CN103353973A - Banking transaction authentication method based on video verification, and banking transaction authentication system based on video verification - Google Patents

Abstract

The invention provides a banking transaction authentication method based on video verification and a banking transaction authentication system based on video verification. The banking transaction authentication system based on video verification comprises step that a network server acquires reference voice information of a user and processes the reference voice information into digital reference voice information that is easy to extract characteristic information; then during a process of banking transaction by the user, user equipment makes a request for voice information for verification provided by the user, and after converting the voice information for verification into a voice sequence, the user equipment encrypts and endorses the banking transaction information and the voice sequence of the user to form user transaction information; and the network server examines the endorsement of the received user transaction information, acquires the voice sequence after decryption and recovers the voice sequence to analog voice information, and then after processing the analog voice information into digital voice information in accord with user characteristics, the network server compares the digital voice information with the digital reference voice information of the user so as to confirm the identity of the user. Therefore, security holes in electronic banks are filled, and transaction security is improved.

Description

Banking transaction authentication method and system based on audio authentication

Technical field

The present invention relates to the transaction authentication field, particularly relate to a kind of banking transaction authentication method and system based on audio authentication.

Background technology

Fast development along with ecommerce, more and more users begin to do shopping by modes such as networks, because the internet is an opening, public network, does not exist a special mechanism to go to manage, so the security of the transaction of Internet-based becomes the focus that each side pays close attention to.

For example, in application number is 201210059410.4 Chinese patent literature, a kind of system and method that guarantees safety of network trade is provided, its encryption device that connects in the network trading terminal passes through to show customer transaction information, check rear affirmation by the user, and between network trading platform and network trading terminal, short message channel is set, the customer transaction information matches of on transaction platform, customer transaction information and the note of existing network transmission being transmitted, thus, can realize first the login authentication of network trading client, the visual affirmation of transaction security, moreover can realize based on note the further affirmation of Transaction Information reliability.

Again for example, in application number is 200910214253.8 Chinese patent literature, provide a kind of through melting transaction security control method and terminal, it is undertaken through melting transaction by the mode that the electronics gear two-dimension code that will store in the portable terminal substitutes the magnetic stripe bank card, improves thus the security of transaction.

Again for example, in application number is 201210574983.0 Chinese patent literature, disclose a kind of based on distributed safety of network trade verification system, it prevents that by token and cipher mode the computer wooden horse from usurping the certificate operation such as sign when online, guarantees thus the security of online transaction system.

Have much although guarantee at present the mode of transaction security, yet unavoidably still there are following problems in those modes:

In case 1 user's password is stolen, be difficult to the fund security of user account is effectively protected;

In case 2 trojan horses record user's transaction operation behavior or record a video, then user's account security is difficult to be protected;

3, because in process of exchange, can't determine provides whether the operator of user account password information is the householder of the account, be difficult to therefore confirm that it is bank or trade company or user that account is disposed the main body of fault.

Therefore, need to improve existing transaction security authentication mode.

Summary of the invention

The shortcoming of prior art the object of the present invention is to provide a kind of banking transaction authentication method and system based on audio authentication in view of the above, to guarantee the genuine and believable of user identity of concluding the business.

Reach for achieving the above object other relevant purposes, the invention provides a kind of banking transaction authentication method based on audio authentication, it comprises at least:

A) webserver obtains user's reference voice information, and is processed into the digital reference voice messaging that is easy to characteristic information extraction with reference to voice messaging, and the digital reference voice messaging is associated with subscriber identity information;

A) carry out in the process of banking transaction the user, user equipment requests user provides the voice messaging of checking usefulness;

B) after subscriber equipment will verify that the voice messaging of usefulness is converted to voice sequence, user's banking transaction information and described voice sequence be encrypted to endorse form customer transaction information, and be sent to the webserver;

C) webserver carries out obtaining voice sequence after sign test and the deciphering to the customer transaction information that receives, and this voice sequence is reduced to analog voice information, and described analog voice information is processed into the digital speech information that meets this user characteristics;

D) will meet the digital speech information of this user characteristics and this user's digital reference voice messaging and compare to confirm user's identity, and behind user identification confirmation, finish the associated bank business transaction.

The present invention also provides a kind of banking transaction Verification System based on audio authentication, and it comprises at least:

Be arranged on the acquisition module of the webserver, be used for obtaining user's reference voice information, and be processed into the digital reference voice messaging that is easy to characteristic information extraction with reference to voice messaging, and the digital reference voice messaging is associated with subscriber identity information;

Be arranged on the request module of subscriber equipment, be used for carrying out the user process of banking transaction, the request user provides the voice messaging of checking usefulness;

Be arranged on the formation module of subscriber equipment, after the voice messaging that is used for verify usefulness is converted to voice sequence, user's banking transaction information and described voice sequence is encrypted the formation customer transaction information of endorsing, and is sent to the webserver;

Be arranged on the processing module of the webserver, be used for the customer transaction information that receives is carried out obtaining voice sequence after sign test and the deciphering, and this voice sequence is reduced to analog voice information, and described analog voice information is processed into the digital speech information that meets this user characteristics;

Be arranged on the authentication module of the webserver, be used for to meet the digital speech information of this user characteristics and this user's digital reference voice messaging compares to confirm user's identity, and behind user identification confirmation, finish the associated bank business transaction.

As mentioned above, banking transaction authentication method and system based on audio authentication of the present invention, has following beneficial effect: can fill up the existing security breaches of existing e-bank, on the basis of conventional cipher, increase by one security protection, added one deck guard rail in face of assets, double shield is safer, under the convoy of multiple technology, determine the safety of e-bank, the user is more felt at ease.

Description of drawings

Fig. 1 is shown as the process flow diagram of the banking transaction authentication method based on audio authentication of the present invention.

Fig. 2 is shown as the banking transaction Verification System schematic diagram that the present invention is based on audio authentication.

The element numbers explanation

1 banking transaction Verification System

11 webservers

111 acquisition modules

112 processing modules

113 authentication modules

12 subscriber equipmenies

121 request module

122 form module

S1～S5 step

Embodiment

Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this instructions.The present invention can also be implemented or be used by other different embodiment, and the every details in this instructions also can be based on different viewpoints and application, carries out various modifications or change under the spirit of the present invention not deviating from.

See also Fig. 1 to Fig. 2.Need to prove, the diagram that provides in the present embodiment only illustrates basic conception of the present invention in a schematic way, satisfy only show in graphic with the present invention in relevant assembly but not component count, shape and size drafting when implementing according to reality, kenel, quantity and the ratio of each assembly can be a kind of random change during its actual enforcement, and its assembly layout kenel also may be more complicated.

As shown in Figure 1, the invention provides a kind of banking transaction authentication method based on audio authentication.Wherein, the method according to this invention is mainly finished by the banking transaction Verification System, and this banking transaction Verification System comprises subscriber equipment and the network equipment at least, and described subscriber equipment includes but not limited to computing machine, smart mobile phone, PDA etc.; The described network equipment includes but not limited to: the webserver of bank's end, the webserver of other Virtual network operator ends, for example, carry out the webserver of mobile banking service etc.

In step S1, the webserver obtains user's reference voice information, and is processed into the digital reference voice messaging that is easy to characteristic information extraction with reference to voice messaging, and the digital reference voice messaging is associated with subscriber identity information.

For example, after the webserver A1 of bank's end obtains user's reference voice information, carry out the serializing operation with reference to voice messaging, to obtain the serializing voice signal; Adopt based on predetermined symmetric key more subsequently and be encrypted such as cryptographic algorithm such as 3DES, behind the serializing voice signal after obtaining to encrypt, reuse predetermined PKI, and adopt serializing voice signal and subscriber identity information after encrypting such as RSA or SHA1 scheduling algorithm, for example, passport NO., digest is carried out in the combinations such as cell-phone number, subsequently, to cross LAN (Local Area Network) through the user speech information exchange of endorsing and be transferred to the webserver B1 that carries out mobile banking service, webserver B1 receives through after the user speech information of endorsing, after carrying out first the field parsing, adopt such as RSA based on predetermined private key again, the SHA1 scheduling algorithm carries out sign test, and sign test is not tampered by showing user speech information; Subsequently, webserver B1 adopts predetermined symmetric key and pre-defined algorithm that user speech information is decrypted again, to obtain the serializing voice signal, then again the serializing voice signal is carried out the unserializing operation, obtain user's reference voice information, and after the operations such as over-sampling, pre-emphasis, windowing, minute frame, end-point detection, voice de-noising, feature extraction and model training, be converted into the audio digital signals of suitable feature extraction with reference to voice messaging, and leave in the reference voice storehouse, and be associated with user identity card number or phone number.

In step S2, carry out in the process of banking transaction the user, user equipment requests user provides the voice messaging of checking usefulness.

Wherein, the voice messaging of checking usefulness can be the voluntarily voice messaging of real-time recording of user, also can be based on present in real time treat the formed voice messaging of read message.

For example, the user by smart mobile phone X1 carry out such as transfer accounts, remit money, pay the fees, in the process of the transaction such as loan, credit card repayment, smart mobile phone X1 presents to the user and treats read message, and open self configure such as voice acquisition module such as microphones, when the user reads aloud when treating read message, voice acquisition module gathers user's voice messaging, and with its voice messaging as checking usefulness.

Then, in step S3, after subscriber equipment will verify that the voice messaging of usefulness is converted to voice sequence, user's banking transaction information and described voice sequence be encrypted to endorse form customer transaction information, and be sent to the webserver.

Particularly, at first, subscriber equipment carries out twice dispersing to obtain session key based on random number to predetermined symmetric key.

Wherein, described random number is generated voluntarily by subscriber equipment.

Then, after the first of the dialogue-based key of subscriber equipment carried out the computing of MAC signature to described voice sequence, the second portion of dialogue-based key and the first cryptographic algorithm were encrypted operation again, the voice sequence after encrypting with acquisition.

Wherein, the first cryptographic algorithm comprises any cryptographic algorithm that is encrypted based on symmetric key, preferably, includes but not limited to: 3DES algorithm etc.

For example, after the computing of MAC signature was carried out to described voice sequence in 8 on the left side of the dialogue-based key of subscriber equipment, 8 on the right side and the 3DES algorithm of dialogue-based key were encrypted operation again, with the voice sequence after obtaining to encrypt.

Then, subscriber equipment is endorsed to the banking transaction information of voice sequence, described random number and user after encrypting based on unsymmetrical key and the second cryptographic algorithm and is formed customer transaction information, and is sent to the webserver.

Wherein, the second cryptographic algorithm comprises any algorithm that is encrypted based on unsymmetrical key, preferably, includes but not limited to: RSA or SHA1 algorithm etc.

For example, subscriber equipment carries out the operation of endorsing of RSA-Based or SHA1 based on unsymmetrical key to the critical field in the transaction message (as: voice sequence after the encryption, subscriber identity information, random number etc.), and the customer transaction information after will endorsing, use GPRS or WIFI network to be submitted to the webserver.

Then, in step S4, the webserver carries out obtaining voice sequence after sign test and the deciphering to the customer transaction information that receives, and this voice sequence is reduced to analog voice information, and described analog voice information is processed into the digital speech information that meets this user characteristics.

Particularly, after the webserver receives customer transaction information, use first predetermined private key customer transaction information integral body to be carried out the sign test operation of RSA-Based or SHA1, to guarantee the customer transaction information integrity; Subsequently, after the integrality of finishing the authentication of users Transaction Information, customer transaction information is submitted to the webserver that carries out mobile banking service according to the internal interface standard; Subsequently, this webserver that carries out mobile banking service obtains corresponding symmetric key algorithm according to user profile from encryption equipment, carrying out key according to the random number in the customer transaction information again disperses, obtain session key, the MAC verification of voice sequence is carried out on 8 on a left side that re-uses session key, uses 8 on the right side of session key that the encrypted speech sequence is carried out the 3DES decryption oprerations, obtains voice sequence, again this voice sequence is carried out the unserializing operation, obtain analog voice information; Then, this webserver that carries out mobile banking service again to analog voice information sample, the operations such as pre-emphasis, windowing, minute frame, end-point detection, voice de-noising, feature extraction and Model Identification are converted into the audio digital signals that meets this user characteristics afterwards

Then, in step S5, the webserver will meet the digital speech information of this user characteristics and this user's digital reference voice messaging compares to confirm user's identity, and finish the associated bank business transaction behind user identification confirmation.

For example, the webserver is compared the reference voice information of this user in the digital speech information of this user characteristics and the reference voice storehouse, if both mate fully, then the webserver is confirmed the authenticating user identification success, will automatically carry out the subsequent transaction operation.If confirm the authenticating user identification failure, then inform the authenticating user identification failure by short message mode.

As shown in Figure 2, the invention provides a kind of banking transaction Verification System based on audio authentication.Described banking transaction Verification System 1 comprises at least: be arranged on thewebserver 11acquisition module 111,processing module 112, andauthentication module 113, be arranged onsubscriber equipment 12request module 121, andform module 122.

Describedacquisition module 111 obtains user's reference voice information, and is processed into the digital reference voice messaging that is easy to characteristic information extraction with reference to voice messaging, and the digital reference voice messaging is associated with subscriber identity information.

For example, after being arranged on acquisition module 111 among the webserver A1 of bank end and obtaining users' reference voice information, carry out the serializing operation with reference to voice messaging, to obtain the serializing voice signal; Adopt based on predetermined symmetric key more subsequently and be encrypted such as cryptographic algorithm such as 3DES, behind the serializing voice signal after obtaining to encrypt, reuse predetermined PKI, and adopt serializing voice signal and subscriber identity information after encrypting such as RSA or SHA1 scheduling algorithm, for example, passport NO., digest is carried out in the combinations such as cell-phone number, subsequently, to cross LAN (Local Area Network) through the user speech information exchange of endorsing and be transferred to the webserver B1 that carries out mobile banking service, the acquisition module 111 that is arranged among the webserver B1 receives through after the user speech information of endorsing, after carrying out first the field parsing, adopt such as RSA based on predetermined private key again, the SHA1 scheduling algorithm carries out sign test, and sign test is not tampered by showing user speech information; Subsequently, acquisition module 111 adopts predetermined symmetric key and pre-defined algorithm that user speech information is decrypted again, to obtain the serializing voice signal, then again the serializing voice signal is carried out the unserializing operation, obtain user's reference voice information, and after the operations such as over-sampling, pre-emphasis, windowing, minute frame, end-point detection, voice de-noising, feature extraction and model training, be converted into the audio digital signals of suitable feature extraction with reference to voice messaging, and leave in the reference voice storehouse, and be associated with user identity card number or phone number.

Describedrequest module 121 is carried out in the process of banking transaction the user, and the request user provides the voice messaging of checking usefulness.

Wherein, the voice messaging of checking usefulness can be the voluntarily voice messaging of real-time recording of user, also can be based on present in real time treat the formed voice messaging of read message.

For example, the user by smart mobile phone X1 carry out such as transfer accounts, remit money, pay the fees, in the process of the transaction such as loan, credit card repayment, therequest module 121 that is arranged on smart mobile phone X1 presents to the user treats read message, and open that smart mobile phone X1 configures such as voice acquisition module such as microphones, when the user reads aloud when treating read message, voice acquisition module gathers user's voice messaging, andrequest module 121 is with its voice messaging as checking usefulness.

Then, after formingmodule 122 and will verify that the voice messaging of usefulness is converted to voice sequence, user's banking transaction information and described voice sequence is encrypted the formation customer transaction information of endorsing, and is sent to the webserver.

Particularly,form module 122 and comprise dispersal unit, the first ciphering unit and the second ciphering unit.

At first, dispersal unit is carried out twice dispersing to obtain session key based on random number to predetermined symmetric key.

Wherein, described random number is generated voluntarily by dispersal unit.

Then, after the first of the dialogue-based key of the first ciphering unit carried out the computing of MAC signature to described voice sequence, the second portion of dialogue-based key and the first cryptographic algorithm were encrypted operation again, the voice sequence after encrypting with acquisition.

Wherein, the first cryptographic algorithm comprises any cryptographic algorithm that is encrypted based on symmetric key, preferably, includes but not limited to: 3DES algorithm etc.

For example, after the computing of MAC signature was carried out to described voice sequence in 8 on the left side of the dialogue-based key of the first ciphering unit, 8 on the right side and the 3DES algorithm of dialogue-based key were encrypted operation again, with the voice sequence after obtaining to encrypt.

Then, the second ciphering unit is endorsed to the banking transaction information of voice sequence, described random number and user after encrypting based on unsymmetrical key and the second cryptographic algorithm and is formed customer transaction information, and is sent to the webserver.

Wherein, the second cryptographic algorithm comprises any algorithm that is encrypted based on unsymmetrical key, preferably, includes but not limited to: RSA or SHA1 algorithm etc.

For example, the second ciphering unit carries out the operation of endorsing of RSA-Based or SHA1 based on unsymmetrical key to the critical field in the transaction message (as: voice sequence after the encryption, subscriber identity information, random number etc.), and the customer transaction information after will endorsing, use GPRS or WIFI network to be submitted to the webserver.

Then, the customer transaction information of 112 pairs of receptions of processing module carries out obtaining voice sequence after sign test and the deciphering, and this voice sequence is reduced to analog voice information, and described analog voice information is processed into the digital speech information that meets this user characteristics.

Particularly, after processingmodule 112 receives customer transaction information, use first predetermined private key customer transaction information integral body to be carried out the sign test operation of RSA-Based or SHA1, to guarantee the customer transaction information integrity; Subsequently, after the integrality of finishing the authentication of users Transaction Information, obtain corresponding symmetric key algorithm according to user profile from encryption equipment again, carry out key according to the random number in the customer transaction information again and disperse, obtain session key, the MAC verification of voice sequence is carried out on 8 on a left side that re-uses session key, use 8 on the right side of session key that the encrypted speech sequence is carried out the 3DES decryption oprerations, obtain voice sequence, again this voice sequence is carried out the unserializing operation, obtain analog voice information; Then, thisprocessing module 112 again to analog voice information sample, the operations such as pre-emphasis, windowing, minute frame, end-point detection, voice de-noising, feature extraction and Model Identification are converted into the audio digital signals that meets this user characteristics afterwards.

Then,authentication module 113 will meet the digital speech information of this user characteristics and this user's digital reference voice messaging compares to confirm user's identity, and finish the associated bank business transaction behind user identification confirmation.

For example,authentication module 113 is compared the reference voice information of this user in the digital speech information of this user characteristics and the reference voice storehouse, if both mate fully, thenauthentication module 113 is confirmed the authenticating user identifications success, will automatically carry out the subsequent transaction operation; If confirm the authenticating user identification failure, then inform the authenticating user identification failure by short message mode.

In sum, the affirmation of verifying the user identity that carries out banking transaction by the mode of speech recognition based on banking transaction authentication method and the system of audio authentication of the present invention, can fill up thus the existing security breaches of existing e-bank, on the basis of conventional cipher, increase by one security protection, added one deck guard rail in face of assets, double shield is safer, under the convoy of multiple technology, determine the safety of e-bank, the user is more felt at ease.So the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.

Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not is used for restriction the present invention.Any person skilled in the art scholar all can be under spirit of the present invention and category, and above-described embodiment is modified or changed.Therefore, have in the technical field under such as and know that usually the knowledgeable modifies or changes not breaking away from all equivalences of finishing under disclosed spirit and the technological thought, must be contained by claim of the present invention.

Claims (8)

1. the banking transaction authentication method based on audio authentication is characterized in that, described banking transaction authentication method based on audio authentication comprises at least:

A) webserver obtains user's reference voice information, and is processed into the digital reference voice messaging that is easy to characteristic information extraction with reference to voice messaging, and the digital reference voice messaging is associated with subscriber identity information;

A) carry out in the process of banking transaction the user, user equipment requests user provides the voice messaging of checking usefulness;

B) after subscriber equipment will verify that the voice messaging of usefulness is converted to voice sequence, user's banking transaction information and described voice sequence be encrypted to endorse form customer transaction information, and be sent to the webserver;

C) webserver carries out obtaining voice sequence after sign test and the deciphering to the customer transaction information that receives, and this voice sequence is reduced to analog voice information, and described analog voice information is processed into the digital speech information that meets this user characteristics;

D) will meet the digital speech information of this user characteristics and this user's digital reference voice messaging and compare to confirm user's identity, and behind user identification confirmation, finish the associated bank business transaction.

2. the banking transaction authentication method based on audio authentication according to claim 1, it is characterized in that: described step C), described analog voice information is processed the digital speech information that obtains to meet this user characteristics through over-sampling, pre-emphasis, windowing, minute frame, end-point detection, voice de-noising, feature extraction and Model Identification.

3. the banking transaction authentication method based on audio authentication according to claim 1 is characterized in that: described step B) comprising:

Based on random number predetermined symmetric key is carried out twice dispersing to obtain session key;

After the first of dialogue-based key carried out the computing of MAC signature to described voice sequence, the second portion of dialogue-based key and the first cryptographic algorithm were encrypted operation again, the voice sequence after encrypting with acquisition;

Based on unsymmetrical key and the second cryptographic algorithm the banking transaction information of voice sequence, random number and user after encrypting being endorsed forms customer transaction information, and is sent to the webserver.

4. the banking transaction authentication method based on audio authentication according to claim 1 is characterized in that: the voice messaging of checking usefulness comprises: treat the formed voice messaging of read message based on what present in real time.

5. the banking transaction Verification System based on audio authentication is characterized in that, described banking transaction Verification System based on audio authentication comprises at least:

Be arranged on the acquisition module of the webserver, be used for obtaining user's reference voice information, and be processed into the digital reference voice messaging that is easy to characteristic information extraction with reference to voice messaging, and the digital reference voice messaging is associated with subscriber identity information;

Be arranged on the request module of subscriber equipment, be used for carrying out the user process of banking transaction, the request user provides the voice messaging of checking usefulness;

Be arranged on the formation module of subscriber equipment, after the voice messaging that is used for verify usefulness is converted to voice sequence, user's banking transaction information and described voice sequence is encrypted the formation customer transaction information of endorsing, and is sent to the webserver;

Be arranged on the processing module of the webserver, be used for the customer transaction information that receives is carried out obtaining voice sequence after sign test and the deciphering, and this voice sequence is reduced to analog voice information, and described analog voice information is processed into the digital speech information that meets this user characteristics;

Be arranged on the authentication module of the webserver, be used for to meet the digital speech information of this user characteristics and this user's digital reference voice messaging compares to confirm user's identity, and behind user identification confirmation, finish the associated bank business transaction.

6. the banking transaction Verification System based on audio authentication according to claim 5 is characterized in that: described processing module is processed the digital speech information that obtains to meet this user characteristics with described analog voice information through over-sampling, pre-emphasis, windowing, minute frame, end-point detection, voice de-noising, feature extraction and Model Identification.

7. the banking transaction Verification System based on audio authentication according to claim 5, it is characterized in that: described formation module comprises:

Dispersal unit is used for based on random number predetermined symmetric key being carried out twice dispersing to obtain session key;

The first ciphering unit, after the first that is used for dialogue-based key carried out the computing of MAC signature to described voice sequence, the second portion of dialogue-based key and the first cryptographic algorithm were encrypted operation again, with the voice sequence after obtaining to encrypt;

The second ciphering unit, being used for based on unsymmetrical key and the second cryptographic algorithm the banking transaction information of voice sequence, random number and user after encrypting being endorsed forms customer transaction information, and is sent to the webserver.

8. the banking transaction Verification System based on audio authentication according to claim 5 is characterized in that: the voice messaging of checking usefulness comprises: treat the formed voice messaging of read message based on what present in real time.

Images