the character pixel;According to the abscissa of each character pixel and indulge Coordinate rejects the left-eye image and right eye figure of the facial image returned from the subscribed services device from first operator matrix The feature vector extracted as in, obtains the corresponding first object operator matrix of second image;And it is calculated from described second The feature extracted from the left-eye image and eye image for the facial image that the basic database returns is rejected in submatrix Vector obtains the corresponding second target operator matrix of the 4th image;Calculate the first object operator matrix and described Inner product between two target operator matrixes;It is determined between second image and the 4th image according to the inner product result Similarity.
The present invention also provides a kind of Verification Systems that interconnects of identity-based identification card, comprising: Website server, signing Server, unsigned server and terminal, in which: the Website server, for receiving the certification request and being sent to institute Subscribed services device is stated, includes in the certification request and the one-to-one cell-phone number of identification card;The subscribed services device is used In receiving the certification request, the attaching information of the cell-phone number is inquired according to certification request and is not belonging to institute in the cell-phone number When stating the corresponding operator of subscribed services device, Xiang Suoshu Website server returns to the attaching information of the cell-phone number;The website Server is also used to the attaching information returned according to the subscribed services device, the certification request is sent to and is returned with this Belong to information unsigned server accordingly;The unsigned server, for receiving the certification request, and according to the certification It requests to send authenticate-acknowledge request to terminal corresponding with the cell-phone number;The terminal is asked for receiving the authenticate-acknowledge It asks, and receives user authentication confirmation message and be sent to the unsigned server;The unsigned server, is also used to receive Authenticate-acknowledge information is simultaneously sent to the Website server;The Website server is also used to be believed according to the authenticate-acknowledge Breath, complete verification process.
Preferably, the unsigned server is also used to request information in the certification request to the subscribed services device; Judge in certification request that whether information in certification request that the Website server is sent sends with the subscribed services device Information it is consistent, if unanimously, to terminal corresponding with the cell-phone number send authenticate-acknowledge request.
Preferably, in the certification request further include: the biological attribute data of user;The unsigned server, is also used According to the certification request, biological attribute data acquisition request is sent to basic database, so that the basic database exists After receiving the biological attribute data acquisition request, to the corresponding biology of the active user of the unsigned server return Characteristic;And biological attribute data in the certification request is requested to the subscribed services device;Judge the signing clothes Whether the biological attribute data that business device is sent and the biological attribute data that the basic database returns are consistent, if unanimously, to Terminal corresponding with the cell-phone number sends authenticate-acknowledge request.
Preferably, the biological attribute data is facial image;The unsigned server is configured to: using such as lower section Method judges whether is biological attribute data that the biological attribute data that the subscribed services device is sent and the basic database return It is consistent: the facial image that the subscribed services device is sent to be divided into the first image and the second image, the first image is eye Portion's area image, second image are the image in addition to the ocular image;The basic database is returned Facial image is divided into third image and the 4th image, and the third image is ocular image, the 4th image be except Image except the ocular image;Calculate similarity between the first image and the third image and described Similarity between second image and the 4th image;According to the similarity between the first image and the third image And the similarity between second image and the 4th image, come judge facial image that the subscribed services device is sent with Whether the facial image that the basic database returns is consistent.
Preferably, the unsigned server is configured to: calculating the first image and described the according to following manner Similarity between three images: being divided into left-eye image and eye image for the first image, and the third image is divided For left-eye image and eye image;It calculates between the left-eye image of the first image and the left-eye image of the third image Second between the eye image of first similarity and the first image and the eye image of the third image is similar Degree;It is determined according to first similarity and second similarity similar between the first image and the third image Degree.
Preferably, the unsigned server is also used to calculate weight, second similarity of first similarity Weight and second image and the 4th image between third similarity weight, and it is similar according to described first Degree, the weight of first similarity, second similarity, the weight of second similarity, the third similarity and The weight of the third similarity, the biological attribute data to judge that the subscribed services device is sent are returned with the basic database Whether the biological attribute data returned is consistent.
Preferably, the unsigned server is configured to: using with as under type calculating as described in the first similarity or Second similarity: according to the left-eye image pixel of the first image, the left-eye image for obtaining the first image is corresponding Primary vector matrix obtain the left-eye image pair of the third image and according to the left-eye image pixel of the third image The secondary vector matrix answered;Alternatively, obtaining the right eye figure of the first image according to the eye image pixel of the first image As corresponding primary vector matrix, and according to the eye image pixel of the third image, the right eye of the third image is obtained The corresponding secondary vector matrix of image;Calculate the first mean value and the first covariance of the primary vector matrix;Calculate described The second mean value and the second covariance of two vector matrixs;It is described to construct according to first mean value and first covariance The probabilistic model of primary vector matrix is the first gaussian probability model;According to second mean value and second covariance, come The probabilistic model for constructing the secondary vector matrix is the second gaussian probability model;According to the first gaussian probability model and institute The second gaussian probability model is stated, to calculate the average relative entropy between the primary vector matrix and the secondary vector matrix; First similarity or second similarity are determined according to the average relative entropy.
Preferably, the unsigned server is configured to: calculating second image and described in the following way Similarity between four images: the feature vector for the facial image that the subscribed services device is sent is extracted, the first Operator Moment is obtained Battle array extracts the feature vector for the facial image that basic database returns, obtains the second operator matrix;Wherein, each feature vector The abscissa and ordinate of feature vector and the character pixel including character pair pixel;According to the cross of each character pixel Coordinate and ordinate reject the left-eye image of the facial image returned from the subscribed services device from first operator matrix With the feature vector extracted in eye image, the corresponding first object operator matrix of second image is obtained;And from institute It states to reject in the second operator matrix and be extracted from the left-eye image and eye image for the facial image that the basic database returns The feature vector arrived obtains the corresponding second target operator matrix of the 4th image;Calculate the first object operator matrix Inner product between the second target operator matrix;Second image and the 4th figure are determined according to the inner product result Similarity as between.
The invention has the following advantages:
The authentication method and system that interconnects of identity-based identification card provided by the invention provides a kind of multiple operations The authentication method and system of the identity-based identification card to interconnect between quotient, in this way, even if having part operator not with website Enterprise signs cooperation agreement, but the user of the unsigned operator can also complete to authenticate with identity-based identification card, therefore, Achievable the whole network user carries out certification and logs in.
