CN114245374B - Security authentication method, system and related equipment - Google Patents
Security authentication method, system and related equipment Download PDFInfo
- Publication number
- CN114245374B CN114245374B CN202010929133.2A CN202010929133A CN114245374B CN 114245374 B CN114245374 B CN 114245374B CN 202010929133 A CN202010929133 A CN 202010929133A CN 114245374 B CN114245374 B CN 114245374B
- Authority
- CN
- China
- Prior art keywords
- sim card
- user
- key
- client
- security authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012795 verification Methods 0.000 claims abstract description 42
- 239000000284 extract Substances 0.000 claims abstract description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 10
- 238000000605 extraction Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 238000011084 recovery Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 5
- 238000003672 processing method Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- G—PHYSICS
- G10—MUSICAL INSTRUMENTS; ACOUSTICS
- G10L—SPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
- G10L17/00—Speaker identification or verification techniques
- G10L17/02—Preprocessing operations, e.g. segment selection; Pattern representation or modelling, e.g. based on linear discriminant analysis [LDA] or principal components; Feature selection or extraction
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a security authentication method, a security authentication system and related equipment, and relates to the field of terminal application. The security authentication method comprises the following steps: the SIM card extracts voiceprint features from first user voice data acquired by the client; the SIM card generates a pair of public key and private key according to the voiceprint characteristics; under the condition that the SIM card is not the first SIM card of the user, the SIM card adopts a private key to verify the obtained verification data corresponding to the user, wherein the verification data is encrypted through the private key generated by the old SIM card of the user; in case the authentication is passed, the SIM card returns the public key to the client and stores the private key, along with the voiceprint characteristics of the user. The method of the embodiment of the invention generates the secret key by utilizing the voiceprint characteristics of the user, and can realize recovery of the lost secret key. And by verifying the user identity after the key is generated, the security of key recovery is improved, and the situation that other users use falsely is avoided.
Description
Technical Field
The present invention relates to the field of terminal applications, and in particular, to a security authentication method, system, and related devices.
Background
The SIM (Subscriber Identity Module ) shield is a product of asymmetric encryption technology using a public key infrastructure (Public Key Infrastructure, PKI for short) by taking an operator SIM card as a security authentication carrier, and provides a safe, efficient and convenient mobile terminal security authentication service similar to a U shield for industry clients. The SIM shield integrates the traditional U shield function on the SIM card, can perform safe data storage and data operation processing, can save data information such as a user private key, a user certificate and the like, can perform operations such as public and private key generation, encryption/decryption, signature/signature verification, hash (Hash) operation and the like, and provides mobile safety authentication service capabilities for the outside, such as identity authentication service, electronic signature service, encryption and decryption service, encryption storage and the like.
Disclosure of Invention
In the related art, a product such as a SIM shield generates a public-private key pair and saves it for data security operation. However, if the private key is lost and cannot be retrieved, for example, the SIM card is damaged and the mobile phone is lost, the digital asset encrypted by the original key, the encrypted data and the like cannot be decrypted and authenticated, and great loss is caused.
One technical problem to be solved by the embodiment of the invention is as follows: how to provide a scheme for facilitating secure retrieval of keys.
According to a first aspect of some embodiments of the present invention, there is provided a security authentication method comprising: the SIM card extracts voiceprint features from first user voice data acquired by the client; the SIM card generates a pair of public key and private key according to the voiceprint characteristics; under the condition that the SIM card is not the first SIM card of the user, the SIM card adopts a private key to verify the obtained verification data corresponding to the user, wherein the verification data is encrypted through the private key generated by the old SIM card of the user; in case the authentication is passed, the SIM card returns the public key to the client and stores the private key, along with the voiceprint characteristics of the user.
In some embodiments, the security authentication method further comprises: the method comprises the steps that under the condition that the SIM card is the first SIM card of a user, the SIM card returns a public key to a client, and a private key and voiceprint characteristics of the user are stored; the SIM card encrypts preset information to obtain verification data corresponding to a user; the SIM card sends the authentication data to the client.
