Content of the invention
In view of this, the application provides a kind of auth method and device.
Specifically, the application is achieved by the following technical solution:
A kind of auth method, methods described includes:
The authentication request that receive user is initiated, carries described user's in described authentication request
User account information;
Extract multiple verification modes from described user account information corresponding checking question and answer storehouse, and be sent to
User is verified, described multiple verification modes include set forth below at least two:Face picture is tested
Card mode, audio authentication mode, the problem verification mode based on user's history behavior, fingerprint characteristic checking
Mode, iris feature verification mode;
Receive the feedback information that described user returns, when described feedback information is correct, confirm user identity
Legal.
Optionally, after receiving Client-initiated authentication request, also include:
Judge that described user account whether there is according to the behavioural information that user initiates described authentication request
Risk, if so, then extracts multiple verification modes from described user account information corresponding checking question and answer storehouse
And be sent to user and verified;
Wherein, described behavioural information includes:Request device identification, IP address requesting.
Optionally, the building process of described face picture verification mode includes:
Receive the legal face picture that the legal user of identity uploads;
According to human face similarity degree algorithm, it is that described legal face picture selects interference face picture;
Described face picture verification mode includes:One or more legal face picture and one or more
Interference face picture.
Optionally, described for legal face picture select interference face picture, including:
According to human face similarity degree algorithm, calculate described legal face picture and every alternative interference face respectively
The human face similarity degree of picture;
According to the order that described human face similarity degree is ascending, select the alternative interference face figure of predetermined number
Piece is as described interference face picture.
Optionally, the building process of described audio authentication mode includes:
Receive the legal audio frequency that the legal user of identity uploads;
According to audio similarity algorithm, it is described legal audio selection interference tones;
Described audio authentication mode includes:One or more legal audio frequency and one or more interference tones.
Optionally, described for legal audio selection interference tones, including:
Calculate the audio similarity of described legal audio frequency and each alternative audio respectively;
According to the order that described audio similarity is ascending, the alternative interference tones of predetermined number are selected to make
For described interference tones.
A kind of authentication means, described device includes:
Request reception unit, the authentication request that receive user is initiated, take in described authentication request
User account information with described user;
Extract transmitting element, from described user account information corresponding checking question and answer storehouse, extract multiple checkings
Mode, and be sent to user and verified, described multiple verification modes include set forth below at least two
Kind:Face picture verification mode, audio authentication mode, the problem verification mode based on user's history behavior,
Fingerprint characteristic verification mode, iris feature verification mode;
Legal confirmation unit, receives the feedback information that described user returns, when described feedback information is correct,
Confirm that user identity is legal.
Optionally, described device also includes:
Risk judgment unit, after receiving Client-initiated authentication request, initiates according to user
The behavioural information of described authentication request judges that described user account whether there is risk, if so, then adjusts
With extracting transmitting element;
Wherein, described behavioural information includes:Request device identification, IP address requesting.
Optionally, described device also includes:
First construction unit, receives the legal face picture that the legal user of identity uploads, according to face phase
Like degree algorithm, it is that described legal face picture selects interference face picture;
Described face picture verification mode includes:One or more legal face picture and one or more
Interference face picture.
Optionally, described first construction unit, with specific reference to human face similarity degree algorithm, calculates described respectively
Legal face picture and every alternative human face similarity degree disturbing face picture;According to described human face similarity degree
Ascending order, the alternative interference face picture selecting predetermined number is as described interference face picture.
Optionally, described device also includes:
Second construction unit, receives the legal audio frequency that the legal user of identity uploads, according to audio similarity
Algorithm, is described legal audio selection interference tones;
Described audio authentication mode includes:One or more legal audio frequency and one or more interference tones.
Optionally, described second construction unit, specifically calculates described legal audio frequency and each alternative sound respectively
The audio similarity of frequency;According to the order that described audio similarity is ascending, select the standby of predetermined number
Select interference tones as described interference tones.
By above description as can be seen that the application is after receiving Client-initiated authentication request, can
To extract multiple verification modes from user account information corresponding checking question and answer storehouse and to be sent to user and carry out
Checking, using the verification mode of various dimensions, safety is good.
Specific embodiment
Here will in detail exemplary embodiment be illustrated, its example is illustrated in the accompanying drawings.Following
When description is related to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous
Key element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the application
There is embodiment.On the contrary, they be only with such as appended claims in described in detail, the application one
The example of a little consistent apparatus and method of aspect.
It is the purpose only merely for description specific embodiment in term used in this application, and be not intended to be limiting
The application." a kind of " of singulative used in the application and appended claims, " institute
State " and " being somebody's turn to do " be also intended to including most forms, unless context clearly shows that other implications.Also should
Work as understanding, term "and/or" used herein refers to and comprises one or more associated to list item
Any or all possible combination of purpose.
It will be appreciated that though may be described various using term first, second, third, etc. in the application
Information, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information that
This distinguishes.For example, in the case of without departing from the application scope, the first information can also be referred to as
Two information, similarly, the second information can also be referred to as the first information.Depending on linguistic context, as in this institute
Use word " if " can be construed to " and ... when " or " when ... when " or " response
In determination ".
At present, the authentication mode providing in correlation technique mainly has several as follows:
Character password is verified:Whether it is the legal user setup of identity by the character that judges user input
Character is verified.However, character password is easily forgotten by user, also easily by hack.
Third party's password authentication:Disposable mouth is sent by third party's channel such as note, phone or mail
Make to user, user is verified by inputting password.However, third party's password often cannot send in time
Reach, Consumer's Experience is poor.
Hardware verification:Carried out by judging whether user holds the hardware such as legal smart card, safe U disc
Checking.However, hardware is inconvenient to carry, Consumer's Experience is poor.
Biological characteristic validation:By judging whether the biological characteristics such as face, the fingerprint of user's offer mate body
The biological characteristic of the legal user setup of part is verified.However, the recognition efficiency of biological characteristic validation is relatively
Low, and accuracy is poor.
Validation problem is verified:There is provided validation problem to user, pre- by judging whether the answer of user mates
If answer verified.However, the personal information that validation problem is often based on user is configured,
This type of information is easily revealed by social activity, and security risk is very big.
In view of this, the application provides a kind of authentication scheme, by providing the verification mode of various dimensions
To improve the accuracy of authentication, lift Consumer's Experience simultaneously.
Fig. 1 is a kind of schematic flow sheet of the auth method shown in the application one exemplary embodiment.
Refer to Fig. 1, described auth method can be used for service end, comprises the following steps:
Step 101, the authentication request that receive user is initiated, carry in described authentication request
The user account information of described user.
In the present embodiment, user can send authentication when login or Modify password
Ask to service end, service end receives described authentication request.Wherein, in described authentication request
Generally carry the user account information of user, described user account information can include:Account ID, account
Family password etc..
Step 102, extracts multiple verification modes from described user account information corresponding checking question and answer storehouse,
And be sent to user and verified.
Based on abovementioned steps 101, service end, can be according to institute after receiving described authentication request
State user account information and extract multiple verification modes from user account information corresponding checking question and answer storehouse, and
Multiple verification modes described are sent to user, so that user selects or inputs the information for checking.
In the present embodiment, for each user account, service end can build checking question and answer storehouse in advance,
Multiple verification modes are included, such as in described checking question and answer storehouse:Face picture verification mode, audio frequency are tested
Card mode, the problem verification mode based on user's history behavior, fingerprint characteristic verification mode, iris feature
Verification mode etc..In this step, service end can be chosen the checking of at least the above two kinds of verification modes and ask
Topic and alternative answer.
Wherein, the described problem verification mode based on user's history behavior is by the history service number of user account
According to generation, such as:" whether you logged in system yesterday?" etc..Described fingerprint characteristic verification mode with
And described iris feature verification mode needs user to pre-enter legal fingerprint characteristic and legal iris
Feature, service end preserves features described above, subsequently to verify to user.
In this step, described face picture verification mode can for providing multiple face picture to user,
One or multiple legal face picture and one or more dry are included in multiple face picture wherein said
Disturb face picture, user needs to select legal face picture in multiple face picture described.Described audio frequency
Verification mode can include one or many for providing multiple audio frequency to user in wherein said multiple audio frequency
Individual legal audio frequency and one or more illegal audio frequency, it is legal that user's needs select in the plurality of audio frequency
Audio frequency.
Optionally, in this step, service end is after receiving Client-initiated authentication request,
Can first judge that user account whether there is risk, when user account has risk, from user account letter
Extract multiple verification modes in breath corresponding checking question and answer storehouse and be sent to user.When user account does not exist
During risk, if the checking password of user input is correct, can confirm that user identity is legal.Specifically,
According to the behavioural information that user initiates described authentication request, service end can judge that described user account is
No have risk, and described behavioural information includes:Request device identification, IP address requesting etc..Such as:Clothes
Business end can according to request device identification or IP address requesting judge user be whether using common equipment or
Person is to send described authentication request often in place, if it is, can confirm that user account is not deposited
In risk, if it is not, then can confirm that user account has risk.Certainly, in actual applications,
Using other modes, those skilled in the art can also judge that user account whether there is risk, the application
This is not particularly limited.
Step 103, receives the feedback information that described user returns, when described feedback information is correct, really
Recognize user identity legal.
The feedback information that service end receive user is returned based on described multiple verification modes, and judge described anti-
Whether feedforward information is correct, if described feedback information is correct, can confirm that user identity is legal, such as:
User have selected legal face picture in multiple face picture, that user have selected in multiple audio frequency is legal
Audio frequency etc..If described feedback information is incorrect, can confirm that user identity is illegal.
By above description as can be seen that the application is after receiving Client-initiated authentication request, can
To extract multiple verification modes from user account information corresponding checking question and answer storehouse and to be sent to user and carry out
Checking, using the verification mode of various dimensions, safety is good.
Realize process with reference to what specific embodiment to describe the application.
The above-mentioned auth method that the application provides can also include two processes, and one is to carry out body
Before part checking, service end builds the process of face picture verification mode or audio authentication mode;Another
It is the process that user carries out authentication.Individually below this two processes are described.
Fig. 2 is a kind of flow process of the structure face picture verification mode shown in the application one exemplary embodiment
Schematic diagram.
Refer to Fig. 2, in the optional example of the application one, service end builds face picture verification mode
Process may comprise steps of:
Step 201, receives the legal face picture that the legal user of identity uploads.
In the present embodiment, user can upload and close when login account or modification accounts information
Method face picture, such as:The head portrait photo of oneself can be uploaded by user as described legal face picture
To service end.
Step 202, according to human face similarity degree algorithm, is that described legal face picture selects interference face figure
Piece.
Based on abovementioned steps S201, service end is after the legal face picture receiving user's upload, permissible
Randomly select several alternative interference face picture from default face picture storehouse, then according to face phase
Like degree algorithm, calculate described legal face picture and every alternative human face similarity disturbing face picture respectively
Degree.Wherein, the quantity of the alternative interference face picture of selection can be configured by developer, this Shen
Please this is not particularly limited.Described human face similarity degree algorithm can adopt SDM (Supervised
Descent Method, supervises descending method) algorithm, AAM (Active Appearance Model, main
Dynamic list item model) algorithm, ASM (Active Shape Model, active shape model) algorithm etc., this
Application is also not particularly limited to this.
After being calculated described legal face picture and the human face similarity degree of alternative interference face picture,
Relatively small standby of several human face similarity degrees can be selected according to the ascending order of human face similarity degree
Choosing interference face picture is using the interference face picture as described legal face picture.Wherein, selection is dry
The quantity disturbing face picture can also be configured by developer, such as:20 or 30.?
In the application, select the human face similarity degree less interference face picture with legal face picture, can keep away
Exempting from interference, face picture is too high with the human face similarity degree of legal face picture leads to user to obscure, reduction user
The problems such as experience.
Fig. 3 is that a kind of flow process of the structure audio authentication mode shown in the application one exemplary embodiment is illustrated
Figure.
Refer to Fig. 3, in the optional example of the application one, service end builds the mistake of audio authentication mode
Journey may comprise steps of:
Step 301, receives the legal audio frequency that validated user uploads.
In the present embodiment, user can upload and close when login account or modification accounts information
Method audio frequency, such as:User can record one section of realAudio of oneself, and using this realAudio as institute
State legal audio frequency and upload to service end.
Step 302, according to audio similarity algorithm, is described legal audio selection interference tones.
Based on abovementioned steps 301, service end, can be from pre- after the legal audio frequency receiving user's upload
If audio repository in randomly select several alternative interference tones, then according to audio similarity algorithm, point
Do not calculate the audio similarity of described legal audio frequency and each alternative audio.Wherein, the alternative interference of selection
The quantity of audio frequency can be configured by developer, and the application is not particularly limited to this.
After being calculated the audio similarity of described legal audio frequency and alternative interference tones, can be according to
Audio similarity, by the order of little arrival, selects the alternative interference tones that several audio similarities are relatively small
Frequency is using the interference tones as described legal audio frequency.Wherein, the quantity of the interference tones of selection can also be by
Developer is configured, such as:20 or 30.In this application, select and legal audio frequency
The less interference tones of audio similarity, audio frequency can be avoided interference too high with the similarity of legal audio frequency
Lead to user to obscure, reduce Consumer's Experience the problems such as.
Fig. 4 is a kind of schematic flow sheet of the auth method shown in the application one exemplary embodiment.
Refer to Fig. 4, described auth method can be used for service end, comprises the following steps:
Step 401, the authentication request that receive user is initiated, carry in described authentication request
The user account information of described user.
In the present embodiment, the authentication request that service end receive user is initiated, described authentication please
Ask and can include:Logging request, the logging request forgetting Password, replacement password request etc..Such as:When
When user forgets the login password of user account, the button forgetting Password can be clicked on, service end is receiving
Click on after the instruction of the button that forgets Password to user, be considered as receiving described authentication request.
Step 402, extracts multiple face picture from described user account information corresponding checking question and answer storehouse,
So that user selects.
In this step, service end can extract multiple face picture comprising legal face picture, for
User selects described legal face picture in multiple face picture described.Wherein, the people that service end is extracted
The quantity of face picture can be configured by developer, such as:Service end can extract 4 face figures
Piece, includes 1 opening and closing method face picture in this 4 face picture, service end can also extract 6 people
Face picture, includes 2 opening and closing method face picture etc. in this 6 face picture.
It is understood that service end extracts multiple the face figures comprising legal face picture in this application
The process of piece is usually service end and multiple face picture comprising legal face picture is sent to user's transmission
The terminal of the instruction of authentication, multiple face picture described are showed user by terminal, for user's choosing
Select, and the result that user is selected returns to service end.In this application, for purposes of illustration only, describing
The process that middle omission service end is interacted with terminal.
Step 403, extracts from described user account information corresponding checking question and answer storehouse and comprises legal audio frequency
Multiple audio frequency, for user select.
In the present embodiment, service end can extract the multiple audio frequency comprising legal audio frequency, so that user exists
Described legal audio frequency is selected in the plurality of audio frequency.The quantity of the audio frequency that service end is extracted can also be by developing
Personnel are configured, such as:Service end extract 4 audio frequency, include in this 4 audio frequency 1 legal
Audio frequency, service end can also extract 6 audio frequency, includes 2 legal audio frequency etc. in this 6 audio frequency.
Step 404, extracts from described user account information corresponding checking question and answer storehouse and is based on user's history
The validation problem of behavior, so that user answers.
In the present embodiment, service end can also extract one or more checkings based on user's history behavior
Problem, so that user answers.The potential safety hazard being led in order to avoid the leakage of personal information of user,
In the present embodiment, described validation problem can be generated according to the business datum of user.Described business datum can
To be the various data that user carries out business operation, such as:User carries out the object of business operation, the amount of money
And the information such as frequency.Described validation problem can be for " junior partner often carrying out service interaction with you is
Who ", " which the article that you did not buy have " etc..Business datum according to user generates checking and asks
Topic, can be prevented effectively from the potential safety hazard that the answer leakage of validation problem causes.
Step 405, the feedback information that receive user returns.
The feedback information being returned based on abovementioned steps 402 to 404, service end receive user, wherein, institute
State and include user in feedback information and be based on multiple face picture described, multiple audio frequency, one or more test
The selection of card problem or answer result.
Step 406, when described feedback information is correct, confirms that user identity is legal.
In this step, service end is verified to described feedback information.Specifically, service end checking is used
Whether the face picture that family selects in multiple face picture described is legal face picture, verifies that user exists
In the plurality of audio frequency select audio frequency whether be legal audio frequency, verify user answer one or
Whether multiple validation problems are correct.When user choose all legal face picture, all legal audio frequency with
And all validation problems is when all answering correct, confirm that user identity is legal.
Optionally, in another example, when service end is supplied to the multiple validation problem of user, service
End can confirm that user identity is legal when a part of validation problem answers correct wherein.Assume service end
There is provided 5 validation problems to user, if user answers correct 3 or more than 3, can be true
Recognize the checking by validation problem.
It should be noted that the application is not intended to limit the execution sequence of abovementioned steps 402 to 404, at this
Apply for it is also possible to first carry out step 404 in another example, then execution step 403, finally execute step
Rapid 401.
By above description as can be seen that after the application receives Client-initiated authentication request, permissible
Extract multiple verification modes from user account information corresponding checking question and answer storehouse and be sent to user and tested
Card, using the verification mode of various dimensions, safety is good.Meanwhile, raw using face picture and audio frequency etc.
The verification mode of thing feature, easily arouses the memory of user, and availability is high.
Corresponding with the embodiment of aforementioned auth method, present invention also provides authentication means
Embodiment.
The embodiment of the application authentication means can be applied in service end.Device embodiment can be led to
Cross software to realize it is also possible to realize by way of hardware or software and hardware combining.As a example implemented in software,
As the device on a logical meaning, it is by non-volatile memories by the processor of its place service end
In device, corresponding computer program instructions read and run formation in internal memory.For hardware view, such as
Shown in Fig. 5, it is a kind of hardware structure diagram of the application authentication means place service end, except Fig. 5
Outside shown processor, internal memory, network interface and nonvolatile memory, device in embodiment
The service end being located, generally according to the actual functional capability of this service end, can also include other hardware, to this not
Repeat again.
Fig. 6 is a kind of structural representation of the authentication means shown in the application one exemplary embodiment.
Refer to Fig. 6, the authentication means 500 of described various dimensions can include:Request reception unit
501st, transmitting element 502, legal confirmation unit 503, risk judgment unit 504, first structure are extracted
Unit 505 and the second construction unit 506.
Wherein, described request reception unit 501, the authentication request that receive user is initiated, described body
The user account information of described user is carried in part checking request;
Described extraction transmitting element 502, extracts from described user account information corresponding checking question and answer storehouse
Multiple verification modes, and be sent to user and verified, described multiple verification modes include set forth below in
At least two:Face picture verification mode, audio authentication mode, the problem based on user's history behavior
Verification mode, fingerprint characteristic verification mode, iris feature verification mode;
Described legal confirmation unit 503, receives the feedback information that described user returns, when described feedback letter
When ceasing correct, confirm that user identity is legal.
Described risk judgment unit 504, after receiving Client-initiated authentication request, according to
The behavioural information that user initiates described authentication request judges that described user account whether there is risk, if
It is then to call extraction transmitting element;
Wherein, described behavioural information includes:Request device identification, IP address requesting.
Described first construction unit 505, receives the legal face picture that the legal user of identity uploads, root
According to human face similarity degree algorithm, it is that described legal face picture selects interference face picture;
Described face picture verification mode includes:One or more legal face picture and one or more
Interference face picture.
Optionally, described first construction unit 505, with specific reference to human face similarity degree algorithm, calculates respectively
Described legal face picture and every alternative human face similarity degree disturbing face picture;According to described face phase
Seemingly spend ascending order, the alternative interference face picture selecting predetermined number is as described interference face
Picture.
Described second construction unit 506, receives the legal audio frequency that the legal user of identity uploads, according to sound
Frequency similarity algorithm, is described legal audio selection interference tones;
Described audio authentication mode includes:One or more legal audio frequency and one or more interference tones.
Optionally, described second construction unit 506, specifically calculates described legal audio frequency respectively and each is standby
Select the audio similarity of audio frequency;According to the order that described audio similarity is ascending, select predetermined number
Alternative interference tones as described interference tones.
In said apparatus, the process of realizing of the function of unit and effect specifically refers to correspondence in said method
Step realize process, will not be described here.
For device embodiment, because it corresponds essentially to embodiment of the method, so related part ginseng
See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically,
The wherein said unit illustrating as separating component can be or may not be physically separate, make
For the part that unit shows can be or may not be physical location, you can with positioned at a place,
Or can also be distributed on multiple NEs.Can select according to the actual needs part therein or
The whole module of person is realizing the purpose of application scheme.Those of ordinary skill in the art are not paying creativeness
In the case of work, you can to understand and to implement.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all this
Within the spirit of application and principle, any modification, equivalent substitution and improvement done etc., should be included in
Within the scope of the application protection.