Detailed description of the invention
Fig. 1 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 1 provides;
Fig. 2 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 2 provides Cheng Tu;
Fig. 3 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 3 provides Cheng Tu;
Fig. 4 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 4 provides;
Fig. 5 A is step S54 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 5 provides Flow chart;
Fig. 5 B is a kind of schematic diagram that facial image is divided into ocular image and non-ocular image;
In the authentication method that interconnects for the identity-based identification card that Fig. 6 provides for the embodiment of the present invention 6 in step S542 Calculate the flow chart of the similarity between the first image and the third image;
Fig. 7 is step S5422 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 8 provides Flow chart;
In the authentication method that interconnects for the identity-based identification card that Fig. 8 provides for the embodiment of the present invention 9 in step S543 Calculate the flow chart of the similarity between the second image and the 4th image;
Fig. 9 is the composition schematic diagram of the Verification System that interconnects for the identification card that the embodiment of the present invention 10 provides.
Specific embodiment
To make those skilled in the art more fully understand technical solution of the present invention, come with reference to the accompanying drawing to the present invention The authentication method and system that interconnects of the identity-based identification card of offer is described in detail.
Embodiment 1
Fig. 1 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 1 provides;It please join Fig. 1 is read, the authentication method that interconnects of identity-based identification card provided in this embodiment includes:
S1, Website server receive certification request, include and the one-to-one hand of identification card in the certification request Machine number.
Wherein, targeted website is the website that user currently wants access to.The embodiment of the present invention is applied to accessing as user When targeted website, the scene for needing user's identity-based identification card to be authenticated, the application scenarios can be login scene, payment Scene etc..Identification card can be SIM card, UIM card etc..
Specifically, when user is when register, the operation that delivery operation etc. is authenticated are clicked in targeted website, i.e., Certification request is had sent to Website server by the terminal where targeted website.
S2, the Website server receive after the certification request and are sent to subscribed services device.
S3, the subscribed services device inquire the attaching information of the cell-phone number and are not belonging to the signing in the cell-phone number When the corresponding operator of server, Xiang Suoshu Website server returns to the attaching information of the cell-phone number.
Wherein, the attaching information of cell-phone number is the information of operator belonging to the cell-phone number.
Specifically, the subscribed services device can first obtain number of the cell-phone number of its carrying when receiving certification request Section, and determined if to belong to the corresponding operator of the subscribed services device according to the number section, if so, corresponding to the cell-phone number Terminal send authenticate-acknowledge request, for user carry out authenticate-acknowledge;If it is not, then returning to cell-phone number to the Website server Attaching information.
S4, the attaching information that the Website server is returned according to the subscribed services device, by the certification request It is sent to unsigned server corresponding with the attaching information.
Step S3 and S4 are actually when cell-phone number is not belonging to the corresponding operator of subscribed services device, according to cell-phone number Attaching information is redirected to unsigned server, and the certification request is sent the unsigned server.
S5, the unsigned server receive certification request, and according to certification request to end corresponding with the cell-phone number End sends authenticate-acknowledge request.
Wherein, terminal corresponding with the cell-phone number is the terminal of the corresponding identification card of the installation cell-phone number, should Terminal can be the mobile terminals such as mobile phone.
Specifically, authenticate-acknowledge request can be, but not limited to for " trust × website? yes/no ".
S6, the terminal receive the authenticate-acknowledge request, and receive user authentication confirmation message and be sent to it is described not Subscribed services device.
Specifically, after the terminal receives the authenticate-acknowledge request, show that the authenticate-acknowledge is requested in a manner of pop-up;When When user clicks "Yes" option, terminal receives user authentication confirmation message;Then, authenticate-acknowledge information is sent to institute by terminal State unsigned server.
S7, the unsigned server receive authenticate-acknowledge information and are sent to the Website server.
S8, the Website server is according to the authenticate-acknowledge information, complete verification process.
From the foregoing, it will be observed that the present invention provides a kind of certifications of the identity-based identification card to interconnect between multiple operators Method and system, in this way, even if thering is part operator not sign cooperation agreement, but the unsigned operator with website enterprise User can also with identity-based identification card complete authenticate, therefore, it can be achieved that the whole network user carry out certification log in.
Embodiment 2
Fig. 2 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 2 provides Cheng Tu.The authentication method that interconnects of identity-based identification card provided in this embodiment is with the offer of above-described embodiment 1 based on body The authentication method that interconnects of part identification card is similar, equally includes step S1~S8, in embodiment 1 due to step S1~S8 It there has been and describe in detail, details are not described herein.The difference of the embodiment Yu above-described embodiment 1 is only described below.
Specifically, referring to Fig. 2, the step S5 includes:
S51, the unsigned server request information in the certification request to the subscribed services device.
That is, in this embodiment, the unsigned server is in the certification for receiving the Website server transmission After request, information in the certification request further also is requested to the subscribed services device.
S52, the unsigned server judge the information in the certification request that the Website server is sent whether with institute The information stated in the certification request of subscribed services device transmission is consistent, if unanimously, recognizing to terminal corresponding with cell-phone number transmission Demonstrate,prove confirmation request.
In this embodiment, unsigned server is after receiving the certification request that the Website server is sent, by into One step requests information in the certification request to the subscribed services device, and the two is compared, and can verify unsigned clothes Whether the received certification request of device of being engaged in is the certification request redirected by subscribed services device, is asked with preventing hacker from sending certification The unsigned server of fascination is sought, maloperation is caused.
Embodiment 3
Fig. 3 is the stream of step S5 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 3 provides Cheng Tu, the authentication method that interconnects of identity-based identification card provided in this embodiment is with the offer of above-described embodiment 1 based on body The authentication method that interconnects of part identification card is similar, and details are not described herein for the identical point of the two.Only describe below the application with The difference of above-described embodiment 1.
Specifically, in this embodiment, in the certification request in addition to including cell-phone number, further includes: the biology of user is special Levy data.On this basis, referring to Fig. 3, the step S5 includes:
S51, the unsigned server send biological attribute data to basic database and obtain according to the certification request Request, so that after basic database receives the biological attribute data acquisition request, to described in the unsigned server return The corresponding biological attribute data of active user.
Wherein, the cell-phone number and corresponding biological attribute data of each user are stored in basic database.It is based on Different biological attribute datas can be used for distinguishing different user.The type of biological attribute data can be vocal print, fingerprint or people Face image.Due to often storing the biological attribute data of each user in Ministry of Public Security's database, basic database packet It includes but is not limited to Ministry of Public Security's database.In addition, active user is to input the user of the cell-phone number in targeted website.
