CN106506433B

Movatterモバイル変換

Info

Publication number: CN106506433B
Application number: CN201510561123.7A
Authority: CN
Inventors: 刘先
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2015-09-06
Filing date: 2015-09-06
Publication date: 2021-04-20
Anticipated expiration: 2035-09-06
Also published as: WO2017036243A1; CN106506433A

Abstract

Translated fromChinese

本发明提供了一种登录认证方法、认证服务器、认证客户端及登录客户端。所述登录认证方法，应用于认证服务器，包括：获取一终端中的登录客户端根据登录用户的用户身份标识信息生成的认证请求消息；根据所述认证请求消息，触发认证客户端采集用户的生物特征信息；接收所述认证客户端采集到的生物特征信息；将所述生物特征信息与预存的所述用户身份标识信息对应的用户生物特征注册信息进行比对，生成认证结果。上述方案，通过利用认证服务器进行生物特征信息采集的触发，在登录客户端所在终端没有生物特征采集能力时，也能使得用户利用生物特征信息进行登录操作，提高了用户操作的灵活性。

The invention provides a login authentication method, an authentication server, an authentication client and a login client. The login authentication method, applied to an authentication server, includes: acquiring an authentication request message generated by a login client in a terminal according to the user identity information of the logged in user; triggering the authentication client to collect the user's biometrics according to the authentication request message feature information; receive the biometric information collected by the authentication client; compare the biometric information with the pre-stored user biometric registration information corresponding to the user identity information to generate an authentication result. In the above solution, by using the authentication server to trigger the collection of biometric information, when the terminal where the login client is located has no biometric collection capability, the user can also use the biometric information to perform the login operation, thereby improving the flexibility of the user operation.

Description

Translated fromChinese

登录认证方法、认证服务器、认证客户端及登录客户端Login authentication method, authentication server, authentication client and login client

技术领域technical field

本发明涉及终端技术领域，特别涉及一种登录认证方法、认证服务器、认证客户端及登录客户端。The invention relates to the technical field of terminals, in particular to a login authentication method, an authentication server, an authentication client and a login client.

背景技术Background technique

如今智能终端逐渐开始具备了生物特征识别能力，比如指纹识别、声纹识别、虹膜识别等，并且达到了商用水平。通过生物特征对用户进行身份认证的方法相比于用户名密码的方式具有很多优越性，而目前的生物特征识别功能主要应用于智能终端上的应用程序，应用程序通过底层接口调用相应硬件设备获取用户生物特征信息识别用户身份。Nowadays, smart terminals have gradually begun to have biometric recognition capabilities, such as fingerprint recognition, voiceprint recognition, iris recognition, etc., and have reached a commercial level. The method of authenticating users through biometrics has many advantages compared with the method of username and password, and the current biometrics identification function is mainly used in applications on smart terminals, and the applications call corresponding hardware devices through the underlying interface to obtain User biometric information identifies the user.

如果一个应用程序想要使用生物特征认证进行登录，则必须满足：进行应用程序登录的终端上设置有能获取用户生物特征信息的硬件设备。If an application program wants to log in using biometric authentication, it must meet the following requirements: a hardware device capable of acquiring the user's biometric information is set on the terminal for logging in the application program.

但是现有的生物特征认证通常存在以下几个问题：However, the existing biometric authentication usually has the following problems:

如果用户是在个人电脑上访问一个网站那么很可能网站无法获取到用户指纹等生物特征信息；If the user visits a website on a personal computer, it is likely that the website cannot obtain biometric information such as the user's fingerprint;

如果是智能终端上的应用，那么通常也需要通过调用系统接口操作硬件设备才能获取到用户的生物特征信息。很遗憾的到目前为止，在谷歌和苹果这两个主流的智能终端操作系统中都还没有这样的系统接口，这加大了应用程序获取生物特征的开发难度，即便未来开放了这样的系统接口应用程序将用户生物特征与其用户认证系统结合起来也是一项需要花费不小精力的工作，例如：应用程序需要识别这部终端是否具有指纹识别能力，有没有虹膜识别能力等；并可能导致跨设备能力降低，即便未来在操作系统层面具备了这样的接口，对应用程序开发来说仍然存在跨平台的问题。If it is an application on a smart terminal, it is usually necessary to call the system interface to operate the hardware device to obtain the user's biometric information. Unfortunately, so far, there is no such system interface in the two mainstream smart terminal operating systems, Google and Apple, which increases the difficulty of developing applications to obtain biometrics, even if such a system interface is opened in the future. It is also a work that requires a lot of effort to combine the user's biometrics with its user authentication system. For example, the application needs to identify whether the terminal has fingerprint recognition capability, whether it has iris recognition capability, etc.; and may lead to cross-device The ability is reduced. Even if such an interface is available at the operating system level in the future, there is still a cross-platform problem for application development.

还有像智能手表、智能电视上的应用程序在需要利用生物特征进行登录时，因这类设备可能没有生物特征识别的硬件，便不能实现该应用程序的登录操作，这给用户在操作上带来了极大的不便。There are also applications such as smart watches and smart TVs that need to use biometrics to log in. Because such devices may not have biometric hardware, the application login operation cannot be implemented, which brings users a lot of trouble in operation. Great inconvenience.

发明内容SUMMARY OF THE INVENTION

本发明要解决的技术问题是提供一种登录认证方法、认证服务器、认证客户端及登录客户端，用以解决现有的应用程序在设置采用生物特征进行用户登录时，因操作该应用程序的终端不具备生物特征采集的硬件，导致用户无法实现登录，给用户操作带来极大不便的问题。The technical problem to be solved by the present invention is to provide a login authentication method, an authentication server, an authentication client and a login client, so as to solve the problem that when an existing application is set to use biometric features for user login, the The terminal does not have the hardware for biometric acquisition, so that the user cannot log in, which brings great inconvenience to the user's operation.

为了解决上述技术问题，本发明实施例提供一种登录认证方法，应用于认证服务器，包括：In order to solve the above technical problems, an embodiment of the present invention provides a login authentication method, which is applied to an authentication server, including:

获取一终端中的登录客户端根据登录用户的用户身份标识信息生成的认证请求消息；acquiring an authentication request message generated by a login client in a terminal according to the user identity information of the logged in user;

根据所述认证请求消息，触发认证客户端采集用户的生物特征信息；triggering the authentication client to collect the biometric information of the user according to the authentication request message;

接收所述认证客户端采集到的生物特征信息；receiving the biometric information collected by the authentication client;

将所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对，生成认证结果。The biometric information is compared with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.

