WO2017036243A1 - Login authentication method, authentication server, authentication client and login client - Google Patents

Login authentication method, authentication server, authentication client and login client Download PDF

Info

Publication number
WO2017036243A1
WO2017036243A1 PCT/CN2016/087485 CN2016087485W WO2017036243A1 WO 2017036243 A1 WO2017036243 A1 WO 2017036243A1 CN 2016087485 W CN2016087485 W CN 2016087485W WO 2017036243 A1 WO2017036243 A1 WO 2017036243A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
information
user
client
biometric
Prior art date
Application number
PCT/CN2016/087485
Other languages
French (fr)
Chinese (zh)
Inventor
刘先
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017036243A1 publication Critical patent/WO2017036243A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • This application relates to, but is not limited to, the field of terminal technology.
  • the smart terminal in the related art is gradually configured with biometric recognition functions such as fingerprint recognition, voiceprint recognition, iris recognition, etc., and has reached a commercial level.
  • biometric recognition functions such as fingerprint recognition, voiceprint recognition, iris recognition, etc.
  • the method of authenticating a user by biometrics has many advantages over the manner in which a user inputs a username and password, and the biometrics function in the related art is mainly applied to an application on a smart terminal, for example, an application passes through an underlying layer.
  • the interface invokes the corresponding hardware device to obtain biometric information of the user to identify the user.
  • biometric authentication in the related art generally has the following problems:
  • the application needs to identify whether the smart terminal has fingerprint recognition capability, or whether it has iris recognition capability, etc.; in addition, it may lead to a reduction in cross-device capability, even if the system interface is provided at the operating system level in the future, for application development There are cross-platform issues.
  • This document provides a login authentication method, an authentication server, an authentication client, and a login client to solve the problem that the application in the related art does not have the biometric collection when the user logs in through the biometric authentication.
  • the hardware causes the user to fail to log in, which causes great inconvenience to the user.
  • a login authentication method applied to an authentication server including:
  • the biometric information is compared with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  • the login authentication method further includes:
  • the biometric information includes at least one of fingerprint information, facial image information, iris information, and voiceprint information.
  • the login authentication method further includes:
  • the login authentication method further includes:
  • the triggering the authentication client to collect the biometric information of the user according to the authentication request message includes:
  • the biometric feature collection request information is sent to the authentication client, so that the authentication client collects the biometric information of the user according to the biometric feature collection request information.
  • the sending the biometric feature collection request information to the authentication client, so that the authentication client collects the biometric information of the user according to the biometric feature collection request information, the login The authentication method also includes:
  • the triggering the authentication client to collect the biometric information of the user according to the authentication request message includes:
  • Receiving the biometric information collected by the authentication client including:
  • the authentication client And receiving, by the authentication client, the biometric information and the session identifier, where the biometric information is collected by the authentication client according to the session identifier input by a user.
  • An authentication server that includes:
  • the authentication request obtaining module is configured to: obtain an authentication request message generated by the login client according to the user identity information that the user logs in;
  • the triggering module is configured to: trigger the authentication client to collect the biometric information of the user according to the authentication request message acquired by the authentication request acquisition module;
  • the first receiving module is configured to: receive biometric information collected by the authentication client;
  • the comparison module is configured to: compare the biometric information received by the first receiving module with the registered biometric information corresponding to the pre-stored user identity information, and generate an authentication result.
  • the authentication server further includes:
  • the first sending module is configured to: after the comparing module generates the authentication result, send the authentication result to the login client.
  • the authentication server further includes:
  • the registration information obtaining module is configured to: obtain the registration identifier information and the registered biometric information of the user collected by the authentication client before the authentication request obtaining module acquires the authentication request message generated by the login client;
  • the registration module is configured to: generate the unique identification information of the user according to the registration identification information acquired by the registration information acquisition module, and store the unique identification information of the user and the registered biometric information to generate a user. Biometric registration information.
  • the authentication server further includes:
  • a registration result generating module configured to: generate a registration result according to the user biometric registration information generated by the registration module;
  • the second sending module is configured to: send the registration result generated by the registration result generating module and the unique identification information generated by the registration module to the authentication client, so that the authentication client is configured according to the registration The result saves the identity information.
  • the trigger module includes:
  • the collection request generating unit is configured to generate biometric collection request information according to the user identification information in the authentication request message acquired by the authentication request acquisition module;
  • the first sending unit is configured to: send the biometric feature collection request information generated by the collection request generating unit to the authentication client, so that the authentication client is configured according to the biometric
  • the collection request information collects biometric information of the user.
  • the authentication server further includes:
  • Obtaining a module configured to: obtain the identity identification information saved by the authentication client before the first sending unit sends the biometric feature collection request information to the authentication client;
  • the channel establishing module is configured to: establish a communication channel with the authentication client according to the identity information saved by the certificate client acquired by the acquiring module.
  • the trigger module includes:
  • An allocating unit configured to: allocate a session identifier to an authentication session corresponding to the authentication request message;
  • a second sending unit configured to: send the session identifier of the allocation unit to the login client;
  • the first receiving module is configured to: receive the biometric information and the session identifier sent by the authentication client, where the biometric information is the authentication client according to the user input The session ID was collected.
  • a login authentication method applied to an authentication client including:
  • the collected biometric information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  • the login authentication method before the collecting the biometric information of the user according to the triggering of the authentication request message acquired by the authentication server, the login authentication method further includes:
  • the authentication server Sending the registration identifier information and the registration biometric information to the authentication server, so that the authentication server generates the identity identification information unique to the user according to the registration identifier information, and the unique identifier of the user
  • the information is stored corresponding to the registered biometric information to generate user biometric registration information.
  • the login authentication method further includes:
  • the identity information is saved according to the registration result.
  • An authentication client that includes:
  • the biometric collection module is configured to: collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
  • the third sending module is configured to: send the biometric information collected by the biometrics collection module to the authentication server, so that the authentication server associates the biometric information with pre-stored user identity information.
  • the biometric information is registered for comparison to generate an authentication result.
  • the authentication client further includes:
  • the registration information collection module is configured to: before the biometric collection module collects biometric information of the user, collect registration information of the user and register biometric information;
  • the fourth sending module is configured to: send the registration identifier information collected by the registration information collection module and the registered biometric information to the authentication server, so that the authentication server generates the identifier according to the registration identifier information.
  • the user unique identifier information, and the user unique identifier information is stored corresponding to the registered biometric information to generate user biometric registration information.
  • the authentication client further includes:
  • the second receiving module is configured to: receive the registration result sent by the authentication server and the identity identification information unique to the user, where the registration result is generated by the authentication server according to the user biometric registration information;
  • the saving module is configured to: save the identity identification information according to the registration result received by the second receiving module.
  • a login authentication method applied to a login client including:
  • the login authentication method further includes:
  • the login authentication method further includes:
  • a login client that includes:
  • the login information collection module is configured to: collect user identification information when the user logs in;
  • the authentication request generating module is configured to: generate an authentication request message according to the user identity information collected by the login information collection module;
  • the fifth sending module is configured to: send the authentication request message generated by the authentication request generating module to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request message.
  • the login client further includes:
  • the authentication result receiving module is configured to: after the fifth sending module sends the authentication request message to the authentication server, receive an authentication result fed back by the authentication server.
  • the login client further includes:
  • a session identifier receiving module configured to: after the fifth sending module sends the authentication request message to the authentication server, receive a session identifier sent by the authentication server, where the session identifier is the authentication server Assigned to the authentication session corresponding to the authentication request message.
  • the login authentication method, the authentication server, the authentication client, and the login client provided by the embodiment of the present invention, the authentication server triggers the authentication client to collect the biometric information of the user, so that the authentication server receives the authentication request message generated by the login client.
  • the biometric information obtained is compared with the registered biometric information corresponding to the pre-stored user identity information, and the authentication result is generated;
  • the embodiment of the present invention can trigger the biometric information collection by using the authentication server.
  • the terminal where the login client is located does not have the biometric feature collection capability, the user can also use the biometric information to perform the login operation, thereby improving the flexibility of the user operation.
  • FIG. 1 is a schematic flowchart of a login authentication method according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of another login authentication method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a registration process in a login authentication method according to an embodiment of the present disclosure
  • FIG. 4 is a schematic diagram of an interaction process of a login authentication method according to an embodiment of the present disclosure
  • FIG. 5 is a schematic flowchart of still another login authentication method according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of another registration process in a login authentication method according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram of an interaction process of another login authentication method according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of an authentication server according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of an authentication server according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic flowchart of still another login authentication method according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic structural diagram of an authentication client according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic structural diagram of another authentication client according to an embodiment of the present disclosure.
  • FIG. 13 is a schematic flowchart of still another login authentication method according to an embodiment of the present invention.
  • FIG. 14 is a schematic structural diagram of a login client according to an embodiment of the present disclosure.
  • FIG. 15 is a schematic structural diagram of another login client according to an embodiment of the present invention.
  • the terminal that operates the application does not have the hardware for collecting biometric features, so that the user cannot log in, which brings great operation to the user.
  • a login authentication method, an authentication server, an authentication client, and a login client are provided.
  • FIG. 1 is a schematic flowchart diagram of a login authentication method according to an embodiment of the present invention.
  • the login authentication method provided in this embodiment is applied to the authentication server, and the method may include the following steps, that is, steps 110 to 140:
  • Step 110 Acquire an authentication request message generated by the login client according to the user identity information when the user logs in.
  • Step 120 The authentication client is triggered to collect biometric information of the user according to the authentication request message.
  • the biometric information in the embodiment of the present invention may include all the feature information that can distinguish the user, such as fingerprint information, facial image information, iris information, and voiceprint information, and the biometric information may include one of the feature information. Item or multiple items.
  • Step 130 Receive biometric information collected by the authentication client.
  • Step 140 Compare the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  • the login client in the embodiment of the present invention is usually embedded in an application, and the application is located on the terminal, for example, an application on a mobile phone, or an application such as the Internet on a computer.
  • Program an authentication client is a device that collects biometrics required for a user to log in, and may be located on the same terminal as the application or on a terminal different from the application.
  • the authentication server needs to generate an authentication result to the application where the login client is located after the authentication is completed, so that the application provides the user with a subsequent operation function according to the authentication result.
  • the registration of the user is usually required before the user logs in.
  • FIG. 2 another login authentication method provided by the embodiment of the present invention is provided. Schematic diagram of the process.
  • the method provided in this embodiment further includes the step of registering the user before the step 110.
  • the implementation manner of the user registration may include the following steps, that is, steps 100 to 101:
  • Step 100 Obtain registration information and registered biometric information of the user collected by the authentication client.
  • Step 101 Generate unique identity information of the user according to the registration identifier information, and store the unique identity information of the user and the registered biometric information to generate user biometric registration information.
  • the registered biometric information in this embodiment may also be one of fingerprint information, facial image information, iris information, and voiceprint information, or may be a combination of multiple.
  • the authentication client may detect the registration identifier information of the user when the user registers. For example, the authentication client specifies that the user's mobile phone number is used as the unique identity information of the user, when the user inputs When the mobile phone number is an already registered number, it cannot be registered with the mobile phone number. In this case, the user needs to change another mobile phone number to register; and some authentication clients may not identify the identification information when the user registers.
  • the authentication server assigns a unique identity information to the user.
  • the registration information is saved in the authentication server, and the login operation can be performed according to the login client when the subsequent user uses the application.
  • step 120 may include the following steps, that is, step 121 to step 122:
  • Step 121 Generate biometric collection according to user identity information in the authentication request message.
  • Request information
  • Step 122 The biometric feature collection request information is sent to the authentication client, so that the authentication client collects biometric information of the user according to the biometric feature collection request information.
  • the login authentication method provided in this embodiment is in step 110.
  • it can also include:
  • Step 102 Generate a registration result according to user biometric registration information.
  • Step 103 Send the registration result and the unique identity information of the user to the authentication client, so that the authentication client saves the identity identification information according to the registration result.
  • the authentication server needs to perform the following steps, that is, steps 123 to 124:
  • Step 123 Obtain identity identification information saved by the authentication client.
  • Step 124 Establish a communication channel with the authentication client according to the identity information saved by the client.
  • the login user when the login user does not use the authentication client to log in to the authentication server, the login user needs to log in to the authentication client side first.
  • the authentication server can Sending the biometrics collection request information to the authentication client used by the corresponding user to log in; and when the authentication client disconnects from the authentication server due to the shutdown or power failure of the terminal, after the authentication client is started again,
  • the user automatically logs in according to the identity information stored by the user, establishes a communication channel with the authentication server, and waits to receive the biometric collection request information of the authentication server.
  • the user can also use other authentication clients to log in to the authentication server to establish and authenticate.
  • the communication channel between the servers waits to receive the biometric collection request information of the authentication server.
  • FIG. 3 it is a schematic diagram of a registration process in the login authentication method provided in this embodiment.
  • the process of the user using the authentication client and the authentication server to perform the registration may include the following steps, that is, steps 201 to 205:
  • Step 201 The authentication client collects the registration identifier information of the user (for example, the user name, email address, and the like input by the user) and the registered biometric information of the user.
  • the registration identifier information of the user may also include the registration information used by the user. Some other personal information, such as: gender, home address, etc.;
  • Step 202 The authentication client submits the registration identifier information and the registered biometric information of the user to the authentication server, where the submission refers to the authentication client using the interface or protocol between the authentication server and the user biometric registration information collected by the authentication server.
  • the format is sent to the authentication server;
  • Step 203 The authentication server generates the unique identity information of the user according to the registration identifier information, and stores the unique identity information of the user and the registered biometric information to generate the biometric registration information of the user.
  • the identity is The identification information is information that uniquely identifies the identity of the user. For example, it may be the user's email address, the mobile phone number, or an identifier generated by the authentication server itself.
  • Step 204 The authentication server generates a registration result, and sends the registration result and the unique identity information of the user to the authentication client.
  • Step 205 The authentication client saves the identity identification information according to the registration result. It should be noted that the authentication client only saves the identity identification information when the registration result indicates that the user registration is successful.
  • the authentication client saves the identity information in order to facilitate the establishment of a communication channel between the authentication client and the authentication server.
  • the communication channel herein may be an IP Push channel.
  • FIG. 4 is a schematic diagram of an interaction process of a login authentication method according to an embodiment of the present invention.
  • the interaction process of the authentication server, the authentication client, and the login client on the application may include the following steps, namely, steps 301 to 308:
  • Step 301 The login client in the application obtains the user identity information of the user login, and the acquisition manner may be various, such as manually input by the user, or the authentication client may be in the user registration step by using the near field communication method.
  • the saved user identity is sent to the application, etc., and the manner of obtaining depends on the application scenario;
  • Step 302 After the login client obtains the user identity, sends a request authentication to the authentication server. a message, the request authentication message carries user identity information;
  • Step 303 The authentication server generates a biometrics collection request message according to the user identity identification information in the request authentication message.
  • Step 304 The authentication server sends a biometrics collection request message to the authentication client.
  • the implementation manner of the step may be a subscription publishing technology in the related art.
  • the biometric collection request message may be notified by using an IP Push-based subscription publishing method.
  • the authentication client used by the login user to log in to the authentication server.
  • Step 305 The authentication client collects biometric information of the user according to the biometric collection request information.
  • the authentication client receives the biometric collection request message and then guides the user to complete biometric information collection, for example, using fingerprint identification technology to obtain Fingerprint information to the user;
  • Step 306 The authentication client returns the collected biometric information of the user to the authentication server.
  • Step 307 The authentication server performs login authentication of the user according to the biometric information fed back by the authentication client.
  • the authentication server may automatically identify the user identity information corresponding to the biometric information, and then in the biometric registration information of the user. Finding the registered biometric information corresponding to the user identity information, and then comparing the biometric information with the registered biometric information, and generating an authentication result. If the biometric information is consistent with the registered biometric information, the authentication is passed. Otherwise the certification does not pass;
  • Step 308 The authentication server returns the authentication result to the application where the login client is located, so that the application provides the user with a subsequent operation according to the authentication result.
  • an authentication server to associate the authentication client of the biometric collection with the login client in the application, when the terminal where the application is located has the biometric collection capability, The application can not directly call the communication interface of the biometrics to communicate with the hardware, which reduces the development difficulty of the application; when the terminal where the application is located does not have the biometric collection capability, the authentication server passes the application and the authentication client.
  • the cooperation of the end can also realize the capability of collecting biometrics, so that the user can also log in to the application by using the biometric information.
  • the first embodiment of the present invention improves the flexibility of the user operation.
  • FIG. 5 Another schematic diagram of the process of login authentication method.
  • the implementation of the step 120 in this embodiment may include the following steps, that is, steps 125 to 126:
  • Step 125 Assign a session identifier to the authentication session corresponding to the authentication request message.
  • Step 126 the session identifier is sent to the login client.
  • the implementation of the step 130 in this embodiment may be: receiving biometric information and a session identifier sent by the authentication client, where the biometric information is collected by the authentication client according to the session identifier input by the user.
  • the IP Push mode in the foregoing embodiment is used to trigger the authentication client to collect biometric information, but the authentication server generates a session identifier according to the authentication request message, and the session identifier is generated.
  • the instruction for triggering the authentication client to collect the biometric information the authentication client knows the session identifier in a specific manner, and then collects the biometric information.
  • the communication channel between the authentication server and the authentication client does not need to be established, so the authentication client side does not need to save the identity information registered by the user, as shown in FIG.
  • FIG. A schematic diagram of another registration process in the login authentication method provided by the example.
  • the user registration process in this embodiment may include the following steps, that is, steps 401 to 403:
  • Step 401 The authentication client collects the registration identifier information of the user (for example, the user name, email address, and the like input by the user) and the registered biometric information of the user.
  • the registration identifier information of the user may further include some other personal information used by the user when registering, for example, gender, home address, and the like;
  • Step 402 The authentication client submits the registration identifier information and the registered biometric information of the user to the authentication server, where the submission refers to the authentication client using the interface or protocol between the authentication server and the user biometric registration information collected by the authentication server.
  • the format is sent to the authentication server;
  • Step 403 The authentication server generates the unique identity information of the user according to the registration identifier information, and stores the unique identity information of the user and the registered biometric information to generate the biometric registration information of the user.
  • the identity information is information that uniquely identifies the identity of the user. For example, it may be the user's email address, the mobile phone number, or an identifier generated by the authentication server itself.
  • FIG. 7 is a schematic diagram of an interaction process of another login authentication method according to an embodiment of the present invention.
  • the interaction process of the authentication server, the authentication client, and the login client on the application may include the following steps, that is, steps 501 to 512:
  • Step 501 The login client in the application acquires user identity information that is logged in by the user.
  • Step 502 After the login client obtains the user identity, it sends a request authentication message to the authentication server, where the request authentication message carries the user identity information.
  • Step 503 The authentication server generates a session identifier according to the request authentication message. It should be noted that the session identifier is used to uniquely identify the user authentication process.
  • Step 504 The login client sends an authentication session identifier request message to the authentication server.
  • Step 505 The authentication server feeds back the session identifier to the login client.
  • Step 506 The login client exposes the received session identifier to the user, for example, may be directly displayed on the login interface, or the login client generates the session identifier as a two-dimensional code image for the user to use;
  • Step 507 The user inputs the session identifier to the authentication client, and the user may directly input the session identifier, or may use the operation authentication client to scan the two-dimensional code, and then the authentication client obtains the session identifier by parsing the two-dimensional code. the way;
  • Step 508 The authentication client collects biometric information of the user according to the session identifier. In this step, the authentication client guides the user to complete biometric collection according to the session identifier.
  • Step 509 The authentication client returns the collected biometric information and the session identifier of the user to the authentication server.
  • Step 510 The authentication service performs login authentication of the user.
  • the authentication server searches for the user identity information corresponding to the session identifier according to the session identifier fed back by the authentication client, and then searches for the user identity in the user biometric registration information. Identifying the registered biometric information corresponding to the information, and then comparing the biometric information with the registered biometric information, and generating an authentication result. If the biometric information is consistent with the registered biometric information, the authentication is passed, otherwise the authentication fails. ;
  • Step 511 The login client requests the user authentication result from the authentication server.
  • the step may be triggered by a mechanism, such as a periodic polling, a user operation, or the like, to query the authentication server for the result of the current authentication, and the query carries the session identifier.
  • Step 512 The authentication server returns the authentication result to the application where the login client is located according to the request of the login client, so that the application provides the user with a subsequent operation according to the authentication result.
  • the login authentication method provided in this embodiment reduces the development difficulty of the authentication server compared with the foregoing embodiment.
  • the application is decoupled from the biometric collection authentication, so that the application is When the terminal is unable to collect biometric features, the user can also log in according to the biometrics.
  • This method realizes that the terminal where the application is located does not need to call its own hardware device, so that the user can log in according to the biometric feature.
  • the embodiment of the invention improves the cross-platform capability of biometric login authentication, and is convenient for user operation.
  • FIG. 8 is a schematic structural diagram of an authentication server according to an embodiment of the present invention.
  • the authentication server provided in this embodiment includes:
  • the authentication request obtaining module 11 is configured to: obtain an authentication request message generated by the login client according to the user identity information;
  • the triggering module 12 is configured to: according to the authentication request acquiring the authentication request message acquired by the module 11, triggering the authentication client to collect the biometric information of the user;
  • the first receiving module 13 is configured to: receive biometric information collected by the authentication client;
  • the comparison module 14 is configured to compare the biometric information received by the first receiving module 13 with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  • FIG. 9 is a schematic structural diagram of an authentication server according to an embodiment of the present invention.
  • the authentication server in this embodiment may further include:
  • the first sending module 15 is configured to: after the comparison module 13 generates the authentication result, send the authentication result to the login client.
  • the authentication server in this embodiment may further include:
  • the registration information obtaining module 16 is configured to: obtain the registration identifier information and the registered biometric information of the user collected by the authentication client before the authentication request obtaining module 11 obtains the authentication request message generated by the login client;
  • the registration module 17 is configured to: according to the registration identifier information acquired by the registration information obtaining module 16, The user's unique identity information is generated, and the unique identity information of the user is stored in association with the registered biometric information to generate user biometric registration information.
  • the authentication server in this embodiment may further include:
  • the registration result generating module 18 is configured to: generate a registration result according to the user biometric registration information generated by the registration module 17;
  • the second sending module 19 is configured to: send the registration result generated by the registration result generating module 18 and the unique identification information generated by the registration module 17 to the authentication client, so that the authentication client saves the registration result according to the registration result. Describe the identity information.
  • the triggering module 12 may include:
  • the collection request generating unit is configured to generate biometric collection request information according to the user identification information in the authentication request message acquired by the authentication request acquisition module 11;
  • the first sending unit is configured to: send the biometric collection request information generated by the collection request generating unit to the authentication client, so that the authentication client collects biometric information of the user according to the biometric feature collection request information.
  • the authentication server in this embodiment may further include:
  • Obtaining a module configured to: obtain, after the first sending unit sends the biometric collection request information to the authentication client, the identity identification information saved by the authentication client;
  • the channel establishment module is configured to: establish a communication channel with the authentication client according to the identity identification information acquired by the acquisition module.
  • the triggering module 12 may include:
  • An allocating unit configured to: allocate a session identifier to an authentication session corresponding to the authentication request message;
  • the second sending unit is configured to: send the session identifier assigned by the allocating unit to the login client.
  • the implementation manner of the first receiving module 13 in this embodiment may be: receiving biometric information and a session identifier sent by the authentication client, where the biometric information is the session that the authentication client inputs according to the user. Identification of the collection.
  • FIG. 10 is a schematic flowchart diagram of still another login authentication method according to an embodiment of the present invention.
  • the login authentication method provided in this embodiment is applied to the authentication client.
  • the method may include the following steps, that is, steps 610 to 620:
  • Step 610 Collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server.
  • Step 620 The collected biometric information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  • the login authentication method provided in this embodiment may further include:
  • the registration identifier information and the registration biometric information are sent to the authentication server, so that the authentication server generates the user's unique identity identification information according to the registration identifier information, and stores the unique identity identification information and the registered biometric information to generate a user biometric.
  • Feature registration information is sent to the authentication server, so that the authentication server generates the user's unique identity identification information according to the registration identifier information, and stores the unique identity identification information and the registered biometric information to generate a user biometric.
  • the login authentication method provided in this embodiment may further include:
  • the identity information is saved according to the registration result, wherein the registration result is generated by the authentication server according to the user biometric registration information.
  • the authentication client may include:
  • the biometrics collection module 21 is configured to: collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
  • the third sending module 22 is configured to: collect the biometrics collected by the biometrics acquiring module 21 The levy information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity to generate an authentication result.
  • FIG. 12 it is a schematic structural diagram of another authentication client provided by an embodiment of the present invention.
  • the authentication client provided in this embodiment may further include:
  • the registration information collection module 23 is configured to: before the biometric collection module 21 collects biometric information of the user, collect registration information and registered biometric information of the user;
  • the fourth sending module 24 is configured to: send the registration identifier information and the registered biometric information collected by the registration information collection module 23 to the authentication server, so that the authentication server generates the unique identifier information of the user according to the registration identifier information, and the The unique identification information of the user is stored corresponding to the registered biometric information, and the biometric registration information of the user is generated.
  • the authentication client provided in this embodiment may further include:
  • the second receiving module 25 is configured to: receive the registration result sent by the authentication server and the unique identity information of the user, where the registration result is generated by the authentication server according to the user biometric registration information;
  • the saving module 26 is configured to save the identity information according to the registration result received by the second receiving module 25.
  • FIG. 13 is a schematic flowchart of still another login authentication method according to an embodiment of the present invention.
  • the login authentication method provided in this embodiment is applied to the login client.
  • the method may include the following steps, that is, steps 710 to 730:
  • Step 710 Collect user identity information when the user logs in.
  • Step 720 Generate an authentication request message according to the user identity information.
  • Step 730 Send the authentication request message to the authentication server, so that the authentication server generates biometric collection request information according to the authentication request message.
  • the login authentication method provided in this embodiment may further include:
  • the login authentication method provided in this embodiment may further include:
  • FIG. 14 it is a schematic structural diagram of a login client according to an embodiment of the present invention.
  • the login client provided in this embodiment may include:
  • the login information collection module 31 is configured to: collect user identity information when the user logs in;
  • the authentication request generating module 32 is configured to: generate an authentication request message according to the user identity information collected by the login information collection module 31;
  • the fifth sending module 33 is configured to: send the authentication request message generated by the authentication request generating module 32 to the authentication server, so that the authentication server generates biometric collection request information according to the authentication request message.
  • FIG. 15 it is a schematic structural diagram of another login client according to an embodiment of the present invention. Based on the foregoing structure of the embodiment shown in FIG. 14, the login client provided in this embodiment may further include:
  • the authentication result receiving module 34 is configured to: after the fifth sending module 33 sends the authentication request message to the authentication server, receive the authentication result fed back by the authentication server.
  • the login client provided in this embodiment may further include:
  • the session identifier receiving module 35 is configured to: after the fifth sending module 34 sends the authentication request message to the authentication server, receive the session identifier information sent by the authentication server, where the session identifier is the authentication server corresponding to the authentication request message. The authentication session is assigned.
  • the triggering of the biometric information collection by using the authentication server enables the user to use the biometric information to perform the login operation when the login client side does not have the biometric feature collection capability, thereby improving the flexibility of the user operation.
  • the computer program can be implemented in a computer readable storage medium, which is executed on a corresponding hardware platform (according to a system, device, device, device, etc.), when executed, including One or a combination of the steps of the method embodiments.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • the device/function module/functional unit in the above embodiment When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the authentication server in the embodiment of the present invention obtains the authentication request message generated by the login client, triggers the authentication client to collect the biometric information of the user, and the authentication server registers the received biometric information with the pre-stored user identity information. The biometric information is compared and the authentication result is generated.
  • the triggering of the biometric information collection by using the authentication server enables the user to use the biometric information when the terminal where the login client is located does not have the biometric feature collection capability. Login operation improves the flexibility of user operations.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Collating Specific Patterns (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A login authentication method, an authentication server, an authentication client and a login client. The method comprise: acquiring an authentication request message generated by a login client according to user identity identification information logged in by a user; triggering, according to the authentication request message, an authentication client to collect biometric information of the user; receiving the biometric information collected by the authentication client; and comparing the biometric information with user biometric registration information corresponding to pre-stored user identity identification information, and generating an authentication result.

Description

登录认证方法、认证服务器、认证客户端及登录客户端Login authentication method, authentication server, authentication client, and login client 技术领域Technical field
本申请涉及但不限于终端技术领域。This application relates to, but is not limited to, the field of terminal technology.
背景技术Background technique
相关技术中的智能终端逐渐开始配置有生物特征识别功能,例如指纹识别、声纹识别、虹膜识别等,并且达到了商用水平。通过生物特征对用户进行身份认证的方法相比于用户输入用户名和密码的方式具有很多优越性,而相关技术中的生物特征识别功能主要应用于智能终端上的应用程序,例如,应用程序通过底层接口调用相应硬件设备获取用户的生物特征信息以识别用户身份。The smart terminal in the related art is gradually configured with biometric recognition functions such as fingerprint recognition, voiceprint recognition, iris recognition, etc., and has reached a commercial level. The method of authenticating a user by biometrics has many advantages over the manner in which a user inputs a username and password, and the biometrics function in the related art is mainly applied to an application on a smart terminal, for example, an application passes through an underlying layer. The interface invokes the corresponding hardware device to obtain biometric information of the user to identify the user.
在实际应用中,如果一个应用程序想要使用生物特征认证进行登录,则必须以下满足:进行应用程序登录的终端上设置有能获取用户生物特征信息的硬件设备。然而,相关技术中的生物特征认证通常存在以下几个问题:In an actual application, if an application wants to log in using biometric authentication, it must be satisfied that a hardware device capable of acquiring biometric information of the user is set on the terminal that performs the application login. However, biometric authentication in the related art generally has the following problems:
第一,如果用户是在个人电脑上访问一个网站那么很可能网站无法获取到用户的指纹等生物特征信息;First, if the user is visiting a website on a personal computer, it is likely that the website cannot obtain biometric information such as the user's fingerprint;
第二,如果是智能终端上的应用程序,那么通常也需要通过调用***接口操作硬件设备才能获取到用户的生物特征信息。很遗憾的到目前为止,在谷歌和苹果这两个主流的智能终端操作***中都还没有配置有上述***接口,这加大了应用程序获取生物特征信息的开发难度,即便未来开放了这样的***接口,应用程序将用户的生物特征信息与进行用户认证的***结合起来也是一项需要花费不小精力的工作。例如:应用程序需要识别智能终端是否具有指纹识别能力,或者是否具有虹膜识别能力等;另外,可能导致跨设备能力降低,即便未来在操作***层面具备了上述***接口,对应用程序开发来说仍然存在跨平台的问题。Second, if it is an application on a smart terminal, it is usually necessary to operate the hardware device by calling the system interface to obtain the biometric information of the user. Unfortunately, so far, the system interface has not been configured in the two mainstream smart terminal operating systems, Google and Apple. This has increased the difficulty of the application to obtain biometric information, even if it is open in the future. The system interface, the application that combines the user's biometric information with the system for user authentication is also a work that takes a lot of effort. For example, the application needs to identify whether the smart terminal has fingerprint recognition capability, or whether it has iris recognition capability, etc.; in addition, it may lead to a reduction in cross-device capability, even if the system interface is provided at the operating system level in the future, for application development There are cross-platform issues.
另一方面,例如像智能手表、智能电视上的应用程序在需要利用生物特征信息进行登录时,因这类设备可能没有配置生物特征识别功能的硬件,便 不能实现应用程序通过生物特征认证进行登录操作,这给用户在操作上带来了极大的不便。On the other hand, for example, applications such as smart watches and smart TVs need to use biometric information to log in, because such devices may not have hardware configured with biometric functions. The application cannot be logged in through biometric authentication, which brings great inconvenience to the user.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本文提供一种登录认证方法、认证服务器、认证客户端及登录客户端,以解决相关技术中的应用程序在通过生物特征认证进行用户登录时,因操作该应用程序的终端不具备生物特征采集的硬件,而导致用户无法实现登录,给用户操作带来极大不便的问题。This document provides a login authentication method, an authentication server, an authentication client, and a login client to solve the problem that the application in the related art does not have the biometric collection when the user logs in through the biometric authentication. The hardware causes the user to fail to log in, which causes great inconvenience to the user.
一种登录认证方法,应用于认证服务器,包括:A login authentication method applied to an authentication server, including:
获取登录客户端根据用户登录的用户身份标识信息生成的认证请求消息;Obtaining an authentication request message generated by the login client according to the user identity information logged in by the user;
根据所述认证请求消息,触发认证客户端采集所述用户的生物特征信息;And triggering the authentication client to collect the biometric information of the user according to the authentication request message;
接收所述认证客户端采集到的所述生物特征信息;Receiving the biometric information collected by the authentication client;
将所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The biometric information is compared with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
可选地,所述生成认证结果之后,所述登录认证方法还包括:Optionally, after the generating the authentication result, the login authentication method further includes:
将所述认证结果发送给所述登录客户端。Sending the authentication result to the login client.
可选地,所述生物特征信息包括指纹信息、面部图像信息、虹膜信息、声纹信息中的至少一种。Optionally, the biometric information includes at least one of fingerprint information, facial image information, iris information, and voiceprint information.
可选地,所述获取登录客户端根据用户登陆的用户身份标识信息生成的认证请求消息之前,所述登录认证方法还包括:Optionally, before the obtaining the authentication request message generated by the login client according to the user identity information that is logged in by the user, the login authentication method further includes:
获取所述认证客户端采集的用户的注册标识信息和注册生物特征信息;Obtaining registration identifier information and registered biometric information of the user collected by the authentication client;
根据所述注册标识信息,生成所述用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与所述注册生物特征信息进行对应存储,生成用户生物特征注册信息。 And generating, according to the registration identifier information, identity identification information that is unique to the user, and storing the unique identity identification information of the user and the registered biometric information to generate user biometric registration information.
可选地,所述登录认证方法还包括:Optionally, the login authentication method further includes:
根据所述用户生物特征注册信息生成注册结果;Generating a registration result according to the user biometric registration information;
将所述注册结果和所述用户唯一的身份标识信息发送给所述认证客户端,使得所述认证客户端根据所述注册结果保存所述身份标识信息。And sending the registration result and the unique identifier information of the user to the authentication client, so that the authentication client saves the identity identification information according to the registration result.
可选地,所述根据所述认证请求消息,触发认证客户端采集用户的生物特征信息,包括:Optionally, the triggering the authentication client to collect the biometric information of the user according to the authentication request message includes:
根据所述认证请求消息中的用户身份标识信息,生成生物特征采集请求信息;Generating biometric collection request information according to the user identity identification information in the authentication request message;
将所述生物特征采集请求信息发送给所述认证客户端,使得所述认证客户端根据所述生物特征采集请求信息采集所述用户的生物特征信息。The biometric feature collection request information is sent to the authentication client, so that the authentication client collects the biometric information of the user according to the biometric feature collection request information.
可选地,所述将所述生物特征采集请求信息发送给所述认证客户端,使得所述认证客户端根据所述生物特征采集请求信息采集所述用户的生物特征信息步骤之前,所述登录认证方法还包括:Optionally, the sending the biometric feature collection request information to the authentication client, so that the authentication client collects the biometric information of the user according to the biometric feature collection request information, the login The authentication method also includes:
获取所述认证客户端保存的身份标识信息;Obtaining identity information saved by the authentication client;
根据所述证客户端保存的身份标识信息,建立与所述认证客户端之间的通信通道。Establishing a communication channel with the authentication client according to the identity information saved by the certificate client.
可选地,所述根据所述认证请求消息,触发认证客户端采集用户的生物特征信息,包括:Optionally, the triggering the authentication client to collect the biometric information of the user according to the authentication request message includes:
对所述认证请求消息对应的认证会话分配会话标识符;Assigning a session identifier to the authentication session corresponding to the authentication request message;
将所述会话标识符发送给所述登录客户端;Sending the session identifier to the login client;
所述接收所述认证客户端采集到的生物特征信息,包括:Receiving the biometric information collected by the authentication client, including:
接收所述认证客户端发送的所述生物特征信息以及所述会话标识符,其中,所述生物特征信息为所述认证客户端根据用户输入的所述会话标识采集的。And receiving, by the authentication client, the biometric information and the session identifier, where the biometric information is collected by the authentication client according to the session identifier input by a user.
一种认证服务器,包括:An authentication server that includes:
认证请求获取模块,设置为:获取登录客户端根据用户登陆的用户身份标识信息生成的认证请求消息; The authentication request obtaining module is configured to: obtain an authentication request message generated by the login client according to the user identity information that the user logs in;
触发模块,设置为:根据所述认证请求获取模块获取的所述认证请求消息,触发认证客户端采集所述用户的生物特征信息;The triggering module is configured to: trigger the authentication client to collect the biometric information of the user according to the authentication request message acquired by the authentication request acquisition module;
第一接收模块,设置为:接收所述认证客户端采集到的生物特征信息;The first receiving module is configured to: receive biometric information collected by the authentication client;
比对模块,设置为:将所述第一接收模块接收的所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The comparison module is configured to: compare the biometric information received by the first receiving module with the registered biometric information corresponding to the pre-stored user identity information, and generate an authentication result.
可选地,所述认证服务器还包括:Optionally, the authentication server further includes:
第一发送模块,设置为:在所述比对模块生成所述认证结果之后,将所述认证结果发送给所述登录客户端。The first sending module is configured to: after the comparing module generates the authentication result, send the authentication result to the login client.
可选地,所述认证服务器还包括:Optionally, the authentication server further includes:
注册信息获取模块,设置为:在所述认证请求获取模块获取所述登录客户端生成的认证请求消息之前,获取所述认证客户端采集的用户的注册标识信息和注册生物特征信息;The registration information obtaining module is configured to: obtain the registration identifier information and the registered biometric information of the user collected by the authentication client before the authentication request obtaining module acquires the authentication request message generated by the login client;
注册模块,设置为:根据所述注册信息获取模块获取的所述注册标识信息,生成用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息。The registration module is configured to: generate the unique identification information of the user according to the registration identification information acquired by the registration information acquisition module, and store the unique identification information of the user and the registered biometric information to generate a user. Biometric registration information.
可选地,所述认证服务器还包括:Optionally, the authentication server further includes:
注册结果生成模块,设置为:根据所述注册模块生成的所述用户生物特征注册信息生成注册结果;a registration result generating module, configured to: generate a registration result according to the user biometric registration information generated by the registration module;
第二发送模块,设置为:将所述注册结果生成模块生成的所述注册结果和所述注册模块生成的用户唯一的身份标识信息发送给认证客户端,使得所述认证客户端根据所述注册结果保存所述身份标识信息。The second sending module is configured to: send the registration result generated by the registration result generating module and the unique identification information generated by the registration module to the authentication client, so that the authentication client is configured according to the registration The result saves the identity information.
可选地,所述触发模块包括:Optionally, the trigger module includes:
采集请求生成单元,设置为:根据所述认证请求获取模块获取的所述认证请求消息中的用户身份标识信息,生成生物特征采集请求信息;The collection request generating unit is configured to generate biometric collection request information according to the user identification information in the authentication request message acquired by the authentication request acquisition module;
第一发送单元,设置为:将所述采集请求生成单元生成的所述生物特征采集请求信息发送给所述认证客户端,使得所述认证客户端根据所述生物特 征采集请求信息采集所述用户的生物特征信息。The first sending unit is configured to: send the biometric feature collection request information generated by the collection request generating unit to the authentication client, so that the authentication client is configured according to the biometric The collection request information collects biometric information of the user.
可选地,所述认证服务器还包括:Optionally, the authentication server further includes:
获取模块,设置为:在所述第一发送单元将所述生物特征采集请求信息发送给所述认证客户端之前,获取所述认证客户端保存的身份标识信息;Obtaining a module, configured to: obtain the identity identification information saved by the authentication client before the first sending unit sends the biometric feature collection request information to the authentication client;
通道建立模块,设置为:根据所述获取模块获取的所述证客户端保存的身份标识信息,建立与所述认证客户端之间的通信通道。The channel establishing module is configured to: establish a communication channel with the authentication client according to the identity information saved by the certificate client acquired by the acquiring module.
可选地,所述触发模块包括:Optionally, the trigger module includes:
分配单元,设置为:对所述认证请求消息对应的认证会话分配会话标识符;An allocating unit, configured to: allocate a session identifier to an authentication session corresponding to the authentication request message;
第二发送单元,设置为:将所述分配单元分别的所述会话标识符发送给所述登录客户端;a second sending unit, configured to: send the session identifier of the allocation unit to the login client;
所述第一接收模块,是设置为:接收所述认证客户端发送的所述生物特征信息和所述会话标识符,其中,所述生物特征信息为所述认证客户端根据用户输入的所述会话标识采集的。The first receiving module is configured to: receive the biometric information and the session identifier sent by the authentication client, where the biometric information is the authentication client according to the user input The session ID was collected.
一种登录认证方法,应用于认证客户端,包括:A login authentication method applied to an authentication client, including:
根据认证服务器所获取的认证请求消息的触发,采集用户的生物特征信息;Collecting biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
将采集到的所述生物特征信息发送给所述认证服务器,使得所述认证服务器将所述生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The collected biometric information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
可选地,所述根据认证服务器获取的认证请求消息的触发,采集用户的生物特征信息之前,所述登录认证方法还包括:Optionally, before the collecting the biometric information of the user according to the triggering of the authentication request message acquired by the authentication server, the login authentication method further includes:
采集所述用户的注册标识信息和注册生物特征信息;Collecting registration information and registration biometric information of the user;
将所述注册标识信息和所述注册生物特征信息发送给所述认证服务器,使得所述认证服务器根据所述注册标识信息生成所述用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与所述注册生物特征信息进行对应存储,生成用户生物特征注册信息。 Sending the registration identifier information and the registration biometric information to the authentication server, so that the authentication server generates the identity identification information unique to the user according to the registration identifier information, and the unique identifier of the user The information is stored corresponding to the registered biometric information to generate user biometric registration information.
可选地,所述登录认证方法还包括:Optionally, the login authentication method further includes:
接收所述认证服务器发送的注册结果和所述用户唯一的身份标识信息,所述注册结果为所述认证服务器根据所述用户生物特征注册信息生成的;Receiving, by the authentication server, a registration result and the user's unique identity information, where the registration result is generated by the authentication server according to the user biometric registration information;
根据所述注册结果保存所述身份标识信息。The identity information is saved according to the registration result.
一种认证客户端,包括:An authentication client that includes:
生物特征采集模块,设置为:根据认证服务器所获取的认证请求消息的触发,采集用户的生物特征信息;The biometric collection module is configured to: collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
第三发送模块,设置为:将所述生物特征采集模块采集到的所述生物特征信息发送给所述认证服务器,使得所述认证服务器将所述生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The third sending module is configured to: send the biometric information collected by the biometrics collection module to the authentication server, so that the authentication server associates the biometric information with pre-stored user identity information. The biometric information is registered for comparison to generate an authentication result.
可选地,所述认证客户端还包括:Optionally, the authentication client further includes:
注册信息采集模块,设置为:在所述生物特征采集模块采集用户的生物特征信息之前,采集所述用户的注册标识信息以及注册生物特征信息;The registration information collection module is configured to: before the biometric collection module collects biometric information of the user, collect registration information of the user and register biometric information;
第四发送模块,设置为:将所述注册信息采集模块采集的所述注册标识信息和所述注册生物特征信息发送给所述认证服务器,使得所述认证服务器根据所述注册标识信息生成所述用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与所述注册生物特征信息进行对应存储,生成用户生物特征注册信息。The fourth sending module is configured to: send the registration identifier information collected by the registration information collection module and the registered biometric information to the authentication server, so that the authentication server generates the identifier according to the registration identifier information. The user unique identifier information, and the user unique identifier information is stored corresponding to the registered biometric information to generate user biometric registration information.
可选地,所述认证客户端还包括:Optionally, the authentication client further includes:
第二接收模块,设置为:接收所述认证服务器发送的注册结果和所述用户唯一的身份标识信息,所述注册结果为所述认证服务器根据所述用户生物特征注册信息生成的;The second receiving module is configured to: receive the registration result sent by the authentication server and the identity identification information unique to the user, where the registration result is generated by the authentication server according to the user biometric registration information;
保存模块,设置为:根据所述第二接收模块接收的所述注册结果保存所述身份标识信息。The saving module is configured to: save the identity identification information according to the registration result received by the second receiving module.
一种登录认证方法,应用于登录客户端,包括:A login authentication method applied to a login client, including:
采集用户登录时的用户身份标识信息;Collect user identity information when the user logs in;
根据所述用户身份标识信息,生成认证请求消息; Generating an authentication request message according to the user identity information;
将所述认证请求消息发送给认证服务器,使得所述认证服务器根据所述认证请求消息,触发认证客户端采集用户的生物特征信息。Sending the authentication request message to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request message.
可选地,所述将所述认证请求消息发送给认证服务器之后,所述登录认证方法还包括:Optionally, after the sending the authentication request message to the authentication server, the login authentication method further includes:
接收所述认证服务器反馈的认证结果。Receiving the authentication result fed back by the authentication server.
可选地,所述登录认证方法还包括:Optionally, the login authentication method further includes:
接收所述认证服务器发送的会话标识符,所述会话标识符为所述认证服务器对所述认证请求消息对应的认证会话所分配的。Receiving a session identifier sent by the authentication server, where the session identifier is allocated by the authentication server to an authentication session corresponding to the authentication request message.
一种登录客户端,包括:A login client that includes:
登录信息采集模块,设置为:采集用户登录时的用户身份标识信息;The login information collection module is configured to: collect user identification information when the user logs in;
认证请求生成模块,设置为:根据所述登录信息采集模块采集的所述用户身份标识信息,生成认证请求消息;The authentication request generating module is configured to: generate an authentication request message according to the user identity information collected by the login information collection module;
第五发送模块,设置为:将所述认证请求生成模块生成的所述认证请求消息发送给认证服务器,使得所述认证服务器根据所述认证请求消息,触发认证客户端采集用户的生物特征信息。The fifth sending module is configured to: send the authentication request message generated by the authentication request generating module to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request message.
可选地,所述登录客户端还包括:Optionally, the login client further includes:
认证结果接收模块,设置为:在所述第五发送模块将所述认证请求消息发送给所述认证服务器之后,接收所述认证服务器反馈的认证结果。The authentication result receiving module is configured to: after the fifth sending module sends the authentication request message to the authentication server, receive an authentication result fed back by the authentication server.
可选地,所述登录客户端还包括:Optionally, the login client further includes:
会话标识接收模块,设置为:在所述第五发送模块将所述认证请求消息发送给所述认证服务器之后,接收所述认证服务器发送的会话标识符,所述会话标识符为所述认证服务器对所述认证请求消息对应的认证会话所分配的。a session identifier receiving module, configured to: after the fifth sending module sends the authentication request message to the authentication server, receive a session identifier sent by the authentication server, where the session identifier is the authentication server Assigned to the authentication session corresponding to the authentication request message.
本发明实施例提供的登录认证方法、认证服务器、认证客户端及登录客户端,认证服务器通过获取登陆客户端生成的认证请求消息,触发认证客户端采集用户的生物特征信息,从而认证服务器将接收到的生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果; 本发明实施例通过利用认证服务器进行生物特征信息采集的触发,在登录客户端所在的终端没有生物特征采集能力时,也能使得用户利用生物特征信息进行登录操作,提高了用户操作的灵活性。The login authentication method, the authentication server, the authentication client, and the login client provided by the embodiment of the present invention, the authentication server triggers the authentication client to collect the biometric information of the user, so that the authentication server receives the authentication request message generated by the login client. The biometric information obtained is compared with the registered biometric information corresponding to the pre-stored user identity information, and the authentication result is generated; The embodiment of the present invention can trigger the biometric information collection by using the authentication server. When the terminal where the login client is located does not have the biometric feature collection capability, the user can also use the biometric information to perform the login operation, thereby improving the flexibility of the user operation.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为本发明实施例提供的一种登录认证方法的流程示意图;FIG. 1 is a schematic flowchart of a login authentication method according to an embodiment of the present disclosure;
图2为本发明实施例提供的另一种登录认证方法的流程示意图;2 is a schematic flowchart of another login authentication method according to an embodiment of the present invention;
图3为本发明实施例提供的登录认证方法中一种注册流程的示意图;FIG. 3 is a schematic diagram of a registration process in a login authentication method according to an embodiment of the present disclosure;
图4为本发明实施例提供的一种登录认证方法的交互流程示意图;FIG. 4 is a schematic diagram of an interaction process of a login authentication method according to an embodiment of the present disclosure;
图5为本发明实施例提供的又一种登录认证方法的流程示意图;FIG. 5 is a schematic flowchart of still another login authentication method according to an embodiment of the present disclosure;
图6为本发明实施例提供的登录认证方法中另一种注册流程的示意图;FIG. 6 is a schematic diagram of another registration process in a login authentication method according to an embodiment of the present disclosure;
图7为本发明实施例提供的另一种登录认证方法的交互流程示意图;FIG. 7 is a schematic diagram of an interaction process of another login authentication method according to an embodiment of the present disclosure;
图8为本发明实施例提供的一种认证服务器的结构示意图;FIG. 8 is a schematic structural diagram of an authentication server according to an embodiment of the present disclosure;
图9为本发明实施例提供的一种认证服务器的结构示意图;FIG. 9 is a schematic structural diagram of an authentication server according to an embodiment of the present disclosure;
图10为本发明实施例提供的再一种登录认证方法的流程示意图;FIG. 10 is a schematic flowchart of still another login authentication method according to an embodiment of the present disclosure;
图11为本发明实施例提供的一种认证客户端的结构示意图;FIG. 11 is a schematic structural diagram of an authentication client according to an embodiment of the present disclosure;
图12为本发明实施例提供的另一种认证客户端的结构示意图;FIG. 12 is a schematic structural diagram of another authentication client according to an embodiment of the present disclosure;
图13为本发明实施例提供还一种登录认证方法的流程示意图;FIG. 13 is a schematic flowchart of still another login authentication method according to an embodiment of the present invention;
图14为本发明实施例提供的一种登录客户端的结构示意图;FIG. 14 is a schematic structural diagram of a login client according to an embodiment of the present disclosure;
图15为本发明实施例提供的另一种登录客户端的结构示意图。FIG. 15 is a schematic structural diagram of another login client according to an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
下文中将结合附图对本发明的实施方式进行详细说明。需要说明的是,在不冲突的情况下,本文中的实施例及实施例中的特征可以相互任意组合。Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments herein may be arbitrarily combined with each other.
在附图的流程图示出的步骤可以在诸根据一组计算机可执行指令的计算 机***中执行。并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。The steps shown in the flowchart of the figures may be based on calculations based on a set of computer executable instructions Executed in the machine system. Also, although logical sequences are shown in the flowcharts, in some cases the steps shown or described may be performed in a different order than the ones described herein.
本发明实施例针对相关技术中的应用程序在设置采用生物特征认证进行用户登录时,因操作该应用程序的终端不具备生物特征采集的硬件,导致用户无法实现登录,给用户操作带来极大不便的问题,提供一种登录认证方法、认证服务器、认证客户端及登录客户端。When the user in the related art is configured to use biometric authentication for user login, the terminal that operates the application does not have the hardware for collecting biometric features, so that the user cannot log in, which brings great operation to the user. Inconvenient, a login authentication method, an authentication server, an authentication client, and a login client are provided.
如图1所示,为本发明实施例提供的一种登录认证方法的流程示意图。本实施例提供的登录认证方法应用于认证服务器,该方法可以包括如下步骤,即步骤110~步骤140:FIG. 1 is a schematic flowchart diagram of a login authentication method according to an embodiment of the present invention. The login authentication method provided in this embodiment is applied to the authentication server, and the method may include the following steps, that is, steps 110 to 140:
步骤110,获取登录客户端根据用户登录时的用户身份标识信息生成的认证请求消息;Step 110: Acquire an authentication request message generated by the login client according to the user identity information when the user logs in.
步骤120,根据该认证请求消息,触发认证客户端采集用户的生物特征信息;Step 120: The authentication client is triggered to collect biometric information of the user according to the authentication request message.
可选地,本发明实施例中的生物特征信息可以包括指纹信息、面部图像信息、虹膜信息和声纹信息等一切可以区分用户的特征信息,并且该生物特征信息可以包括上述特征信息中的一项或多项。Optionally, the biometric information in the embodiment of the present invention may include all the feature information that can distinguish the user, such as fingerprint information, facial image information, iris information, and voiceprint information, and the biometric information may include one of the feature information. Item or multiple items.
步骤130,接收认证客户端采集到的生物特征信息;Step 130: Receive biometric information collected by the authentication client.
步骤140,将该生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。Step 140: Compare the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
应当说明的是,本发明实施例中的登录客户端通常内嵌在应用程序中,且应用程序位于终端上,例如可以是手机上的应用程序,也可以是电脑上的互联网(web)等应用程序;认证客户端为采集用户登录所需的生物特征的装置,其可以位于与应用程序相同的终端上,也可以位于与应用程序不同的终端上。It should be noted that the login client in the embodiment of the present invention is usually embedded in an application, and the application is located on the terminal, for example, an application on a mobile phone, or an application such as the Internet on a computer. Program; an authentication client is a device that collects biometrics required for a user to log in, and may be located on the same terminal as the application or on a terminal different from the application.
应当说明的是,本发明实施例中,通过将应用程序上的用户登录和用户特征采集解耦,并利用认证服务器将二者关联起来,使得无论是终端上的本地应用程序还是网站应用程序都不需要自己调用硬件设备,就能实现获取用户的生物特征信息从而完成用户登录认证的能力。 It should be noted that, in the embodiment of the present invention, by decoupling the user login and user feature collection on the application, and using the authentication server to associate the two, the local application or the website application on the terminal is The ability to acquire the biometric information of the user to complete the user login authentication can be realized without calling the hardware device by itself.
在实际应用中,通常认证服务器在认证完成后需要将认证结果发生给登录客户端所在的应用程序,使得应用程序根据所述认证结果为用户提供后续操作功能。In an actual application, the authentication server needs to generate an authentication result to the application where the login client is located after the authentication is completed, so that the application provides the user with a subsequent operation function according to the authentication result.
可选地,为了保证用户可正常根据登录客户端登录应用程序进行操作,在用户登录之前,通常需要进行用户的注册,如图2所示,为本发明实施例提供的另一种登录认证方法的流程示意图。在上述图1所示实例的基础上,本实施例提供的方法中,在步骤110之前还包括用户注册的步骤,用户注册的实现方式可以包括以下步骤,即步骤100~步骤101:Optionally, in order to ensure that the user can perform the operation according to the login client login application, the registration of the user is usually required before the user logs in. As shown in FIG. 2, another login authentication method provided by the embodiment of the present invention is provided. Schematic diagram of the process. On the basis of the example shown in FIG. 1 , the method provided in this embodiment further includes the step of registering the user before the step 110. The implementation manner of the user registration may include the following steps, that is, steps 100 to 101:
步骤100,获取认证客户端采集的用户的注册标识信息和注册生物特征信息;Step 100: Obtain registration information and registered biometric information of the user collected by the authentication client.
步骤101,根据注册标识信息,生成用户唯一的身份标识信息,并将该用户唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息。Step 101: Generate unique identity information of the user according to the registration identifier information, and store the unique identity information of the user and the registered biometric information to generate user biometric registration information.
可选地,本实施例中的注册生物特征信息同样可以为指纹信息、面部图像信息、虹膜信息和声纹信息中的一者,也可以为多者的组合。Optionally, the registered biometric information in this embodiment may also be one of fingerprint information, facial image information, iris information, and voiceprint information, or may be a combination of multiple.
在实际应用中,在进行用户注册时,认证客户端可能在用户注册时便对用户的注册标识信息进行检测,例如,认证客户端规定将用户手机号码作为用户唯一的身份标识信息,当用户输入的手机号码为已经注册过的号码时,便不能在利用该手机号码进行注册,此时需要用户更换另外的手机号码进行注册;而有些认证客户端可能不会对用户注册时的标识信息进行识别,在用户注册后由认证服务器为用户分配一个唯一的身份标识信息。In actual application, when the user is registered, the authentication client may detect the registration identifier information of the user when the user registers. For example, the authentication client specifies that the user's mobile phone number is used as the unique identity information of the user, when the user inputs When the mobile phone number is an already registered number, it cannot be registered with the mobile phone number. In this case, the user needs to change another mobile phone number to register; and some authentication clients may not identify the identification information when the user registers. After the user registers, the authentication server assigns a unique identity information to the user.
在本实施例中,只有用户进行了注册,并将注册信息保存在认证服务器中,在后续用户使用应用程序时,才能根据登录客户端进行登录操作。In this embodiment, only the user has registered, and the registration information is saved in the authentication server, and the login operation can be performed according to the login client when the subsequent user uses the application.
在用户进行了注册后,便可利用登录客户端进行登录,然后进行应用程序的相关操作。After the user has registered, they can log in using the login client and then perform related operations on the application.
可选地,本发明的一个实施例中,步骤120的实现方式可以包括如下步骤,即步骤121~步骤122:Optionally, in an embodiment of the present invention, the implementation of step 120 may include the following steps, that is, step 121 to step 122:
步骤121,根据认证请求消息中的用户身份标识信息,生成生物特征采集 请求信息;Step 121: Generate biometric collection according to user identity information in the authentication request message. Request information;
步骤122,将该生物特征采集请求信息发送给认证客户端,使得认证客户端根据该生物特征采集请求信息采集用户的生物特征信息。Step 122: The biometric feature collection request information is sent to the authentication client, so that the authentication client collects biometric information of the user according to the biometric feature collection request information.
在实际应用中,要实现认证服务器与认证客户端之间的通信,需要在发送生物特征采集请求信息之前,建立二者之间的通信通道,因此本实施例提供的登录认证方法,在步骤110之前还可以包括:In the actual application, to implement the communication between the authentication server and the authentication client, the communication channel between the two needs to be established before the biometric collection request information is sent. Therefore, the login authentication method provided in this embodiment is in step 110. Previously it can also include:
步骤102,根据用户生物特征注册信息生成注册结果;Step 102: Generate a registration result according to user biometric registration information.
步骤103,将该注册结果和用户唯一的身份标识信息发送给认证客户端,使得认证客户端根据该注册结果保存该身份标识信息。Step 103: Send the registration result and the unique identity information of the user to the authentication client, so that the authentication client saves the identity identification information according to the registration result.
在实际应用中,当所述认证客户端中保存了注册用户的身份标识信息时,在需要发送生物特征采集请求信息给认证客户端时,若认证客户端与认证服务器之间未建立通信通道,则认证服务器在步骤122之前,还需要执行以下步骤,即步骤123~步骤124:In an actual application, when the identity information of the registered user is saved in the authentication client, if the biometric collection request information needs to be sent to the authentication client, if the communication channel is not established between the authentication client and the authentication server, Then, before the step 122, the authentication server needs to perform the following steps, that is, steps 123 to 124:
步骤123,获取认证客户端保存的身份标识信息;Step 123: Obtain identity identification information saved by the authentication client.
步骤124,根据证客户端保存的身份标识信息,建立与认证客户端之间的通信通道。Step 124: Establish a communication channel with the authentication client according to the identity information saved by the client.
在实际应用中,当上述的登录用户未利用认证客户端登录认证服务器时,需要首先进行登录用户在认证客户端侧的登录,在用户进行登录,建立与认证服务器的通信通道后,认证服务器才能将生物特征采集请求信息发送给对应的用户登录所用的认证客户端;而当认证客户端因所在终端的关机或断电而断开与认证服务器的连接时,在认证客户端再次启动后,可以根据自身存储的身份标识信息自动进行用户的登录,建立与认证服务器的通信通道,等待接收认证服务器的生物特征采集请求信息;同时,用户还可以利用其它的认证客户端登录认证服务器,建立与认证服务器之间的通信通道,等待接收认证服务器的生物特征采集请求信息。In the actual application, when the login user does not use the authentication client to log in to the authentication server, the login user needs to log in to the authentication client side first. After the user logs in and establishes a communication channel with the authentication server, the authentication server can Sending the biometrics collection request information to the authentication client used by the corresponding user to log in; and when the authentication client disconnects from the authentication server due to the shutdown or power failure of the terminal, after the authentication client is started again, The user automatically logs in according to the identity information stored by the user, establishes a communication channel with the authentication server, and waits to receive the biometric collection request information of the authentication server. At the same time, the user can also use other authentication clients to log in to the authentication server to establish and authenticate. The communication channel between the servers waits to receive the biometric collection request information of the authentication server.
如图3所示,为本实施例提供的登录认证方法中一种注册流程的示意图。本实施例提供的方法中,用户利用认证客户端以及认证服务器进行注册的过程可以包括如下步骤,即步骤201~步骤205: As shown in FIG. 3, it is a schematic diagram of a registration process in the login authentication method provided in this embodiment. In the method provided by the embodiment, the process of the user using the authentication client and the authentication server to perform the registration may include the following steps, that is, steps 201 to 205:
步骤201,认证客户端采集用户的注册标识信息(例如:用户输入的用户名、邮箱地址等)和用户的注册生物特征信息;其中,该用户的注册标识信息还可以包括用户注册时所用到的一些其他的个人信息,例如:性别、家庭住址等信息;Step 201: The authentication client collects the registration identifier information of the user (for example, the user name, email address, and the like input by the user) and the registered biometric information of the user. The registration identifier information of the user may also include the registration information used by the user. Some other personal information, such as: gender, home address, etc.;
步骤202,认证客户端将该用户的注册标识信息和注册生物特征信息提交给认证服务器,这里的提交指认证客户端利用与认证服务器之间的接口或协议将采集的用户生物特征注册信息以约定格式发送给认证服务器;Step 202: The authentication client submits the registration identifier information and the registered biometric information of the user to the authentication server, where the submission refers to the authentication client using the interface or protocol between the authentication server and the user biometric registration information collected by the authentication server. The format is sent to the authentication server;
步骤203,认证服务器根据注册标识信息,生成用户唯一的身份标识信息,并将该用户唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息;应当说明的是,该身份标识信息为唯一表征用户身份的信息,例如,可以是用户的电子邮箱地址,手机号码,也可以是认证服务器自己生成的一个标识符;Step 203: The authentication server generates the unique identity information of the user according to the registration identifier information, and stores the unique identity information of the user and the registered biometric information to generate the biometric registration information of the user. It should be noted that the identity is The identification information is information that uniquely identifies the identity of the user. For example, it may be the user's email address, the mobile phone number, or an identifier generated by the authentication server itself.
步骤204,认证服务器生成注册结果,并将该注册结果和用户唯一的身份标识信息发送给认证客户端;Step 204: The authentication server generates a registration result, and sends the registration result and the unique identity information of the user to the authentication client.
步骤205,认证客户端根据该注册结果保存身份标识信息;应当说明的是,认证客户端只有当上述注册结果表明用户注册成功时,才进行身份标识信息的保存。Step 205: The authentication client saves the identity identification information according to the registration result. It should be noted that the authentication client only saves the identity identification information when the registration result indicates that the user registration is successful.
应当说明的是,步骤205中认证客户端保存身份标识信息是为了方便认证客户端与认证服务器之间通信通道的建立,在实际应用中,这里的通信通道可以为IP Push通道。It should be noted that, in step 205, the authentication client saves the identity information in order to facilitate the establishment of a communication channel between the authentication client and the authentication server. In practical applications, the communication channel herein may be an IP Push channel.
如图4所示,为本发明实施例提供的一种登录认证方法的交互流程示意图。本实施例提供的登录认证方法中,认证服务器、认证客户端以及应用程序上的登录客户端的交互流程可以包括以下步骤,即步骤301~步骤308:FIG. 4 is a schematic diagram of an interaction process of a login authentication method according to an embodiment of the present invention. In the login authentication method provided in this embodiment, the interaction process of the authentication server, the authentication client, and the login client on the application may include the following steps, namely, steps 301 to 308:
步骤301、应用程序中的登录客户端获取用户登录的用户身份标识信息,此处的获取方式可以有很多种,比如用户手动输入,或者认证客户端通过近场通讯方式将在用户注册步骤中所保存的用户身份标识发送给应用程序等,获取方式视应用场景而定;Step 301: The login client in the application obtains the user identity information of the user login, and the acquisition manner may be various, such as manually input by the user, or the authentication client may be in the user registration step by using the near field communication method. The saved user identity is sent to the application, etc., and the manner of obtaining depends on the application scenario;
步骤302、登录客户端获取到用户身份标识后向认证服务器发送请求认证 消息,该请求认证消息中携带用户身份标识信息;Step 302: After the login client obtains the user identity, sends a request authentication to the authentication server. a message, the request authentication message carries user identity information;
步骤303、认证服务器根据请求认证消息中的用户身份标识信息,生成生物特征采集请求消息;Step 303: The authentication server generates a biometrics collection request message according to the user identity identification information in the request authentication message.
步骤304、认证服务器向认证客户端发送生物特征采集请求消息,该步骤的实现方式可以采用相关技术中的订阅发布技术,实际应用中可采用基于IP Push的订阅发布方法将生物特征采集请求消息告知登录用户登录认证服务器所用的认证客户端;Step 304: The authentication server sends a biometrics collection request message to the authentication client. The implementation manner of the step may be a subscription publishing technology in the related art. In the actual application, the biometric collection request message may be notified by using an IP Push-based subscription publishing method. The authentication client used by the login user to log in to the authentication server.
步骤305、认证客户端根据生物特征采集请求信息采集用户的生物特征信息;该步骤中认证客户端收到生物特征采集请求消息后会引导用户完成生物特征信息的采集,比如:利用指纹识别技术获取到用户的指纹信息;Step 305: The authentication client collects biometric information of the user according to the biometric collection request information. In this step, the authentication client receives the biometric collection request message and then guides the user to complete biometric information collection, for example, using fingerprint identification technology to obtain Fingerprint information to the user;
步骤306、认证客户端将采集的用户的生物特征信息返回给认证服务器;Step 306: The authentication client returns the collected biometric information of the user to the authentication server.
步骤307、认证服务器根据认证客户端反馈的生物特征信息进行用户的登录认证,在实际应用中,认证服务器可以自动到识别该生物特征信息对应的用户身份标识信息,然后在用户生物特征注册信息中查找该用户身份标识信息对应的注册生物特征信息,然后将该生物特征信息与注册生物特征信息进行比对,并生成认证结果,若生物特征信息与注册生物特征信息比对一致,则认证通过,否则认证不通过;Step 307: The authentication server performs login authentication of the user according to the biometric information fed back by the authentication client. In an actual application, the authentication server may automatically identify the user identity information corresponding to the biometric information, and then in the biometric registration information of the user. Finding the registered biometric information corresponding to the user identity information, and then comparing the biometric information with the registered biometric information, and generating an authentication result. If the biometric information is consistent with the registered biometric information, the authentication is passed. Otherwise the certification does not pass;
步骤308、认证服务器将认证结果返回给登录客户端所在的应用程序,使得应用程序根据该认证结果为用户提供后续的操作。Step 308: The authentication server returns the authentication result to the application where the login client is located, so that the application provides the user with a subsequent operation according to the authentication result.
应当说明的是,在本发明的一个实施例中,通过利用认证服务器将生物特征采集的认证客户端与应用程序中的登录客户端关联起来,当应用程序所在的终端具有生物特征采集能力时,使得应用程序可以不直接调用自己的通信接口与采集生物特征的硬件通信,降低了应用程序的开发难度;当应用程序所在的终端不具有生物特征采集能力时,认证服务器通过与应用程序和认证客户端的配合,也可以实现生物特征采集的能力,使得用户也可以利用生物特征信息登录应用程序,本发明实施例一提高了用户操作的灵活性。It should be noted that, in an embodiment of the present invention, by using an authentication server to associate the authentication client of the biometric collection with the login client in the application, when the terminal where the application is located has the biometric collection capability, The application can not directly call the communication interface of the biometrics to communicate with the hardware, which reduces the development difficulty of the application; when the terminal where the application is located does not have the biometric collection capability, the authentication server passes the application and the authentication client. The cooperation of the end can also realize the capability of collecting biometrics, so that the user can also log in to the application by using the biometric information. The first embodiment of the present invention improves the flexibility of the user operation.
可选地,在本发明的一个实施例中,如图5所示,为本发明实施例提供的 又一种登录认证方法的流程示意图。在上述图1所示实例的基础上,本实施例中的步骤120的实现方式可以包括如下步骤,即步骤125~步骤126:Optionally, in an embodiment of the present invention, as shown in FIG. 5, it is provided by the embodiment of the present invention. Another schematic diagram of the process of login authentication method. On the basis of the example shown in FIG. 1 , the implementation of the step 120 in this embodiment may include the following steps, that is, steps 125 to 126:
步骤125,对认证请求消息对应的认证会话分配会话标识符;Step 125: Assign a session identifier to the authentication session corresponding to the authentication request message.
步骤126,将该会话标识符发送给登录客户端。Step 126, the session identifier is sent to the login client.
相应地,本实施例中的步骤130的实现方式可以为:接收认证客户端发送的生物特征信息和会话标识符,其中,该生物特征信息为认证客户端根据用户输入的会话标识采集的。Correspondingly, the implementation of the step 130 in this embodiment may be: receiving biometric information and a session identifier sent by the authentication client, where the biometric information is collected by the authentication client according to the session identifier input by the user.
应当说明的是,在本实施例中,没有采用上述实施例中的IP Push方式触发认证客户端对生物特征信息的采集,而是由认证服务器根据认证请求消息生成会话标识符,该会话标识符为触发认证客户端采集生物特征信息的指令;认证客户端以特定方式获知该会话标识符,进而进行生物特征信息的采集。It should be noted that, in this embodiment, the IP Push mode in the foregoing embodiment is used to trigger the authentication client to collect biometric information, but the authentication server generates a session identifier according to the authentication request message, and the session identifier is generated. The instruction for triggering the authentication client to collect the biometric information; the authentication client knows the session identifier in a specific manner, and then collects the biometric information.
可选地,在本实施例中,不需要建立认证服务器与认证客户端之间的通信通道,因此认证客户端侧可以不必保存用户注册的身份标识信息,如图6所示,为本发明实施例提供的登录认证方法中另一种注册流程的示意图。本实施例中的用户注册流程可以包括如下步骤,即步骤401~步骤403:Optionally, in this embodiment, the communication channel between the authentication server and the authentication client does not need to be established, so the authentication client side does not need to save the identity information registered by the user, as shown in FIG. A schematic diagram of another registration process in the login authentication method provided by the example. The user registration process in this embodiment may include the following steps, that is, steps 401 to 403:
步骤401,认证客户端采集用户的注册标识信息(例如:用户输入的用户名、邮箱地址等)和用户的注册生物特征信息。其中,该用户的注册标识信息还可以包括用户注册时所用到的一些其他的个人信息,例如:性别、家庭住址等信息;Step 401: The authentication client collects the registration identifier information of the user (for example, the user name, email address, and the like input by the user) and the registered biometric information of the user. The registration identifier information of the user may further include some other personal information used by the user when registering, for example, gender, home address, and the like;
步骤402,认证客户端将该用户的注册标识信息和注册生物特征信息提交给认证服务器,这里的提交指认证客户端利用与认证服务器之间的接口或协议将采集的用户生物特征注册信息以约定格式发送给认证服务器;Step 402: The authentication client submits the registration identifier information and the registered biometric information of the user to the authentication server, where the submission refers to the authentication client using the interface or protocol between the authentication server and the user biometric registration information collected by the authentication server. The format is sent to the authentication server;
步骤403,认证服务器根据注册标识信息,生成用户的唯一的身份标识信息,并将该用户唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息;应当说明的是,该身份标识信息为唯一表征用户身份的信息,例如,可以是用户的电子邮箱地址,手机号码,也可以是认证服务器自己生成的一个标识符。Step 403: The authentication server generates the unique identity information of the user according to the registration identifier information, and stores the unique identity information of the user and the registered biometric information to generate the biometric registration information of the user. The identity information is information that uniquely identifies the identity of the user. For example, it may be the user's email address, the mobile phone number, or an identifier generated by the authentication server itself.
如图7所示,为本发明实施例提供的另一种登录认证方法的交互流程示意 图。本实施例提供的登录认证方法中,认证服务器、认证客户端以及应用程序上的登录客户端的交互流程可以包括以下步骤,即步骤501~步骤512:FIG. 7 is a schematic diagram of an interaction process of another login authentication method according to an embodiment of the present invention. Figure. In the login authentication method provided in this embodiment, the interaction process of the authentication server, the authentication client, and the login client on the application may include the following steps, that is, steps 501 to 512:
步骤501、应用程序中的登录客户端获取用户登录的用户身份标识信息;Step 501: The login client in the application acquires user identity information that is logged in by the user.
步骤502、登录客户端获取到用户身份标识后向认证服务器发送请求认证消息,该请求认证消息中携带用户身份标识信息;Step 502: After the login client obtains the user identity, it sends a request authentication message to the authentication server, where the request authentication message carries the user identity information.
步骤503、认证服务器根据该请求认证消息生成会话标识符;应当说明的是,该会话标识符用来唯一识别一次用户认证过程;Step 503: The authentication server generates a session identifier according to the request authentication message. It should be noted that the session identifier is used to uniquely identify the user authentication process.
步骤504、登录客户端向认证服务器发送认证会话标识符请求消息;Step 504: The login client sends an authentication session identifier request message to the authentication server.
步骤505、认证服务器将会话标识符反馈给登录客户端;Step 505: The authentication server feeds back the session identifier to the login client.
步骤506、登录客户端将接收的会话标识符暴露给用户,比如可以在登录界面直接显示出来,或者登录客户端将会话标识符生成为一个二维码图像,供用户使用;Step 506: The login client exposes the received session identifier to the user, for example, may be directly displayed on the login interface, or the login client generates the session identifier as a two-dimensional code image for the user to use;
步骤507、用户输入会话标识符到认证客户端,用户可以采用直接输入会话标识符的方式,也可以采用操作认证客户端扫描二维码,然后认证客户端通过解析二维码获取会话标识符的方式;Step 507: The user inputs the session identifier to the authentication client, and the user may directly input the session identifier, or may use the operation authentication client to scan the two-dimensional code, and then the authentication client obtains the session identifier by parsing the two-dimensional code. the way;
步骤508、认证客户端根据会话标识符采集用户的生物特征信息;该步骤中认证客户端根据会话标识符引导用户完成生物特征的采集;Step 508: The authentication client collects biometric information of the user according to the session identifier. In this step, the authentication client guides the user to complete biometric collection according to the session identifier.
步骤509、认证客户端将采集的用户的生物特征信息和会话标识符返回给认证服务器;Step 509: The authentication client returns the collected biometric information and the session identifier of the user to the authentication server.
步骤510、认证服务进行用户的登录认证;该步骤中认证服务器根据认证客户端反馈的会话标识符查找与该会话标识符对应的用户身份标识信息,然后在用户生物特征注册信息中查找该用户身份标识信息对应的注册生物特征信息,然后将该生物特征信息与注册生物特征信息进行比对,并生成认证结果,若生物特征信息与注册生物特征信息比对一致,则认证通过,否则认证不通过;Step 510: The authentication service performs login authentication of the user. In this step, the authentication server searches for the user identity information corresponding to the session identifier according to the session identifier fed back by the authentication client, and then searches for the user identity in the user biometric registration information. Identifying the registered biometric information corresponding to the information, and then comparing the biometric information with the registered biometric information, and generating an authentication result. If the biometric information is consistent with the registered biometric information, the authentication is passed, otherwise the authentication fails. ;
步骤511、登录客户端向认证服务器请求用户认证结果,该步骤可以通过某种机制触发,比如定时轮询,用户操作等方式,向认证服务器查询本次认证的结果,查询时携带会话标识符; Step 511: The login client requests the user authentication result from the authentication server. The step may be triggered by a mechanism, such as a periodic polling, a user operation, or the like, to query the authentication server for the result of the current authentication, and the query carries the session identifier.
步骤512、认证服务器根据登录客户端的请求,将认证结果返回给登录客户端所在的应用程序,使得应用程序根据该认证结果为用户提供后续的操作。Step 512: The authentication server returns the authentication result to the application where the login client is located according to the request of the login client, so that the application provides the user with a subsequent operation according to the authentication result.
应当说明的是,本实施例提供的登录认证方法与上述实施例相比降低了认证服务器的开发难度;本实施例提供的中,通过将应用程序与生物特征采集认证解耦,使得在应用程序所在终端无法进行生物特征采集时,也可以实现用户根据生物特征进行登录的过程,此种方式实现了应用程序所在终端无需调用自己的硬件设备,便可实现用户依据生物特征进行登录的能力,本发明实施例提高了生物特征登录认证的跨平台能力,方便了用户操作。It should be noted that the login authentication method provided in this embodiment reduces the development difficulty of the authentication server compared with the foregoing embodiment. In this embodiment, the application is decoupled from the biometric collection authentication, so that the application is When the terminal is unable to collect biometric features, the user can also log in according to the biometrics. This method realizes that the terminal where the application is located does not need to call its own hardware device, so that the user can log in according to the biometric feature. The embodiment of the invention improves the cross-platform capability of biometric login authentication, and is convenient for user operation.
对应上述登录认证方法,如图8所示,为本发明实施例提供的一种认证服务器的结构示意图。本实施例提供的认证服务器包括:Corresponding to the foregoing login authentication method, as shown in FIG. 8, is a schematic structural diagram of an authentication server according to an embodiment of the present invention. The authentication server provided in this embodiment includes:
认证请求获取模块11,设置为:获取登录客户端根据用户身份标识信息生成的认证请求消息;The authentication request obtaining module 11 is configured to: obtain an authentication request message generated by the login client according to the user identity information;
触发模块12,设置为:根据认证请求获取模块11获取的认证请求消息,触发认证客户端采集用户的生物特征信息;The triggering module 12 is configured to: according to the authentication request acquiring the authentication request message acquired by the module 11, triggering the authentication client to collect the biometric information of the user;
第一接收模块13,设置为:接收认证客户端采集到的生物特征信息;The first receiving module 13 is configured to: receive biometric information collected by the authentication client;
比对模块14,设置为:将第一接收模块13接收的生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The comparison module 14 is configured to compare the biometric information received by the first receiving module 13 with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
可选地,如图9所示,为本发明实施例提供的一种认证服务器的结构示意图。在上述图8所示认证服务器的结构基础上,本实施例中的认证服务器还可以包括:Optionally, FIG. 9 is a schematic structural diagram of an authentication server according to an embodiment of the present invention. The authentication server in this embodiment may further include:
第一发送模块15,设置为:在比对模块13生成所述认证结果之后,将该认证结果发送给所述登录客户端。The first sending module 15 is configured to: after the comparison module 13 generates the authentication result, send the authentication result to the login client.
可选地,本实施例中的认证服务器还可以包括:Optionally, the authentication server in this embodiment may further include:
注册信息获取模块16,设置为:在认证请求获取模块11获取所述登录客户端生成的认证请求消息之前,获取认证客户端采集的用户的注册标识信息和注册生物特征信息;The registration information obtaining module 16 is configured to: obtain the registration identifier information and the registered biometric information of the user collected by the authentication client before the authentication request obtaining module 11 obtains the authentication request message generated by the login client;
注册模块17,设置为:根据注册信息获取模块16获取的注册标识信息, 生成用户唯一的身份标识信息,并将该用户唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息。The registration module 17 is configured to: according to the registration identifier information acquired by the registration information obtaining module 16, The user's unique identity information is generated, and the unique identity information of the user is stored in association with the registered biometric information to generate user biometric registration information.
可选地,本实施例中的认证服务器还可以包括:Optionally, the authentication server in this embodiment may further include:
注册结果生成模块18,设置为:根据注册模块17生成的用户生物特征注册信息生成注册结果;The registration result generating module 18 is configured to: generate a registration result according to the user biometric registration information generated by the registration module 17;
第二发送模块19,设置为:将注册结果生成模块18生成的注册结果和注册模块17生成的用户唯一的身份标识信息发送给认证客户端,使得所述认证客户端根据所述注册结果保存所述身份标识信息。The second sending module 19 is configured to: send the registration result generated by the registration result generating module 18 and the unique identification information generated by the registration module 17 to the authentication client, so that the authentication client saves the registration result according to the registration result. Describe the identity information.
可选地,在本实施例的一种实现方式中,该触发模块12可以包括:Optionally, in an implementation manner of this embodiment, the triggering module 12 may include:
采集请求生成单元,设置为:根据认证请求获取模块11获取的认证请求消息中的用户身份标识信息,生成生物特征采集请求信息;The collection request generating unit is configured to generate biometric collection request information according to the user identification information in the authentication request message acquired by the authentication request acquisition module 11;
第一发送单元,设置为:将采集请求生成单元生成的生物特征采集请求信息发送给认证客户端,使得认证客户端根据该生物特征采集请求信息采集用户的生物特征信息。The first sending unit is configured to: send the biometric collection request information generated by the collection request generating unit to the authentication client, so that the authentication client collects biometric information of the user according to the biometric feature collection request information.
可选地,本实施例中的认证服务器还可以包括:Optionally, the authentication server in this embodiment may further include:
获取模块,设置为:在第一发送单元将生物特征采集请求信息发送给认证客户端之前,获取所述认证客户端保存的身份标识信息;Obtaining a module, configured to: obtain, after the first sending unit sends the biometric collection request information to the authentication client, the identity identification information saved by the authentication client;
通道建立模块,设置为:根据获取模块获取的身份标识信息,建立与认证客户端之间的通信通道。The channel establishment module is configured to: establish a communication channel with the authentication client according to the identity identification information acquired by the acquisition module.
可选地,在本实施例的另一种实现方式中,该触发模块12可以包括:Optionally, in another implementation manner of this embodiment, the triggering module 12 may include:
分配单元,设置为:对认证请求消息对应的认证会话分配会话标识符;An allocating unit, configured to: allocate a session identifier to an authentication session corresponding to the authentication request message;
第二发送单元,设置为:将分配单元分配的会话标识符发送给登录客户端。The second sending unit is configured to: send the session identifier assigned by the allocating unit to the login client.
相应地,本实施例中的第一接收模块13的实现方式可以为:接收认证客户端发送的生物特征信息和会话标识符,其中,该生物特征信息为认证客户端根据用户输入的所述会话标识采集的。 Correspondingly, the implementation manner of the first receiving module 13 in this embodiment may be: receiving biometric information and a session identifier sent by the authentication client, where the biometric information is the session that the authentication client inputs according to the user. Identification of the collection.
如图10所示,为本发明实施例提供的再一种登录认证方法的流程示意图。本实施例提供的登录认证方法应用于认证客户端,该方法可以包括如下步骤,即步骤610~步骤620:FIG. 10 is a schematic flowchart diagram of still another login authentication method according to an embodiment of the present invention. The login authentication method provided in this embodiment is applied to the authentication client. The method may include the following steps, that is, steps 610 to 620:
步骤610,根据认证服务器所获取的认证请求消息的触发,采集用户的生物特征信息;Step 610: Collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server.
步骤620,将采集到的生物特征信息发送给所述认证服务器,使得认证服务器将该生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。Step 620: The collected biometric information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
可选地,本实施例提供的登录认证方法,在步骤610之前还可以包括:Optionally, the login authentication method provided in this embodiment may further include:
采集用户的注册标识信息和注册生物特征信息;Collecting registration information and registration biometric information of the user;
将注册标识信息和注册生物特征信息发送给认证服务器,使得认证服务器根据该注册标识信息生成用户唯一的身份标识信息,并将该唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息。The registration identifier information and the registration biometric information are sent to the authentication server, so that the authentication server generates the user's unique identity identification information according to the registration identifier information, and stores the unique identity identification information and the registered biometric information to generate a user biometric. Feature registration information.
可选地,本实施例提供的登录认证方法还可以包括:Optionally, the login authentication method provided in this embodiment may further include:
接收认证服务器发送的注册结果和用户唯一的身份标识信息;Receiving the registration result sent by the authentication server and the unique identity information of the user;
根据注册结果保存身份标识信息,其中,该注册结果为认证服务器根据用户生物特征注册信息生成的。The identity information is saved according to the registration result, wherein the registration result is generated by the authentication server according to the user biometric registration information.
在实际应用中,上述图1到图7所示实施例中,所有关于认证客户端的描述,均适用于该应用认证客户端的登录认证方法的实施例中,也能达到与其相同的技术效果。In the actual application, in the embodiment shown in FIG. 1 to FIG. 7 , all the descriptions about the authentication client are applicable to the embodiment of the login authentication method of the application authentication client, and the same technical effects can be achieved.
对应于图10所示实施例提供的登录认证方法,如图11所示,为本发明实施例提供的一种认证客户端的结构示意图。本实施例提供的认证客户端可以包括:Corresponding to the login authentication method provided in the embodiment shown in FIG. 10, as shown in FIG. 11, is a schematic structural diagram of an authentication client according to an embodiment of the present invention. The authentication client provided in this embodiment may include:
生物特征采集模块21,设置为:根据认证服务器所获取的认证请求消息的触发,采集用户的生物特征信息;The biometrics collection module 21 is configured to: collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
第三发送模块22,设置为:将生物特征采集模块21采集到的所述生物特 征信息发送给认证服务器,使得认证服务器将该生物特征信息与预存的用户身份标识对应的注册生物特征信息进行比对,生成认证结果。The third sending module 22 is configured to: collect the biometrics collected by the biometrics acquiring module 21 The levy information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity to generate an authentication result.
可选地,如图12所示,为本发明实施例提供的另一种认证客户端的结构示意图。在上述图11所示认证客户端的结构基础上,本实施例提供的认证客户端还可以包括:Optionally, as shown in FIG. 12, it is a schematic structural diagram of another authentication client provided by an embodiment of the present invention. The authentication client provided in this embodiment may further include:
注册信息采集模块23,设置为:在生物特征采集模块21采集用户的生物特征信息之前,采集用户的注册标识信息和注册生物特征信息;The registration information collection module 23 is configured to: before the biometric collection module 21 collects biometric information of the user, collect registration information and registered biometric information of the user;
第四发送模块24,设置为:将注册信息采集模块23采集的注册标识信息和注册生物特征信息发送给认证服务器,使得认证服务器根据注册标识信息生成所述用户唯一的身份标识信息,并将该用户的唯一身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息。The fourth sending module 24 is configured to: send the registration identifier information and the registered biometric information collected by the registration information collection module 23 to the authentication server, so that the authentication server generates the unique identifier information of the user according to the registration identifier information, and the The unique identification information of the user is stored corresponding to the registered biometric information, and the biometric registration information of the user is generated.
可选地,本实施例提供的认证客户端还可以包括:Optionally, the authentication client provided in this embodiment may further include:
第二接收模块25,设置为:接收认证服务器发送的注册结果和用户唯一的身份标识信息,其中,该注册结果为认证服务器根据用户生物特征注册信息生成的;The second receiving module 25 is configured to: receive the registration result sent by the authentication server and the unique identity information of the user, where the registration result is generated by the authentication server according to the user biometric registration information;
保存模块26,设置为:根据第二接收模块25接收的注册结果保存身份标识信息。The saving module 26 is configured to save the identity information according to the registration result received by the second receiving module 25.
如图13所示,为本发明实施例提供的还一种登录认证方法的流程示意图。本实施例提供的登录认证方法应用于登录客户端,该方法可以包括如下步骤,即步骤710~步骤730:FIG. 13 is a schematic flowchart of still another login authentication method according to an embodiment of the present invention. The login authentication method provided in this embodiment is applied to the login client. The method may include the following steps, that is, steps 710 to 730:
步骤710,采集用户登录时的用户身份标识信息;Step 710: Collect user identity information when the user logs in.
步骤720,根据该用户身份标识信息,生成认证请求消息;Step 720: Generate an authentication request message according to the user identity information.
步骤730,将该认证请求消息发送给认证服务器,使得认证服务器根据该认证请求消息生成生物特征采集请求信息。Step 730: Send the authentication request message to the authentication server, so that the authentication server generates biometric collection request information according to the authentication request message.
可选地,本实施例提供的登录认证方法在步骤730之后,还可以包括:Optionally, after the step 730, the login authentication method provided in this embodiment may further include:
接收认证服务器反馈的认证结果。 Receive the authentication result fed back by the authentication server.
可选地,当采用图5和图6所示实施例的实现方式时,本实施例提供的登录认证方法在步骤730之后,还可以包括:Optionally, when the implementation of the embodiment shown in FIG. 5 and FIG. 6 is adopted, the login authentication method provided in this embodiment may further include:
接收认证服务器发送的会话标识信息。Receive session identification information sent by the authentication server.
其中,上述图1到图7所示实施例中,所有关于登录客户端的描述,均适用于该应用登录客户端的登录认证方法的实施例中,也能达到与其相同的技术效果。In the embodiment shown in FIG. 1 to FIG. 7 , all the descriptions about the login client are applicable to the embodiment of the login authentication method of the application login client, and the same technical effects can be achieved.
对应于图13所示的登录认证方法,如图14所示,为本发明实施例提供的一种登录客户端的结构示意图。本实施例提供的登录客户端可以包括:Corresponding to the login authentication method shown in FIG. 13 , as shown in FIG. 14 , it is a schematic structural diagram of a login client according to an embodiment of the present invention. The login client provided in this embodiment may include:
登录信息采集模块31,设置为:采集用户进行登录时的用户身份标识信息;The login information collection module 31 is configured to: collect user identity information when the user logs in;
认证请求生成模块32,设置为:根据登录信息采集模块31采集的用户身份标识信息,生成认证请求消息;The authentication request generating module 32 is configured to: generate an authentication request message according to the user identity information collected by the login information collection module 31;
第五发送模块33,设置为:将认证请求生成模块32生成的认证请求消息给认证服务器,使得认证服务器根据该认证请求消息生成生物特征采集请求信息。The fifth sending module 33 is configured to: send the authentication request message generated by the authentication request generating module 32 to the authentication server, so that the authentication server generates biometric collection request information according to the authentication request message.
可选地,如图15所示,为本发明实施例提供的另一种登录客户端的结构示意图。在上述图14所示实施例的结构基础上,本实施例提供的登录客户端还可以包括:Optionally, as shown in FIG. 15 , it is a schematic structural diagram of another login client according to an embodiment of the present invention. Based on the foregoing structure of the embodiment shown in FIG. 14, the login client provided in this embodiment may further include:
认证结果接收模块34,设置为:在第五发送模块33将认证请求消息发送给认证服务器之后,接收认证服务器反馈的认证结果。The authentication result receiving module 34 is configured to: after the fifth sending module 33 sends the authentication request message to the authentication server, receive the authentication result fed back by the authentication server.
可选地,本实施例提供的登录客户端还可以包括:Optionally, the login client provided in this embodiment may further include:
会话标识接收模块35,设置为:在第五发送模块34将认证请求消息发送给认证服务器之后,接收该认证服务器发送的会话标识信息,其中,该会话标识符为认证服务器对认证请求消息对应的认证会话所分配的。The session identifier receiving module 35 is configured to: after the fifth sending module 34 sends the authentication request message to the authentication server, receive the session identifier information sent by the authentication server, where the session identifier is the authentication server corresponding to the authentication request message. The authentication session is assigned.
在实际应用中,通过利用认证服务器进行生物特征信息采集的触发,使得在登录客户端侧没有生物特征采集能力时,也能使得用户利用生物特征信息进行登录操作,提高了用户操作的灵活性。In the actual application, the triggering of the biometric information collection by using the authentication server enables the user to use the biometric information to perform the login operation when the login client side does not have the biometric feature collection capability, thereby improving the flexibility of the user operation.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计 算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(根据***、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or part of the steps of the above embodiments may be used. The computer program can be implemented in a computer readable storage medium, which is executed on a corresponding hardware platform (according to a system, device, device, device, etc.), when executed, including One or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
本发明实施例中的认证服务器通过获取登陆客户端生成的认证请求消息,触发认证客户端采集用户的生物特征信息,从而认证服务器将接收到的生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果;本发明实施例通过利用认证服务器进行生物特征信息采集的触发,在登录客户端所在的终端没有生物特征采集能力时,也能使得用户利用生物特征信息进行登录操作,提高了用户操作的灵活性。 The authentication server in the embodiment of the present invention obtains the authentication request message generated by the login client, triggers the authentication client to collect the biometric information of the user, and the authentication server registers the received biometric information with the pre-stored user identity information. The biometric information is compared and the authentication result is generated. In the embodiment of the present invention, the triggering of the biometric information collection by using the authentication server enables the user to use the biometric information when the terminal where the login client is located does not have the biometric feature collection capability. Login operation improves the flexibility of user operations.

Claims (27)

  1. 一种登录认证方法,应用于认证服务器,包括:A login authentication method applied to an authentication server, including:
    获取登录客户端根据用户登陆的用户身份标识信息生成的认证请求消息;Obtaining an authentication request message generated by the login client according to the user identity information logged in by the user;
    根据所述认证请求消息,触发认证客户端采集所述用户的生物特征信息;And triggering the authentication client to collect the biometric information of the user according to the authentication request message;
    接收所述认证客户端采集到的所述生物特征信息;Receiving the biometric information collected by the authentication client;
    将所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The biometric information is compared with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  2. 根据权利要求1所述的登录认证方法,其中,所述生成认证结果之后,所述方法还包括:The login authentication method according to claim 1, wherein after the generating the authentication result, the method further comprises:
    将所述认证结果发送给所述登录客户端。Sending the authentication result to the login client.
  3. 根据权利要求1所述的登录认证方法,其中,所述生物特征信息包括指纹信息、面部图像信息、虹膜信息、声纹信息中的至少一种。The login authentication method according to claim 1, wherein the biometric information comprises at least one of fingerprint information, face image information, iris information, and voiceprint information.
  4. 根据权利要求1所述的登录认证方法,其中,所述获取登录客户端根据用户登陆的用户身份标识信息生成的认证请求消息之前,所述方法还包括:The login authentication method according to claim 1, wherein the method further includes: before the obtaining an authentication request message generated by the login client according to the user identity information that the user logs in, the method further includes:
    获取所述认证客户端采集的用户的注册标识信息和注册生物特征信息;Obtaining registration identifier information and registered biometric information of the user collected by the authentication client;
    根据所述注册标识信息,生成所述用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与所述注册生物特征信息进行对应存储,生成用户生物特征注册信息。And generating, according to the registration identifier information, identity identification information that is unique to the user, and storing the unique identity identification information of the user and the registered biometric information to generate user biometric registration information.
  5. 根据权利要求4所述的登录认证方法,还包括:The login authentication method according to claim 4, further comprising:
    根据所述用户生物特征注册信息生成注册结果;Generating a registration result according to the user biometric registration information;
    将所述注册结果和所述用户唯一的身份标识信息发送给所述认证客户端,使得所述认证客户端根据所述注册结果保存所述身份标识信息。And sending the registration result and the unique identifier information of the user to the authentication client, so that the authentication client saves the identity identification information according to the registration result.
  6. 根据权利要求1所述的登录认证方法,其中,所述根据所述认证请求消息,触发认证客户端采集用户的生物特征信息,包括:The login authentication method according to claim 1, wherein the triggering the authentication client to collect the biometric information of the user according to the authentication request message comprises:
    根据所述认证请求消息中的用户身份标识信息,生成生物特征采集请求信息; Generating biometric collection request information according to the user identity identification information in the authentication request message;
    将所述生物特征采集请求信息发送给所述认证客户端,使得所述认证客户端根据所述生物特征采集请求信息采集所述用户的生物特征信息。The biometric feature collection request information is sent to the authentication client, so that the authentication client collects the biometric information of the user according to the biometric feature collection request information.
  7. 根据权利要求6所述的登录认证方法,其中,所述将所述生物特征采集请求信息发送给所述认证客户端,使得所述认证客户端根据所述生物特征采集请求信息采集用户的生物特征信息之前,所述方法还包括:The login authentication method according to claim 6, wherein the transmitting the biometrics collection request information to the authentication client, so that the authentication client collects biometric characteristics of the user according to the biometric feature collection request information. Before the information, the method further includes:
    获取所述认证客户端保存的身份标识信息;Obtaining identity information saved by the authentication client;
    根据所述证客户端保存的身份标识信息,建立与所述认证客户端之间的通信通道。Establishing a communication channel with the authentication client according to the identity information saved by the certificate client.
  8. 根据权利要求1所述的登录认证方法,其中,所述根据所述认证请求消息,触发认证客户端采集用户的生物特征信息,包括:The login authentication method according to claim 1, wherein the triggering the authentication client to collect the biometric information of the user according to the authentication request message comprises:
    对所述认证请求消息对应的认证会话分配会话标识符;Assigning a session identifier to the authentication session corresponding to the authentication request message;
    将所述会话标识符发送给所述登录客户端;Sending the session identifier to the login client;
    所述接收所述认证客户端采集到的所述生物特征信息,包括:The receiving the biometric information collected by the authentication client includes:
    接收所述认证客户端发送的所述生物特征信息和所述会话标识符,其中,所述生物特征信息为所述认证客户端根据用户输入的所述会话标识采集的。And receiving, by the authentication client, the biometric information and the session identifier, where the biometric information is collected by the authentication client according to the session identifier input by a user.
  9. 一种认证服务器,包括:An authentication server that includes:
    认证请求获取模块,设置为:获取登录客户端根据用户登陆的用户身份标识信息生成的认证请求消息;The authentication request obtaining module is configured to: obtain an authentication request message generated by the login client according to the user identity information that the user logs in;
    触发模块,设置为:根据所述认证请求获取模块获取的所述认证请求消息,触发认证客户端采集所述用户的生物特征信息;The triggering module is configured to: trigger the authentication client to collect the biometric information of the user according to the authentication request message acquired by the authentication request acquisition module;
    第一接收模块,设置为:接收所述认证客户端采集到的生物特征信息;The first receiving module is configured to: receive biometric information collected by the authentication client;
    比对模块,设置为:将所述第一接收模块接收的所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The comparison module is configured to: compare the biometric information received by the first receiving module with the registered biometric information corresponding to the pre-stored user identity information, and generate an authentication result.
  10. 根据权利要求9所述的认证服务器,还包括:The authentication server according to claim 9, further comprising:
    第一发送模块,设置为:在所述比对模块生成所述认证结果之后,将所述认证结果发送给所述登录客户端。 The first sending module is configured to: after the comparing module generates the authentication result, send the authentication result to the login client.
  11. 根据权利要求9所述的认证服务器,还包括:The authentication server according to claim 9, further comprising:
    注册信息获取模块,设置为:在所述认证请求获取模块获取所述登录客户端生成的认证请求消息之前,获取所述认证客户端采集的用户的注册标识信息和注册生物特征信息;The registration information obtaining module is configured to: obtain the registration identifier information and the registered biometric information of the user collected by the authentication client before the authentication request obtaining module acquires the authentication request message generated by the login client;
    注册模块,设置为:根据所述注册信息获取模块获取的所述注册标识信息,生成用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与注册生物特征信息进行对应存储,生成用户生物特征注册信息。The registration module is configured to: generate the unique identification information of the user according to the registration identification information acquired by the registration information acquisition module, and store the unique identification information of the user and the registered biometric information to generate a user. Biometric registration information.
  12. 根据权利要求11所述的认证服务器,还包括:The authentication server according to claim 11, further comprising:
    注册结果生成模块,设置为:根据所述注册模块生成的所述用户生物特征注册信息生成注册结果;a registration result generating module, configured to: generate a registration result according to the user biometric registration information generated by the registration module;
    第二发送模块,设置为:将所述注册结果生成模块生成的所述注册结果和所述注册模块生成的用户唯一的身份标识信息发送给认证客户端,使得所述认证客户端根据所述注册结果保存所述身份标识信息。The second sending module is configured to: send the registration result generated by the registration result generating module and the unique identification information generated by the registration module to the authentication client, so that the authentication client is configured according to the registration The result saves the identity information.
  13. 根据权利要求9所述的认证服务器,其中,所述触发模块包括:The authentication server according to claim 9, wherein the triggering module comprises:
    采集请求生成单元,设置为:根据所述认证请求获取模块获取的所述认证请求消息中的用户身份标识信息,生成生物特征采集请求信息;The collection request generating unit is configured to generate biometric collection request information according to the user identification information in the authentication request message acquired by the authentication request acquisition module;
    第一发送单元,设置为:将所述采集请求生成单元生成的所述生物特征采集请求信息发送给所述认证客户端,使得所述认证客户端根据所述生物特征采集请求信息采集所述用户的生物特征信息。The first sending unit is configured to: send the biometric feature collection request information generated by the collection request generating unit to the authentication client, so that the authentication client collects the user according to the biometric feature collection request information. Biometric information.
  14. 根据权利要求13所述的认证服务器,还包括:The authentication server of claim 13, further comprising:
    获取模块,设置为:在所述第一发送单元将所述生物特征采集请求信息发送给所述认证客户端之前,获取所述认证客户端保存的身份标识信息;Obtaining a module, configured to: obtain the identity identification information saved by the authentication client before the first sending unit sends the biometric feature collection request information to the authentication client;
    通道建立模块,设置为:根据所述获取模块获取的所述证客户端保存的身份标识信息,建立与所述认证客户端之间的通信通道。The channel establishing module is configured to: establish a communication channel with the authentication client according to the identity information saved by the certificate client acquired by the acquiring module.
  15. 根据权利要求9所述的认证服务器,其中,所述触发模块包括:The authentication server according to claim 9, wherein the triggering module comprises:
    分配单元,设置为:对所述认证请求消息对应的认证会话分配会话标识符; An allocating unit, configured to: allocate a session identifier to an authentication session corresponding to the authentication request message;
    第二发送单元,设置为:将所述分配单元分别的所述会话标识符发送给所述登录客户端;a second sending unit, configured to: send the session identifier of the allocation unit to the login client;
    所述第一接收模块,是设置为:接收所述认证客户端发送的所述生物特征信息和所述会话标识符,其中,所述生物特征信息为所述认证客户端根据用户输入的所述会话标识采集的。The first receiving module is configured to: receive the biometric information and the session identifier sent by the authentication client, where the biometric information is the authentication client according to the user input The session ID was collected.
  16. 一种登录认证方法,应用于认证客户端,包括:A login authentication method applied to an authentication client, including:
    根据认证服务器所获取的认证请求消息的触发,采集用户的生物特征信息;Collecting biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
    将采集到的所述生物特征信息发送给所述认证服务器,使得所述认证服务器将所述生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。The collected biometric information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  17. 根据权利要求16所述的登录认证方法,其中,所述根据认证服务器获取的认证请求消息的触发,采集用户的生物特征信息之前,所述方法还包括:The login authentication method according to claim 16, wherein the method further comprises: before the collecting the biometric information of the user according to the triggering of the authentication request message acquired by the authentication server, the method further comprises:
    采集所述用户的注册标识信息和注册生物特征信息;Collecting registration information and registration biometric information of the user;
    将所述注册标识信息和所述注册生物特征信息发送给所述认证服务器,使得所述认证服务器根据所述注册标识信息生成所述用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与所述注册生物特征信息进行对应存储,生成用户生物特征注册信息。Sending the registration identifier information and the registration biometric information to the authentication server, so that the authentication server generates the identity identification information unique to the user according to the registration identifier information, and the unique identifier of the user The information is stored corresponding to the registered biometric information to generate user biometric registration information.
  18. 根据权利要求17所述的登录认证方法,还包括:The login authentication method according to claim 17, further comprising:
    接收所述认证服务器发送的注册结果和所述用户唯一的身份标识信息,所述注册结果为所述认证服务器根据所述用户生物特征注册信息生成的;Receiving, by the authentication server, a registration result and the user's unique identity information, where the registration result is generated by the authentication server according to the user biometric registration information;
    根据所述注册结果保存所述身份标识信息。The identity information is saved according to the registration result.
  19. 一种认证客户端,包括:An authentication client that includes:
    生物特征采集模块,设置为:根据认证服务器所获取的认证请求消息的触发,采集用户的生物特征信息;The biometric collection module is configured to: collect biometric information of the user according to the trigger of the authentication request message acquired by the authentication server;
    第三发送模块,设置为:将所述生物特征采集模块采集到的所述生物特 征信息发送给所述认证服务器,使得所述认证服务器将所述生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对,生成认证结果。a third sending module, configured to: collect the biometrics collected by the biometrics acquiring module The levy information is sent to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.
  20. 根据权利要求19所述的认证客户端,还包括:The authentication client of claim 19, further comprising:
    注册信息采集模块,设置为:在所述生物特征采集模块采集用户的生物特征信息之前,采集所述用户的注册标识信息和注册生物特征信息;The registration information collection module is configured to: before the biometric collection module collects biometric information of the user, collect registration information and registered biometric information of the user;
    第四发送模块,设置为:将所述注册信息采集模块采集的所述注册标识信息和所述注册生物特征信息发送给所述认证服务器,使得所述认证服务器根据所述注册标识信息生成所述用户唯一的身份标识信息,并将所述用户唯一的身份标识信息与所述注册生物特征信息进行对应存储,生成用户生物特征注册信息。The fourth sending module is configured to: send the registration identifier information collected by the registration information collection module and the registered biometric information to the authentication server, so that the authentication server generates the identifier according to the registration identifier information. The user unique identifier information, and the user unique identifier information is stored corresponding to the registered biometric information to generate user biometric registration information.
  21. 根据权利要求20所述的认证客户端,还包括:The authentication client according to claim 20, further comprising:
    第二接收模块,设置为:接收所述认证服务器发送的注册结果和所述用户唯一的身份标识信息,所述注册结果为所述认证服务器根据所述用户生物特征注册信息生成的;The second receiving module is configured to: receive the registration result sent by the authentication server and the identity identification information unique to the user, where the registration result is generated by the authentication server according to the user biometric registration information;
    保存模块,设置为:根据所述第二接收模块接收的所述注册结果保存所述身份标识信息。The saving module is configured to: save the identity identification information according to the registration result received by the second receiving module.
  22. 一种登录认证方法,应用于登录客户端,包括:A login authentication method applied to a login client, including:
    采集用户登录时的用户身份标识信息;Collect user identity information when the user logs in;
    根据所述用户身份标识信息,生成认证请求消息;Generating an authentication request message according to the user identity information;
    将所述认证请求消息发送给认证服务器,使得所述认证服务器根据所述认证请求消息,触发认证客户端采集用户的生物特征信息。Sending the authentication request message to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request message.
  23. 根据权利要求22所述的登录认证方法,其中,所述将所述认证请求消息发送给认证服务器之后,所述方法还包括:The login authentication method according to claim 22, wherein after the sending the authentication request message to the authentication server, the method further includes:
    接收所述认证服务器反馈的认证结果。Receiving the authentication result fed back by the authentication server.
  24. 根据权利要求22所述的登录认证方法,其中,所述将所述认证请求消息发送给认证服务器之后,所述方法还包括:The login authentication method according to claim 22, wherein after the sending the authentication request message to the authentication server, the method further includes:
    接收所述认证服务器发送的会话标识符,所述会话标识符为所述认证服 务器对所述认证请求消息对应的认证会话所分配的。Receiving a session identifier sent by the authentication server, where the session identifier is the authentication service The server allocates the authentication session corresponding to the authentication request message.
  25. 一种登录客户端,包括:A login client that includes:
    登录信息采集模块,设置为:采集用户登录时的用户身份标识信息;The login information collection module is configured to: collect user identification information when the user logs in;
    认证请求生成模块,设置为:根据所述登录信息采集模块采集的所述用户身份标识信息,生成认证请求消息;The authentication request generating module is configured to: generate an authentication request message according to the user identity information collected by the login information collection module;
    第五发送模块,设置为:将所述认证请求生成模块生成的所述认证请求消息发送给认证服务器,使得所述认证服务器根据所述认证请求消息,触发认证客户端采集用户的生物特征信息。The fifth sending module is configured to: send the authentication request message generated by the authentication request generating module to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request message.
  26. 根据权利要求25所述的登录客户端,还包括:The login client of claim 25, further comprising:
    认证结果接收模块,设置为:在所述第五发送模块将所述认证请求消息发送给所述认证服务器之后,接收所述认证服务器反馈的认证结果。The authentication result receiving module is configured to: after the fifth sending module sends the authentication request message to the authentication server, receive an authentication result fed back by the authentication server.
  27. 根据权利要求25所述的登录客户端,还包括:The login client of claim 25, further comprising:
    会话标识接收模块,设置为:在所述第五发送模块将所述认证请求消息发送给所述认证服务器之后,接收所述认证服务器发送的会话标识符,所述会话标识符为所述认证服务器对所述认证请求消息对应的认证会话所分配的。 a session identifier receiving module, configured to: after the fifth sending module sends the authentication request message to the authentication server, receive a session identifier sent by the authentication server, where the session identifier is the authentication server Assigned to the authentication session corresponding to the authentication request message.
PCT/CN2016/087485 2015-09-06 2016-06-28 Login authentication method, authentication server, authentication client and login client WO2017036243A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510561123.7A CN106506433B (en) 2015-09-06 2015-09-06 Login authentication method, authentication server, authentication client and login client
CN201510561123.7 2015-09-06

Publications (1)

Publication Number Publication Date
WO2017036243A1 true WO2017036243A1 (en) 2017-03-09

Family

ID=58186606

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/087485 WO2017036243A1 (en) 2015-09-06 2016-06-28 Login authentication method, authentication server, authentication client and login client

Country Status (2)

Country Link
CN (1) CN106506433B (en)
WO (1) WO2017036243A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108766442A (en) * 2018-06-15 2018-11-06 清华大学 A kind of identity identifying method and device based on vocal print pattern identification
CN110634478A (en) * 2018-06-25 2019-12-31 百度在线网络技术(北京)有限公司 Method and apparatus for processing speech signal
AU2018264440B2 (en) * 2017-05-11 2020-04-30 Advanced New Technologies Co., Ltd. Identity authentication method, device and system
CN112291188A (en) * 2019-09-23 2021-01-29 中建材信息技术股份有限公司 Registration verification method and system, registration verification server and cloud server

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107896208B (en) * 2017-10-23 2020-09-25 国政通科技股份有限公司 Identity authentication method and system
CN108683684B (en) * 2018-06-13 2021-03-09 北京云中融信网络科技有限公司 Method, device and system for logging in target instant messaging application
CN110166417B (en) * 2018-08-01 2021-10-01 腾讯科技(深圳)有限公司 Task execution method and device, computer equipment and storage medium
CN108881301A (en) * 2018-08-02 2018-11-23 珠海宏桥高科技有限公司 A kind of identity identifying method based on block chain
CN111104657A (en) * 2018-10-25 2020-05-05 中国电信股份有限公司 Identity authentication method and system, authentication platform, user terminal and application terminal
CN109992680A (en) * 2018-12-13 2019-07-09 阿里巴巴集团控股有限公司 Information processing method, device, electronic equipment and computer readable storage medium
CN111309131A (en) * 2020-01-18 2020-06-19 东莞肯博尔电子科技有限公司 Safety guarantee system for storage of micro server of electronic computer
CN111371755B (en) * 2020-02-24 2023-01-10 平安科技(深圳)有限公司 Voiceprint data processing method and device, computer equipment and storage medium
CN111343080B (en) * 2020-02-28 2020-12-04 北京芯盾时代科技有限公司 Agent-based mail service method, server, client and system
WO2021168829A1 (en) * 2020-02-28 2021-09-02 华为技术有限公司 User identifier verification method and related device
CN111581624B (en) * 2020-05-18 2023-06-20 中科美络科技股份有限公司 Intelligent terminal user identity authentication method
CN111475793A (en) * 2020-06-19 2020-07-31 支付宝(杭州)信息技术有限公司 Access control method, user registration method, user login method, device and equipment
CN112422575B (en) * 2020-11-24 2023-05-12 中国农业银行股份有限公司东莞分行 Control method and system for network access based on remote identity authentication
CN112199663B (en) * 2020-12-03 2021-04-06 飞天诚信科技股份有限公司 Authentication method and system for no user name
CN112685716A (en) * 2021-03-18 2021-04-20 北京远鉴信息技术有限公司 Decentralized identity authentication system and authentication method
CN116599764B (en) * 2023-06-28 2023-09-19 央广云听文化传媒有限公司 Application login method, application login device, storage medium and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174948A (en) * 2006-11-02 2008-05-07 上海银晨智能识别科技有限公司 Network login system and method with face authentication
CN103095454A (en) * 2012-12-07 2013-05-08 大连奥林匹克电子城咨信商行 Online login identification authentication method based on human face matching
US20130336637A1 (en) * 2012-06-15 2013-12-19 Sony Corporation Information processing device and information processing method, computer program, and information communication system
CN104765998A (en) * 2015-04-16 2015-07-08 国家电网公司 User identity reliably-verifying system based on face identification and using method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174948A (en) * 2006-11-02 2008-05-07 上海银晨智能识别科技有限公司 Network login system and method with face authentication
US20130336637A1 (en) * 2012-06-15 2013-12-19 Sony Corporation Information processing device and information processing method, computer program, and information communication system
CN103095454A (en) * 2012-12-07 2013-05-08 大连奥林匹克电子城咨信商行 Online login identification authentication method based on human face matching
CN104765998A (en) * 2015-04-16 2015-07-08 国家电网公司 User identity reliably-verifying system based on face identification and using method thereof

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2018264440B2 (en) * 2017-05-11 2020-04-30 Advanced New Technologies Co., Ltd. Identity authentication method, device and system
US10949824B2 (en) 2017-05-11 2021-03-16 Advanced New Technologies Co., Ltd. Identity authentication method, device, and system
US11227271B2 (en) 2017-05-11 2022-01-18 Advanced New Technologies Co., Ltd. Identity authentication method, device, and system
CN108766442A (en) * 2018-06-15 2018-11-06 清华大学 A kind of identity identifying method and device based on vocal print pattern identification
CN108766442B (en) * 2018-06-15 2020-11-06 清华大学 Identity authentication method and device based on voiceprint graphic identification
CN110634478A (en) * 2018-06-25 2019-12-31 百度在线网络技术(北京)有限公司 Method and apparatus for processing speech signal
CN112291188A (en) * 2019-09-23 2021-01-29 中建材信息技术股份有限公司 Registration verification method and system, registration verification server and cloud server
CN112291188B (en) * 2019-09-23 2023-02-10 中建材信息技术股份有限公司 Registration verification method and system, registration verification server and cloud server

Also Published As

Publication number Publication date
CN106506433A (en) 2017-03-15
CN106506433B (en) 2021-04-20

Similar Documents

Publication Publication Date Title
WO2017036243A1 (en) Login authentication method, authentication server, authentication client and login client
US11588813B2 (en) Systems and methods for biometric authentication using existing databases
JP7046045B2 (en) Methods and Devices for Information Interactions and Associations between Human Biological Feature Data and Accounts
US10362613B2 (en) Pairing management method, recording medium, and terminal apparatus
US9032495B2 (en) Online user account login method and a server system implementing the method
US20130212653A1 (en) Systems and methods for password-free authentication
US7886341B2 (en) External authentication against a third-party directory
US20220255919A1 (en) Computer readable storage media for legacy integration and methods and systems for utilizing same
US20210176642A1 (en) Proximity based user identification and authentication system and method
WO2013051019A4 (en) Evolved biometric system with enhanced feature and method for the same
JP2016523416A (en) Account login method, device and system
CN112840339A (en) Progressive access to data and device functionality
CN104639546B (en) The methods, devices and systems of multi-biological characteristic inclusive authentication
US20160021254A1 (en) Methods, systems, and apparatus for conducting a conference session
CN111818034A (en) Network access control method, device, electronic equipment and medium
US9251331B2 (en) Simplified user registration
US8689304B2 (en) Multiple independent authentications for enhanced security
CN108234409B (en) Identity verification method and device
US20200204544A1 (en) Biometric security for cloud services
US20140280968A1 (en) Data center and method for providing virtual service
US20240111852A1 (en) Method and system for generating a virtual authenticator
JP2007011630A (en) Status information processing system, status information processing method, and program
WO2016015215A1 (en) Data processing apparatus and method
CN114205811A (en) AP access method, AP, client and storage medium
JP2008015866A (en) Biometric authentication system and information processor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16840672

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16840672

Country of ref document: EP

Kind code of ref document: A1