Specifically, due to simultaneously including cell-phone number in certification request, the basic database is based on the cell-phone number and is The corresponding biological attribute data of cell-phone number therewith can be inquired.
S52, the unsigned server request the biological attribute data in the certification request to the subscribed services device.
S53, the unsigned server judge the biological attribute data that the subscribed services device is sent and the basic number Whether the biological attribute data returned according to library is consistent, if unanimously, sending authenticate-acknowledge to terminal corresponding with the cell-phone number Request.
Specifically, unsigned server judges the biological attribute data and the basic data that the subscribed services device is sent The whether consistent mode of biological attribute data that library returns, can have different judgement sides based on different biological attribute datas Formula, the present embodiment is herein without detailed description.
In this embodiment, unsigned server is after receiving the certification request that the Website server is sent, by into One step requests the biological attribute data in the certification request to the subscribed services device, and the two is compared, both can be with Verify whether the received certification request of unsigned server is the certification request redirected by subscribed services device, it is black to prevent Visitor sends certification request and confuses unsigned server, causes maloperation;It can be verified whether again as the true of unsigned server The certification request that user sends is stolen to step on after preventing criminal from taking user password and real user is pretended to be to initiate certification request.
Embodiment 4
Fig. 4 is the flow chart of the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 4 provides, this reality The identity-based identification card of interconnect authentication method and the offer of above-described embodiment 1 of the identity-based identification card of example offer is provided The authentication method that interconnects is similar, and details are not described herein for the identical point of the two.The application and above-described embodiment 1 are only described below Difference.
Specifically, in this embodiment, referring to fig. 4, further include following step S9 and step S10 before step S6:
S9, the terminal send identification card certification activation to carrier authorization server belonging to its cell-phone number and ask It asks.
S10, after carrier authorization server belonging to the cell-phone number receives the identification card certification activation request, Unaware pushes identification card authentication module into the identification card of the terminal.Identification card is increased in terminal to recognize After demonstrate,proving module, that is, have been assigned the function that identity-based identification card carries out authentication.
It is pushed by unaware, identification card identity authentication function can be assigned under the premise of leaving user alone, from And it can be improved user experience.
On this basis, the step S6 includes: that the identification card authentication module receives the certification request, and connects It receives user authentication confirmation message and is sent to the unsigned server.
Embodiment 5
Fig. 5 A is step S54 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 5 provides Flow chart, interconnect authentication method and above-described embodiment 3 of identity-based identification card provided in this embodiment provide based on The authentication method that interconnects of identification card is similar, and details are not described herein for the identical point of the two.The application is only described below With the difference of above-described embodiment 3.
Specifically, in this embodiment, the biological attribute data is facial image.On this basis, Fig. 5 A is please referred to, The step S54 includes the following steps S541 to step S543:
The facial image that the subscribed services device is sent is divided into the first image and the second image by S541, and described first Image is ocular image, and second image is the image in addition to the ocular image;By the basic data The facial image that library returns is divided into third image and the 4th image, and the third image is ocular image, and the described 4th Image is the image in addition to the ocular image.
Since the facial image of user causes each eyes opening degree different due to blinking, i.e. ocular image has Certain uncertainty and deformation behavior, and other regions in addition to ocular image are regarded as the quiet of rigid body (being not easy deformation) State image, therefore, the embodiment of the present invention in facial image ocular image and other area images take different sides Formula, it is whether consistent come the facial image that judges that facial image that the subscribed services device is sent and the basic database return, To improve accuracy of identification.As shown in Figure 5 B, facial image is divided into ocular image and non-eye area it illustrates a kind of The schematic diagram of area image.
S542 calculates similarity between the first image and the third image and second image and described Similarity between 4th image.
Wherein, the mode for calculating similarity can be realized using image similarity calculation method, about specific similar Degree calculation method is not specifically limited in the present embodiment.
S543, according to the similarity and second image and described between the first image and the third image Similarity between four images, to judge the facial image that the subscribed services device is sent and the people that the basic database returns Whether face image is consistent.
Specifically according to similarity and second image between the first image and the third image and described Similarity between 4th image, to judge what the facial image of the subscribed services device transmission was returned with the basic database The whether consistent mode of facial image can there are many kinds of.For example, if between the first image and the third image It, can be with when similarity is greater than similarity between first threshold and second image and the 4th image and is greater than second threshold Determine that facial image that the subscribed services device is sent is consistent with the facial image that the basic database returns, etc..
Embodiment 6
In the authentication method that interconnects for the identity-based identification card that Fig. 6 provides for the embodiment of the present invention 6 in step S542 Calculate the flow chart of the similarity between the first image and the third image, identity-based identification provided in this embodiment The authentication method that interconnects for the identity-based identification card that interconnect authentication method and above-described embodiment 5 of card provide is similar Seemingly, details are not described herein for the identical point of the two.The difference of the present embodiment Yu above-described embodiment 5 is only described below.
Specifically, in this embodiment, referring to Fig. 6, calculating the first image and described the in the step S542 Similarity between three images includes the following steps S5421 to step S5423:
The first image is divided into left-eye image and eye image by S5421, and the third image is divided into left eye Image and eye image.
S5422 calculates the first phase between the left-eye image of the first image and the left-eye image of the third image Like the second similarity spent and between the eye image of the first image and the eye image of the third image.
Wherein, the mode for calculating the first similarity or the second similarity can use existing image similarity calculation method, It wouldn't be elaborated herein.
S5423 determines the first image and the third figure according to first similarity and second similarity Similarity as between.
Wherein, the first image and the third image are determined according to first similarity and second similarity Between similarity mode, can there are many.For example, assigning the according to the area ratio of the area of left-eye image and eye image The one similarity weight different with the second similarity;Then, according to the first similarity, weight of the first similarity, second similar The weight of degree and the second similarity, to determine the similarity between the first image and the third image.It specifically, can be with Using the weight of weight the+the second similarity the second similarity of * of first the first similarity of similarity * as the first image and institute State the similarity between third image.
Embodiment 7
The base of the interconnect authentication method and the offer of above-described embodiment 6 of the identity-based identification card that the present embodiment 7 provides Similar in the authentication method that interconnects of identification card, details are not described herein for the identical point of the two.This Shen is only described below Please with the difference of above-described embodiment 6.Specifically, step S543 concrete methods of realizing in the embodiment are as follows:
The unsigned server calculates the weight of first similarity, the weight of second similarity and described The weight of third similarity between two images and the 4th image, and according to first similarity, described first similar The weight of degree, second similarity, the weight of second similarity, the third similarity and the third similarity Weight, to judge the biological attribute data that the subscribed services device is sent and the biological attribute data that the basic database returns It is whether consistent.