In some embodiments, the SIM card generates a pair of public and private keys based on the voiceprint feature and a preset encryption key and encryption algorithm, wherein the SIM card and the old SIM card of the user have the same encryption key and encryption algorithm.
In some embodiments, the SIM card generates a pair of public and private keys according to the voiceprint feature and a preset encryption key and encryption algorithm, including: the SIM card encrypts the voiceprint features by using a preset encryption key and a preset encryption algorithm to generate a seed key; a pair of public and private keys is generated based on the seed key.
In some embodiments, the SIM card has the same key pool for generating the seed key as the old SIM card of the user, and generating the pair of public and private keys by the SIM card according to the voiceprint feature and the preset encryption key and encryption algorithm further comprises: the SIM card acquires user information; the SIM card determines an encryption key for generating a seed key according to the corresponding relation between preset user information and the encryption key and the encryption algorithm in the key pool.
In some embodiments, the security authentication method further comprises: the SIM card extracts voiceprint features from second user voice data acquired by the client; the SIM card matches the voiceprint features extracted from the second user voice data with the voiceprint features stored in the SIM card; and the SIM card returns a matching result to the client, wherein under the matching condition, the client passes the identity authentication of the user.
In some embodiments, the security authentication method further comprises: the method comprises the steps that a SIM card obtains data to be processed and a processing instruction sent by a client, wherein the processing instruction is used for indicating the SIM card to perform at least one of encryption, decryption, signature or signature verification; and the SIM card adopts the stored private key to correspondingly process the data to be processed according to the processing instruction.
According to a second aspect of some embodiments of the present invention, there is provided a security authentication device, located on a SIM card, comprising: the feature extraction module is configured to extract voiceprint features from first user sound data acquired by the client; a key generation module configured to generate a pair of public and private keys based on the voiceprint feature; the verification module is configured to verify the obtained verification data corresponding to the user by adopting a private key under the condition that the SIM card is not the first SIM card of the user, wherein the verification data is encrypted by the private key generated by the old SIM card of the user; and the storage module is configured to return the public key to the client side by the SIM card under the condition that the verification is passed, and store the private key and voiceprint characteristics of the user.
According to a third aspect of some embodiments of the present invention, there is provided a security authentication device comprising: a memory; and a processor coupled to the memory, the processor configured to perform any of the aforementioned security authentication methods based on instructions stored in the memory.
According to a fourth aspect of some embodiments of the present invention, there is provided a security authentication system comprising: a SIM card comprising any one of the aforementioned security authentication devices; and a client configured to collect first user sound data; sending first sound data to the SIM card; obtaining verification data from a server; transmitting verification data to the SIM card; and receiving and storing the public key sent by the SIM card.
In some embodiments, the authentication data is obtained by the client from the server.
In some embodiments, the client is further configured to display a voiceprint acquisition prompt.
In some embodiments, the client is further configured to send at least one of voiceprint feature extraction instructions, key generation instructions, identity authentication instructions, processing instructions to the SIM card.
According to a fifth aspect of some embodiments of the present invention, there is provided a computer-readable storage medium having stored thereon a computer program, wherein the program, when executed by a processor, implements any one of the aforementioned security authentication methods.
Some of the embodiments of the above invention have the following advantages or benefits: the method of the embodiment of the invention generates the secret key by utilizing the voiceprint characteristics of the user, and can realize recovery of the lost secret key. And by verifying the user identity after the key is generated, the security of key recovery is improved, and the situation that other users use falsely is avoided.
Other features of the present invention and its advantages will become apparent from the following detailed description of exemplary embodiments of the invention, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1 illustrates a flow diagram of a security authentication method according to some embodiments of the invention.
Fig. 2 shows a flow diagram of a security authentication method according to further embodiments of the present invention.
Fig. 3 illustrates a flow diagram of an identity authentication method according to some embodiments of the invention.
Fig. 4 illustrates a flow diagram of a data processing method according to some embodiments of the invention.
Fig. 5 illustrates a schematic structural diagram of a security authentication device according to some embodiments of the present invention.
Fig. 6 illustrates a schematic diagram of a security authentication system according to some embodiments of the present invention.
Fig. 7 is a schematic structural view of a security authentication device according to other embodiments of the present invention.
Fig. 8 is a schematic structural view showing a security authentication device according to still other embodiments of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless it is specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but should be considered part of the specification where appropriate.
In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
The inventors have further appreciated that in the related art, when a financial shield (U shield) is lost, the financial institution reassigns a U shield to the user. Whereas the U-shields are often used for authentication locally at the terminal, the security mechanism is that each U-shield corresponds to a unique key. Whereas for an online digital asset scenario, such as a blockchain scenario, the user's digital asset-related information is stored after being encrypted using the user's key. In this case, the original digital asset cannot be used if a U-shield like way of updating the key is still used.
Aiming at the scene, the invention provides a scheme capable of safely 'retrieving' the user key. An embodiment of the security-careful method of the present invention is described below with reference to fig. 1. In this embodiment, after the user has lost the mobile phone, damaged the SIM card or replaced the SIM card, the key consistent with the original key can be regenerated through the following procedure. Unless otherwise specified, a "SIM card" refers to a SIM card currently used by a user, i.e., a "new SIM card".
Fig. 1 illustrates a flow diagram of a security authentication method according to some embodiments of the invention. As shown in fig. 1, the security authentication method of this embodiment includes steps S102 to S110.
In step S102, a client in the mobile phone sends collected first user sound data to a SIM card of the mobile phone. The first user sound data is used for key retrieval by the user.
In step S104, the SIM card extracts voiceprint features from the first user sound data.
In step S106, the SIM card generates a pair of public and private keys according to the voiceprint features.
And the SIM card generates a pair of public key and private key according to the voiceprint characteristics, the preset encryption key and encryption algorithm, wherein the SIM card and the old SIM card of the user have the same encryption key and encryption algorithm.
In some embodiments, the preset encryption key and encryption algorithm are shared by the SIM card. Therefore, for the voiceprint characteristics of the same user, the same key can be obtained after calculation is performed by using the encryption key and the encryption algorithm, so that the newly generated key can successfully perform operations such as decryption, signature verification and the like on the digital asset of the user.
In some embodiments, the same key pool for generating the seed key is preset in the SIM card, i.e. the SIM card has the same key pool as the old SIM card of the user, and there are several encryption keys, or encryption algorithms, in the key pool. And, the user information has a corresponding relation with the encryption key and the encryption algorithm in the key pool. After the SIM card obtains the user information, the encryption key used for generating the seed key is determined according to the corresponding relation between the preset user information and the encryption key and the encryption algorithm in the key pool.
The user information is, for example, information of a preset number of digits of the user identification number, such as an identification card tail number and the like. Therefore, by setting a plurality of encryption keys, complex reading of seed key generation can be improved, safety is improved, and the mode that user information corresponds to the encryption keys is adopted, so that the newly generated keys of users are identical to the previously generated keys, and usability of the keys generated by the users is ensured.
In some embodiments, the SIM card encrypts the voiceprint feature using a preset encryption key and a preset encryption algorithm to generate a seed key; a pair of public and private keys is generated based on the seed key. Therefore, the voiceprint feature of the user can be prevented from leaking, and the safety is improved.
In step S108, if the SIM card is not the first SIM card of the user, the SIM card uses a private key to verify the obtained verification data corresponding to the user, where the verification data is encrypted by the private key generated by the old SIM card of the user.
When the SIM card is a new card, in order to avoid other users from impersonating the SIM card, a newly generated private key is adopted to indirectly carry out identity authentication on the user. If the user is a real user, the data processed by the original key can be decrypted by utilizing the key generated by the voiceprint of the user.
In some embodiments, the authentication data is generated by encrypting preset information, such as information of the user, by the old SIM card. By comparing the preset information with the decryption result, whether the verification is passed or not can be judged.
In step S110, in case the authentication is passed, the SIM card returns the public key to the client and stores the private key, as well as the voiceprint characteristics of the user.
The method of the embodiment generates the secret key by utilizing the voiceprint characteristics of the user, and can realize recovery of the lost secret key. And by verifying the user identity after the key is generated, the security of key recovery is improved, and the situation that other users use falsely is avoided.
When the SIM card currently used by the user is the first SIM card of the user, the SIM card may directly store a key generated according to the voiceprint characteristics of the user. Fig. 2 shows a flow diagram of a security authentication method according to further embodiments of the present invention. As shown in fig. 2, the security authentication method of this embodiment includes steps S202 to S216.
The contents of steps S202 to S210 are identical to those of steps S102 to S110, and will not be described here again.
In step S212, in the case where the SIM card is the first SIM card of the user, the SIM card returns the public key to the client, and stores the private key, and the voiceprint feature of the user.
In step S214, the SIM card encrypts preset information to obtain authentication data corresponding to the user.
In step S216, the SIM card sends authentication data to the client. The client stores the authentication data in a server, for example, and acquires the data from the server and sends it to the SIM card when necessary.
By the method of the embodiment, when the key of the user is generated for the first time, voiceprint features based on the user are generated. Thus, when the key is lost, the key can be retrieved by utilizing the voiceprint characteristics of the user. And by generating verification data in advance, the user can be authenticated according to the data when the key is retrieved, so that the safety is improved.
During the use of the client by the user, when sensitive operation is involved, the SIM card can use the stored voiceprint features to authenticate the user. An embodiment of the authentication method is described below with reference to fig. 3.
Fig. 3 illustrates a flow diagram of an identity authentication method according to some embodiments of the invention. As shown in fig. 3, the identity authentication method of this embodiment includes steps S302 to S308.
In step S302, the client sends the collected second user sound data to the SIM card.
In step S304, the SIM card extracts voiceprint features from the second user voice data. The second user voice data is used for identity authentication.
In step S306, the SIM card matches the voiceprint features extracted from the second user voice data with the voiceprint features stored by the SIM card.
In step S308, the SIM card returns a matching result to the client, where in the case of matching, the client passes the identity authentication of the user.
Thus, the stored voiceprint features can be used not only for key generation, but also for authentication of the user identity.
After the identity authentication is completed, safe data processing can be performed. An embodiment of the data processing method of the present invention is described below with reference to fig. 4.
Fig. 4 illustrates a flow diagram of a data processing method according to some embodiments of the invention. As shown in fig. 4, the data processing method of this embodiment includes steps S402 to S404.
In step S402, the SIM card obtains data to be processed and a processing instruction sent by the client, where the processing instruction is used to instruct the SIM card to perform at least one of encryption, decryption, signature or signature verification.
In some embodiments, the data to be processed is generated by the client using the public key returned by the SIM card.
In step S404, the SIM card uses the stored private key to process the data to be processed according to the processing instruction.
By the method, the SIM card can utilize the private key generated based on the voiceprint characteristics of the user to carry out encryption, decryption, signature or signature verification and other operations, so that the security is improved.
The above data processing process may also be performed after other authentication methods other than the embodiment of fig. 3, as needed, and will not be described here again.
An embodiment of the security authentication device of the present invention is described below with reference to fig. 5. The security authentication device of this embodiment is located on the SIM card.
Fig. 5 illustrates a schematic structural diagram of a security authentication device according to some embodiments of the present invention. As shown in fig. 5, the security authentication device 500 of this embodiment includes: a feature extraction module 5100 configured to extract voiceprint features from first user sound data collected by a client; a key generation module 5200 configured to generate a pair of public and private keys from the voiceprint feature; the verification module 5300 is configured to verify the obtained verification data corresponding to the user by adopting a private key under the condition that the SIM card is not the first SIM card of the user, wherein the verification data is encrypted by the private key generated by the old SIM card of the user; the save module 5400 is configured to return the public key to the client and store the private key, as well as the voiceprint characteristics of the user if the authentication passes.