进一步地，所述登录认证方法还包括：Further, the login authentication method also includes:

将所述认证结果发送给所述登录客户端。Send the authentication result to the login client.

进一步地，所述生物特征信息包括指纹信息、面部图像信息、虹膜信息、声纹信息中的至少一种。Further, the biometric information includes at least one of fingerprint information, facial image information, iris information, and voiceprint information.

获取认证客户端采集的用户的注册标识信息以及注册生物特征信息；Obtain the user's registration identification information and registered biometric information collected by the authentication client;

根据所述注册标识信息，生成用户唯一的身份标识信息，并将所述身份标识信息与注册生物特征信息进行对应存储，生成用户生物特征注册信息。According to the registration identification information, the unique identification information of the user is generated, and the identification information and the registered biometric information are stored correspondingly to generate the user biometric registration information.

根据所述用户生物特征注册信息生成注册结果；generating a registration result according to the user biometric registration information;

发送所述注册结果以及用户唯一的身份标识信息给认证客户端，使得所述认证客户端根据所述注册结果保存所述身份标识信息。The registration result and the user's unique identification information are sent to the authentication client, so that the authentication client saves the identification information according to the registration result.

进一步地，所述根据所述认证请求消息，触发认证客户端采集用户的生物特征信息包括：Further, according to the authentication request message, triggering the authentication client to collect the biometric information of the user includes:

根据所述认证请求消息中的用户身份标识信息，生成生物特征采集请求信息；generating biometric feature collection request information according to the user identity information in the authentication request message;

发送所述生物特征采集请求信息给所述认证客户端，使得所述认证客户端根据所述生物特征采集请求信息，采集用户的生物特征信息。Sending the biometric feature collection request information to the authentication client, so that the authentication client collects the user's biometric feature information according to the biometric feature collection request information.

进一步地，在所述发送所述生物特征采集请求信息给所述认证客户端，使得所述认证客户端根据所述生物特征采集请求信息，采集用户的生物特征信息步骤之前，所述登录认证方法还包括：Further, before the step of sending the biometric collection request information to the authentication client, so that the authentication client collects the user's biometric information according to the biometric collection request information, the login authentication method is executed. Also includes:

获取所述认证客户端保存的身份标识信息；obtaining the identity information stored by the authentication client;

根据所述身份标识信息，建立与所述认证客户端之间的通信通道。Establish a communication channel with the authentication client according to the identity information.

进一步地，所述根据所述认证请求消息，触发认证客户端采集用户的生物特征信息的步骤包括：Further, the step of triggering the authentication client to collect the user's biometric information according to the authentication request message includes:

分配一会话标识符给所述认证请求消息对应的认证会话；assigning a session identifier to the authentication session corresponding to the authentication request message;

发送所述会话标识符给所述登录客户端；其中，sending the session identifier to the logged in client; wherein,

所述接收所述认证客户端采集到的生物特征信息的步骤具体为：The step of receiving the biometric information collected by the authentication client is specifically:

接收所述认证客户端发送的生物特征信息以及所述会话标识符，其中，所述生物特征信息是所述认证客户端基于用户输入的所述会话标识采集的。The biometric information and the session identifier sent by the authentication client are received, wherein the biometric information is collected by the authentication client based on the session identifier input by the user.

本发明实施例提供一种认证服务器，包括：An embodiment of the present invention provides an authentication server, including:

认证请求获取模块，用于获取登录客户端根据用户身份标识信息生成的认证请求信息；The authentication request obtaining module is used to obtain the authentication request information generated by the login client according to the user identity information;

触发模块，用于根据所述认证请求消息，触发认证客户端采集用户的生物特征信息；a triggering module, configured to trigger the authentication client to collect the biometric information of the user according to the authentication request message;

第一接收模块，用于接收所述认证客户端采集到的生物特征信息；a first receiving module, configured to receive the biometric information collected by the authentication client;

比对模块，用于将所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对，生成认证结果。A comparison module, configured to compare the biometric information with the registered biometric information corresponding to the pre-stored user identification information to generate an authentication result.

进一步地，所述认证服务器还包括：Further, the authentication server also includes:

第一发送模块，用于将所述认证结果发送给所述登录客户端。A first sending module, configured to send the authentication result to the login client.

注册信息获取模块，用于获取认证客户端采集的用户的注册标识信息以及注册生物特征信息；The registration information acquisition module is used to acquire the user's registration identification information and registered biometric information collected by the authentication client;

注册模块，用于根据所述注册标识信息，生成用户唯一的身份标识信息，并将所述身份标识信息与注册生物特征信息进行对应存储，生成用户生物特征注册信息。The registration module is configured to generate user's unique identification information according to the registration identification information, and store the identification information and registered biometric information correspondingly to generate user biometric registration information.

注册结果生成模块，用于根据所述用户生物特征注册信息生成注册结果；a registration result generation module, configured to generate a registration result according to the user biometric registration information;

第二发送模块，用于发送所述注册结果以及用户唯一的身份标识信息给认证客户端，使得所述认证客户端根据所述注册结果保存所述身份标识信息。The second sending module is configured to send the registration result and the user's unique identification information to the authentication client, so that the authentication client saves the identification information according to the registration result.

进一步地，所述触发模块包括：Further, the trigger module includes:

采集请求生成单元，用于根据所述认证请求消息中的用户身份标识信息，生成生物特征采集请求信息；a collection request generation unit, configured to generate biometric collection request information according to the user identity information in the authentication request message;

第一发送单元，用于发送所述生物特征采集请求信息给所述认证客户端，使得所述认证客户端根据所述生物特征采集请求信息，采集用户的生物特征信息。The first sending unit is configured to send the biometric feature collection request information to the authentication client, so that the authentication client collects the user's biometric feature information according to the biometric feature collection request information.