Wherein, the weight of the weight of the first similarity and the second similarity can use left-eye image and eye image respectively The ratio between picture element number (area) and entire facial image picture element number (area) determine, i.e.,
The weight of third similarity can be used entire facial image picture element number (area) and subtract left-eye image and the right side The sum of picture element number (area) of eye image and the ratio between entire facial image picture element number (area) determine, it may be assumed that
Wherein l indicates the length of left-eye image or eye image, and w indicates that the width of left-eye image or eye image, f indicate Entire facial image picture element number (area), ω1、ω1And ω3Respectively indicate weight, the second similarity of the first similarity Weight and third similarity weight.
Further, the facial image that the facial image and the basic database that the subscribed services device is sent return it Between similarity can indicate are as follows:
Wherein, S indicates the facial image that the subscribed services device is sent and the facial image that the basic database returns Between similarity, DlIndicate the first similarity, DrIndicate the second similarity, C indicates third similarity.
Similarity S is value range between 0 to 1, closer to 1, illustrates that similarity is bigger, in the case, if The similarity between facial image that the facial image and the basic database that the subscribed services device is sent return is greater than pre- If when threshold value, it is believed that the biological characteristic that the biological attribute data and the basic database that the subscribed services device is sent return Data are consistent.Wherein, the value of the preset threshold can be set as needed, such as desirable 0.8.
Embodiment 8
Fig. 7 is step S5422 in the authentication method that interconnects for the identity-based identification card that the embodiment of the present invention 8 provides Flow chart, interconnect authentication method and above-described embodiment 6 of identity-based identification card provided in this embodiment provide based on The authentication method that interconnects of identification card is similar, and details are not described herein for the identical point of the two.This implementation is only described below Difference of the example from above-described embodiment 6.
Specifically, in this embodiment, referring to Fig. 7, step S5422 includes the following steps S54221 to step S54224:
S54221, according to the left-eye image pixel of the first image, the left-eye image for obtaining the first image is corresponding Primary vector matrix obtain the left-eye image pair of the third image and according to the left-eye image pixel of the third image The secondary vector matrix answered;Alternatively, obtaining the right eye figure of the first image according to the eye image pixel of the first image As corresponding primary vector matrix, and according to the eye image pixel of the third image, the right eye of the third image is obtained The corresponding secondary vector matrix of image.
In conjunction with Fig. 5 B, if the left-eye image of the first image and eye image interception area are l × w, wherein l is eye The length of image, w be eyes image width, set respectively left eye, right eye top left pixel point coordinate asWithThen the left eye upper right corner, the lower right corner, lower-left angular coordinate are respectivelyThe right eye upper right corner, the lower right corner, lower-left angular coordinate are respectively
By taking the left-eye image of the first image as an example, primary vector matrix Itest_eye_lAre as follows:
If the area of left-eye image and eye image is also l × w in third image, then the left-eye image pair of third image The secondary vector matrix I answeredregist_eye_lAre as follows:
The representation method of picture element matrix about eye image, the representation method principle phase with left-eye image picture element matrix Together, this is not described in detail herein.For ease of description, following each steps also with the left-eye image and in the first image It is illustrated for left-eye image in three images.
S54222 calculates the first mean value and the first covariance and the secondary vector matrix of the primary vector matrix Second mean value and the second covariance.
Firstly, by primary vector matrix Itest_eye_lWith secondary vector matrix Iregist_eye_lBecome one-dimensional vector, i.e., by two Matrix distinguishes " pulling into " one-dimensional vector:
The dimension of the two vectors is 1 × (l × w), then the first mean value and the second mean value are respectively as follows:
First covariance and the second covariance are respectively as follows:
Wherein, Σtest_eye_lregist_eye_lDimension be (l × w) × (l × w).
S54223, according to first mean value and first covariance, to construct the probability of the primary vector matrix Model is the first gaussian probability model;According to second mean value and second covariance, to construct the secondary vector square The probabilistic model of battle array is the second gaussian probability model.
Specifically, the first gaussian probability model are as follows:
Second gaussian probability model are as follows:
Why the embodiment of the present invention will construct gaussian probability model, be because are as follows:
(1) Gaussian Profile can be well reflected the true distribution of natural world;
(2) standard deviation of entropy extreme value can be solved using the model, and can be to average relative entropy KL (Kullback- Leibler) distance limits the upper limit.
S54224, according to the first gaussian probability model and the second gaussian probability model, to calculate described first Average relative entropy (Kullback-Leibler) between vector matrix and the secondary vector matrix;According to described average opposite Entropy determines first similarity or the second similarity.
Wherein, the embodiment of the present invention uses value of the value of average relative entropy as similarity.
According to the probability distribution in the space of above two vector matrix, average KL distance (the average phase of two vector matrixs is calculated To entropy).For convenience of, simplify description formula, test_eye_l is calculated as A by following the description, and regist_eye_l is recorded as B, then two The average KL distance that vector matrix is calculated, i.e. the first similarity are as follows:
According to above formula, the first phase between the left-eye image of the first image and the left-eye image of third image can be calculated Like degree Dl, which, closer to 1, illustrates the left eye figure that two left eye similarities are bigger, i.e. in the first image between 0 to 1 As more similar to the left-eye image in third image;Conversely, similarity is smaller.
Similarly, the eye image of the first image and the right side of third image can be calculated by S54221 to S54224 through the above steps The second similarity D between eye imager, no longer this is described in detail herein.
Embodiment 9
In the authentication method that interconnects for the identity-based identification card that Fig. 8 provides for the embodiment of the present invention 9 in step S542 Calculate the flow chart of the similarity between the second image and the 4th image, the interconnection of identity-based identification card provided in this embodiment Intercommunication authentication method is similar with the authentication method that interconnects of identity-based identification card that above-described embodiment 5 provides, the two Details are not described herein for identical point.The difference of the present embodiment Yu above-described embodiment 5 is only described below.
Specifically, in this embodiment, referring to Fig. 8, being calculated in step S542 between the second image and the 4th image The process of similarity includes the following steps S5421 ' to step S5423 ':
S5421 ' is extracted the SIFT feature vector for the facial image that the basic database returns by SIFT algorithm, obtained To the 2nd SIFT operator matrix, wherein each SIFT feature vector includes the feature vector and the feature of character pair pixel The abscissa and ordinate of pixel;According to the abscissa and ordinate of each character pixel, from the 2nd SIFT operator matrix It is middle to reject the feature vector extracted from the left-eye image and eye image for the facial image that the basic database returns, it obtains To the corresponding second target SIFT operator matrix of the 4th image.