In some embodiments, the security authentication device 500 further comprises: the verification data generation module 5500 is configured to encrypt preset information to obtain verification data corresponding to a user; and sending the verification data to the client.
In some embodiments, the key generation module 5200 is further configured to generate a pair of public and private keys based on the voiceprint feature and a preset encryption key and encryption algorithm, wherein the SIM card and the old SIM card of the user have the same encryption key and encryption algorithm.
In some embodiments, the key generation module 5200 is further configured to encrypt the voiceprint features using a preset encryption key and a preset encryption algorithm to generate a seed key; a pair of public and private keys is generated based on the seed key.
In some embodiments, the SIM card has the same key pool for generating the seed key as the old SIM card of the user, the key generation module 5200 being further configured to obtain the user information; and determining an encryption key for generating the seed key according to the corresponding relation between the preset user information and the encryption key and the encryption algorithm in the key pool.
In some embodiments, the security authentication device 500 further comprises: an identity authentication module 5600 configured to extract voiceprint features from second user voice data collected by the client; matching voiceprint features extracted from the second user voice data with voiceprint features stored in the SIM card; and returning a matching result to the client, wherein under the matching condition, the client passes the identity authentication of the user.
In some embodiments, the security authentication device 500 further comprises: the data processing module 5700 is configured to acquire data to be processed and a processing instruction sent by the client, wherein the processing instruction is used for instructing the SIM card to perform at least one of encryption, decryption, signature or signature verification; and according to the processing instruction, adopting the stored private key to correspondingly process the data to be processed.
Fig. 6 illustrates a schematic diagram of a security authentication system according to some embodiments of the present invention. As shown in fig. 6, the security authentication system 60 of this embodiment includes a SIM card 610 including any of the aforementioned security authentication devices 500; and a client 620 configured to collect first user sound data; sending first sound data to the SIM card; obtaining verification data from a server; transmitting verification data to the SIM card; and receiving and storing the public key sent by the SIM card.
In some embodiments, the authentication data is obtained by the client 620 from a server.
In some embodiments, client 620 is further configured to display a voiceprint acquisition prompt. Thus, the user speaks the corresponding content according to the prompt.
In some embodiments, the client 620 is further configured to send at least one of voiceprint feature extraction instructions, key generation instructions, identity authentication instructions, processing instructions to the SIM card. For example, the client first sends the collected sound data to the SIM card, and then sends a processing instruction to the SIM card, so that the SIM card performs a corresponding operation.
Fig. 7 is a schematic structural view of a security authentication device according to other embodiments of the present invention. As shown in fig. 7, the security authentication device 70 of this embodiment includes: a memory 710 and a processor 720 coupled to the memory 710, the processor 720 being configured to perform the security authentication method of any of the previous embodiments based on instructions stored in the memory 710.
The memory 710 may include, for example, system memory, fixed nonvolatile storage media, and so forth. The system memory stores, for example, an operating system, application programs, boot Loader (Boot Loader), and other programs.
Fig. 8 is a schematic structural view showing a security authentication device according to still other embodiments of the present invention. As shown in fig. 8, the security authentication device 80 of this embodiment includes: memory 810 and processor 820 may also include an input-output interface 830, a network interface 840, a storage interface 850, and the like. These interfaces 830, 840, 850 and the memory 810 and processor 820 may be connected by, for example, a bus 860. The input/output interface 830 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, a touch screen, and the like. The network interface 840 provides a connection interface for various networking devices. Storage interface 850 provides a connection interface for external storage devices such as SD cards, U-discs, and the like.
An embodiment of the present invention also provides a computer-readable storage medium having stored thereon a computer program, characterized in that the program, when executed by a processor, implements any one of the aforementioned security authentication methods.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flowchart and/or block of the flowchart illustrations and/or block diagrams, and combinations of flowcharts and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the invention are intended to be included within the scope of the invention.
Claims (14)
1. A security authentication method, comprising:
the user identification module SIM card extracts voiceprint features from first user voice data acquired by the client;
the SIM card generates a pair of public key and private key according to the voiceprint characteristics;
under the condition that the SIM card is not the first SIM card of the user, the SIM card adopts the private key to verify the obtained verification data corresponding to the user, wherein the verification data is encrypted through the private key generated by the old SIM card of the user;
and if the verification is passed, the SIM card returns the public key to the client and stores the private key and the voiceprint feature of the user.
2. The security authentication method of claim 1, further comprising:
returning the public key to the client by the SIM card and storing the private key and voiceprint features of the user under the condition that the SIM card is the first SIM card of the user;
the SIM card encrypts preset information to obtain verification data corresponding to the user;
and the SIM card sends the verification data to the client.
3. The security authentication method of claim 1, wherein the SIM card generates a pair of public and private keys according to the voiceprint feature and a preset encryption key and encryption algorithm, wherein the SIM card and the old SIM card of the user have the same encryption key and encryption algorithm.
4. The security authentication method of claim 3, wherein the SIM card generates a pair of public and private keys according to the voiceprint feature and a preset encryption key and encryption algorithm, comprising:
the SIM card encrypts the voiceprint features by using a preset encryption key and a preset encryption algorithm to generate a seed key;
and generating a pair of public key and private key according to the seed key.
5. The security authentication method of claim 4, wherein the SIM card has a same key pool for generating a seed key as an old SIM card of the user, and generating a pair of public and private keys by the SIM card according to the voiceprint feature and a preset encryption key and encryption algorithm further comprises:
the SIM card acquires user information;
and the SIM card determines an encryption key for generating a seed key according to the corresponding relation between preset user information and the encryption key and the encryption algorithm in the key pool.
6. The security authentication method of claim 1, further comprising:
the SIM card extracts voiceprint features from second user voice data acquired by the client;
the SIM card matches the voiceprint features extracted from the second user voice data with the voiceprint features stored in the SIM card;
and the SIM card returns a matching result to the client, wherein under the condition of matching, the client passes the identity authentication of the user.
7. The security authentication method according to claim 1 or 6, further comprising:
the SIM card acquires data to be processed and a processing instruction sent by the client, wherein the processing instruction is used for indicating the SIM card to perform at least one of encryption, decryption, signature or signature verification;
and the SIM card adopts a stored private key to correspondingly process the data to be processed according to the processing instruction.
8. A security authentication device, located on a SIM card, comprising:
the feature extraction module is configured to extract voiceprint features from first user sound data acquired by the client;
a key generation module configured to generate a pair of public and private keys from the voiceprint feature;
the verification module is configured to verify the obtained verification data corresponding to the user by adopting the private key under the condition that the SIM card is not the first SIM card of the user, wherein the verification data is encrypted by the private key generated by the old SIM card of the user;
and the storage module is configured to return the public key to the client and store the private key and the voiceprint feature of the user under the condition that verification is passed.
9. A security authentication device comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the security authentication method of any of claims 1-7 based on instructions stored in the memory.
10. A security authentication system comprising:
a SIM card comprising the secure authentication device of claim 8 or 9; and
a client configured to collect first user sound data; transmitting the first user sound data to the SIM card; obtaining verification data from a server; sending verification data to the SIM card; and receiving and storing the public key sent by the SIM card.
11. The security authentication system of claim 10, wherein the verification data is obtained by the client from a server.
12. The security authentication system of claim 10, wherein the client is further configured to display a voiceprint acquisition prompt.
13. The security authentication system of claim 10, wherein the client is further configured to send at least one of voiceprint feature extraction instructions, key generation instructions, identity authentication instructions, processing instructions to the SIM card.
14. A computer-readable storage medium, on which a computer program is stored, which program, when executed by a processor, implements the security authentication method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010929133.2A CN114245374B (en) | 2020-09-07 | 2020-09-07 | Security authentication method, system and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010929133.2A CN114245374B (en) | 2020-09-07 | 2020-09-07 | Security authentication method, system and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114245374A CN114245374A (en) | 2022-03-25 |
| CN114245374B true CN114245374B (en) | 2024-04-05 |
Family
ID=80742455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010929133.2A Active CN114245374B (en) | 2020-09-07 | 2020-09-07 | Security authentication method, system and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114245374B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114567881B (en) * | 2022-04-24 | 2022-07-19 | 江苏益捷思信息科技有限公司 | SIM card information security protection method and system |
| CN115223568A (en) * | 2022-06-29 | 2022-10-21 | 厦门快商通科技股份有限公司 | Identity verification method, device and system based on voiceprint recognition and storage medium |
| CN115484593B (en) * | 2022-09-01 | 2024-12-24 | 中国联合网络通信集团有限公司 | Key retrieval method, server and user identification card |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391201A (en) * | 2013-08-05 | 2013-11-13 | 公安部第三研究所 | System and method for realizing smart card authentication based on voiceprint recognition |
| CN108667608A (en) * | 2017-03-28 | 2018-10-16 | 阿里巴巴集团控股有限公司 | The guard method of data key, device and system |
| WO2019216847A2 (en) * | 2017-11-17 | 2019-11-14 | Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi | A sim-based data security system |
| CN110677418A (en) * | 2019-09-29 | 2020-01-10 | 四川虹微技术有限公司 | Trusted voiceprint authentication method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7689832B2 (en) * | 2000-09-11 | 2010-03-30 | Sentrycom Ltd. | Biometric-based system and method for enabling authentication of electronic messages sent over a network |
-
2020
- 2020-09-07 CN CN202010929133.2A patent/CN114245374B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391201A (en) * | 2013-08-05 | 2013-11-13 | 公安部第三研究所 | System and method for realizing smart card authentication based on voiceprint recognition |
| CN108667608A (en) * | 2017-03-28 | 2018-10-16 | 阿里巴巴集团控股有限公司 | The guard method of data key, device and system |
| WO2019216847A2 (en) * | 2017-11-17 | 2019-11-14 | Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi | A sim-based data security system |
| CN110677418A (en) * | 2019-09-29 | 2020-01-10 | 四川虹微技术有限公司 | Trusted voiceprint authentication method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114245374A (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108551443B (en) | Application login method, device, terminal device and storage medium | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| EP3435591B1 (en) | 1:n biometric authentication, encryption, signature system | |
| CN110969431B (en) | Secure hosting method, device and system for private key of blockchain digital coin | |
| CN113114700B (en) | Method and equipment for processing identity recognition, business processing and biological characteristic information | |
| CN114245374B (en) | Security authentication method, system and related equipment | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN111506632B (en) | A data processing method and device | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN111385084A (en) | Key management method and device for digital assets and computer readable storage medium | |
| CN108848058A (en) | Intelligent contract processing method and block catenary system | |
| CN111242611B (en) | Method and system for recovering digital wallet key | |
| CN110598433B (en) | Block chain-based anti-fake information processing method and device | |
| CN104660589A (en) | Method and system for controlling encryption of information and analyzing information as well as terminal | |
| CN106487758B (en) | data security signature method, service terminal and private key backup server | |
| CN107528689B (en) | Password modification method based on Ukey | |
| CN112039902A (en) | Data encryption method and device | |
| CN115225672B (en) | End-to-end data transmission method, equipment and medium | |
| CN113836506A (en) | Identity authentication method, device, system, electronic equipment and storage medium | |
| CN108629172A (en) | A kind of fingerprint management method and system | |
| CN114581091B (en) | Authentication method, device, computer equipment and storage medium | |
| CN107437996B (en) | Identity authentication method, device and terminal | |
| CN109768969B (en) | Authority control method, Internet of things terminal and electronic equipment | |
| CN111148213B (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN112784237A (en) | Authentication processing method, authentication authorization method and related equipment of electronic document |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |