Disclosure of Invention
In view of the above, the present application provides an identity authentication method and apparatus.
Specifically, the method is realized through the following technical scheme:
a method of identity verification, the method comprising:
receiving an identity authentication request initiated by a user, wherein the identity authentication request carries user account information of the user;
extracting multiple verification modes from a verification question-answer library corresponding to the user account information and sending the multiple verification modes to the user for verification, wherein the multiple verification modes comprise at least two of the following modes: a face picture verification mode, an audio verification mode, a problem verification mode based on user historical behaviors, a fingerprint feature verification mode and an iris feature verification mode;
and receiving feedback information returned by the user, and confirming that the user identity is legal when the feedback information is correct.
Optionally, after receiving an authentication request initiated by a user, the method further includes:
judging whether the user account has risks according to the behavior information of the identity verification request initiated by the user, if so, extracting multiple verification modes from a verification question-answer library corresponding to the user account information and sending the verification modes to the user for verification;
wherein the behavior information includes: requesting device identification, requesting IP address.
Optionally, the construction process of the face image verification method includes:
receiving a legal face picture uploaded by a user with a legal identity;
selecting an interference face picture for the legal face picture according to a face similarity algorithm;
the face picture verification method comprises the following steps: one or more legal face pictures and one or more interference face pictures.
Optionally, the selecting an interference face picture for a legal face picture includes:
respectively calculating the face similarity of the legal face picture and each alternative interference face picture according to a face similarity algorithm;
and selecting a preset number of alternative interference face pictures as the interference face pictures according to the sequence of the face similarity from small to large.
Optionally, the audio verification method includes:
receiving legal audio uploaded by a user with a legal identity;
selecting an interfering audio for the legitimate audio according to an audio similarity algorithm;
the audio verification method comprises the following steps: one or more legitimate audios and one or more interfering audios.
Optionally, the selecting an interfering audio for a legal audio includes:
respectively calculating the audio similarity of the legal audio and each alternative audio;
and selecting a preset number of alternative interference audios as the interference audios according to the sequence of the audio similarity from small to large.
An authentication apparatus, the apparatus comprising:
the system comprises a request receiving unit, a verification unit and a verification unit, wherein the request receiving unit is used for receiving an identity verification request initiated by a user, and the identity verification request carries user account information of the user;
the extraction and sending unit is used for extracting a plurality of verification modes from a verification question-answer library corresponding to the user account information and sending the verification modes to the user for verification, wherein the plurality of verification modes comprise at least two of the following modes: a face picture verification mode, an audio verification mode, a problem verification mode based on user historical behaviors, a fingerprint feature verification mode and an iris feature verification mode;
and the legal confirmation unit is used for receiving the feedback information returned by the user and confirming that the user identity is legal when the feedback information is correct.
Optionally, the apparatus further comprises:
the risk judgment unit is used for judging whether the user account has risks or not according to the behavior information of the identity authentication request initiated by the user after receiving the identity authentication request initiated by the user, and if so, the extraction and sending unit is called;
wherein the behavior information includes: requesting device identification, requesting IP address.
Optionally, the apparatus further comprises:
the first construction unit is used for receiving a legal face picture uploaded by a user with a legal identity and selecting an interference face picture for the legal face picture according to a face similarity algorithm;
the face picture verification method comprises the following steps: one or more legal face pictures and one or more interference face pictures.
Optionally, the first constructing unit calculates face similarity of the legal face picture and each alternative interference face picture respectively according to a face similarity algorithm; and selecting a preset number of alternative interference face pictures as the interference face pictures according to the sequence of the face similarity from small to large.
Optionally, the apparatus further comprises:
the second construction unit is used for receiving legal audio uploaded by a user with a legal identity and selecting interference audio for the legal audio according to an audio similarity algorithm;
the audio verification method comprises the following steps: one or more legitimate audios and one or more interfering audios.
Optionally, the second constructing unit specifically calculates audio similarity of the legal audio and each alternative audio respectively; and selecting a preset number of alternative interference audios as the interference audios according to the sequence of the audio similarity from small to large.
The above description shows that after receiving an identity authentication request initiated by a user, the method and the device can extract a plurality of authentication modes from the authentication question-answer library corresponding to the user account information and send the authentication question-answer library to the user for authentication, and the method and the device adopt a multi-dimensional authentication mode, so that the security is good.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
At present, the authentication methods provided in the related art mainly include the following:
and (3) character password verification: and verifying by judging whether the characters input by the user are the characters set by the user with legal identity. However, the character password is easily forgotten by a user and also easily cracked by a hacker.
Third party password verification: and sending the one-time password to the user through a third-party channel such as a short message, a telephone or a mail, and the user carries out verification by inputting the password. However, the third party password is often not delivered in time, and the user experience is poor.
Hardware verification: and verifying by judging whether the user holds a legal smart card, a safe U disk and other hardware. However, the hardware is inconvenient to carry, and the user experience is poor.
And (3) biometric verification: and verifying by judging whether the biological characteristics such as the face and the fingerprint provided by the user are matched with the biological characteristics set by the user with a legal identity. However, biometric authentication is inefficient and less accurate to identify.
Verifying the verification problem: providing a verification question for the user, and verifying by judging whether the answer of the user is matched with a preset answer. However, the authentication problem is often set based on personal information of the user, which is easily leaked through social contact and has a large security risk.
In view of this, the present application provides an identity authentication scheme, which improves accuracy of identity authentication and improves user experience by providing a multidimensional authentication manner.
Fig. 1 is a flowchart illustrating an authentication method according to an exemplary embodiment of the present application.
Referring to fig. 1, the identity authentication method may be applied to a server, and includes the following steps:
step 101, receiving an authentication request initiated by a user, where the authentication request carries user account information of the user.
In this embodiment, the user may send an authentication request to the server when logging in or modifying a password, and the server receives the authentication request. The identity authentication request usually carries user account information of the user, where the user account information may include: account ID, account password, etc.
And 102, extracting a plurality of verification modes from a verification question-answering library corresponding to the user account information, and sending the verification modes to the user for verification.
Based on the foregoing step 101, after receiving the identity authentication request, the server may extract multiple authentication manners from an authentication question-answer library corresponding to the user account information according to the user account information, and send the multiple authentication manners to the user, so that the user may select or input information for authentication.
In this embodiment, for each user account, the server may pre-construct a verification question-answer library, where the verification question-answer library includes multiple verification methods, such as: a face picture verification mode, an audio verification mode, a problem verification mode based on the historical behaviors of the user, a fingerprint characteristic verification mode, an iris characteristic verification mode and the like. In this step, the server may select at least two verification methods of the verification question and the alternative answer.
The problem verification mode based on the user historical behavior is generated by historical business data of a user account, such as: "do you log in to the system yesterday? "and the like. The fingerprint characteristic verification mode and the iris characteristic verification mode require that a user inputs legal fingerprint characteristics and legal iris characteristics in advance, and the server stores the characteristics so as to verify the user in the following.
In this step, the face picture verification method may be to provide a plurality of face pictures to the user, where the plurality of face pictures include one or more legal face pictures and one or more interference face pictures, and the user needs to select a legal face picture from the plurality of face pictures. The audio verification method may be to provide multiple audios to a user, where the multiple audios include one or more legal audios and one or more illegal audios, and the user needs to select a legal audio from the multiple audios.
Optionally, in this step, after receiving the identity authentication request initiated by the user, the server may first determine whether the user account has a risk, and when the user account has a risk, extract a plurality of authentication manners from the authentication question-answer library corresponding to the user account information and send the authentication manners to the user. When the user account has no risk, if the verification password input by the user is correct, the identity of the user can be confirmed to be legal. Specifically, the server may determine whether the user account has a risk according to behavior information of the user initiating the authentication request, where the behavior information includes: requesting device identification, requesting IP address, etc. Such as: the server side can judge whether the user uses the common equipment or sends the identity authentication request at a common place or not according to the request equipment identification or the request IP address, if so, the server side can confirm that the user account has no risk, and if not, the server side can confirm that the user account has the risk. Of course, in practical applications, a person skilled in the art may also determine whether the user account is at risk in other manners, which is not limited in this application.
And 103, receiving feedback information returned by the user, and confirming that the user identity is legal when the feedback information is correct.
The server receives feedback information returned by the user based on the multiple verification modes, and judges whether the feedback information is correct, if the feedback information is correct, the identity of the user can be confirmed to be legal, for example: the user selects legal face pictures from a plurality of face pictures, the user selects legal audio from a plurality of audios and the like. If the feedback information is incorrect, it can be confirmed that the user identity is illegal.
The above description shows that after receiving an identity authentication request initiated by a user, the method and the device can extract a plurality of authentication modes from the authentication question-answer library corresponding to the user account information and send the authentication question-answer library to the user for authentication, and the method and the device adopt a multi-dimensional authentication mode, so that the security is good.
The implementation of the present application is described below with reference to specific embodiments.
The authentication method provided by the application can also comprise two processes, wherein one process is a process that the server side constructs a face picture authentication mode or an audio authentication mode before authentication is carried out; the other is the process of authentication of the user. These two processes are described separately below.
Fig. 2 is a schematic flow chart of a verification method for constructing a face picture according to an exemplary embodiment of the present application.
Referring to fig. 2, in an optional example of the present application, a process of constructing a face image verification method by a server may include the following steps:
step 201, receiving a legal face picture uploaded by a user with a legal identity.
In this embodiment, the user may upload a legal face picture when registering an account or modifying account information, for example: the user can take the head portrait photo of the user as the legal face photo to be uploaded to the server side.
Step 202, selecting an interference face picture for the legal face picture according to a face similarity algorithm.
Based on the step S201, after receiving the legal face picture uploaded by the user, the server may randomly select a plurality of candidate interference face pictures from a preset face picture library, and then respectively calculate the face similarity of the legal face picture and each candidate interference face picture according to a face similarity algorithm. The number of the selected alternative interference face pictures can be set by a developer, and the application is not particularly limited in this respect. The face similarity algorithm may adopt an SDM (supervisory drop Method) algorithm, an AAM (Active application Model) algorithm, an ASM (Active Shape Model) algorithm, and the like, which is not limited in this application.
After the face similarity between the legal face picture and the alternative interference face picture is obtained through calculation, a plurality of alternative interference face pictures with relatively small face similarity can be selected as the interference face pictures of the legal face picture according to the sequence from small face similarity to large face similarity. The number of the selected interference face pictures can also be set by a developer, for example: 20 or 30. According to the method and the device, the interference face picture with small face similarity with the legal face picture is selected, so that the problems that the interference face picture is too high in face similarity with the legal face picture to cause user confusion, user experience is reduced and the like can be avoided.
Fig. 3 is a flowchart illustrating a method for constructing an audio verification according to an exemplary embodiment of the present application.
Referring to fig. 3, in an alternative example of the present application, a process of the server building an audio verification method may include the following steps:
step 301, receiving a legal audio uploaded by a legal user.
In this embodiment, the user may upload legitimate audio when registering an account or modifying account information, such as: the user can record a piece of real audio of the user, and the real audio is taken as the legal audio to be uploaded to the server side.
Step 302, selecting an interfering audio for the legitimate audio according to an audio similarity algorithm.
Based on the foregoing step 301, after receiving the legal audio uploaded by the user, the server may randomly select a plurality of candidate interfering audios from a preset audio library, and then respectively calculate the audio similarity between the legal audio and each candidate audio according to an audio similarity calculation method. The number of the selected candidate interfering tones may be set by a developer, and the application is not particularly limited thereto.
After the audio similarity between the legal audio and the alternative interfering audio is obtained through calculation, a plurality of alternative interfering audios with relatively low audio similarity can be selected as the interfering audio of the legal audio according to the sequence of the audio similarity from small to small. The number of the selected interfering tones can also be set by a developer, for example: 20 or 30. In the method and the device, the interference audio with smaller audio similarity with the legal audio is selected, so that the problems that the user is confused, the user experience is reduced and the like caused by the fact that the similarity of the interference audio and the legal audio is too high can be avoided.
Fig. 4 is a flowchart illustrating an authentication method according to an exemplary embodiment of the present application.
Referring to fig. 4, the identity authentication method may be applied to a server, and includes the following steps:
step 401, receiving an authentication request initiated by a user, where the authentication request carries user account information of the user.
In this embodiment, the server receives an authentication request initiated by a user, where the authentication request may include: a login request, a login request with a forgotten password, a password reset request, etc. Such as: when the user forgets the login password of the user account, the button for forgetting the password can be clicked, and the server side is regarded as receiving the authentication request after receiving the instruction of clicking the button for forgetting the password by the user.
Step 402, extracting a plurality of face pictures from the verification question-answering library corresponding to the user account information for selection by the user.
In this step, the server may extract a plurality of face pictures including legal face pictures, so that the user may select the legal face pictures from the plurality of face pictures. The number of the face pictures extracted by the server can be set by developers, such as: the server side can extract 4 face pictures, the 4 face pictures comprise 1 legal face picture, the server side can also extract 6 face pictures, and the 6 face pictures comprise 2 legal face pictures and the like.
It can be understood that, in the present application, the process of extracting, by the server, a plurality of face pictures including a legal face picture is generally that the server sends the plurality of face pictures including the legal face picture to the terminal where the user sends an instruction for authentication, and the terminal displays the plurality of face pictures to the user for selection by the user and returns a result selected by the user to the server. In the present application, for convenience of explanation, the process of the server interacting with the terminal is omitted in the description.
Step 403, extracting multiple audios including legal audio from the verification question-answering library corresponding to the user account information for user selection.
In this embodiment, the server may extract a plurality of audios including legal audios, so that the user may select the legal audios from the plurality of audios. The amount of audio extracted by the server can also be set by a developer, such as: the server side extracts 4 audios, the 4 audios comprise 1 legal audio, the server side can also extract 6 audios, and the 6 audios comprise 2 legal audios and the like.
Step 404, extracting the verification questions based on the user historical behaviors from the verification question-answering library corresponding to the user account information for the user to answer.
In this embodiment, the server may further extract one or more verification questions based on the user's historical behavior for the user to answer. In order to avoid the potential safety hazard caused by the leakage of the personal information of the user, in this embodiment, the verification problem may be generated according to the service data of the user. The service data may be various data for the user to perform service operations, such as: the object, amount and frequency of the business operation performed by the user. The verification question may be "who is a buddy who frequently interacts with you for business", "what are items you have not purchased", etc. The verification problem is generated according to the service data of the user, and potential safety hazards caused by the fact that answers of the verification problem are leaked can be effectively avoided.
And step 405, receiving feedback information returned by the user.
Based on the foregoing steps 402 to 404, the server receives feedback information returned by the user, where the feedback information includes a selection or an answer result of the user based on the plurality of face pictures, the plurality of audios, and the one or more verification questions.
And 406, when the feedback information is correct, confirming that the user identity is legal.
In this step, the server verifies the feedback information. Specifically, the server side verifies whether the face picture selected by the user from the plurality of face pictures is a legal face picture, verifies whether the audio selected by the user from the plurality of audios is a legal audio, and verifies whether the one or more verification questions answered by the user are correct. And when the user selects that all the legal face pictures, all the legal audios and all the verification questions are answered correctly, confirming that the user identity is legal.
Optionally, in another example, when the server provides the user with a plurality of authentication questions, the server may confirm that the user identity is legal when a part of the authentication questions is answered correctly. Assuming that the server provides 5 authentication questions to the user, if the user answers 3 or more than 3 correct questions, the authentication of the passing authentication questions can be confirmed.
It should be noted that the present application does not limit the execution sequence of the foregoing steps 402 to 404, and in another example of the present application, the step 404 may be executed first, then the step 403 is executed, and finally the step 401 is executed.
The above description shows that after receiving an identity authentication request initiated by a user, the method and the device can extract multiple authentication modes from an authentication question-answer library corresponding to user account information and send the authentication question-answer library to the user for authentication, and the method and the device adopt a multi-dimensional authentication mode, so that the security is good. Meanwhile, the verification mode of biological characteristics such as face pictures, audio and the like is adopted, the memory of the user is easily aroused, and the usability is high.
Corresponding to the embodiment of the identity authentication method, the application also provides an embodiment of the identity authentication device.
The embodiment of the identity authentication device can be applied to a server. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a device in a logical sense, a processor of a service end reads corresponding computer program instructions in a nonvolatile memory into a memory for operation. From a hardware aspect, as shown in fig. 5, the hardware structure diagram of the service end where the identity authentication device is located in the present application is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 5, the service end where the device is located in the embodiment may also include other hardware according to the actual function of the service end, which is not described again.
Fig. 6 is a schematic structural diagram of an authentication apparatus according to an exemplary embodiment of the present application.
Referring to fig. 6, the multi-dimensional authentication apparatus 500 may include: a request receiving unit 501, an extraction transmitting unit 502, a validity confirming unit 503, a risk judging unit 504, a first constructing unit 505, and a second constructing unit 506.
The request receiving unit 501 receives an authentication request initiated by a user, where the authentication request carries user account information of the user;
the extracting and sending unit 502 extracts a plurality of verification methods from the verification question-answer library corresponding to the user account information, and sends the verification methods to the user for verification, where the plurality of verification methods includes at least two of the following: a face picture verification mode, an audio verification mode, a problem verification mode based on user historical behaviors, a fingerprint feature verification mode and an iris feature verification mode;
the validity confirming unit 503 receives the feedback information returned by the user, and confirms that the user identity is valid when the feedback information is correct.
The risk judgment unit 504 is configured to, after receiving an authentication request initiated by a user, judge whether a risk exists in the user account according to behavior information of the authentication request initiated by the user, and if so, invoke an extraction and transmission unit;
wherein the behavior information includes: requesting device identification, requesting IP address.
The first construction unit 505 receives a legal face picture uploaded by a user with a legal identity, and selects an interference face picture for the legal face picture according to a face similarity algorithm;
the face picture verification method comprises the following steps: one or more legal face pictures and one or more interference face pictures.
Optionally, the first constructing unit 505 calculates face similarity of the legal face picture and each candidate interference face picture respectively according to a face similarity algorithm; and selecting a preset number of alternative interference face pictures as the interference face pictures according to the sequence of the face similarity from small to large.
The second constructing unit 506 receives a legal audio uploaded by a user with a legal identity, and selects an interference audio for the legal audio according to an audio similarity algorithm;
the audio verification method comprises the following steps: one or more legitimate audios and one or more interfering audios.
Optionally, the second constructing unit 506 specifically and respectively calculates audio similarity between the legal audio and each alternative audio; and selecting a preset number of alternative interference audios as the interference audios according to the sequence of the audio similarity from small to large.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.