About the specific implementation for the feature vector extracted by SIFT extraction algorithm in image, may refer to existing SIFT extraction algorithm, the embodiment of the present invention are not specifically addressed this.
Specifically, if the facial image of basic database return is after SIFT algorithm extracts feature vector, final It can be indicated to the 2nd SIFT operator matrix are as follows:
If the facial image that basic database returns extracts a SIFT feature vector altogether, for example, v1For image First SIFT proposed describes subcharacter vector, and dimension is 1 × 128, x1With y1Pixel corresponding to SIFT feature respectively Cross, ordinate.In embodiments of the present invention, the purpose for adding characteristic point position information is that remaining department's image mentions to face After taking out characteristic point, it is special to reject the SIFT extracted in right and left eyes blank eye orbit areas in the facial image that basic database returns Sign point and character pair vector.Kick-out condition are as follows: for any SIFT feature, if true according to the location information of this feature point When fixed its is in left-eye image or eye image, it will be deleted in its first SIFT operator matrix, so that subsequent calculate The similarity arrived is more accurate.
According to the above kick-out condition, it is related to can remove the facial image middle left and right eye white space that basic database returns SIFT feature.Since the facial image (white space containing right and left eyes) that basic database returns proposes SIFT feature number altogether For a, if the SIFT feature number that images of left and right eyes blank eye orbit areas extracts altogether is b, then the SIFT feature vector after rejecting, That is the second target SIFT operator matrix are as follows:
The SIFT feature that above formula has extracted blank eye orbit areas is rejected.
S5422 ' is extracted the SIFT feature vector for the facial image that the subscribed services device is sent by SIFT algorithm, obtained To the first SIFT operator matrix, wherein each SIFT feature vector includes the feature vector and the feature of character pair pixel The abscissa and ordinate of pixel;According to the abscissa and ordinate of each character pixel, from the first SIFT operator matrix It is middle to reject the feature vector extracted from the left-eye image and eye image for the facial image that the subscribed services device returns, it obtains To the corresponding first object SIFT operator matrix of second image.
The principle of the step is consistent with the principle in above-mentioned steps S5421 ', and for details, reference can be made in above-mentioned steps S5421 ' Content, details are not described herein again.Similarly, the facial image for obtaining the transmission of subscribed services device picks out what right and left eyes white space obtained SIFT feature vector set is combined into: set subscribed services device transmission facial image propose altogether SIFT feature number as c, images of left and right eyes The SIFT feature number that blank eye orbit areas extracts altogether is d, then first object SIFT operator matrix can indicate are as follows:
S5423 ' is calculated interior between the first object SIFT operator matrix and the second target SIFT operator matrix Product, is determined as the similarity between second image and the 4th image for the inner product.
The above two targets SIFT operator matrix is subjected to inner product calculating to get second image and the 4th image is arrived Between similarity C:
According to definition of inner product, the value range of C is between 0 to 1, closer to 1, illustrates that similarity is bigger, i.e., and described Two images and the 4th image are more similar;Conversely, similarity is smaller, i.e., described second image and the 4th image more not phase Seemingly.
Embodiment 10
Fig. 9 is the composition schematic diagram of the Verification System that interconnects for the identification card that the embodiment of the present invention 10 provides, and is asked Refering to Fig. 9, the Verification System that interconnects of the identification card, comprising: Website server 91, subscribed services device 92, unsigned Server 93 and terminal 94, in which:
The Website server includes corresponding in the certification request with identification card for receiving certification request Cell-phone number;It receives after the certification request and is sent to subscribed services device.
The subscribed services device inquires the attaching information of the cell-phone number and in the hand for receiving the certification request The ownership letter of the cell-phone number is returned when machine number is not belonging to the subscribed services device corresponding operator to the Website server Breath.
The Website server is also used to the attaching information returned according to the subscribed services device, and the certification is asked It asks and is sent to the attaching information unsigned server accordingly.
The unsigned server for receiving the certification request, and according to the certification request to the cell-phone number Corresponding terminal sends authenticate-acknowledge request.
The terminal for receiving authenticate-acknowledge request, and receive user authentication confirmation message and be sent to it is described not Subscribed services device.
The unsigned server is also used to receive authenticate-acknowledge information and is sent to the Website server.
The Website server is also used to according to the complete verification process of authenticate-acknowledge information.
Optionally, the unsigned server is also used to request information in the certification request to the subscribed services device; Judge in certification request that whether information in certification request that the Website server is sent sends with the subscribed services device Information it is consistent, if unanimously, will to terminal corresponding with the cell-phone number send authenticate-acknowledge request.
Optionally, in the certification request further include: the biological attribute data of user;
The unsigned server is also used to send biological attribute data according to the certification request to basic database and obtain Request is taken, so that basic database after receiving the biological attribute data acquisition request, is returned to the unsigned server The corresponding biological attribute data of the active user;And judge biological attribute data and the base that the subscribed services device is sent Whether the biological attribute data that plinth database returns is consistent, if unanimously, sending and authenticating to terminal corresponding with the cell-phone number Confirmation request.
Optionally, the terminal is also used to send identification card to carrier authorization server belonging to its cell-phone number and recognize Card activation request, so that carrier authorization server belonging to the cell-phone number is asked in the reception identification card certification activation It asks, and unaware push identification card authentication module is into the identification card of the terminal.
The identification card authentication module receives user authentication confirmation message for receiving the authenticate-acknowledge request And it is sent to the unsigned server.
Optionally, the biological attribute data is facial image;
The unsigned server is also used to judge according to the following method the biological characteristic number that the subscribed services device is sent It is whether consistent according to the biological attribute data returned with the basic database:
The facial image that the subscribed services device is sent is divided into the first image and the second image, the first image is Ocular image, second image are the image in addition to the ocular image;The basic database is returned Facial image be divided into third image and the 4th image, the third image is ocular image, and the 4th image is Image in addition to the ocular image.
Calculate the similarity and second image and the described 4th between the first image and the third image Similarity between image.
According between the first image and the third image similarity and second image and the 4th figure Similarity as between, to judge the facial image that the subscribed services device is sent and the face figure that the basic database returns It seem no consistent.
Optionally, the unsigned server is also used to calculate the first image and the third figure according to following manner Similarity as between:
The first image is divided into left-eye image and eye image, by the third image be divided into left-eye image and Eye image.
Calculate the first image left-eye image and the third image left-eye image between the first similarity with And the first image eye image and the third image eye image between the second similarity.
It is determined between the first image and the third image according to first similarity and second similarity Similarity.
Optionally, the unsigned server calculates the weight of first similarity, the weight of second similarity And the weight of the third similarity between second image and the 4th image, and according to first similarity, described The weight of first similarity, second similarity, the weight of second similarity, the third similarity and the third The weight of similarity, to judge the biological attribute data that the subscribed services device is sent and the biology that the basic database returns Whether characteristic is consistent.
Optionally, the unsigned server is configured to, and calculates first similarity or institute in the following way State the second similarity:
According to the left-eye image pixel of the first image, obtain the left-eye image corresponding first of the first image to Moment matrix, and according to the left-eye image pixel of the third image, obtain the left-eye image corresponding second of the third image Vector matrix;Alternatively, according to the eye image pixel of the first image, the eye image for obtaining the first image is corresponding Primary vector matrix, and according to the eye image pixel of the third image, the eye image for obtaining the third image is corresponding Secondary vector matrix.
Calculate the first mean value and the first covariance of the primary vector matrix.
Calculate the second mean value and the second covariance of the secondary vector matrix.
It is the to construct the probabilistic model of the primary vector matrix according to first mean value and first covariance One gaussian probability model.
It is the to construct the probabilistic model of the secondary vector matrix according to second mean value and second covariance Two gaussian probability models.
According to the first gaussian probability model and the second gaussian probability model, to calculate the primary vector matrix Average relative entropy between the secondary vector matrix.
First similarity or second similarity are determined according to the average relative entropy.
Optionally, the unsigned server is further configured to calculate second image and described in the following way Similarity between 4th image:
The SIFT feature vector that the facial image that the subscribed services device is sent is extracted by SIFT algorithm, obtains first SIFT operator matrix, wherein each SIFT feature vector include character pair pixel feature vector and the character pixel Abscissa and ordinate.
According to the abscissa and ordinate of each character pixel, reject from the first SIFT operator matrix from the label The feature vector about extracted in the left-eye image and eye image of the facial image of server return, obtains second image Corresponding first object SIFT operator matrix.
The SIFT feature vector that the facial image that the basic database returns is extracted by SIFT algorithm, obtains second SIFT operator matrix, wherein each SIFT feature vector include character pair pixel feature vector and the character pixel Abscissa and ordinate.
According to the abscissa and ordinate of each character pixel, reject from the 2nd SIFT operator matrix from the base The feature vector extracted in the left-eye image and eye image of the facial image that plinth database returns, obtains the 4th image Corresponding second target SIFT operator matrix.
Calculate the inner product between the first object SIFT operator matrix and the second target SIFT operator matrix.
The similarity between second image and the 4th image is determined according to the inner product.
The specific work process of the Verification System that interconnects about the identification card is in above-described embodiment 1 to implementation It is described in detail in example 9, for details, reference can be made to content of the above-described embodiment 1 into embodiment 9, and details are not described herein.
The Verification System that interconnects of identification card provided in this embodiment is provided and is interconnected between a kind of operator Identity-based identification card authentication method and system, on this basis, though have part operator not with Website server label Cooperation agreement is ordered, user can also complete certification based on its identification card, not only expand the progress of identity-based identification card The use scope of certification, and since the authentication mode can be applied to all provider customers, thus it is all with per family can be with Based on the method access target net, so as to increase the amount of access of targeted website.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.

Claims (16)

1. a kind of authentication method that interconnects of identity-based identification card characterized by comprising
Website server receives after certification request and is sent to subscribed services device, includes in the certification request and identification card One-to-one cell-phone number;
The subscribed services device inquires the attaching information of the cell-phone number and is not belonging to the subscribed services device in the cell-phone number When corresponding operator, Xiang Suoshu Website server returns to the attaching information of the cell-phone number;
The attaching information that the Website server is returned according to the subscribed services device, by the certification request be sent to The attaching information unsigned server accordingly;
The unsigned server receives the certification request, and according to the certification request to end corresponding with the cell-phone number End sends authenticate-acknowledge request;
The terminal receives the authenticate-acknowledge request, and receives user authentication confirmation message and be sent to the unsigned service Device;
The unsigned server receives authenticate-acknowledge information and is sent to the Website server;
The Website server is according to the complete verification process of authenticate-acknowledge information.
2. the authentication method that interconnects of identity-based identification card according to claim 1, which is characterized in that described not sign About server sends authenticate-acknowledge request to the corresponding terminal of the cell-phone number, comprising:
The unsigned server requests the information in the certification request to the subscribed services device;
The unsigned server judges whether the information in the certification request that the Website server is sent takes with the signing The information being engaged in the certification request that device is sent is consistent, if unanimously, sending authenticate-acknowledge to terminal corresponding with the cell-phone number and asking It asks.
3. the authentication method that interconnects of identity-based identification card according to claim 1, which is characterized in that the certification In request further include: the biological attribute data of user;
The unsigned server sends authenticate-acknowledge request to terminal corresponding with the cell-phone number, comprising:
The unsigned server sends biological attribute data acquisition request according to the certification request, to basic database, with After so that basic database is received the biological attribute data acquisition request, it is corresponding that active user is returned to the unsigned server Biological attribute data;
The unsigned server requests the biological attribute data in the certification request to the subscribed services device;
The unsigned server judges that the biological attribute data that the subscribed services device is sent and the basic database return Biological attribute data it is whether consistent, if unanimously, to terminal corresponding with the cell-phone number send authenticate-acknowledge request.
4. the authentication method that interconnects of identity-based identification card according to claim 3, which is characterized in that the biology Characteristic is facial image;
The unsigned server judges the biological attribute data and the base that the subscribed services device is sent according to the following method Whether the biological attribute data that plinth database returns is consistent:
The facial image that the subscribed services device is sent is divided into the first image and the second image, the first image is eye Area image, second image are the image in addition to the ocular image;The people that the basic database is returned Face image is divided into third image and the 4th image, and the third image is ocular image, and the 4th image is except institute State the image except ocular image;
Similarity and second image and the 4th image between calculating the first image and the third image Between similarity;
According between the first image and the third image similarity and second image and the 4th image it Between similarity, the facial image to judge that the facial image that the subscribed services device is sent is returned with the basic database is It is no consistent.
5. the authentication method that interconnects of identity-based identification card according to claim 4, which is characterized in that described not sign About server calculates the similarity between the first image and the third image according to following manner:
The first image is divided into left-eye image and eye image, the third image is divided into left-eye image and right eye Image;
Calculate the first similarity between the left-eye image of the first image and the left-eye image of the third image and institute State the second similarity between the eye image of the first image and the eye image of the third image;
The phase between the first image and the third image is determined according to first similarity and second similarity Like degree.
6. the authentication method that interconnects of identity-based identification card according to claim 5, which is characterized in that described not sign About server according between the first image and the third image similarity and second image and the 4th figure Similarity as between, to judge the facial image that the subscribed services device is sent and the face figure that the basic database returns It seem no consistent, comprising:
The unsigned server calculates the weight of first similarity, the weight of second similarity and second figure The weight of third similarity between picture and the 4th image, and according to first similarity, first similarity Weight, second similarity, the weight of second similarity, the power of the third similarity and the third similarity Weight, the biological attribute data to judge that the biological attribute data that the subscribed services device is sent is returned with the basic database are It is no consistent.
7. the authentication method that interconnects of identity-based identification card according to claim 5, which is characterized in that described not sign About server calculates first similarity or second similarity in the following way:
According to the left-eye image pixel of the first image, the corresponding primary vector square of left-eye image of the first image is obtained Battle array, and according to the left-eye image pixel of the third image, obtain the corresponding secondary vector of left-eye image of the third image Matrix;Alternatively, obtaining the eye image corresponding first of the first image according to the eye image pixel of the first image Vector matrix, and according to the eye image pixel of the third image, obtain the eye image corresponding of the third image Two vector matrixs;
Calculate the first mean value and the first covariance of the primary vector matrix;
Calculate the second mean value and the second covariance of the secondary vector matrix;
It is first high to construct the probabilistic model of the primary vector matrix according to first mean value and first covariance This probabilistic model;
It is second high to construct the probabilistic model of the secondary vector matrix according to second mean value and second covariance This probabilistic model;
According to the first gaussian probability model and the second gaussian probability model, to calculate the primary vector matrix and institute State the average relative entropy between secondary vector matrix;
First similarity or second similarity are determined according to the average relative entropy.
8. the authentication method that interconnects of identity-based identification card according to claim 4, which is characterized in that described not sign About server calculates the similarity between second image and the 4th image in the following way:
The feature vector for extracting the facial image that the subscribed services device is sent, obtains the first operator matrix, extracts the basis The feature vector for the facial image that database returns, obtains the second operator matrix, wherein each feature vector includes character pair The abscissa and ordinate of the feature vector of pixel and the character pixel;
According to the abscissa and ordinate of each character pixel, reject from first operator matrix from the subscribed services device The feature vector extracted in the left-eye image and eye image of the facial image of return obtains second image corresponding One target operator matrix;And a left side for the facial image returned from the basic database is rejected from second operator matrix The feature vector extracted in eye image and eye image, obtains the corresponding second target operator matrix of the 4th image;
Calculate the inner product between the first object operator matrix and the second target operator matrix;
The similarity between second image and the 4th image is determined according to the inner product result.
9. a kind of Verification System that interconnects of identity-based identification card characterized by comprising Website server, signing clothes Business device, unsigned server and terminal, in which:
The Website server, for receiving the certification request and being sent to the subscribed services device, in the certification request Including with the one-to-one cell-phone number of identification card;
The subscribed services device inquires the attaching information of the cell-phone number according to certification request for receiving the certification request And when the cell-phone number is not belonging to the corresponding operator of the subscribed services device, Xiang Suoshu Website server returns to the mobile phone Number attaching information;
The Website server is also used to the attaching information returned according to the subscribed services device, by the certification request It is sent to unsigned server corresponding with the attaching information;
The unsigned server, for receiving the certification request, and according to the certification request to the cell-phone number pair The terminal answered sends authenticate-acknowledge request;
The terminal for receiving authenticate-acknowledge request, and receives user authentication confirmation message and is sent to and described do not sign About server;
The unsigned server is also used to receive authenticate-acknowledge information and is sent to the Website server;
The Website server is also used to according to the authenticate-acknowledge information, complete verification process.
10. the Verification System that interconnects of identity-based identification card according to claim 9, which is characterized in that it is described not Subscribed services device is also used to request information in the certification request to the subscribed services device;Judge the Website server hair Whether the information in certification request sent is consistent with the information in the certification request that the subscribed services device is sent, if unanimously, to Terminal corresponding with the cell-phone number sends authenticate-acknowledge request.
11. the Verification System that interconnects of identity-based identification card according to claim 9, which is characterized in that described to recognize In card request further include: the biological attribute data of user;
The unsigned server is also used to send biological attribute data according to the certification request to basic database and obtain Request, so that the basic database returns after receiving the biological attribute data acquisition request to the unsigned server The corresponding biological attribute data of active user returned;And request the biology in the certification request special to the subscribed services device Levy data;Judge the biological attribute data that the subscribed services device is sent and the biological attribute data that the basic database returns It is whether consistent, if unanimously, sending authenticate-acknowledge request to terminal corresponding with the cell-phone number.
12. the Verification System that interconnects of identity-based identification card according to claim 11, which is characterized in that the life Object characteristic is facial image;
The unsigned server is configured to: judging the biological attribute data that the subscribed services device is sent with the following method Whether the biological attribute data returned with the basic database is consistent:
The facial image that the subscribed services device is sent is divided into the first image and the second image, the first image is eye Area image, second image are the image in addition to the ocular image;The people that the basic database is returned Face image is divided into third image and the 4th image, and the third image is ocular image, and the 4th image is except institute State the image except ocular image;
Similarity and second image and the 4th image between calculating the first image and the third image Between similarity;
According between the first image and the third image similarity and second image and the 4th image it Between similarity, the facial image to judge that the facial image that the subscribed services device is sent is returned with the basic database is It is no consistent.
13. the Verification System that interconnects of identity-based identification card according to claim 12, which is characterized in that it is described not Subscribed services device is configured to: the similarity between the first image and the third image is calculated according to following manner:
The first image is divided into left-eye image and eye image, the third image is divided into left-eye image and right eye Image;
Calculate the first similarity between the left-eye image of the first image and the left-eye image of the third image and institute State the second similarity between the eye image of the first image and the eye image of the third image;
The phase between the first image and the third image is determined according to first similarity and second similarity Like degree.
14. the Verification System that interconnects of identity-based identification card according to claim 13, which is characterized in that it is described not Subscribed services device is also used to calculate the weight of first similarity, the weight of second similarity and second image The weight of third similarity between the 4th image, and according to first similarity, the power of first similarity Weight, second similarity, the weight of second similarity, the weight of the third similarity and the third similarity, To judge whether are the biological attribute data that the subscribed services device is sent and the biological attribute data that the basic database returns Unanimously.
15. the Verification System that interconnects of identity-based identification card according to claim 13, which is characterized in that it is described not Subscribed services device is configured to: it uses with the first similarity or second similarity as described in calculating under type:
According to the left-eye image pixel of the first image, the corresponding primary vector square of left-eye image of the first image is obtained Battle array, and according to the left-eye image pixel of the third image, obtain the corresponding secondary vector of left-eye image of the third image Matrix;Alternatively, obtaining the eye image corresponding first of the first image according to the eye image pixel of the first image Vector matrix, and according to the eye image pixel of the third image, obtain the eye image corresponding of the third image Two vector matrixs;
Calculate the first mean value and the first covariance of the primary vector matrix;
Calculate the second mean value and the second covariance of the secondary vector matrix;
It is first high to construct the probabilistic model of the primary vector matrix according to first mean value and first covariance This probabilistic model;
It is second high to construct the probabilistic model of the secondary vector matrix according to second mean value and second covariance This probabilistic model;
According to the first gaussian probability model and the second gaussian probability model, to calculate the primary vector matrix and institute State the average relative entropy between secondary vector matrix;
First similarity or second similarity are determined according to the average relative entropy.
16. the Verification System that interconnects of identity-based identification card according to claim 12, which is characterized in that it is described not Subscribed services device is configured to: the similarity between second image and the 4th image is calculated in the following way:
The feature vector for extracting the facial image that the subscribed services device is sent obtains the first operator matrix, extracts basic data The feature vector for the facial image that library returns, obtains the second operator matrix;Wherein, each feature vector includes character pair pixel Feature vector and the character pixel abscissa and ordinate;
According to the abscissa and ordinate of each character pixel, reject from first operator matrix from the subscribed services device The feature vector extracted in the left-eye image and eye image of the facial image of return obtains second image corresponding One target operator matrix;And a left side for the facial image returned from the basic database is rejected from second operator matrix The feature vector extracted in eye image and eye image, obtains the corresponding second target operator matrix of the 4th image;
Calculate the inner product between the first object operator matrix and the second target operator matrix;
The similarity between second image and the 4th image is determined according to the inner product result.
CN201610487899.3A 2016-06-28 2016-06-28 The authentication method and system that interconnects of identity-based identification card Active CN106131833B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610487899.3A CN106131833B (en) 2016-06-28 2016-06-28 The authentication method and system that interconnects of identity-based identification card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610487899.3A CN106131833B (en) 2016-06-28 2016-06-28 The authentication method and system that interconnects of identity-based identification card

Publications (2)

Publication Number Publication Date
CN106131833A CN106131833A (en) 2016-11-16
CN106131833B true CN106131833B (en) 2019-10-01

Family

ID=57284197

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610487899.3A Active CN106131833B (en) 2016-06-28 2016-06-28 The authentication method and system that interconnects of identity-based identification card

Country Status (1)

Country Link
CN (1) CN106131833B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977930B (en) * 2019-04-29 2021-04-02 中国电子信息产业集团有限公司第六研究所 Fatigue driving detection method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101401385A (en) * 2006-01-31 2009-04-01 松下电器产业株式会社 Method for personal network management across multiple operators
CN101867589A (en) * 2010-07-21 2010-10-20 深圳大学 Network identification authentication server and authentication method and system thereof
CN104113462A (en) * 2014-07-09 2014-10-22 桂林高德科技有限责任公司 PPPOE method of accessing shared link by multiple operators
CN105099700A (en) * 2015-07-27 2015-11-25 中国联合网络通信集团有限公司 Authentication method, authentication server, and system
CN106817347A (en) * 2015-11-27 2017-06-09 中兴通讯股份有限公司 Third-party application authentication method, certificate server, terminal and management server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101401385A (en) * 2006-01-31 2009-04-01 松下电器产业株式会社 Method for personal network management across multiple operators
CN101867589A (en) * 2010-07-21 2010-10-20 深圳大学 Network identification authentication server and authentication method and system thereof
CN104113462A (en) * 2014-07-09 2014-10-22 桂林高德科技有限责任公司 PPPOE method of accessing shared link by multiple operators
CN105099700A (en) * 2015-07-27 2015-11-25 中国联合网络通信集团有限公司 Authentication method, authentication server, and system
CN106817347A (en) * 2015-11-27 2017-06-09 中兴通讯股份有限公司 Third-party application authentication method, certificate server, terminal and management server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"沃互联"统一认证技术研究;刘镝等;《电信科学》;20150620;全文 *

Also Published As

Publication number Publication date
CN106131833A (en) 2016-11-16

Similar Documents

Publication Publication Date Title
US11301555B2 (en) Authentication system
US9813909B2 (en) Cloud server for authenticating the identity of a handset user
KR101214839B1 (en) Authentication method and authentication system
EP3693878A1 (en) Wireless biometric authentication system and method
US10528710B2 (en) System and method for user identity verification, and client and server by use thereof
CN104834839B (en) A kind of code generating method, method for authenticating and associated terminal based on bar code
CN106330850A (en) Biological characteristic-based security verification method, client and server
US20130023241A1 (en) Authentication method and system using portable terminal
CN110326251A (en) The system and method that the general dispersion solution of user is verified using cross validation feature are provided
CN105608621A (en) Remote account opening method, server and system
CN109670291B (en) Verification code implementation method and device and storage medium
CN108022100B (en) Cross authentication system and method based on block chain technology
US11521208B2 (en) System and method for authenticating transactions from a mobile device
CN105635113B (en) Teleaction service based on SDK handles method and system
CN106303599A (en) A kind of information processing method, system and server
CN103986577A (en) Electronic trading authentication method based on facial recognition
Mtaho Improving mobile money security with two-factor authentication
CN110753029B (en) Identity verification method and biological identification platform
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN106131833B (en) The authentication method and system that interconnects of identity-based identification card
CN112687042A (en) Authentication method, authentication device and electronic equipment
CN109992942A (en) Secret protection face authentication method and system, intelligent terminal based on privacy sharing
CN104182664A (en) Two-dimensional-code-based authentication method and system for non-networked environment
CN111010395B (en) Credit-based information identifier generation method and device
Miller et al. Mobile e-commerce to drive voice-based authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant