CN116347406A - User authentication method and device, equipment, storage medium - Google Patents

Abstract

The application provides a user authentication method and device, equipment and a storage medium; wherein the method comprises the following steps: establishing a communication connection with the identifiable card; acquiring application information currently bound with the identifiable card; and authenticating the identity of the user currently using the identifiable card at least according to the currently bound application information and the application information bound with the identifiable card history, so as to determine whether to execute card swiping operation on the identifiable card. Therefore, authentication of the user can be completed, authentication safety is improved, and user experience is improved.

Description

User authentication method and device, equipment, storage medium

technical field

The present application relates to communication technology, involving but not limited to a user authentication method, device, equipment, and storage medium.

Background technique

In related technologies, when different users use the same terminal to swipe their cards on non-contact card readers such as subway gates, buses, and corporate cards, as long as the terminals used are legitimate terminals, for different users, the Can be authenticated successfully, and the authentication security is poor.

Contents of the invention

In view of this, the user authentication method, device, equipment, and storage medium provided by the present application can realize the description of the user's identity and complete the authentication of the user himself, thereby improving the security of authentication and improving user experience.

According to an aspect of an embodiment of the present application, there is provided a user authentication method, including: establishing a communication connection with an identifiable card; obtaining application information currently bound to the identifiable card; at least according to the currently bound application information As well as the application information bound with the history of the identifiable card, the identity authentication of the user currently using the identifiable card is performed to determine whether to perform a card swiping operation on the identifiable card.

In this embodiment of the application, when performing identity authentication on a user currently using an identifiable card, at least according to the application information currently bound to the identifiable card (the application information that the identifiable card is currently activated, that is, the user is currently The application used at all times) and the pre-stored application information bound to the identifiable card history (that is, the application information that is activated on the identifiable card used by the user at historical moments) to authenticate. In this way, on the one hand, the identity authentication is completed in a state where the user has no sense, which is convenient to use and improves the user experience; Authentication, and avoid the situation that other users can also pass the authentication when using the same identifiable card, thereby improving the security of authentication.

According to an aspect of an embodiment of the present application, a user authentication device is provided, including: a communication unit, configured to establish a communication connection with an identifiable card; an acquisition unit, configured to acquire application information currently bound to the identifiable card; An authentication unit, configured to authenticate the user currently using the identifiable card according to at least the currently bound application information and the historically bound application information of the identifiable card, so as to determine whether to authenticate the identifiable card Recognize the card and perform the card swiping operation.

According to one aspect of the embodiments of the present application, an electronic device is provided, including a memory and a processor, the memory stores a computer program that can run on the processor, and the processor implements the embodiment of the present application when executing the program the method described.

According to an aspect of the embodiments of the present application, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the method provided in the embodiments of the present application is implemented.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.

Description of drawings

The accompanying drawings here are incorporated into the specification and constitute a part of the specification. These drawings show embodiments consistent with the application, and are used together with the description to describe the technical solution of the application. Apparently, the drawings in the following description are only some embodiments of the present application, and those skilled in the art can obtain other drawings according to these drawings without creative efforts.

The flow charts shown in the drawings are only exemplary illustrations, and do not necessarily include all contents and operations/steps, nor must they be performed in the order described. For example, some operations/steps can be decomposed, and some operations/steps can be combined or partly combined, so the actual order of execution may be changed according to the actual situation.

FIG. 1 is a schematic diagram of an implementation flow of a user authentication method provided in an embodiment of the present application;

FIG. 2 is a schematic diagram of an implementation flow of a user authentication method provided in an embodiment of the present application;

FIG. 3 is a schematic diagram of an implementation flow of an offline user authentication method provided in an embodiment of the present application;

FIG. 4 is a schematic diagram of an implementation flow of an online user authentication method provided in an embodiment of the present application;

FIG. 5 is a schematic diagram of a one-key login authentication method in the related art;

FIG. 6 is a schematic diagram of an authentication system provided by an embodiment of the present application;

FIG. 7 is a schematic diagram of an implementation flow of offline authentication provided by an embodiment of the present application;

FIG. 8 is a schematic diagram of an implementation flow of online authentication provided by an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a user authentication device provided by an embodiment of the present application;

FIG. 10 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the specific technical solutions of the present application will be further described in detail below in conjunction with the drawings in the embodiments of the present application. The following examples are used to illustrate the present application, but not to limit the scope of the present application.

Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terms used herein are only for the purpose of describing the embodiments of the present application, and are not intended to limit the present application.

In the following description, references to "some embodiments" describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or a different subset of all possible embodiments, and Can be combined with each other without conflict.

Figure 1 is a schematic diagram of the implementation flow of the user authentication method provided by the embodiment of the present application. The method is applied to a contactless card reader. As shown in Figure 1, the method may include the following steps 101 to 103:

In step 101, a contactless card reader establishes a communication connection with an identifiable card.

In some embodiments, the contactless card reader establishes a near field communication (Near Field Communication, NFC) connection with the identifiable card.

In this embodiment of the application, there is no limitation on the types of identifiable cards. For example, in some embodiments, the identifiable card may be any card supporting NFC communication technology, such as a bus card, bank card, access control card, etc. supporting NFC communication technology. In other embodiments, the identifiable card can also be a card embedded in an electronic device or a card connected to an external electronic device, so that the electronic device can support NFC communication technology, for example, the electronic device can include a mobile phone, a tablet computer , laptop, personal digital assistant (PDA), tablet computer (PAD) or navigation device, etc.

In the embodiment of the present application, the contactless card reader may be any card reader supporting NFC communication technology, such as a point of sales terminal (POS) machine, a subway gate, an access control card reader, and the like.

In step 102, the contactless card reader obtains the application information currently bound to the identifiable card.

It should be noted that the application information currently bound to the identifiable card is the information of the application currently being used by the user, that is, the information of the application currently activated by the identification card. In some embodiments, the currently activated application information of the identifiable card can be further obtained from the routing table information by acquiring the routing table information of the identifiable card. Wherein, as shown in Table 1, the router information includes at least application identifications (Application Identification, AID) of different applications, as well as the category, location and current status of each application.

Table 1

Application AID category Location state AID1 Bank NFC-SIM force AID2 Bank eSE active AID3 Transportation eSE active AID4 Transportation HCE deactive - - NFC-SIM default

Understandably, different users have different usage habits when using an identifiable card. Correspondingly, when different users use the same identifiable card, the currently activated application information on the identifiable card is also different. For example, if user A prefers to use transportation applications, and user B prefers to use bank card applications, then when user A uses an identifiable card, the currently activated application on the card can be identified as a transportation application; When identifying the card, it can be identified that the currently activated application on the card is a bank card application.

Wherein, for the same type of application on the same identifiable card, when the user uses this type of application, one of the type of applications is set as an activated state, while other similar applications are set as a waiting state. In this way, due to the different usage habits of users, even if different users use bank card applications, when setting the recognizable cards, the applications that are set to be active are also different. For example, if user A prefers to use bank card application A for payment, he can set bank card application A to be activated and other bank card applications to be activated; user B prefers to use bank card application B for payment , then it can set the B bank card application to the activated state, and set the other bank card applications to the pending activation state.

Step 103, at least according to the currently bound application information and the application information bound with the history of the identifiable card, perform identity authentication on the user currently using the identifiable card to determine whether to swipe the identifiable card.

For example, take the identifiable card as the card embedded in the mobile phone, and the non-contact card reader as the subway gate. The mobile phone establishes a communication connection, so that the subway gate machine can obtain the application information currently used by the mobile phone, and at least according to the currently used application information and the application information used by the mobile phone to swipe the subway card at historical moments, offline authentication of the user currently using the mobile phone , to determine whether the user is himself and whether to perform card swiping operations on the mobile phone; or, after obtaining the application information currently used by the mobile phone, the subway gate uploads it to the business platform, so that the business platform can identify the current user using the mobile phone online certified.

In some embodiments, when authenticating a user, the identity authentication of the user cannot be completed, that is, the real identity of the user who is currently using an identifiable card cannot be determined, so different users may use the same legal card. If all identifiable cards can be authenticated successfully, the security of this authentication method is low.

Based on this, in this embodiment of the application, when performing identity authentication on a user currently using an identifiable card, at least according to the application information currently bound to the identifiable card (the application information that the identifiable card is currently activated, that is, The application used by the user at the current moment) and the pre-stored application information bound to the identifiable card history (that is, the application information that is activated on the identifiable card used by the user at the historical moment) to authenticate. In this way, on the one hand, the identity authentication is completed in a state where the user has no sense, which is convenient to use and improves the user experience; Authentication, and avoid the situation that other users can also pass the authentication when using the same identifiable card, thereby improving the security of authentication.

Figure 2 is a schematic diagram of the implementation flow of the user authentication method provided by the embodiment of the present application. The method is applied to a contactless card reader. As shown in Figure 2, the method may include the following steps 201 to 206:

Step 201, the contactless card reader establishes a communication connection with the identifiable card;

Step 202, the contactless card reader obtains the application information currently bound to the identifiable card;

Step 203, the contactless card reader acquires the radio frequency information supported by the identifiable card.

In some embodiments, the radio frequency information supported by the identifiable card includes at least one of the following: physical radio frequency information, radio frequency protocol information, and secure element SE information.

In some embodiments, the physical radio frequency information includes at least one of the following: antenna size, load modulation depth, radio frequency circuit impedance, and resonance frequency of the NFC device; the radio frequency protocol information includes at least one of the following: a response to a Type A card request (ATQA , AnswerTo Request TypeA), unique identifier (UID, Unique Identification), selection confirmation (SAK, SelectAcknowledge), selection response (ATS, Answer To Select), frame waiting time (Frame Waitinteger, FWI), start frame protection time integer ( Start-up Frame Guard time Integer, SFGI) and other A/B type (Type A/B) parameters that comply with the ISO/IEC 14443 standard; the secure element SE information includes at least one of the following: Embedded secure element (Embedded SE, eSE), NFC Subscriber Identity Module (NFC-Subscriber Identity Module, NFC-SIM) information.

Among them, the physical radio frequency information and SE information are fixed, and the FWI and SFGI in the radio frequency protocol information are changeable, which are related to the currently activated application of the identifiable card, that is, the activated application is different, and the FWI and SFGI are also subject to change.

Step 204, matching the radio frequency information supported by the identifiable card with at least one piece of pre-stored historical radio frequency information to obtain a first matching result.

Here, at least one piece of historical radio frequency information may be stored in the database as a whole, or may be stored separately, which is not limited.

After obtaining the radio frequency information currently supported by the identifiable card, the contactless card reader can match it with the pre-stored historical radio frequency information to determine whether there is any historical radio frequency information that is the same as the currently supported radio frequency information; The radio frequency information currently supported by the identification card is uploaded to the service platform, so that the service platform can determine whether the historical radio frequency information is the same as the currently supported radio frequency information. If there is the same radio frequency information, it means that the identifiable card is a legal card; if there is no same radio frequency information, it means that the identifiable card is an illegal card.

In the embodiment of the present application, there is no limitation on the matching method between the radio frequency information supported by the identifiable card and the historical radio frequency information. For example, it is possible to directly match the obtained radio frequency information with the pre-stored historical radio frequency information; it is also possible to perform feature extraction on the radio frequency information first, to obtain specific fields in the radio frequency information, and to extract specific fields from the pre-stored historical radio frequency information Matching; it is also possible to further match the characteristic code generated by a specific field in the radio frequency information with the historical characteristic code generated in the pre-stored historical radio frequency information.

Step 205, matching the currently bound application information with the historically bound application information of the identifiable card to obtain a second matching result.

It should be noted that the historically bound application information of the same identifiable card is stored in association with the historical radio frequency information corresponding to the identifiable card.

After the contactless card reader obtains the current binding application information of the identifiable card, it can match it with the pre-stored historical binding application information to determine whether there is any historical binding application information and current binding application information. The application information is the same; the application information currently bound to the identifiable card can also be uploaded to the service platform, so that the service platform can determine whether the historically bound application information is the same as the currently bound application information. If there is the same application information, it means that the user currently using the identifiable card is the same user as the user who used the identifiable card in history; Users using the identifiable card are different users.

Here, the manner of matching the currently bound application information with the historically bound application information is also not limited. For example, the obtained currently bound application information can be directly matched with the pre-stored historically bound application information; Fields are matched with the specific fields extracted from the pre-stored historically bound application information; it is also possible to further generate a feature code for a specific field in the currently bound application information and match it with the pre-stored historically bound application information The generated historical signatures are matched.

Here, the order of steps 204 and 205 is not limited. For example, in some embodiments, step 204 may be performed first, and then step 205 is performed, that is, the radio frequency information is first matched, and then the bound application information is matched. In this way, when the radio frequency information does not match, it means that the identifiable card is an illegal card, and the card swiping operation cannot be performed on it, so step 205 may not be performed, thereby saving power consumption. In some other embodiments, step 205 may also be performed first, and then step 204 is performed, that is, the bound application information is first matched, and then the radio frequency information is matched. In this way, when the application information does not match, it means that the user currently using the identifiable card is an illegal user, and then step 204 may not be executed to save power consumption; of course, step 204 and step 205 may also be executed simultaneously.

Step 206 , if the first matching result and the second matching result are successful matching, determine that the identity authentication of the user currently using the identifiable card is successful, and perform a card swiping operation on the identifiable card.

When both the first matching result and the second matching result are successfully matched, it means that the identifiable card is a legal card, and the user who uses the identifiable card is the user himself, so it is determined that the identity authentication of the user currently using the identifiable card is successful , and perform a swipe action on a recognized card. This two-factor authentication method is more secure and reliable.

FIG. 3 is a schematic diagram of an implementation flow of an offline user authentication method provided in an embodiment of the present application. As shown in FIG. 3 , the method may include the following steps 301 to 305:

Step 301, the contactless card reader establishes a communication connection with the identifiable card;

Step 302, the non-contact card reader sends an offline authentication instruction to the recognizable card.

Here, whether the offline authentication or the online authentication is selected on the side of the non-contact card reader is set by the operator or the administrator. For example, if the network signal at the location of the contactless card reader is poor, the operator can choose to set the authentication method to offline authentication to facilitate user operation; if the network signal at the location of the contactless card reader is good, Then the operator can choose to set the authentication method as online authentication to improve the security of authentication. Of course, no matter whether it is offline authentication or online authentication, the user is unaware.

Step 303, the identifiable card obtains the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card according to the received offline authentication instruction;

Step 304, the identifiable card sends the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card to the contactless card reader;

In step 305, the contactless card reader authenticates the user currently using the identifiable card according to the received application information bound currently, the application information previously bound to the identifiable card, and the radio frequency information supported by the identifiable card, to determine whether to swipe a recognized card.

In the embodiment of the present application, the authentication method for the contactless card reader to authenticate the user currently using the identifiable card is the same as the method in steps 204 to 206 in the above embodiment, and will not be repeated here.

FIG. 4 is a schematic diagram of an implementation flow of an online user authentication method provided in an embodiment of the present application. As shown in FIG. 4, the method may include the following steps 401 to 409:

Step 401, the contactless card reader establishes a communication connection with the identifiable card;

Step 402, the contactless card reader initiates an online authentication request to the service platform.

When the non-contact card reader side determines that the authentication mode is online authentication, it initiates an online authentication request to the service platform, so that the service platform completes the online authentication of the user currently using the identifiable card.

Step 403, the contactless card reader receives the online authentication instruction returned by the service platform based on the online authentication request;

Step 404, the non-contact card reader sends an online authentication instruction to the recognizable card;

Step 405, the identifiable card obtains the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card according to the received online authentication instruction;

Step 406, the contactless card reader receives the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card sent by the identifiable card;

Step 407, the contactless card reader uploads the currently bound application information and the radio frequency information supported by the identifiable card to the service platform;

Step 408: The service platform performs identity authentication on the user currently using the identifiable card according to the currently bound application information, the pre-stored application information and radio frequency information bound to the identifiable card history, and obtains the authentication result.

It should be noted that the authentication method of the service platform for the user who currently uses an identifiable card is the same as the method in steps 204 to 206 in the above embodiment, and will not be repeated here. The difference is that in this application In the example, the user is authenticated online using the business platform.

Step 409, the service platform sends the authentication result to the contactless card reader and displays it.

In some embodiments, when authenticating a user, methods such as user name + password or SMS verification code are often used. But for users, the authentication method of user name + password is difficult to remember the password, and the operation is cumbersome; the method of SMS verification code cannot guarantee the accessibility of verification SMS, and the operation is inconvenient. In some other embodiments, as shown in Figure 5, the one-click login function launched has lowered the threshold for users to use to a certain extent, but this function is only for the verification of the mobile phone number rather than the user himself, that is, anyone who uses this The number can be authenticated, and there is no effective verification of the user himself.

Based on this, an exemplary application of the embodiment of the present application in an actual application scenario will be described below.

In the embodiment of this application, a user authentication method based on NFC terminals is proposed by adding a card swiping behavior module in the terminal operating system, adding a terminal authentication module in the card reader device, and adding terminal identification and user authentication modules on the platform side. And the system, according to the relevant information of using NFC on the user terminal to swipe the card, realizes the description of the user's real identity, completes the authentication of the user himself, and improves the security of authentication while being convenient to use.

In the embodiment of the present application, as shown in Figure 6, the user authentication method and system based on the NFC terminal can be realized through the following technical means:

(1) Add a card swiping behavior module in the operating system of the terminal to record the data related to NFC card swiping on the terminal side, including terminal NFC radio frequency parameters, contactless parameters, SE information, and card swiping routing settings. The card device communicates, and when the user uses the APP, it communicates with the platform;

(2) Add a terminal authentication module on the contactless card reader side, conduct contactless communication with the terminal when the user swipes the card, obtain the user's card swiping behavior information, and complete online or offline authentication for the user according to the authentication algorithm;

(3) Add terminal identification and user authentication modules on the platform side. The terminal identification module is responsible for recording the user's card swiping behavior and user terminal information. The user authentication module completes the verification for the user based on the information returned by the card reader or the information uploaded by the terminal APP when the user swipes the card. Online certification.

Wherein, as shown in FIG. 7 , a main flowchart for offline user authentication using a contactless card reader is provided, including the following steps 701 to 711:

Step 701, the non-contact card reader initiates a card search request;

Step 702, the terminal (i.e., an example of identifying the card) returns, and establishes a contactless communication connection with the contactless card reader;

Step 703, the non-contact communication module on the non-contact card reader side returns the connection establishment result, card type, and communication protocol supported by the card to the terminal authentication module;

Step 704, the non-contact card reader side selects an offline user authentication method;

Step 705, the non-contact card reader initiates a non-contact authentication request;

Step 706, the non-contact communication module on the side of the non-contact card reader sends an offline authentication instruction;

Step 707, the NFC chip on the terminal side receives the authentication instruction and transmits it to the card swiping behavior module;

Step 708, the terminal card swiping behavior module obtains terminal non-contact radio frequency parameter information (that is, the radio frequency information supported by the card), including antenna size S, working field strength H, load modulation depth U, resonance frequency M, etc., non-contact protocol parameters ( The radio frequency information supported by the card can be identified), including ATQA, UID, SAK, FWI, SFGI, etc., the terminal SE information (the radio frequency information supported by the card can be identified), including eSE, NFC-SIM information, terminal NFC routing table information ( The application information currently bound to the card can be identified), as shown in Table 1 above, and fed back to the NFC chip;

Step 709, the NFC chip on the terminal side returns terminal card swiping information to the contactless communication module on the contactless card reader side;

Step 710, the contactless communication module on the contactless card reader side returns terminal card swiping information to the terminal authentication module;

Step 711, the non-contact card reader performs authentication processing, which mainly includes two stages of user identification training and authentication. In the training phase, the contactless card reader obtains the contactless radio frequency parameter information, contactless protocol parameters, terminal SE information (that is, historical radio frequency information) and terminal NFC routing table Application information) for feature training, feature selection, extracting specific fields, and using machine learning algorithms such as naive Bayesian to generate a user identification library; in the authentication phase, the contactless card reader obtains the contactless radio frequency parameter information on the user terminal side , non-contact protocol parameters, terminal SE information, specific fields in terminal NFC routing table information, generate user signatures according to machine learning algorithms, match with information in the user identification database, determine whether the user is authenticated, and generate user authentication results .

As shown in FIG. 8 , a main flow chart of online user authentication using a service platform is provided. Including the following steps 801 to 815:

Step 801, the non-contact card reader initiates a card search request;

Step 802, the terminal returns, and establishes a contactless communication connection with the contactless card reader;

Step 803, the non-contact communication module on the non-contact card reader side returns the connection establishment result, card type, and communication protocol supported by the card to the terminal authentication module;

Step 804, the non-contact card reader side selects an online user authentication method;

Step 805, the non-contact card reader initiates an online authentication application to the business platform;

Step 806, the service platform initiates an authentication request;

Step 807, the contactless card reader internally transmits the authentication request;

Step 808, the non-contact communication module on the side of the non-contact card reader sends an authentication instruction;

Step 809, the NFC chip on the terminal side receives the authentication instruction and transmits it to the card swiping behavior module;

Step 810, the card swiping behavior module on the terminal side obtains the terminal's non-contact radio frequency parameter information, including antenna size S, working field strength H, load modulation depth U, resonance frequency M, etc., non-contact protocol parameters, including ATQA, UID, SAK, FWI, SFGI, etc., terminal SE information, including eSE, NFC-SIM information, terminal NFC routing table information, as shown in Table 1 above, is fed back to the NFC chip;

Step 811, the NFC chip on the terminal side returns terminal card swiping information to the contactless communication module on the contactless card reader side;

Step 812, the contactless card reader internally transmits the terminal card swiping information;

Step 813, the non-contact card reader sends terminal card swiping information to the business platform;

Step 814, the service platform performs authentication processing, which mainly includes two stages of user identification training and authentication. In the training phase, the service platform side obtains the user terminal’s non-contact radio frequency parameter information, non-contact protocol parameters, terminal SE information, and terminal NFC routing table information for feature training, selects features, extracts specific fields, and uses Naive Bayesian and other machine learning algorithms to generate a user identification library; in the authentication phase, the service platform side obtains the user terminal's non-contact radio frequency parameter information, non-contact protocol parameters, terminal SE information, and specific fields in the terminal NFC routing table information, and generates a database based on the machine learning algorithm. The user signature code is matched with the information in the user identification database to determine whether the user has passed the authentication and generate a user authentication result;

Step 815, the service platform sends the user authentication result to the card reader for display.

In this embodiment of the application, according to the relevant information of the user using NFC card swiping on the terminal, the description of the user's real identity is realized, the user's own authentication is completed, and the authentication security is improved; the user swipes the card or opens the application without contact , APP) completes the authentication without perception, and is convenient for business use.

It should be noted that although the steps of the method in the present application are described in a specific order in the drawings, this does not require or imply that the steps must be performed in this specific order, or that all shown steps must be performed to achieve the desired the result of. Additionally or alternatively, certain steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution, etc.; or, the steps in different embodiments may be combined into a new technology plan.

Based on the aforementioned embodiments, this embodiment of the present application provides a user authentication device, which includes each module included, and each unit included in each module, which can be realized by a processor; of course, it can also be implemented by a specific logic circuit Implementation; in the process of implementation, the processor may be a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP) or a field programmable gate array (FPGA).

FIG. 9 is a schematic structural diagram of a user authentication device provided in an embodiment of the present application. As shown in FIG. 9, the device 900 includes a communication unit 901, an acquisition unit 902, and an authentication unit 903, wherein:

The communication unit 901 is configured to establish a communication connection with the identifiable card; the obtaining unit 902 is configured to obtain the application information currently bound to the identifiable card; the authentication unit 903 is configured to at least according to the currently bound application information As well as the application information bound with the history of the identifiable card, the identity authentication of the user currently using the identifiable card is performed to determine whether to perform a card swiping operation on the identifiable card.

In some embodiments, the obtaining unit 902 is configured to obtain the radio frequency information supported by the identifiable card; the authentication unit 903 is configured to use the currently bound application information, the history binding with the identifiable card The application information and the radio frequency information are used to authenticate the user currently using the identifiable card, so as to determine whether to swipe the identifiable card.

In some embodiments, the device further includes a matching unit and a determining unit, the matching unit is configured to match the radio frequency information supported by the identifiable card with at least one pre-stored historical radio frequency information to obtain the first matching Result; match the currently bound application information with the historically bound application information of the identifiable card to obtain a second matching result; the determining unit is configured to combine the first matching result and the If the second matching result is successful matching, it is determined that the identity authentication of the user currently using the identifiable card is successful, and a card swiping operation is performed on the identifiable card.

In some embodiments, the device further includes a sending unit and a receiving unit, the sending unit is configured to send an offline authentication instruction to the identifiable card, so that the identifiable card can obtain the The application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card; the receiving unit is configured to receive the information currently bound to the identifiable card sent by the identifiable card Application information and radio frequency information supported by the identifiable card.

In some embodiments, the sending unit is configured to initiate an online authentication request to the service platform; the receiving unit is configured to receive an online authentication instruction returned by the service platform based on the online authentication request; the sending unit, It is also used to send the online authentication instruction to the identifiable card, so that the identifiable card obtains the application information currently bound to the identifiable card and the identifiable card support information according to the online authentication instruction. the radio frequency information; the receiving unit is further configured to receive the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card sent by the identifiable card.

In some embodiments, the sending unit is configured to upload the currently bound application information and the radio frequency information to the service platform, so that the service platform, according to the currently bound application information, The stored application information and the radio frequency information that are bound with the history of the identifiable card are used to authenticate the user currently using the identifiable card and obtain an authentication result; the receiving unit is configured to receive the service platform The authentication result sent.

The description of the above device embodiment is similar to the description of the above method embodiment, and has similar beneficial effects as the method embodiment. For technical details not disclosed in the device embodiments of the present application, please refer to the description of the method embodiments of the present application for understanding.

It should be noted that the division of modules by the user authentication device shown in FIG. 9 in the embodiment of the present application is schematic, and is only a logical function division. In actual implementation, there may be other division methods. In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or physically exist separately, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units. It can also be implemented in the form of a combination of software and hardware.

It should be noted that, in the embodiment of the present application, if the above method is implemented in the form of a software function module and sold or used as an independent product, it can also be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solutions of the embodiments of the present application or the part that contributes to related technologies can be embodied in the form of software products. The computer software products are stored in a storage medium and include several instructions to make The electronic device executes all or part of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: various media capable of storing program codes such as a U disk, a mobile hard disk, a read only memory (Read Only Memory, ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.

An embodiment of the present application provides a user authentication system, the user authentication system includes an identifiable card and a contactless card reader; wherein the identifiable card is used to obtain application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card, and send it to the non-contact card reader; Using the information and the radio frequency information supported by the identifiable card, offline identity authentication is performed on the user currently using the identifiable card, so as to determine whether to perform a card swiping operation on the identifiable card.

An embodiment of the present application provides a user authentication system, the user authentication system includes at least an identifiable card, a contactless card reader, and a service platform; wherein the identifiable card is used to obtain the The specified application information and the radio frequency information supported by the identifiable card are sent to the contactless card reader; The application information and the radio frequency information supported by the identifiable card are uploaded to the service platform; The radio frequency information supported by the identifiable card is used to perform online identity authentication on the user currently using the identifiable card, so as to determine whether to swipe the identifiable card.

An embodiment of the present application provides an electronic device. FIG. 10 is a schematic diagram of a hardware entity of the electronic device according to the embodiment of the present application. As shown in FIG. 10 , the electronic device 100 includes a memory 101 and a processor 102, and the memory 101 stores A computer program that can run on the processor 102, and the processor 102 implements the steps in the methods provided in the above-mentioned embodiments when executing the program.

It should be noted that the memory 101 is configured to store instructions and applications executable by the processor 102, and may also cache data to be processed or processed by each module in the processor 102 and the electronic device 100 (for example, image data, audio data, etc. , voice communication data and video communication data), can be implemented by flash memory (FLASH) or random access memory (Random Access Memory, RAM).

An embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps in the methods provided in the foregoing embodiments are implemented.

The embodiment of the present application provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the steps in the method provided by the above method embodiment.

It should be pointed out here that: the descriptions of the above storage medium and device embodiments are similar to the descriptions of the above method embodiments, and have similar beneficial effects to those of the method embodiments. For technical details not disclosed in the storage medium, storage medium, and device embodiments of the present application, please refer to the description of the method embodiment of the present application for understanding.

It should be understood that reference throughout this specification to "one embodiment" or "an embodiment" or "some embodiments" means that a particular feature, structure, or characteristic related to the embodiment is included in at least one embodiment of the present application . Thus, appearances of "in one embodiment" or "in an embodiment" or "in some embodiments" in various places throughout the specification are not necessarily referring to the same embodiments. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, and should not be used in the embodiments of the present application. The implementation process constitutes any limitation. The serial numbers of the above embodiments of the present application are for description only, and do not represent the advantages and disadvantages of the embodiments. The above descriptions of the various embodiments tend to emphasize the differences between the various embodiments, and the same or similar points can be referred to each other, and for the sake of brevity, details are not repeated herein.

The term "and/or" in this article is just an association relationship describing associated objects, which means that there can be three relationships, such as object A and/or object B, which can mean: object A exists alone, and object A and object exist at the same time B, there are three situations of object B alone.

It should be noted that, in this document, the term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article or apparatus comprising that element.

In the several embodiments provided in this application, it should be understood that the disclosed devices and methods may be implemented in other ways. The above-described embodiments are only illustrative. For example, the division of the modules is only a logical function division. In actual implementation, there may be other division methods, such as: multiple modules or components can be combined, or can be Integrate into another system, or some features may be ignored, or not implemented. In addition, the mutual coupling, or direct coupling, or communication connection between the various components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or modules may be in electrical, mechanical or other forms of.

The modules described above as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules; they may be located in one place or distributed to multiple network units; Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional module in each embodiment of the present application can be integrated into one processing unit, or each module can be used as a single unit, or two or more modules can be integrated into one unit; the above-mentioned integration The modules can be implemented in the form of hardware, or in the form of hardware plus software functional units.

Those of ordinary skill in the art can understand that all or part of the steps to realize the above method embodiments can be completed by hardware related to program instructions, and the aforementioned programs can be stored in computer-readable storage media. When the program is executed, the execution includes: The steps of the above-mentioned method embodiments; and the aforementioned storage medium includes: various media capable of storing program codes such as removable storage devices, read only memory (ROM), magnetic disks or optical disks.

Alternatively, if the above-mentioned integrated units of the present application are realized in the form of software function modules and sold or used as independent products, they can also be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solutions of the embodiments of the present application or the part that contributes to the related technologies can be embodied in the form of software products. The computer software products are stored in a storage medium and include several instructions to make The electronic device executes all or part of the methods described in the various embodiments of the present application. The aforementioned storage medium includes various media capable of storing program codes such as removable storage devices, ROMs, magnetic disks or optical disks.

The methods disclosed in several method embodiments provided in this application can be combined arbitrarily to obtain new method embodiments under the condition of no conflict.

The features disclosed in several product embodiments provided in this application can be combined arbitrarily without conflict to obtain new product embodiments.

The features disclosed in several method or device embodiments provided in this application can be combined arbitrarily without conflict to obtain new method embodiments or device embodiments.

The above is only the embodiment of the present application, but the scope of protection of the present application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the present application, and should covered within the scope of protection of this application. Therefore, the protection scope of the present application should be determined by the protection scope of the claims.

Claims (11)

1. A user authentication method, characterized in that the method comprises: Establish a communication connection with the identifiable card; Acquiring application information currently bound to the identifiable card; At least according to the currently bound application information and the application information bound with the history of the identifiable card, perform identity authentication on the user currently using the identifiable card to determine whether to perform a card swiping operation on the identifiable card . 2. The method according to claim 1, wherein at least based on the currently bound application information and the historically bound application information of the identifiable card, the currently using the identifiable card The user performs identity authentication to determine whether to perform a card swiping operation on the identifiable card, including: Obtain radio frequency information supported by the identifiable card; According to the currently bound application information, the historically bound application information with the identifiable card, and the radio frequency information, perform identity authentication on the user currently using the identifiable card to determine whether to authenticate the Cards can be recognized to perform card swiping operations. 3. The method according to claim 2, wherein, according to the currently bound application information, the historically bound application information and the radio frequency information of the identifiable card, the currently used The user of the identifiable card performs identity authentication to determine whether to perform a card swiping operation on the identifiable card, including: matching the radio frequency information supported by the identifiable card with at least one piece of pre-stored historical radio frequency information to obtain a first matching result; matching the currently bound application information with the historically bound application information of the identifiable card to obtain a second matching result; If the first matching result and the second matching result are successful matching, it is determined that the identity authentication of the user currently using the identifiable card is successful, and a card swiping operation is performed on the identifiable card. 4. The method according to claim 2, wherein when the user authentication method is offline authentication, the acquiring the application information currently bound to the identifiable card and acquiring the identifiable card Supported RF information, including: Sending an offline authentication instruction to the identifiable card, so that the identifiable card obtains the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card according to the offline authentication instruction; receiving the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card sent by the identifiable card. 5. The method according to claim 2, wherein when the user authentication method is online authentication, the acquiring the application information currently bound to the identifiable card and acquiring the identifiable card Supported RF information, including: Initiate an online authentication request to the business platform; receiving an online authentication instruction returned by the service platform based on the online authentication request; sending the online authentication instruction to the identifiable card, so that the identifiable card obtains the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card according to the online authentication instruction ; receiving the application information currently bound to the identifiable card and the radio frequency information supported by the identifiable card sent by the identifiable card. 6. The method according to claim 5, wherein, according to the currently bound application information, the application information bound with the identifiable card history, and the radio frequency information, the currently used The identity authentication of the user of the identifiable card includes: uploading the currently bound application information and the radio frequency information to the service platform, so that the service platform, according to the currently bound application information, pre-stored historically bound applications with the identifiable card information and the radio frequency information, and perform identity authentication on the user currently using the identifiable card, and obtain an authentication result; Receive the authentication result sent by the service platform. 7. The method according to any one of claims 2 or 3, wherein the radio frequency information supported by the identifiable card includes at least one of the following: physical radio frequency information, radio frequency protocol information, and secure element SE information. 8. The method according to claim 1, wherein said establishing a communication connection with the identifiable card comprises: establishing a near field communication (NFC) connection with the identifiable card. 9. A user authentication device, characterized in that it comprises: a communication unit, configured to establish a communication connection with the identifiable card; an acquiring unit, configured to acquire application information currently bound to the identifiable card; An authentication unit, configured to authenticate the user currently using the identifiable card according to at least the currently bound application information and the historically bound application information of the identifiable card, so as to determine whether to authenticate the identifiable card Recognize the card and perform the card swiping operation. 10. An electronic device comprising a memory and a processor, the memory stores a computer program that can run on the processor, wherein any one of claims 1 to 8 is implemented when the processor executes the program the method described. 11. A computer-readable storage medium, on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the method according to any one of claims 1 to 8 is implemented.

Images