User identity authentication method and device

US 10,412,585 B2
Filed: 09/28/2015
Issued: 09/10/2019
Est. Priority Date: 09/28/2015
Status: Active Grant

First Claim

Patent Images

1. A user identity authentication method, comprising:

acquiring, by an identity authentication server, a user request from a Service Provider (SP) device, the user request comprising an identity credential of a user;

determining, by the identity authentication server, an Identifier (ID) of the user and a priority of the identity credential according to the user request; and

sending, by the identity authentication server, the ID of the user and the priority of the identity credential to the SP device for enabling a corresponding service for the user;

wherein the identity credential comprises a primary credential and a secondary credential,wherein the primary credential comprises at least one of;

a DeoxyriboNucleic Acid (DNA), a fingerprint, an iris and a voiceprint,wherein the secondary credential comprises at least one of;

a digital certificate, a digital signature, a user card and a password, andwherein a priority of the primary credential is higher than a priority of the secondary credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user identity authentication method is provided, which includes that: a Service Provider (SP) device receives a user request sent by a terminal, the user request including an identity credential of a user; the SP device determines an Identifier (ID) of the user and a priority of the identity credential according to the user request; and the SP device enables corresponding service for the terminal according to the priority. In the embodiment, the SP device provides the corresponding service according to the identity credential of the user. Therefore, a Unified security identity authentication manner may be implemented, usability is improved, and optimal utilization of resources may be implemented.

12 Citations

20 Claims

1. A user identity authentication method, comprising:
- acquiring, by an identity authentication server, a user request from a Service Provider (SP) device, the user request comprising an identity credential of a user;
  
  determining, by the identity authentication server, an Identifier (ID) of the user and a priority of the identity credential according to the user request; and
  
  sending, by the identity authentication server, the ID of the user and the priority of the identity credential to the SP device for enabling a corresponding service for the user;
  
  wherein the identity credential comprises a primary credential and a secondary credential,wherein the primary credential comprises at least one of;
  
  a DeoxyriboNucleic Acid (DNA), a fingerprint, an iris and a voiceprint,wherein the secondary credential comprises at least one of;
  
  a digital certificate, a digital signature, a user card and a password, andwherein a priority of the primary credential is higher than a priority of the secondary credential.
- View Dependent Claims (2)
- - 2. The method according to claim 1, wherein the identity credential is generated at a terminal by processing with a generation method, andwherein the determining an ID of the user and a priority of the identity credential according to the user request comprises:
    - processing the identity credential by adopting a verification method; and
      
      acquiring the ID and the priority corresponding to the processed identity credential according to a prestored corresponding relationship.

3. A user identity authentication method, comprising:
- receiving, by a terminal, an identity credential input by a user;
  
  determining, by the terminal, an Identity (ID) of the user and a priority of the identity credential according to the identity credential;
  
  acquiring, by the terminal, subscription information of the user according to the ID of the user; and
  
  determining a service corresponding to the priority of the identity credential according to the subscription information;
  
  wherein the identity credential comprises a primary credential and a secondary credential,wherein the primary credential comprises at least one of;
  
  a DeoxyriboNucleic Acid (DNA), a fingerprint, an iris and a voiceprint,wherein the secondary credential comprises at least one of;
  
  a digital certificate, a digital signature, a user card and a password, andwherein a priority of the primary credential is higher than a priority of the secondary credential.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 20)
- - 4. The method according to claim 3, wherein before the terminal receives the identity credential input by the user, the method further comprises:
    - receiving, by the terminal, first selection information input by the user, the first selection information indicating a first operator selected by the user;
      
      receiving, by the terminal, a user request input by the user, the user request comprising the identity credential; and
      
      sending, by the terminal, the user request to a first Service Provider (SP) device of the first operator.
  - 5. The method according to claim 4, further comprising:
    - after the first SP device indicates that the identity credential of the terminal passes authentication, accessing, by the terminal, a network of the first operator through the first SP device.
  - 6. The method according to claim 4, further comprising:
    - acquiring, by the terminal, the subscription information of the user through the first SP device.
  - 7. The method according to claim 4, further comprising at least one of the following:
    - receiving, by the terminal, a first corresponding relationship sent by the first SP device, the first corresponding relationship comprising a corresponding relationship among the ID of the user, the identity credential and the priority of the identity credential;
      
      or,receiving, by the terminal, a second corresponding relationship sent by the first SP device, the second corresponding relationship comprising a corresponding relationship between the priority of the identity credential and the service.
  - 8. The method according to claim 4, further comprising:
    - receiving, by the terminal, an instruction of the user, the instruction indicating that the user is to reselect an operator;
      
      receiving, by the terminal, second selection information of the user, the second selection information indicating a second operator selected by the user;
      
      sending, by the terminal, the user request to a second SP device of the second operator; and
      
      after the second SP device indicates that the terminal passes authentication, accessing, by the terminal, a network of the second operator through the second SP device.
  - 9. The method according to claim 4, further comprising:
    - receiving, by the terminal, a temporary quitting instruction of the user; and
      
      suspending, by the terminal, user data of the user according to the temporary quitting instruction.
  - 10. The method according to claim 3, further comprising:
    - receiving, by the terminal, a service request of the user; and
      
      when a service indicated by the service request is not the service corresponding to the priority of the identity credential, denying, by the terminal, the service request,wherein the denying, by the terminal, the service request comprises;
      
      presenting, by the terminal, prompting information, the prompting information being configured to indicate the user to input another identity credential corresponding to the service indicated by the service request.
  - 11. The method according to claim 3, further comprising:
    - receiving, by the terminal, a user credential input by another user; and
      
      determining, by the terminal, another service corresponding to the identity credential input by the another user to enable the another user to use the another service through the terminal.
  - 12. The method according to claim 3, further comprising:
    - receiving, by the terminal, a permanent deactivation instruction of the user; and
      
      deleting, by the terminal, the user data of the user according to the permanent deactivation instruction.
  - 20. The method according to claim 4, wherein the sending the user request to the first SP device comprises:
    - processing the identity credential by adopting a predefined generation method; and
      
      sending the processed identity credential to the first SP device.

13. A terminal, comprising:
- a receiver, configured to receive an identity credential input by a user;
  
  a processor; and
  
  a memory, configured to store codes executed by the processor;
  
  wherein the processor is configured to;
  
  determine an Identity (ID) of the user and a priority of the identity credential according to the identity credential;
  
  acquire subscription information of the user according to the ID of the user; and
  
  determine a service corresponding to the priority of the identity credential according to the subscription information;
  
  wherein the identity credential comprises a primary credential and a secondary credential,wherein the primary credential comprises at least one of;
  
  a DeoxyriboNucleic Acid (DNA), a fingerprint, an iris and a voiceprint,wherein the secondary credential comprises at least one of;
  
  a digital certificate, a digital signature, a user card and a password, andwherein a priority of the primary credential is higher than a priority of the secondary credential.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The terminal according to claim 13, further comprising a sender, whereinthe receiver is further configured to receive first selection information input by the user, the first selection information indicating a first operator selected by the user;
    - the receiver is further configured to receive a user request input by the user, the user request comprising the identity credential; and
      
      the sender is configured to send the user request to a first Service Provider (SP) device of the first operator.
  - 15. The terminal according to claim 14, wherein the receiver is further configured to perform at least one of the following:
    - acquire the subscription information of the user through the first SP device;
      
      receive a first corresponding relationship sent by the first SP device, the first corresponding relationship comprising a corresponding relationship among the ID of the user, the identity credential and the priority of the identity credential;
      
      orreceive a second corresponding relationship sent by the first SP device, the second corresponding relationship comprising a corresponding relationship between the priority of the identity credential and the service.
  - 16. The terminal according to claim 14, whereinthe receiver is further configured to receive an instruction of the user, the instruction indicating that the user is to reselect an operator;
    - the receiver is further configured to receive second selection information of the user, the second selection information indicating a second operator selected by the user;
      
      the sender is further configured to send the user request to a second SP device of the second operator; and
      
      the processor is further configured to, in response to an indication from the second SP device that the terminal passes authentication, access a network of the second operator through the second SP device.
  - 17. The terminal according to claim 14, whereinthe receiver is further configured to receive a temporary quitting instruction of the user;
    - andthe processor is further configured to suspend user data of the user according to the temporary quitting instruction.
  - 18. The terminal according to claim 13, whereinthe receiver is further configured to receive a service request of the user;
    - andthe processor is configured to, when a service indicated by the service request is not the service corresponding to the priority of the identity credential, deny the service request, including;
      
      presenting prompting information, the prompting information being configured to indicate the user to input another identity credential corresponding to the service indicated by the service request.
  - 19. The terminal according to claim 13, whereinthe receiver is further configured to receive a user credential input by another user;
    - andthe processor is further configured to determine another service corresponding to the identity credential input by the another user to enable the another user to use the other service through the terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guangdong OPPO Mobile Telecommunications Corporation Limited
Original Assignee
Guangdong OPPO Mobile Telecommunications Corporation Limited
Inventors
Zeng, Yuanqing, Tang, Hai
Primary Examiner(s)
Shaheed, Khalid W

Application Number

US15/745,347
Publication Number

US 20180270658A1
Time in Patent Office

1,443 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/32   including means for verifyi...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 8/183   Processing at user equipmen...

H04W 88/02   Terminal devices

User identity authentication method and device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

User identity authentication method and device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links