CN113656785A - Method for identity authentication and authentication service of bank user and related product - Google Patents

Method for identity authentication and authentication service of bank user and related product Download PDF

Info

Publication number
CN113656785A
CN113656785A CN202110875111.7A CN202110875111A CN113656785A CN 113656785 A CN113656785 A CN 113656785A CN 202110875111 A CN202110875111 A CN 202110875111A CN 113656785 A CN113656785 A CN 113656785A
Authority
CN
China
Prior art keywords
authentication
information
bank user
bank
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110875111.7A
Other languages
Chinese (zh)
Other versions
CN113656785B (en
Inventor
王宏丹
刘通
陈森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Financial Certification Authority Co ltd
Original Assignee
China Financial Certification Authority Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Financial Certification Authority Co ltd filed Critical China Financial Certification Authority Co ltd
Priority to CN202110875111.7A priority Critical patent/CN113656785B/en
Priority claimed from CN202110875111.7A external-priority patent/CN113656785B/en
Publication of CN113656785A publication Critical patent/CN113656785A/en
Application granted granted Critical
Publication of CN113656785B publication Critical patent/CN113656785B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present disclosure relates to a method and related product for performing identity authentication, authentication service for bank users, the method being performed by an overseas authentication front-end unit, comprising: responding to an identity authentication request of a bank user located outdoors, and acquiring first authentication information related to the bank user, wherein the first authentication information is generated by an authentication front-end unit based on first information input by the bank user; obtaining second authentication information related to the bank user from an authentication server located in the home, the second authentication information being generated by the authentication server based on second information entered by the bank user, wherein the second information is entered by the bank user via an authentication page located by an encrypted uniform resource locator provided by the authentication server; generating an identity authentication result for the bank user based on at least the first authentication information and the second authentication information; and sending the identity authentication result to the bank user. By using the scheme disclosed by the invention, double authentication can be realized so as to improve the safety.

Description

Method for identity authentication and authentication service of bank user and related product
Technical Field
The present disclosure relates generally to the field of cross-border bank account opening technology. More particularly, the present disclosure relates to a method for authenticating a bank user, and a system and a computer-readable storage medium for authenticating a bank user.
Background
With the rapid development of domestic economy and the continuous opening of markets, the desire of enterprises and individuals to go out is increasingly strong, and the scale of people who stay on study abroad, travel across borders and seek medical advice overseas is increasingly increased. The demand of people on cross-border finance is continuously and rapidly increased, so that the cross-border financial service becomes an important direction for financial enterprises to develop international business. However, current technologies do not provide correspondingly good support for security measures for cross-border financial services. Therefore, how to improve the security of business transactions (such as cross-border bank account opening, cross-border account opening identity authentication, cross-border transfer, remittance, etc.) in cross-border financial services becomes a technical problem to be solved.
Disclosure of Invention
To at least partially address the technical problems noted in the background, aspects of the present disclosure provide a solution for authenticating a bank user involved in a cross-border banking service. By using the scheme disclosed by the invention, the identity authentication under the cross-border situation can be realized, so that the security level of the cross-border banking business is improved, and the transaction security of the banking business is ensured. To this end, the present disclosure provides solutions in a number of aspects as follows.
In one aspect, the present disclosure provides a method for authenticating a bank user, the method being performed by an overseas authentication front-end unit and comprising: responding to an identity authentication request of a bank user located outdoors, and acquiring first authentication information related to the bank user, wherein the first authentication information is generated by the authentication front-end unit based on first information input by the bank user; obtaining second authentication information related to the bank user from an authentication server located within a home, wherein the second authentication information is generated by the authentication server based on second information entered by the bank user, wherein the second information is entered by the bank user via an authentication page located by an encrypted uniform resource locator provided by the authentication server; generating an identity authentication result for the bank user based on at least the first authentication information and the second authentication information; and sending the identity authentication result to the bank user.
