Search

US-12625932-B2 - Identity authentication using biometrics

US12625932B2US 12625932 B2US12625932 B2US 12625932B2US-12625932-B2

Abstract

A service request is received by a terminal device. First biometric authentication information of a user associated with the service request is collected. The first biometric authentication information is compared with preset biometric authentication information. When the comparison shows that the first biometric authentication information and the preset biometric authentication information are consistent, a pre-stored digital signature certificate private key is read. The service request is digitally signed according to the digital signature certificate private key. A biometric information verification message is generated and sent message to a server. The server is configured to read a pre-stored digital signature certificate public key corresponding to the digital signature certificate private key. Authentication result information is receiving from the server after the server verifies and signs the biometric information verification message according to the digital signature certificate public key.

Inventors

  • Haojie Zhong
  • XIANGYU ZHAO
  • Shuli Zhang

Assignees

  • Advanced New Technologies Co., Ltd.

Dates

Publication Date
20260512
Application Date
20220404
Priority Date
20150827

Claims (18)

  1. 1 . A method, comprising: receiving, by a user device of a user, a registration request; sending the registration request to a first server; receiving a response message from the first server, wherein the response message comprises authentication challenge information, wherein the authentication challenge information is obtained by the first server from a second server; verifying the authentication challenge information; after successfully verifying the authentication challenge information, collecting biometric authentication information of the user in accordance with the registration request; in response to determining that the biometric authentication information is consistent with preset biometric authentication information, generating a digital signature certificate private key and a digital signature certificate public key; transmitting, to the second server, a signed registration request message that is signed using a first preset private key and that includes the digital signature certificate public key, wherein the second server is configured to store the digital signature certificate public key after verifying the signed registration request message according to a first preset public key, wherein the first preset private key corresponds to the first preset public key; transmitting, to the second server, a biometric information verification message that is generated by signing a service request using the digital signature certificate private key, wherein the second server is configured to verify the biometric information verification message according to the digital signature certificate public key; and receiving, from the second server, authentication result information indicative of the second server verifying the biometric information verification message according to the digital signature certificate public key.
  2. 2 . The method of claim 1 , wherein the biometric authentication information comprises one or more of fingerprint information, face image information, or voice information.
  3. 3 . The method of claim 1 , wherein the user device collects the biometric authentication information of the user using one or more of a fingerprint sensor, a camera, or a microphone.
  4. 4 . The method of claim 1 , comprising: storing the biometric authentication information of the user on the user device.
  5. 5 . The method of claim 1 , comprising: storing the digital signature certificate private key and the digital signature certificate public key.
  6. 6 . The method of claim 1 , wherein the signed registration request message includes the authentication challenge information, and wherein the authentication challenge information is digitally signed before the signed registration request message is generated.
  7. 7 . The method of claim 1 , comprising: generating the digital signature certificate private key and the digital signature certificate public key corresponding to the biometric authentication information according to an identifier of the user, an identifier of the user device, and result information of a comparison between preset biometric authentication information and the biometric authentication information showing consistency.
  8. 8 . The method of claim 1 , comprising: determining that preset biometric information is stored in a biometric sensor of the user device that supports identification of biometric authentication information; and responsive to both (i) determining that the preset biometric information is stored in the biometric sensor of the user device and (ii) determining that the user device supports identification of biometric authentication information using a trusted execution environment (TEE), collecting the biometric authentication information of the user in accordance with the registration request.
  9. 9 . A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising: receiving, by a user device of a user, a registration request; sending the registration request to a first server; receiving a response message from the first server, wherein the response message comprises authentication challenge information, wherein the authentication challenge information is obtained by the first server from a second server; verifying the authentication challenge information; after successfully verifying the authentication challenge information, collecting biometric authentication information of the user in accordance with the registration request; in response to determining that the biometric authentication information is consistent with preset biometric authentication information, generating a digital signature certificate private key and a digital signature certificate public key; transmitting, to the second server, a signed registration request message that is signed using a first preset private key and that includes the digital signature certificate public key, wherein the second server is configured to store the digital signature certificate public key after verifying the signed registration request message according to a first preset public key, wherein the first preset private key corresponds to the first preset public key; transmitting, to the second server, a biometric information verification message that is generated by signing a service request using the digital signature certificate private key, wherein the second server is configured to verify the biometric information verification message according to the digital signature certificate public key; and receiving, from the second server, authentication result information indicative of the second server verifying the biometric information verification message according to the digital signature certificate public key.
  10. 10 . The non-transitory, computer-readable medium of claim 9 , wherein the biometric authentication information comprises one or more of fingerprint information, face image information, or voice information.
  11. 11 . The non-transitory, computer-readable medium of claim 9 , wherein the user device collects the biometric authentication information of the user using one or more of a fingerprint sensor, a camera, or a microphone.
  12. 12 . The non-transitory, computer-readable medium of claim 9 , wherein the operations further comprise: storing the biometric authentication information of the user on the user device.
  13. 13 . The non-transitory, computer-readable medium of claim 9 , wherein the operations further comprise: storing the digital signature certificate private key and the digital signature certificate public key.
  14. 14 . The non-transitory, computer-readable medium of claim 9 , wherein the signed registration request message includes the authentication challenge information, and wherein the authentication challenge information is digitally signed before the signed registration request message is generated.
  15. 15 . A computer-implemented system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising: receiving, by a user device of a user, a registration request; sending the registration request to a first server; receiving a response message from the first server, wherein the response message comprises authentication challenge information, wherein the authentication challenge information is obtained by the first server from a second server; verifying the authentication challenge information; after successfully verifying the authentication challenge information, collecting biometric authentication information of the user in accordance with the registration request; in response to determining that the biometric authentication information is consistent with preset biometric authentication information, generating a digital signature certificate private key and a digital signature certificate public key; transmitting, to the second server, a signed registration request message that is signed using a first preset private key and that includes the digital signature certificate public key, wherein the second server is configured to store the digital signature certificate public key after verifying the signed registration request message according to a first preset public key, wherein the first preset private key corresponds to the first preset public key; transmitting, to the second server, a biometric information verification message that is generated by signing a service request using the digital signature certificate private key, wherein the second server is configured to verify the biometric information verification message according to the digital signature certificate public key; and receiving, from the second server, authentication result information indicative of the second server verifying the biometric information verification message according to the digital signature certificate public key.
  16. 16 . The computer-implemented system of claim 15 , wherein the biometric authentication information comprises one or more of fingerprint information, face image information, or voice information.
  17. 17 . The computer-implemented system of claim 15 , wherein the user device collects the biometric authentication information of the user using one or more of a fingerprint sensor, a camera, or a microphone.
  18. 18 . The computer-implemented system of claim 15 , wherein the one or more operations further comprise: storing the biometric authentication information of the user on the user device.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 15/903,801, filed on Feb. 23, 2018, which is a continuation of PCT Application No. PCT/CN2016/095855, filed on Aug. 18, 2016, which claims priority to Chinese Patent Application No. 201510534755.4, filed on Aug. 27, 2015, and each application is incorporated by reference in its entirety. BACKGROUND The present disclosure relates to the field of computer technologies, and in particular, to identity authentication. In conventional technology, the identity of a user is generally authenticated by verifying a password (for example, a 6-digit, or longer, alpha-numeric string) input by the user, and the user can perform an operation after the identity of the user is authenticated. However, in this case, the user usually needs to memorize the password, which may cause inconvenience to the user. In addition, a significant threat may be posed to the user if the password is stolen. SUMMARY The present disclosure describes techniques for identity authentication using biometric information. In an implementation, a service request is received by a terminal device. First biometric authentication information of a user associated with the service request is collected. The first biometric authentication information is compared with preset biometric authentication information. When the comparison shows that the first biometric authentication information and the preset biometric authentication information are consistent, a pre-stored digital signature certificate private key is read. The service request is digitally signed according to the digital signature certificate private key. A biometric information verification message is generated and sent message to a server. The server is configured to read a pre-stored digital signature certificate public key corresponding to the digital signature certificate private key. Authentication result information is receiving from the server after the server verifies and signs the biometric information verification message according to the digital signature certificate public key. Implementations of the described subject matter, including the previously described implementation, can be implemented using a computer-implemented method; a non-transitory, computer-readable medium storing computer-readable instructions to perform the computer-implemented method; and a computer-implemented system comprising one or more computer memory devices interoperably coupled with one or more computers and having tangible, non-transitory, machine-readable media storing instructions that, when executed by the one or more computers, perform the computer-implemented method/the computer-readable instructions stored on the non-transitory, computer-readable medium. The subject matter described in this specification can be implemented in particular implementations, so as to realize one or more of the following advantages. The security and convenience of a service operation performed by the user is improved. The details of one or more implementations of the subject matter of this specification are set forth in the Detailed Description, the Claims, and the accompanying drawings. Other features, aspects, and advantages of the subject matter will become apparent to those of ordinary skill in the art from the Detailed Description, the Claims, and the accompanying drawings. DESCRIPTION OF DRAWINGS FIG. 1 is a flowchart illustrating an example of an identity authentication method, according to an implementation of the present disclosure. FIG. 2 is a flowchart illustrating an example of a method, according to an implementation of the present disclosure. FIG. 3 is a swim lane diagram illustrating an example of an information exchange method that occurs during an identity authentication, according to implementation of the present disclosure. FIG. 4 is a block diagram illustrating an example of an identity authentication system, according to an implementation of the present disclosure. Like reference numbers and designations in the various drawings indicate like elements. DETAILED DESCRIPTION The following detailed description describes identity authentication using biometric information, and is presented to enable any person skilled in the art to make and use the disclosed subject matter in the context of one or more particular implementations. Various modifications, alterations, and permutations of the disclosed implementations can be made and will be readily apparent to those of ordinary skill in the art, and the general principles defined can be applied to other implementations and applications, without departing from the scope of the present disclosure. In some instances, one or more technical details that are unnecessary to obtain an understanding of the described subject matter and that are within the skill of one of ordinary skill in the art may be omitted so as to not obscure one or more described implementa