获取模块，用于获取所述认证客户端保存的身份标识信息；an acquisition module for acquiring the identity information saved by the authentication client;

通道建立模块，用于根据所述身份标识信息，建立与所述认证客户端之间的通信通道。A channel establishment module, configured to establish a communication channel with the authentication client according to the identity information.

进一步地，所述触发模块包括：Further, the trigger module includes:

分配单元，用于分配一会话标识符给所述认证请求消息对应的认证会话；an allocation unit, configured to allocate a session identifier to the authentication session corresponding to the authentication request message;

第二发送单元，用于发送所述会话标识符给所述登录客户端；其中，a second sending unit, configured to send the session identifier to the login client; wherein,

所述第一接收模块具体为：The first receiving module is specifically:

本发明实施例提供一种登录认证方法，应用于认证客户端，包括：An embodiment of the present invention provides a login authentication method, which is applied to an authentication client, including:

根据认证服务器依据认证请求消息的触发，进行生物特征信息的采集；According to the triggering of the authentication server according to the authentication request message, the collection of biometric information is performed;

发送采集到的所述生物特征信息给所述认证服务器，使得所述认证服务器将所述生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对，生成认证结果。Sending the collected biometric information to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.

采集用户的注册标识信息以及注册生物特征信息；Collect the user's registered identification information and registered biometric information;

将所述注册标识信息以及注册生物特征信息发送给所述认证服务器，使得所述认证服务器根据所述注册标识信息以及注册生物特征信息，生成用户生物特征注册信息。Sending the registration identification information and the registered biometric information to the authentication server, so that the authentication server generates user biometric registration information according to the registration identification information and the registered biometric information.

接收所述认证服务器发送的注册结果以及身份标识信息；Receive the registration result and identity information sent by the authentication server;

根据所述注册结果保存所述身份标识信息。The identification information is stored according to the registration result.

本发明实施例提供一种认证客户端，包括：An embodiment of the present invention provides an authentication client, including:

生物特征采集模块，用于根据认证服务器依据认证请求消息的触发，进行生物特征信息的采集；The biometrics acquisition module is used for collecting biometrics information according to the triggering of the authentication server according to the authentication request message;

第三发送模块，用于发送采集到的所述生物特征信息给所述认证服务器，使得所述认证服务器将所述生物特征信息与预存的用户身份标识对应的注册生物特征信息进行比对，生成认证结果。A third sending module, configured to send the collected biometric information to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity, and generates Authentication result.

进一步地，所述认证客户端还包括：Further, the authentication client also includes:

注册信息采集模块，用于采集用户的注册标识信息以及注册生物特征信息；The registration information collection module is used to collect the user's registration identification information and registration biometric information;

第四发送模块，用于将所述注册标识信息以及注册生物特征信息发送给所述认证服务器，使得所述认证服务器根据所述注册标识信息以及注册生物特征信息，生成用户生物特征注册信息。The fourth sending module is configured to send the registration identification information and the registered biometric information to the authentication server, so that the authentication server generates user biometric registration information according to the registered identification information and the registered biometric information.

第二接收模块，用于接收所述认证服务器发送的注册结果以及身份标识信息；The second receiving module is used to receive the registration result and the identity information sent by the authentication server;

保存模块，用于根据所述注册结果保存所述身份标识信息。A saving module, configured to save the identification information according to the registration result.

本发明实施例提供一种登录认证方法，应用于登录客户端，包括：An embodiment of the present invention provides a login authentication method, which is applied to a login client, including:

采集用户进行登录时的用户身份标识信息；Collect user identification information when the user logs in;

根据所述用户身份标识信息，生成认证请求信息；generating authentication request information according to the user identity information;

发送所述认证请求信息给认证服务器，使得所述认证服务器根据所述认证请求信息，触发认证客户端采集用户的生物特征信息。The authentication request information is sent to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request information.

接收所述认证服务器反馈的认证结果。Receive the authentication result fed back by the authentication server.

接收所述认证服务器发送的会话标识符。A session identifier sent by the authentication server is received.

本发明实施例提供一种登录客户端，包括：An embodiment of the present invention provides a login client, including:

登录信息采集模块，用于采集用户进行登录时的用户身份标识信息；The login information collection module is used to collect the user identification information when the user logs in;

认证请求生成模块，用于根据所述用户身份标识信息，生成认证请求信息；an authentication request generation module, configured to generate authentication request information according to the user identity information;

第五发送模块，用于发送所述认证请求信息给认证服务器，使得所述认证服务器根据所述认证请求信息，触发认证客户端采集用户的生物特征信息。The fifth sending module is configured to send the authentication request information to the authentication server, so that the authentication server triggers the authentication client to collect the biometric information of the user according to the authentication request information.

进一步地，所述登录客户端还包括：Further, the login client also includes:

认证结果接收模块，用于接收所述认证服务器反馈的认证结果。The authentication result receiving module is configured to receive the authentication result fed back by the authentication server.

会话标识接收模块，用于接收所述认证服务器发送的会话标识符。The session identifier receiving module is configured to receive the session identifier sent by the authentication server.

本发明的有益效果是：The beneficial effects of the present invention are:

上述方案，通过利用认证服务器进行生物特征信息采集的触发，在登录客户端所在的终端没有生物特征采集能力时，也能使得用户利用生物特征信息进行登录操作，提高了用户操作的灵活性。In the above solution, by using the authentication server to trigger the collection of biometric information, when the terminal where the login client is located has no biometric collection capability, the user can also use the biometric information to perform the login operation, thereby improving the flexibility of the user operation.

附图说明Description of drawings

图1表示本发明实施例的登录认证方法的流程示意图；1 shows a schematic flowchart of a login authentication method according to an embodiment of the present invention;

图2表示本发明实施例一的注册流程示意图；FIG. 2 shows a schematic diagram of a registration process according to Embodiment 1 of the present invention;

图3表示本发明实施例一的登录认证流程示意图；3 shows a schematic diagram of a login authentication process according to Embodiment 1 of the present invention;

图4表示本发明实施例二的注册流程示意图；FIG. 4 shows a schematic diagram of a registration process according to Embodiment 2 of the present invention;

图5表示本发明实施例二的登录认证流程示意图；FIG. 5 shows a schematic diagram of a login authentication process according to Embodiment 2 of the present invention;

图6表示本发明实施例的认证服务器的模块示意图；6 is a schematic diagram of a module of an authentication server according to an embodiment of the present invention;

图7表示本发明实施例四的登录认证方法的流程示意图；7 shows a schematic flowchart of a login authentication method according to Embodiment 4 of the present invention;

图8表示本发明实施例的认证客户端的模块示意图；FIG. 8 is a schematic diagram of a module of an authentication client according to an embodiment of the present invention;

图9表示本发明实施例六的登录认证流程示意图；FIG. 9 shows a schematic diagram of a login authentication process according to Embodiment 6 of the present invention;

图10表示本发明实施例的登录客户端的模块示意图。FIG. 10 is a schematic diagram of a module for logging in to a client according to an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚，下面将结合附图及具体实施例对本发明进行详细描述。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

本发明针对现有的应用程序在设置采用生物特征进行用户登录时，因操作该应用程序的终端不具备生物特征采集的硬件，导致用户无法实现登录，给用户操作带来极大不便的问题，提供一种登录认证方法、认证服务器、认证客户端及登录客户端。The present invention aims at the problem that when an existing application is set to use biometrics for user login, because the terminal operating the application does not have the hardware for biometrics acquisition, the user cannot log in, which brings great inconvenience to the user's operation. Provided are a login authentication method, an authentication server, an authentication client and a login client.

实施例一Example 1

如图1所示，本发明实施例一的所述登录认证方法，应用于认证服务器，包括：As shown in FIG. 1 , the login authentication method according to Embodiment 1 of the present invention, applied to an authentication server, includes:

步骤110，获取一终端中的登录客户端根据登录用户的用户身份标识信息生成的认证请求消息；Step 110: Acquire an authentication request message generated by the login client in a terminal according to the user identity information of the logged in user;

步骤120，根据所述认证请求消息，触发认证客户端采集用户的生物特征信息；Step 120, triggering the authentication client to collect the biometric information of the user according to the authentication request message;

需要说明的是，所述生物特征信息包括指纹信息、面部图像信息、虹膜信息和声纹信息等一切可以区分用户的特征信息。It should be noted that the biometric information includes fingerprint information, facial image information, iris information, voiceprint information, and all other characteristic information that can distinguish users.

步骤130，接收所述认证客户端采集到的生物特征信息；Step 130, receiving the biometric information collected by the authentication client;

步骤140，将所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对，生成认证结果。Step 140: Compare the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.

应当说明的是，本发明中所述的登录客户端通常内嵌在应用程序中，且应用程序位于终端上，例如可以是手机上的应用程序，也可以是电脑上的web应用程序；认证客户端为采集用户登录所需的生物特征的装置，其可以位于与应用程序相同的终端上，也可以位于与应用程序不同的终端上。It should be noted that the login client described in the present invention is usually embedded in an application program, and the application program is located on the terminal, such as an application program on a mobile phone, or a web application program on a computer; The terminal is a device that collects the biometric features required for user login, which can be located on the same terminal as the application, or can be located on a terminal different from the application.

应当说明的是，本发明实施例中，通过将应用程序上的用户登录和用户特征采集解耦，并利用认证服务器将二者关联起来，使得无论是终端上的本地应用程序还是网站应用程序都不需要自己调用硬件设备，就能实现获取用户的生物特征信息从而完成用户登录认证的能力。It should be noted that, in the embodiment of the present invention, by decoupling the user login on the application and the user feature collection, and using the authentication server to associate the two, so that both the local application on the terminal and the website application can be The ability to obtain the user's biometric information to complete the user's login authentication can be realized without calling the hardware device by itself.

需要说明的是，通常认证服务器在认证完成后需要将认证结果发生给登录客户端所在的应用程序，使得应用程序根据所述认证结果为用户提供后续操作功能。It should be noted that, generally, after the authentication is completed, the authentication server needs to send the authentication result to the application where the login client is located, so that the application provides the user with a follow-up operation function according to the authentication result.

应当说明的是，为了保证用户可正常根据登录客户端登录应用程序进行操作，在用户登录之前，通常需要进行用户的注册，具体的实现步骤为：It should be noted that, in order to ensure that the user can normally log in to the application according to the login client, it is usually necessary to register the user before the user logs in. The specific implementation steps are as follows:

应当说明的是，所述注册生物特征信息可以为指纹信息、面部图像信息、虹膜信息和声纹信息中的一者，也可以为多者的组合。It should be noted that the registered biometric information may be one of fingerprint information, facial image information, iris information and voiceprint information, or may be a combination of more than one.

需要说明的是，在进行用户注册时，认证客户端可能在用户注册时便对用户的注册标识信息进行检测，例如，认证客户端规定将用户手机号码作为用户唯一的身份标识信息，当用户输入的手机号码为已经注册过的号码时，便不能在利用该手机号码进行注册，此时需要用户更换另外的手机号码进行注册；而有些认证客户端可能不会进行用户的注册标识信息的识别，在用户注册后由认证服务器为用户分配一个唯一的身份标识信息。It should be noted that when performing user registration, the authentication client may detect the user's registration identification information when the user registers. For example, the authentication client stipulates that the user's mobile phone number is used as the user's unique identification information. When the mobile phone number of the user is already registered, the mobile phone number cannot be used for registration. At this time, the user needs to replace another mobile phone number for registration; and some authentication clients may not identify the user's registration identification information. After the user is registered, the authentication server assigns a unique identity information to the user.

只有用户进行了注册，将注册信息保存在认证服务器中，在后续用户使用应用程序时，才能根据登录客户端进行登录操作。Only after the user has registered and saved the registration information in the authentication server, when the user uses the application, the login operation can be performed according to the login client.

在用户进行了注册后，便可利用登录客户端进行登录，然后进行应用程序的相关操作。After the user has registered, he can use the login client to log in, and then perform related operations of the application.

本发明实施例一中，所述步骤120的具体实现步骤可以为：In Embodiment 1 of the present invention, the specific implementation steps ofstep 120 may be:

步骤121，根据所述认证请求消息中的用户身份标识信息，生成生物特征采集请求信息；Step 121: Generate biometric feature collection request information according to the user identity information in the authentication request message;

步骤122，发送所述生物特征采集请求信息给所述认证客户端，使得所述认证客户端根据所述生物特征采集请求信息，采集用户的生物特征信息。Step 122: Send the biometric feature collection request information to the authentication client, so that the authentication client collects the user's biometric feature information according to the biometric feature collection request information.

需要说明的是，要实现认证服务器与认证客户端之间的通信，必须在发送生物特征采集请求信息之前，建立二者的通信通道，因此本实施例中，所述登录认证方法还需要包括：It should be noted that, in order to realize the communication between the authentication server and the authentication client, a communication channel between the two must be established before sending the biometric feature collection request information. Therefore, in this embodiment, the login authentication method also needs to include:

当所述认证客户端侧保存了注册用户的身份标识信息时，在需要发送生物特征采集请求信息给认证客户端时，若认证客户端与认证服务器之间未建立通信通道，则认证服务器侧需要实现的步骤为：When the authentication client side saves the identity information of the registered user, when it needs to send biometric feature collection request information to the authentication client, if no communication channel is established between the authentication client and the authentication server, the authentication server side needs to The steps to achieve are:

需要说明的是，当上述的登录用户未利用认证客户端登录认证服务器时，需要首先进行登录用户在认证客户端侧的登录，在用户进行登录，建立与认证服务器的通信通道后，认证服务器才能将生物特征采集请求信息发送给对应的用户登录所用的认证客户端；而当认证客户端因所在终端的关机或断电而断开与认证服务器的连接时，在认证客户端再次启动后，可以根据自身存储的身份标识信息自动进行用户的登录，建立与认证服务器的通信通道，等待接收认证服务器的生物特征采集请求信息；同时，用户还可以利用其它的认证客户端登录认证服务器，建立与认证服务器之间的通信通道，等待接收认证服务器的生物特征采集请求信息。It should be noted that when the above login user does not use the authentication client to log in to the authentication server, the login user needs to log in on the authentication client side first. After the user logs in and establishes a communication channel with the authentication server, the authentication server can Send the biometric collection request information to the authentication client used by the corresponding user to log in; and when the authentication client is disconnected from the authentication server due to the shutdown or power failure of the terminal where it is located, after the authentication client is restarted, it can be Automatically log in the user according to the identity information stored by itself, establish a communication channel with the authentication server, and wait to receive the biometric collection request information from the authentication server; at the same time, the user can also use other authentication clients to log in to the authentication server, establish and authenticate The communication channel between servers, waiting to receive the biometric collection request information from the authentication server.

如图2所示，本实施例中，用户利用认证客户端以及认证服务器进行注册的过程为：As shown in FIG. 2, in this embodiment, the user uses the authentication client and the authentication server to register as follows:

步骤S101，认证客户端采集用户生物特征注册信息，所述用户生物特征注册信息包括用户注册标识信息(例如：用户输入的用户名、邮箱地址等)和用户的注册生物特征信息；同时该用户生物特征注册信息还可以包括用户注册时所用到的一些其他的个人信息，例如：性别、家庭住址等信息；Step S101, the authentication client collects the user biometric registration information, the user biometric registration information includes the user registration identification information (for example, the user name, email address, etc. input by the user) and the user's registered biometric information; The feature registration information may also include some other personal information used by the user during registration, such as: gender, home address and other information;

步骤S102，认证客户端将该用户生物特征注册信息提交给认证服务器，这里的提交指认证客户端利用与认证服务器之间的接口或协议将采集的用户生物特征注册信息以约定格式发送给认证服务器；Step S102, the authentication client submits the user biometric registration information to the authentication server, where submission means that the authentication client sends the collected user biometric registration information to the authentication server in an agreed format by using an interface or protocol with the authentication server. ;

步骤S103，认证服务器根据该用户生物特征注册信息，生成用户的唯一的身份标识信息，应当说明的是，所述身份标识信息为唯一表征用户身份的信息，例如，可以是用户的电子邮箱地址，手机号码，也可以是认证服务器自己生成的一个标识符，然后认证服务将该用户生物特征注册信息进行存储；Step S103, the authentication server generates the unique identification information of the user according to the user's biometric registration information. It should be noted that the identification information is the information that uniquely characterizes the user's identity, for example, it can be the user's e-mail address, The mobile phone number can also be an identifier generated by the authentication server itself, and then the authentication service stores the user's biometric registration information;

步骤S104，认证服务器生成注册结果，并将该注册结果以及身份标识信息发送给认证客户端；Step S104, the authentication server generates a registration result, and sends the registration result and the identity information to the authentication client;

步骤S105，认证客户端根据所述注册结果，保存所述身份标识信息；应当说明的是，认证客户端只有当所述注册结果表明用户注册成功时，才进行身份标识信息的保存。Step S105, the authentication client saves the identity information according to the registration result; it should be noted that the authentication client saves the identity information only when the registration result indicates that the user registration is successful.

应当说明的是，步骤S205中认证客户端保存身份标识信息是为了方便认证客户端与认证服务器之间通信通道的建立，需要说明的是，这里的通信通道可以为IP Push通道。It should be noted that in step S205, the authentication client saves the identity information to facilitate the establishment of a communication channel between the authentication client and the authentication server. It should be noted that the communication channel here may be an IP Push channel.

如图3所示，本实施例中，认证服务器、认证客户端以及应用程序上的登录客户端的交互流程为：As shown in Figure 3, in this embodiment, the interaction flow between the authentication server, the authentication client and the login client on the application is:

步骤1.1、应用程序中的登录客户端获取用户登录的用户身份标识信息，此处的获取方式可以有很多种，比如用户手动输入，或者认证客户端通过近场通讯方式将在用户注册步骤中所保存的用户身份标识发送给应用程序等，具体的获取方式视应用场景而定；Step 1.1. The login client in the application obtains the user identity information of the user's login. There are many ways to obtain it, such as manual input by the user, or the authentication client will use the near field communication method to record the information in the user registration step. The saved user identity is sent to the application, etc. The specific acquisition method depends on the application scenario;

步骤1.2、登录客户端获取到用户身份标识后向认证服务器发送请求认证消息，该请求认证消息中携带用户身份标识信息；Step 1.2, the login client sends a request authentication message to the authentication server after obtaining the user identity, and the request authentication message carries the user identity information;

步骤1.3、认证服务器接收到请求认证消息后，向认证客户端发送生物特征采集请求消息，该步骤的实现方式为采用现有的订阅发布技术，实际应用中可采用基于IP Push的订阅发布方法将生物特征采集请求消息告知登录用户登录认证服务器所用的认证客户端；Step 1.3: After the authentication server receives the authentication request message, it sends a biometric collection request message to the authentication client. The implementation of this step is to use the existing subscription publishing technology. In practical applications, the subscription publishing method based on IP Push can be used to The biometric feature collection request message informs the login user of the authentication client used to log in to the authentication server;

步骤1.4、认证客户端收到生物特征采集请求消息后会引导用户完成生物特征采集，比如：利用指纹识别技术获取到用户的指纹信息；Step 1.4. After receiving the biometric feature collection request message, the authentication client will guide the user to complete the biometric feature collection, for example, obtain the user's fingerprint information by using the fingerprint identification technology;

步骤1.5、认证客户端将采集的用户的生物特征信息返回给认证服务器；Step 1.5, the authentication client returns the collected biometric information of the user to the authentication server;

步骤1.6、认证服务器根据认证客户端反馈的生物特征信息进行用户的登录认证，应当说明的是，认证服务器会自动到识别该生物特征信息对应的用户身份标识信息，然后在用户生物特征注册信息中查找该用户身份标识信息对应的注册生物特征信息，然后将该生物特征信息与注册生物特征信息进行比对，并生成认证结果，若生物特征信息与注册生物特征信息比对一致，则认证通过，否则认证不通过；Step 1.6. The authentication server performs the user's login authentication according to the biometric information fed back by the authentication client. It should be noted that the authentication server will automatically identify the user identification information corresponding to the biometric information, and then record the user's biometric registration information in the user's biometric registration information. Find the registered biometric information corresponding to the user identification information, then compare the biometric information with the registered biometric information, and generate an authentication result. If the biometric information is consistent with the registered biometric information, the authentication is passed. Otherwise, the authentication will not pass;

步骤1.7、认证服务器将认证结果返回给登录客户端所在的应用程序，使得应用程序根据所述认证结果为用户提供后续的操作。Step 1.7: The authentication server returns the authentication result to the application where the login client is located, so that the application provides the user with subsequent operations according to the authentication result.

应当说明的是，本发明实施例一中，通过利用认证服务器将生物特征采集的认证客户端与应用程序中的登录客户端关联起来，当应用程序所在的终端具有生物特征采集能力时，使得应用程序可以不直接调用自己的通信接口与采集生物特征的硬件通信，降低了应用程序的开发难度；当应用程序所在的终端不具有生物特征采集能力时，认证服务器通过与应用程序和认证客户端的配合，也可以实现生物特征采集的能力，使得用户也可以利用生物特征信息登录应用程序，本发明实施例一提高了用户操作的灵活性。It should be noted that, in the first embodiment of the present invention, by using the authentication server to associate the authentication client for biometrics acquisition with the login client in the application, when the terminal where the application is located has the biometrics acquisition capability, the application The program can not directly call its own communication interface to communicate with the hardware that collects biometrics, which reduces the difficulty of application development; when the terminal where the application is located does not have the ability to collect biometrics, the authentication server can cooperate with the application and the authentication client. , the ability to collect biometrics can also be realized, so that the user can also log in to the application program by using the biometrics information, and the first embodiment of the present invention improves the flexibility of the user's operation.

实施例二Embodiment 2

本发明实施例二提供了另外一种登录认证方法，应用于认证服务器，包括：Embodiment 2 of the present invention provides another login authentication method, which is applied to an authentication server, including:

需要说明的是，为了保证用户可正常根据登录客户端登录应用程序进行操作，在用户登录之前，通常需要进行用户的注册，具体的实现步骤为：It should be noted that, in order to ensure that the user can normally log in to the application according to the login client, the user registration is usually required before the user logs in. The specific implementation steps are as follows:

在用户进行了注册后，便可利用登录客户端登录，然后进行应用程序的相关操作。After the user has registered, he can use the login client to log in, and then perform related operations of the application.

步骤123，分配一会话标识符给所述认证请求消息对应的认证会话；Step 123, assigning a session identifier to the authentication session corresponding to the authentication request message;

步骤124，发送所述会话标识符给所述登录客户端；其中，Step 124, sending the session identifier to the login client; wherein,

所述步骤130具体为：Thestep 130 is specifically:

应当说明的是，本发明实施例二中，不采用实施例一中的IP Push方式触发认证客户端对生物特征信息的采集，而是由认证服务器根据认证请求消息生成会话标识符，此会话标识符为触发认证客户端采集生物特征信息的指令；认证客户端以特定方式获知该会话标识符，进而进行生物特征信息的采集。It should be noted that, in the second embodiment of the present invention, the IP Push method in the first embodiment is not used to trigger the authentication client to collect the biometric information, but the authentication server generates a session identifier according to the authentication request message. The sign is an instruction that triggers the authentication client to collect biometric information; the authentication client obtains the session identifier in a specific way, and then collects biometric information.

本实施例二中，不需要建立认证服务器与认证客户端之间的通信通道，因此认证客户端侧可以不必保存用户注册的身份标识信息，如图4所示，本实施例二中的，用户注册流程具体为：In the second embodiment, there is no need to establish a communication channel between the authentication server and the authentication client, so the authentication client side does not need to save the identity information registered by the user. As shown in FIG. 4 , in the second embodiment, the user The registration process is as follows:

步骤S201，认证客户端采集用户生物特征注册信息，所述用户生物特征注册信息包括用户注册标识信息(例如：用户输入的用户名、邮箱地址等)和用户的注册生物特征信息。同时该用户生物特征注册信息还可以包括用户注册时所用到的一些其他的个人信息，例如：性别、家庭住址等信息；Step S201, the authentication client collects user biometric registration information, where the user biometric registration information includes user registration identification information (eg, user name, email address, etc. input by the user) and user registration biometric information. At the same time, the user's biometric registration information may also include some other personal information used in the user's registration, such as: gender, home address and other information;

步骤S202，认证客户端将该用户生物特征注册信息提交给认证服务器，这里的提交指认证客户端利用与认证服务器之间的接口或协议将采集的用户生物特征注册信息以约定格式发送给认证服务器；Step S202, the authentication client submits the user biometric registration information to the authentication server, where submission means that the authentication client sends the collected user biometric registration information to the authentication server in an agreed format by using an interface or protocol with the authentication server. ;

步骤S203，认证服务器根据该用户生物特征注册信息，生成用户的唯一的身份标识信息，应当说明的是，所述身份标识信息为唯一表征用户身份的信息，例如，可以是用户的电子邮箱地址，手机号码，也可以是认证服务器自己生成的一个标识符，同时认证服务将该用户生物特征注册信息进行存储。Step S203, the authentication server generates the user's unique identification information according to the user's biometric registration information. It should be noted that the identification information is the information that uniquely characterizes the user's identity, for example, it can be the user's e-mail address, The mobile phone number can also be an identifier generated by the authentication server itself, and the authentication service stores the user's biometric registration information at the same time.

如图5所示，本实施例二中，认证服务器、认证客户端以及应用程序上的登录客户端的交互流程为：As shown in FIG. 5 , in the second embodiment, the interaction flow between the authentication server, the authentication client and the login client on the application is as follows:

步骤2.1、应用程序中的登录客户端获取用户登录的用户身份标识信息；Step 2.1, the login client in the application obtains the user identity information of the user login;

步骤2.2、登录客户端获取到用户身份标识后向认证服务器发送请求认证消息，该请求认证消息中携带用户身份标识信息；Step 2.2, the login client sends a request authentication message to the authentication server after obtaining the user identity, and the request authentication message carries the user identity information;

步骤2.3、认证服务器根据该请求认证消息生成会话标识符，应当说明的是，该会话标识符用来唯一识别一次用户认证过程；Step 2.3, the authentication server generates a session identifier according to the request authentication message, it should be noted that the session identifier is used to uniquely identify a user authentication process;

步骤2.4、登录客户端向认证服务器发送认证会话标识符请求消息；Step 2.4, the login client sends an authentication session identifier request message to the authentication server;

步骤2.5、认证服务器将会话标识符反馈给登录客户端；Step 2.5, the authentication server feeds back the session identifier to the login client;

步骤2.6、登录客户端将接收的会话标识符暴露给用户，比如可以在登录界面直接显示出来，或者登录客户端将会话标识符生成为一个二维码图像，供用户使用；Step 2.6: The login client exposes the received session identifier to the user, for example, it can be displayed directly on the login interface, or the login client generates the session identifier as a QR code image for the user to use;

步骤2.7、用户输入会话标识符到认证客户端，用户可以采用直接输入会话标识符的方式，也可以采用操作认证客户端扫描二维码，然后认证客户端通过解析二维码获取会话标识符的方式；Step 2.7. The user inputs the session identifier to the authentication client. The user can directly input the session identifier, or use the operation authentication client to scan the QR code, and then the authentication client obtains the session identifier by parsing the QR code. Way;

步骤2.8、认证客户端根据会话标识符引导用户完成生物特征的采集；Step 2.8, the authentication client guides the user to complete the collection of biometric features according to the session identifier;

步骤2.9、认证客户端将采集的用户的生物特征信息以及会话标识符一同返回给认证服务器；Step 2.9, the authentication client returns the collected biometric information of the user and the session identifier to the authentication server;

步骤3.0、认证服务器根据认证客户端反馈的会话标识符查找与所述会话标识符对应的用户身份标识信息，然后在用户生物特征注册信息中查找该用户身份标识信息对应的注册生物特征信息，然后将该生物特征信息与注册生物特征信息进行比对，并生成认证结果，若生物特征信息与注册生物特征信息比对一致，则认证通过，否则认证不通过；Step 3.0, the authentication server searches for the user identity information corresponding to the session identifier according to the session identifier fed back by the authentication client, and then searches for the registered biometric information corresponding to the user identity information in the user biometric registration information, and then Compare the biometric information with the registered biometric information, and generate an authentication result. If the biometric information is consistent with the registered biometric information, the authentication passes, otherwise the authentication fails;

步骤3.1、登录客户端向认证服务器请求用户认证结果，此步骤可以通过某种机制触发，比如定时轮询，用户操作等方式，向认证服务器查询本次认证的结果，查询时携带会话标识符；Step 3.1. The login client requests the authentication server for the user authentication result. This step can be triggered by a certain mechanism, such as regular polling, user operation, etc., to query the authentication server for the result of this authentication, and carry the session identifier when querying;

步骤3.2、认证服务器根据登录客户端的请求，将认证结果返回给登录客户端所在的应用程序，使得应用程序根据所述认证结果为用户提供后续的操作。Step 3.2, the authentication server returns the authentication result to the application where the login client is located according to the request of the login client, so that the application provides the user with subsequent operations according to the authentication result.

应当说明的是，本发明实施例二与实施例一相比降低了认证服务器的开发难度；同时本实施例二中，通过将应用程序与生物特征采集认证解耦，使得在应用程序所在终端无法进行生物特征采集时，也可以实现用户根据生物特征进行登录的过程，此种方式实现了应用程序所在终端无需调用自己的硬件设备，便可实现用户依据生物特征进行登录的能力，本发明实施例提高了生物特征登录认证的跨平台能力，方便了用户操作。It should be noted that the second embodiment of the present invention reduces the development difficulty of the authentication server compared with the first embodiment; at the same time, in the second embodiment, by decoupling the application program from the biometrics collection and authentication, the terminal where the application program is located cannot be When collecting biometric features, the process of logging in users based on biometric features can also be implemented. In this way, the terminal where the application program is located can realize the ability to log in based on biometric features without calling its own hardware device. Embodiments of the present invention The cross-platform capability of biometric login authentication is improved, which facilitates user operations.

实施例三Embodiment 3

对应上述登录认证方法，如图6所示，本发明实施例三提供一种认证服务器，包括：Corresponding to the above login authentication method, as shown in FIG. 6 , Embodiment 3 of the present invention provides an authentication server, including:

认证请求获取模块11，用于获取登录客户端根据用户身份标识信息生成的认证请求信息；The authenticationrequest obtaining module 11 is used to obtain the authentication request information generated by the login client according to the user identity information;

触发模块12，用于根据所述认证请求消息，触发认证客户端采集用户的生物特征信息；a triggeringmodule 12, configured to trigger the authentication client to collect the biometric information of the user according to the authentication request message;

第一接收模块13，用于接收所述认证客户端采集到的生物特征信息；afirst receiving module 13, configured to receive the biometric information collected by the authentication client;

比对模块14，用于将所述生物特征信息与预存的所述用户身份标识信息对应的注册生物特征信息进行比对，生成认证结果。Thecomparison module 14 is configured to compare the biometric information with the registered biometric information corresponding to the pre-stored user identification information to generate an authentication result.

可选地，所述认证服务器还包括：Optionally, the authentication server further includes:

可选地，在第一种实现方式中，所述触发模块12包括：Optionally, in a first implementation manner, the triggeringmodule 12 includes:

可选地，在第二种实现方式中，所述触发模块12包括：Optionally, in a second implementation manner, the triggeringmodule 12 includes:

所述第一接收模块13具体为：Thefirst receiving module 13 is specifically:

实施例四Embodiment 4

如图7所示，本发明实施例四提供一种登录认证方法，应用于认证客户端，包括：As shown in FIG. 7 , Embodiment 4 of the present invention provides a login authentication method, which is applied to an authentication client, including:

步骤210，根据认证服务器依据认证请求消息的触发，进行生物特征信息的采集；Step 210, according to the triggering of the authentication server according to the authentication request message, collect biometric information;

步骤220，发送采集到的所述生物特征信息给所述认证服务器，使得所述认证服务器将所述生物特征信息与预存的用户身份标识信息对应的注册生物特征信息进行比对，生成认证结果。Step 220: Send the collected biometric information to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identity information to generate an authentication result.

具体地，所述登录认证方法还包括：Specifically, the login authentication method further includes:

其中，上述实施例一和实施例二中，所有关于认证客户端的描述，均适用于该应用认证客户端的登录认证方法的实施例中，也能达到与其相同的技术效果。Wherein, in the above-mentioned first and second embodiments, all descriptions about the authentication client are applicable to the embodiments of the login authentication method of the application authentication client, and the same technical effect can also be achieved.

实施例五Embodiment 5

对应于上述登录认证方法，如图8所示，本发明实施例五的认证客户端，包括：Corresponding to the above login authentication method, as shown in FIG. 8 , the authentication client in Embodiment 5 of the present invention includes:

采集请求获取模块21，用于根据认证服务器依据认证请求消息的触发，进行生物特征信息的采集；The acquisitionrequest acquisition module 21 is used for acquiring biometric information according to the triggering of the authentication request message by the authentication server;

第三发送模块22，用于发送采集到的所述生物特征信息给所述认证服务器，使得所述认证服务器将所述生物特征信息与预存的用户身份标识对应的注册生物特征信息进行比对，生成认证结果。Thethird sending module 22 is configured to send the collected biometric information to the authentication server, so that the authentication server compares the biometric information with the registered biometric information corresponding to the pre-stored user identification, Generate authentication results.

具体地，所述认证客户端还包括：Specifically, the authentication client further includes:

实施例六Embodiment 6

如图9所示，本发明实施例六提供一种登录认证方法，应用于登录客户端，包括：As shown in FIG. 9 , Embodiment 6 of the present invention provides a login authentication method, which is applied to a login client, including:

步骤310，采集用户进行登录时的用户身份标识信息；Step 310, collecting user identification information when the user logs in;

步骤320，根据所述用户身份标识信息，生成认证请求信息；Step 320, generating authentication request information according to the user identity information;

步骤330，发送所述认证请求信息给认证服务器，使得所述认证服务器根据所述认证请求信息生成生物特征采集请求信息。Step 330: Send the authentication request information to an authentication server, so that the authentication server generates biometric feature collection request information according to the authentication request information.

具体地，当采用实施例二的实现方式时，所述登录认证方法还包括：Specifically, when the implementation manner of Embodiment 2 is adopted, the login authentication method further includes:

接收所述认证服务器发送的会话标识信息。Receive session identification information sent by the authentication server.

其中，上述实施例一和实施例二中，所有关于登录客户端的描述，均适用于该应用登录客户端的登录认证方法的实施例中，也能达到与其相同的技术效果。Among them, in the above-mentioned first and second embodiments, all descriptions about the login client are applicable to the embodiments of the login authentication method for the application to log in to the client, and the same technical effect can also be achieved.

实施例七Embodiment 7

对应于上述登录认证方法，如图10所示，本发明实施例七的登录客户端，包括：Corresponding to the above login authentication method, as shown in FIG. 10 , the login client in Embodiment 7 of the present invention includes:

登录信息采集模块31，用于采集用户进行登录时的用户身份标识信息；The logininformation collection module 31 is used to collect user identification information when the user logs in;

认证请求生成模块32，用于根据所述用户身份标识信息，生成认证请求信息；an authenticationrequest generating module 32, configured to generate authentication request information according to the user identity information;

第五发送模块33，用于发送所述认证请求信息给认证服务器，使得所述认证服务器根据所述认证请求信息生成生物特征采集请求信息。Thefifth sending module 33 is configured to send the authentication request information to an authentication server, so that the authentication server generates biometric feature collection request information according to the authentication request information.

可选地，所述登录客户端还包括：Optionally, the login client further includes:

会话标识接收模块，用于接收所述认证服务器发送的会话标识信息。The session identification receiving module is configured to receive the session identification information sent by the authentication server.

需要说明的是，通过利用认证服务器进行生物特征信息采集的触发，使得在登录客户端侧没有生物特征采集能力时，也能使得用户利用生物特征信息进行登录操作，提高了用户操作的灵活性。It should be noted that by using the authentication server to trigger the collection of biometric information, even when the login client side does not have the ability to collect biometrics, the user can also use the biometric information to perform the login operation, which improves the flexibility of the user operation.

以上所述的是本发明的优选实施方式，应当指出对于本技术领域的普通人员来说，在不脱离本发明所述的原理前提下还可以作出若干改进和润饰，这些改进和润饰也在本发明的保护范围内。The above are the preferred embodiments of the present invention, and it should be pointed out that for those skilled in the art, several improvements and modifications can be made without departing from the principles of the present invention, and these improvements and modifications are also included in the present invention. within the scope of protection of the invention.