In one embodiment, wherein the first authentication information comprises a first hash value and a first check value, the second authentication information comprises a second hash value and a second check value, wherein generating the authentication result for the bank user based on at least the first authentication information and the second authentication information comprises: comparing the first hash value and the first check value with the second hash value and the second check value; and generating an identity authentication result aiming at the bank user based on the comparison result.
In another embodiment, the first hash value and the first check value are generated by calculation of the first information by using an authentication certificate via the authentication front-end unit, and the second hash value and the second check value are generated by calculation of the second information by using an authentication certificate via the authentication server, wherein the first information and the second information include bank card information and identity information of the bank user.
In yet another embodiment, wherein generating an authentication result for the bank user based on at least the first authentication information and the second authentication information further comprises: comparing the first hash value and the first check value with the second hash value and the second check value; and generating an identity authentication result aiming at the bank user based on the comparison result and face recognition result information, wherein the face recognition result information is generated by executing face recognition operation on the bank user through the authentication page positioned by the encrypted uniform resource locator provided by the authentication server.
In yet another embodiment, wherein generating an authentication result for the bank user based on the comparison result and the face recognition result information comprises: generating an authentication result with successful identity authentication when the face recognition result is correct and the first hash value and the first check value are consistent with the second hash value and the second check value; and generating an authentication result of identity authentication failure in response to the face recognition result being wrong and/or the first hash value and the first check value being inconsistent with the second hash value and the second check value.
In yet another embodiment, the authentication certificate is requested to the authentication server via the authentication front-end unit to be acquired; or the authentication certificate is obtained by requesting an update or verification from the authentication server based on a history authentication certificate via the authentication front-end unit.
In another aspect, the present disclosure also provides a method for identity authentication service of a bank user, the method being performed by an authentication server located within a premises and comprising: responding to an identity authentication request of a bank user located outdoors, the authentication server provides an authentication page located by an encryption uniform resource locator to an authentication front-end unit located outdoors; the authentication server generates authentication information based on information entered at the authentication page via the bank user; and transmitting the authentication information to the authentication front-end unit.
In yet another aspect, the present disclosure also provides a system for authenticating a bank user, comprising: the authentication client is arranged outside the country and is configured to receive information input by bank users located outside the country; an authentication server, disposed within the environment, configured to implement the foregoing embodiments; and an authentication front-end unit, configured to cooperate with the authentication client and the authentication server to implement the foregoing embodiments.
In one embodiment, the authentication client is further configured to prompt the bank user to jump to an authentication page located by an encrypted uniform resource locator via a browser.
In yet another aspect, the present disclosure also provides a computer readable storage medium comprising computer program instructions for authenticating a bank user and/or for authenticating a bank user, which when executed by one or more processors, cause the aforementioned embodiments to be implemented.
By the scheme of the disclosure, double authentication can be performed by utilizing first information input by an overseas bank user and second information input by an authentication page located by an encrypted uniform resource locator provided by an domestic authentication server. Further, an identity authentication result for the overseas bank user is obtained based on the first authentication information generated by the first information and the second authentication information generated by the second information, thereby ensuring the security of the cross-border banking transaction.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. In the drawings, several embodiments of the disclosure are illustrated by way of example and not by way of limitation, and like or corresponding reference numerals indicate like or corresponding parts and in which:
FIG. 1 is an exemplary flow diagram illustrating a method for authenticating a bank user according to an embodiment of the present disclosure;
FIG. 2 is an exemplary flow diagram illustrating the preceding steps of authentication credential acquisition according to an embodiment of the present disclosure;
FIG. 3 is an exemplary flow diagram illustrating a method of authenticating a bank user according to an embodiment of the present disclosure;
FIG. 4 is a block diagram illustrating an exemplary architecture of a system for authenticating a bank user according to an embodiment of the present disclosure; and
fig. 5 is an exemplary diagram illustrating one particular embodiment for authenticating a bank user according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings. It should be understood that the embodiments described in this specification are only some of the embodiments provided by the present disclosure to facilitate a clear understanding of the aspects and to comply with legal requirements, and not all embodiments in which the present invention may be practiced. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed in the specification without making any creative effort, shall fall within the protection scope of the present disclosure.
Fig. 1 is an exemplary flow diagram illustrating a method 100 for authenticating a bank user according to an embodiment of the present disclosure. In the context of the present disclosure, the method 100 herein may be performed by an authentication head unit located overseas (e.g., in a harbor or other country).
As shown in fig. 1, at step S102, the authentication front-end unit obtains first authentication information related to the bank user in response to an identity authentication request of the bank user located abroad, wherein the first authentication information is generated by the authentication front-end unit based on the first information entered by the bank user. In one embodiment, the first information may include bank card information and identity information of an overseas bank user, and the bank card information may be information such as a bank card number, a bank card password, and a bank card reserved mobile phone number, and the identity information may be information such as a bank user name, an identification number, and the like.
In one embodiment, the first information may be entered by the bank user via a page (also referred to as a login page) provided by the authentication front-end unit, and the first information is calculated by the authentication front-end unit using the authentication certificate to generate the first authentication value. The aforementioned first authentication value may include a first hash value and a first check value.
Next, at step S104, the authentication front-end unit further obtains second authentication information related to the bank user from an authentication server located within the home, wherein the second authentication information is generated by the authentication server based on second information entered by the bank user via an authentication page located by an encrypted uniform resource locator provided by the authentication server. Similar to the first information, the second information may also include bank card information and identity information of an overseas bank user, and the bank card information may be, for example, information such as a bank card number, a bank card password, and a bank card reserved mobile phone number, and the identity information may be, for example, information such as a bank user name and an identification number. Different from the first information, the second information is input by the bank user through the authentication page positioned by the encryption uniform resource locator. In some embodiments, the aforementioned second information is calculated by the authentication server using the authentication certificate to generate a second authentication value, and the second authentication value may include a second hash value and a second check value.
Based on the first authentication value and the second authentication value obtained above, at step S106, the authentication front-end unit generates an identity authentication result for the bank user based on at least the first authentication information and the second authentication information. In one embodiment, the authentication front-end unit may compare the first hash value and the first check value with the second hash value and the second check value, and generate an identity authentication result for the bank user based on the comparison result. When the first hash value and the first check value are consistent with the second hash value and the second check value, generating an authentication result of successful identity authentication; in contrast, when the first hash value and the first check value are not identical to the second hash value and the second check value, an authentication result in which the identity authentication fails is generated.
After generating the authentication result for the bank user authentication, the method 100 proceeds to step S108. At this step, the authentication front-end unit sends the identity authentication result to the bank user. In one embodiment, the authentication front-end unit may send the aforementioned identity authentication result (including an authentication result of successful identity authentication or an authentication result of failed identity authentication) to the mobile device of the bank user or to the authentication client by means of, for example, a short message, and display the aforementioned identity authentication result via the authentication client. When the identity authentication is successful, the bank user can perform subsequent operations through the authentication client.
By combining the above description, the scheme of the present disclosure realizes dual authentication through the first information entered by the bank user via the login page provided by the overseas authentication front-end unit and the second information entered by the authentication page located by the encryption uniform resource locator provided by the domestic authentication server, thereby improving the security of cross-border banking transactions.
In order to further improve the security in the identity authentication process, the scheme of the disclosure may further perform a face recognition operation on the bank user via the authentication page located by the encrypted uniform resource locator provided by the authentication server to generate face recognition result information. Based on this, the authentication front-end unit may further include comparing the first hash value and the first check value with the second hash value and the second check value, and generate the identity authentication result for the bank user based on at least the first authentication information and the second authentication information. And further, generating an identity authentication result for the bank user based on the comparison result and the face recognition result information. More specifically, when the face recognition result is correct, and the first hash value and the first check value are consistent with the second hash value and the second check value, an authentication result with successful identity authentication is generated. And when the face recognition result is wrong and/or the first hash value and the first check value are inconsistent with the second hash value and the second check value, generating an authentication result of which the identity authentication fails.
As can be seen from the foregoing description, the first hash value and the first check value are generated by computing the first information by using the authentication certificate via the authentication front-end unit, and the second hash value and the second check value are generated by computing the second information by using the authentication certificate via the authentication server. It will be appreciated that the aforementioned authentication certificate (i.e., digital certificate) is an internet "electronic identification card" that can be used to identify individual information of an information unit. After the digital certificate is installed in the website server, the true identity of the server can be proved to the website visitor. Thus, the role of the authentication certificate is in the confidentiality of information transfer, the integrity of data interaction, the non-repudiation of transmitted information, and the certainty of the identity of the transactor. For example, the service transaction data is signed by using the authentication certificate, so that the transaction can be effectively prevented from being tampered and repudiated.
In one embodiment, the authentication certificate may be obtained by requesting the authentication server via the authentication front-end unit. Furthermore, the authentication certificate may be obtained by requesting an update or verification from the authentication server based on a history authentication certificate via the authentication front-end unit. In some embodiments, the above-mentioned obtaining of the authentication certificate may be understood as a preceding step of the disclosed embodiment for authenticating the identity of the bank user. The preceding steps of the certificate acquisition will be described in detail below with reference to fig. 2.
Fig. 2 is an exemplary flow diagram illustrating a pre-step 200 of authentication credential acquisition according to an embodiment of the present disclosure. The pre-step 200 is implemented by the authentication pre-unit 201 interacting with the authentication server 202. As shown in fig. 2, at step S201, the authentication front-end unit 201 transmits a login request to the authentication server 202 to perform login authentication with the authentication server 202. After the authentication server 202 receives the aforementioned login request, in step S202, the authentication server 202 performs login authentication (i.e., Token authentication) with the authentication front-end unit 201. It should be understood that Token is generated based on the authentication client frequently requesting data from the authentication server, and frequently querying the database for information (such as a user name and a password) of the bank user via the authentication server for comparison, and then making a corresponding prompt based on whether the comparison result is correct. For example, the Token may be a string generated by the authentication server as a "Token" requested by the authentication front-end unit. After the authentication preposing unit logs in for the first time, the authentication server returns the generated Token to the authentication preposing unit; when the authentication front-end unit logs in again, the authentication front-end unit only needs to carry the Token request data (e.g., the authentication certificate of the embodiment of the present disclosure).
After the login authentication is successful, at step S203, the authentication front-end unit 201 may decide whether to request application/update/verification of the authentication certificate from the authentication server 202 according to its configuration. In one implementation scenario, when the authentication front-end unit 201 does not need to apply for/update/verify the authentication certificate, at step S204, the authentication front-end unit 201 may directly use the historical authentication certificate to provide identity authentication for the bank user. Further, at step S205, the authentication front-end unit 201 transmits a logout request to the authentication server 202 to exit the front-end step. Next, the authentication server 202 receives the logout request, and at step S206, the authentication server 202 performs a login logout (also called Token logout) operation. In another implementation scenario, when the authentication front-end unit 201 needs to request the application/update/verification of the authentication certificate from the authentication server 202, at step S207, the authentication front-end unit 201 sends a request for application/update/verification of the authentication certificate to the authentication server 202.
Next, at step S208, the authentication server 202 receives the aforementioned request for applying/updating/verifying the authentication certificate. After the authentication server receives the aforementioned request for applying/updating/verifying the authentication certificate, at step S209, the authentication server 202 decides whether to issue/update/verify the authentication certificate to the authentication front-end unit 201 according to its configuration. In one implementation scenario, when the authentication server 202 does not need to issue/update/verify the authentication certificate to the authentication front-end unit 201, at step S210, the authentication server may directly provide the identity authentication service for the bank user by using the historical authentication certificate, and jump to step S206 to perform login and logout (i.e., Token logout) operation. In another implementation scenario, when the authentication server 202 needs to issue/update/verify the authentication certificate to the authentication front-end unit 201, the authentication server 202 issues the authentication certificate to the authentication front-end unit 201 at step S211. In some embodiments, the aforementioned authentication certificate may be a new authentication certificate requested to be applied for acquisition from the authentication server via the authentication front-end unit, or may also be an updated authentication certificate or a verified historical authentication certificate acquired after updating or verifying the historical authentication certificate requested to the authentication server based on the historical authentication certificate via the authentication front-end unit. Further, according to the authentication certificate issued by the authentication server, at step S212, the authentication front-end unit 201 receives the authentication certificate issued by the authentication server 202, so that it can be used for identity authentication of the bank user. Finally, the authentication front-end unit 201 and the authentication server 202 perform the interactive operation described in the above-described steps S205-S206 to exit the front-end step.
The authentication certificate obtained based on the preceding steps can be used for identity authentication of bank users and identity authentication service of the bank users. In one embodiment, the service of authenticating a bank user may be performed by an authentication server located within the home. In one embodiment, the authentication server may be, for example, a China Financial authentication center ("CFCA"). The method steps performed by the authentication server to perform the identity authentication service for the bank user will be described in detail below with reference to fig. 3.
Fig. 3 is an exemplary flow diagram illustrating a method 300 of authenticating a bank user according to an embodiment of the present disclosure. As shown in fig. 3, at step S302, in response to an authentication request of an identity of a bank user located abroad, the authentication server provides an authentication page located by the encrypted uniform resource locator to the authentication front-end unit located abroad. In one embodiment, the aforementioned authentication page may be returned to the authentication client by the authentication front-end unit, so that the bank user enters information (i.e., the second information described above) on the authentication page. After the authentication server obtains the information entered by the bank user, at step S304, the authentication server generates authentication information (i.e., the second authentication information described above) based on the information entered at the authentication page via the bank user. In one embodiment, the authentication information is generated by calculation of the entry information by using an authentication certificate via an authentication server, and the authentication information may include a hash value and a check value.
After generating the authentication information, the method 300 proceeds to step S306. In this step, the authentication server sends authentication information to the authentication front-end unit, so that the authentication front-end unit compares the authentication information (i.e. the second authentication information) with the first authentication information to generate an authentication result for the identity authentication of the bank user. As described above, when the two authentication information are the same as each other as a result of the comparison, an authentication result that the authentication is passed is generated. Otherwise, when the comparison result is that the two are not the same, the authentication result of unsuccessful or failed authentication is generated.
Fig. 4 is a block diagram illustrating an exemplary architecture of a system 400 for authenticating a bank user according to an embodiment of the present disclosure. As shown in fig. 4, the system 400 includes an authentication client 401, an authentication front-end unit 201, and an authentication server 202. Based on the foregoing description in conjunction with fig. 2, it can be understood that the authentication front-end unit 201 and the authentication server 202, i.e. the authentication front-end unit 201 and the authentication server 202, are described here, and therefore the description of the authentication front-end unit 201 and the authentication server 202 in fig. 2 above also applies to fig. 4, and therefore the same contents are not described in detail below.
In one embodiment, the authentication client 401 described above may be disposed overseas and used to receive information entered by a bank user located overseas. For example, the authentication client may receive information (i.e., first information) entered by a bank user located abroad on a page provided by the authentication front-end unit 201, and pass the information to the authentication server 202. In some embodiments, the authentication client 401 may also receive information (i.e., the second information) entered by a bank user located outside the bank on an authentication page located by an encrypted uniform resource locator provided by the authentication server 202 and pass the information to the authentication server 202. In addition, the authentication client 401 may also be configured to display an authentication result of the bank user identity authentication.
In one embodiment, the authentication server 202 may be disposed at home and the authentication front-end unit 201 may be disposed at abroad, and the mutual cooperation of the two may implement the embodiments described in accordance with fig. 1-3 above.
Fig. 5 is an exemplary diagram illustrating one particular embodiment for authenticating a bank user according to an embodiment of the present disclosure. It is to be understood that fig. 5 is a specific embodiment of the system 400 described above with respect to fig. 4, and therefore the description of the authentication client, the authentication server, and the authentication front-end unit described above applies equally to fig. 5.
As shown in fig. 5, at step S501, an overseas bank user logs in through the authentication client 401 and enters the bank account opening interface. Next, at step S502, the authentication client 401 calls a page (which may be referred to as a login page) provided by the authentication front-end unit 201, and receives first information (such as bank card information and identity information) entered by the bank user at the login page, thereby requesting the authentication front-end unit 201 for the authentication page located by the encryption uniform resource locator. The authentication front-end unit 201 responds to the request of the authentication client 401, requests the authentication server 202 for the authentication page located by the aforementioned encrypted uniform resource locator at step S503, and returns the authentication page to the authentication client 401. Further, the authentication server 202 responds to the request of the authentication front-end unit 201, and at step S504, the authentication server 202 provides the authentication page located by the encrypted uniform resource locator.
The authentication client 401 receives the authentication page located by the encrypted uniform resource locator returned by the authentication front-end unit 201, and at step S505, the authentication client 401 displays the authentication page located by the encrypted uniform resource locator to the bank user and receives the second information (for example, the bank card information and the identity information) entered by the bank user on the authentication page. The bank user enters information on two pages (i.e., the login page and the authentication page) respectively, and after the bank user confirms that the information is correct at the authentication client 401, the bank user performs a face recognition operation on the bank user through the authentication page located by the encrypted uniform resource locator to obtain face recognition result information at step S506.
Based on the information entered by the bank user and face recognition result information obtained by performing a face recognition operation on the bank user, the authentication front-end unit 201 acquires first information entered by the bank user on the login page at step S507, and calculates the first information using the authentication certificate to generate a first authentication value (including a first hash value and a first check value) at step S508. Similarly to the foregoing steps S507-S508, at step S509, the authentication server 202 acquires the second information and the face recognition result information entered by the bank user on the authentication page located by the encrypted uniform resource locator, and at S510 and step S510, the authentication server 202 verifies the face recognition result information and calculates the second information using the authentication certificate to generate a second authentication value (including a second hash value and a second verification value), respectively. Further, at step S512, the authentication server 202 returns the aforementioned second hash value and second check value and face recognition result information to the authentication front-end unit 201.
At step S513, the authentication front end unit 201 compares the first hash value and the first check value with the second hash value and the second check value based on the second hash value and the second check value returned by the authentication server 202 and the face recognition result information to obtain a comparison result. At step 514, the authentication front-end unit 201 generates an authentication result of the identity authentication based on the comparison result and the face recognition result information. Specifically, in response to the face recognition result being correct and the first hash value and the first check value being identical to the second hash value and the second check value, at step S515, an authentication result that the identity authentication is successful is generated. Otherwise, in response to the face recognition result being wrong and/or the first hash value and the first check value being inconsistent with the second hash value and the second check value, at step S516, an authentication result of the identity authentication failure is generated. Next, at step S517, the authentication front-end unit 201 transmits the authentication result to the authentication client 401.
Finally, at step S518, the authentication client 401 displays the authentication result of the bank user identity authentication, and when the identity authentication is successful, at step S519, the bank user may perform the subsequent operation via the authentication client 401.
In some embodiments, the authentication client 401 may be further configured to prompt the bank user to jump to an authentication page located by the encryption uniform resource locator via a browser. Taking the above-mentioned fig. 5 as an example, when the authentication client 401 receives the authentication page located by the encryption url returned by the authentication front-end unit 201, in step S505, the authentication client 401 may prompt the bank user to open, for example, a mobile browser, and jump to the authentication page located by the encryption url via the mobile browser. Next, the bank user may implement step S506 shown in fig. 5 at the browser, that is, at step S506, after the bank user may confirm that the information is error-free at the browser, the bank user may perform a face recognition operation on the bank user through the authentication page located by the encrypted uniform resource locator to obtain face recognition result information.
From the above description in conjunction with the accompanying drawings, those skilled in the art will also appreciate that embodiments of the present disclosure may also be implemented by software programs. The present disclosure thus also provides a computer program product. The computer program product may be used to implement the method for authenticating a bank user and for authenticating a bank user for a service as described in the present disclosure with reference to fig. l-3.
It should be noted that while the operations of the disclosed methods are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Rather, the steps depicted in the flowcharts may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
It should be understood that the terms "first," "second," "third," and "fourth," etc. used in the claims, the specification, and the drawings of the present disclosure are only used for distinguishing between different objects, and are not used to describe a particular order. The terms "comprises" and "comprising," when used in the specification and claims of this disclosure, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the disclosure herein is for the purpose of describing particular embodiments only, and is not intended to be limiting of the disclosure. As used in the specification and claims of this disclosure, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should be further understood that the term "and/or" as used in the specification and claims of this disclosure refers to any and all possible combinations of one or more of the associated listed items and includes such combinations.
Although the embodiments of the present invention are described above, the descriptions are only examples for facilitating understanding of the present invention, and are not intended to limit the scope and application scenarios of the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. A method for authenticating a bank user, the method being performed by an overseas authentication front-end unit and comprising:
responding to an identity authentication request of a bank user located outdoors, and acquiring first authentication information related to the bank user, wherein the first authentication information is generated by the authentication front-end unit based on first information input by the bank user;
obtaining second authentication information related to the bank user from an authentication server located within a home, wherein the second authentication information is generated by the authentication server based on second information entered by the bank user, wherein the second information is entered by the bank user via an authentication page located by an encrypted uniform resource locator provided by the authentication server;
generating an identity authentication result for the bank user based on at least the first authentication information and the second authentication information; and
and sending the identity authentication result to the bank user.
2. The method of claim 1, wherein the first authentication information includes a first hash value and a first check value, the second authentication information includes a second hash value and a second check value, wherein generating the authentication result for the bank user based on at least the first authentication information and the second authentication information comprises:
comparing the first hash value and the first check value with the second hash value and the second check value; and
and generating an identity authentication result aiming at the bank user based on the comparison result.
3. The method according to claim 2, wherein the first hash value and first check value are computationally generated by the authentication front-end unit using an authentication certificate for the first information, the second hash value and second check value are computationally generated by the authentication server using an authentication certificate for the second information,
wherein the first information and the second information comprise bank card information and identity information of the bank user.
4. The method of claim 3, wherein generating an authentication result for the bank user based at least on the first authentication information and the second authentication information further comprises:
comparing the first hash value and the first check value with the second hash value and the second check value; and
and generating an identity authentication result aiming at the bank user based on the comparison result and face recognition result information, wherein the face recognition result information is generated by performing face recognition operation on the bank user through the authentication page positioned by the encrypted uniform resource locator provided by an authentication server.
5. The method of claim 4, wherein generating an identity authentication result for the bank user based on the comparison result and the face recognition result information comprises:
generating an authentication result with successful identity authentication when the face recognition result is correct and the first hash value and the first check value are consistent with the second hash value and the second check value;
and generating an authentication result of identity authentication failure in response to the face recognition result being wrong and/or the first hash value and the first check value being inconsistent with the second hash value and the second check value.
6. The method according to claim 2 or 3, wherein the authentication certificate is requested to the authentication server via the authentication front-end unit for acquisition; or
The authentication certificate is acquired by requesting an update or verification from the authentication server based on a history authentication certificate via the authentication front-end unit.
7. A method for identity authentication service of a bank user, the method being performed by an authentication server located within a premises and comprising:
responding to an identity authentication request of a bank user located outdoors, the authentication server provides an authentication page located by an encryption uniform resource locator to an authentication front-end unit located outdoors;
the authentication server generates authentication information based on information entered at the authentication page via the bank user; and
and sending the authentication information to the authentication preposition unit.
8. A system for authenticating a bank user, comprising:
the authentication client is arranged outside the country and is configured to receive information input by bank users located outside the country;
an authentication server, disposed within the environment, configured to implement the method of claim 7; and
an authentication front-end unit for cooperating with the authentication client and the authentication server to implement the method according to any of claims 1-6.
9. The system of claim 8, wherein the authentication client is further configured to prompt the bank user to jump to an authentication page located by a cryptographic uniform resource locator via a browser.
10. A computer readable storage medium comprising computer program instructions for authenticating a bank user and/or for authenticating a bank user, the computer program instructions, when executed by one or more processors, cause the method of any one of claims 1-6 or claim 7 to be carried out.
CN202110875111.7A 2021-07-30 Method for carrying out identity authentication and authentication service on bank user and related products Active CN113656785B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110875111.7A CN113656785B (en) 2021-07-30 Method for carrying out identity authentication and authentication service on bank user and related products

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110875111.7A CN113656785B (en) 2021-07-30 Method for carrying out identity authentication and authentication service on bank user and related products

Publications (2)

Publication Number Publication Date
CN113656785A true CN113656785A (en) 2021-11-16
CN113656785B CN113656785B (en) 2024-07-02

Family

ID=

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108352021A (en) * 2015-09-30 2018-07-31 万事达卡国际公司 The method and system collected and reported for authentication data associated with online transaction
CN108550035A (en) * 2018-03-20 2018-09-18 中国银行股份有限公司 A kind of cross-border network bank business method and cross-border internet banking system
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
US10505925B1 (en) * 2017-09-06 2019-12-10 Amazon Technologies, Inc. Multi-layer authentication
CN112861089A (en) * 2021-03-17 2021-05-28 北京数字医信科技有限公司 Method, resource server, resource user side, device and medium for authorization authentication
CN112991042A (en) * 2021-02-26 2021-06-18 中国工商银行股份有限公司 Block chain-based identity authentication method, device, system and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108352021A (en) * 2015-09-30 2018-07-31 万事达卡国际公司 The method and system collected and reported for authentication data associated with online transaction
US10505925B1 (en) * 2017-09-06 2019-12-10 Amazon Technologies, Inc. Multi-layer authentication
CN108550035A (en) * 2018-03-20 2018-09-18 中国银行股份有限公司 A kind of cross-border network bank business method and cross-border internet banking system
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN112991042A (en) * 2021-02-26 2021-06-18 中国工商银行股份有限公司 Block chain-based identity authentication method, device, system and medium
CN112861089A (en) * 2021-03-17 2021-05-28 北京数字医信科技有限公司 Method, resource server, resource user side, device and medium for authorization authentication

Similar Documents

Publication Publication Date Title
US10430578B2 (en) Service channel authentication token
US10135820B2 (en) Server based biometric authentication
US10574650B2 (en) System for electronic authentication with live user determination
US10235672B2 (en) Securely receiving from a remote user sensitive information and authorization to perform a transaction using the sensitive information
US9548997B2 (en) Service channel authentication processing hub
EP3499795A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
US10579996B2 (en) Presenting a document to a remote user to obtain authorization from the user
JP2017530586A (en) System and method for authenticating a client to a device
US10580000B2 (en) Obtaining user input from a remote user to authorize a transaction
CN110223075B (en) Identity authentication method and device, computer equipment and storage medium
CN111901359B (en) Resource account authorization method, device, system, computer equipment and medium
CN113656785B (en) Method for carrying out identity authentication and authentication service on bank user and related products
CN113656785A (en) Method for identity authentication and authentication service of bank user and related product
CA2891432C (en) Securely receiving from a remote user sensitive information and authorization to perform a transaction using the sensitive information
EP3039626B1 (en) Presenting a document to a remote user to obtain authorization from the user
CN110351302B (en) Bank account login method, equipment and storage medium
KR101079740B1 (en) System for inputting information using terminal and method thereof
JP2023507568A (en) System and method for protection against malicious program code injection
CN114513350A (en) Identity verification method, system and storage medium
CN115834073A (en) Financial service information authentication system based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant