CN114780934A - Identity verification method and device - Google Patents
Identity verification method and device Download PDFInfo
- Publication number
- CN114780934A CN114780934A CN202210380760.4A CN202210380760A CN114780934A CN 114780934 A CN114780934 A CN 114780934A CN 202210380760 A CN202210380760 A CN 202210380760A CN 114780934 A CN114780934 A CN 114780934A
- Authority
- CN
- China
- Prior art keywords
- encryption
- authentication
- image
- target
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
One or more embodiments of the present specification provide an identity authentication method and apparatus, where the method includes: acquiring an encryption instruction issued by a server; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.
Description
The application is a divisional application of Chinese patent application with the application number of 201810917717.0 and the name of 'an identity verification method and device' filed by China patent office on 13.08.2018.
Technical Field
One or more of the present descriptions relate to the field of information verification, and in particular, to an identity verification method and apparatus.
Background
At present, in order to improve the security of an account, in the process of a user requesting for account login, a user authentication mode is added to verify the authenticity of the user, for example, a user terminal acquires face image data of a current user and uploads the face image data to an authentication server, so that the authentication server completes user authentication based on the face image data, and only after the authentication passes, the user is allowed to enter an operation interface.
However, in the process of face image authentication, some illegal molecules complete authentication in a video frame injection attack mode, specifically, the illegal molecules acquire authentication video data of a target user in advance, then, when a face image is acquired, the authentication video data of the target user is uploaded to an authentication server in a video frame replacement mode, at this time, the authentication server performs authentication on a login user based on the authentication video data, and then the user authentication is determined to pass, so that the illegal molecules complete authentication and enter a user operation interface, an entrance is provided for the illegal molecules to execute illegal behaviors, and the purpose of ensuring account security through the authentication mode cannot be achieved.
Therefore, the problems that an account has aggressibility, face identity authentication fails and the security of the account is low exist by adopting the existing mode of identity authentication based on a face image.
Disclosure of Invention
One or more embodiments of the present disclosure provide an authentication method and apparatus, in an acquisition process of an authentication image, encrypt generated intermediate data according to an encryption instruction issued by a server, and send the authentication image embedded with encryption information to a server, so that the server extracts encryption information from a received authentication image and performs authentication based on the encryption information, thereby preventing malicious attacks on authentication data by illegal entities, thereby ensuring real-time performance, authenticity and validity of acquisition of the authentication data, and improving security of use of a user account.
To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:
one or more embodiments of the present specification provide an authentication method, including:
acquiring an encryption instruction issued by a verification server;
according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
One or more embodiments of the present specification provide an authentication method, including:
after an encryption instruction is sent to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity verification of the client passes or not according to the encryption instruction and the target encryption information.
One or more embodiments of the present specification provide an authentication apparatus including:
the encryption instruction acquisition module is used for acquiring an encryption instruction issued by the verification server;
the data encryption module is used for encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image according to the encryption instruction;
and the verification image sending module is used for sending the acquired authentication image to the verification server so as to enable the verification server to perform authentication based on the authentication image.
One or more embodiments of the present specification provide an authentication apparatus including:
the verification image receiving module is used for acquiring an identity verification image which is reported by a client and acquired based on an encryption instruction after the encryption instruction is sent to the client;
the data decryption module is used for decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and the identity authentication module is used for determining whether the identity authentication of the client passes according to the encryption instruction and the target encryption information.
One or more embodiments of the present specification provide an authentication apparatus including: a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring an encryption instruction issued by a verification server;
according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
One or more embodiments of the present specification provide an authentication apparatus including: a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
after an encryption instruction is sent to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity authentication of the client passes or not according to the encryption instruction and the target encryption information.
One or more embodiments of the present specification provide a storage medium storing computer-executable instructions that, when executed, implement the following flow:
acquiring an encryption instruction issued by a verification server;
according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
One or more embodiments of the present specification provide a storage medium storing computer-executable instructions that, when executed, implement the following:
after an encryption instruction is sent to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity authentication of the client passes or not according to the encryption instruction and the target encryption information.
In the identity authentication method and device in one or more embodiments of the present specification, an encryption instruction issued by a server is obtained; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some of the embodiments described in one or more of the specification, and that other drawings can be obtained by those skilled in the art without inventive exercise.
Fig. 1 is a schematic application scenario diagram of an authentication system provided in one or more embodiments of the present disclosure;
fig. 2 is a first flowchart of an authentication method applied to a client according to one or more embodiments of the present disclosure;
fig. 3 is a second flowchart of an authentication method applied to a client according to one or more embodiments of the present disclosure;
fig. 4 is a schematic flowchart of a third authentication method applied to a client according to one or more embodiments of the present disclosure;
fig. 5 is a fourth flowchart of an authentication method applied to a client according to one or more embodiments of the present disclosure;
fig. 6 is a schematic flowchart of a fifth authentication method applied to a client according to one or more embodiments of the present disclosure;
fig. 7 is a schematic diagram illustrating an implementation principle of a user face image acquisition process of an authentication method applied to a client according to one or more embodiments of the present disclosure;
fig. 8 is a schematic flowchart of an identity authentication method applied to an authentication server according to one or more embodiments of the present disclosure
Fig. 9 is a schematic block diagram illustrating an authentication apparatus disposed at a client according to one or more embodiments of the present disclosure;
fig. 10 is a schematic block diagram of an authentication device disposed in an authentication server according to one or more embodiments of the present disclosure;
fig. 11 is a schematic structural diagram of an authentication system according to one or more embodiments of the present disclosure;
fig. 12 is a schematic structural diagram of an authentication device provided in one or more embodiments of the present specification.
Detailed Description
In order to make the technical solutions in one or more embodiments of the present specification better understood, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the accompanying drawings in one or more embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments but not all embodiments of one or more portions of the present specification. All other embodiments, which can be derived by a person skilled in the art from a consideration of the specification in one or more embodiments without further creative efforts, shall fall within the scope of one or more protection claims of the specification.
One or more embodiments of the present specification provide an authentication method and apparatus, during an acquisition process of an authentication image, encrypt generated intermediate data according to an encryption instruction issued by a server, and send the authentication image embedded with encryption information to the server, so that the server extracts encryption information from the received authentication image and performs authentication based on the encryption information, thereby preventing malicious attacks on the authentication data by illegal molecules, ensuring instantaneity, authenticity and validity of acquisition of the authentication data, and improving security of use of a user account.
Fig. 1 is a schematic view of an application scenario of an authentication system provided in one or more embodiments of the present specification, and as shown in fig. 1, the system includes: the system comprises a plurality of clients and a verification server, wherein the clients can be mobile terminals such as smart phones and tablet computers, and can also be fixed terminals such as desktop computers, and the specific process of user identity verification is as follows:
firstly, the authentication server issues an encryption instruction to the client, wherein the encryption instruction comprises: target processing stages needing encryption and encryption parameters corresponding to the target processing stages;
then, after receiving an encryption command issued by a verification server, a client encrypts intermediate data obtained in at least one target processing stage according to the encryption command in the process of acquiring an authentication image to obtain an encrypted authentication image;
thirdly, the client sends the encrypted authentication image to an authentication server;
and finally, after receiving the encrypted authentication image, the authentication server authenticates the identity of the user using the client based on the authentication image, if the identity authentication passes, prompt information for representing that the authentication passes is sent to the client, and if the identity authentication fails, prompt information for representing that the authentication fails is sent to the client.
Fig. 2 is a first flowchart of an authentication method provided in one or more embodiments of the present specification, where the method in fig. 2 can be executed by the client in fig. 1, and as shown in fig. 2, the method at least includes the following steps:
s201, obtaining an encryption command issued by the authentication server, where the encryption command includes: target processing stages needing encryption and encryption parameters corresponding to the target processing stages;
specifically, the authentication server selects at least one target processing stage from a plurality of data processing stages involved in the identity authentication image acquisition process in advance, sets encryption parameters corresponding to each target processing stage, and generates an encryption instruction for instructing the client to execute encryption operation according to the selected target processing stage and the encryption parameters corresponding to each target processing stage; the verification server issues the encryption command to the client, and the client analyzes the encryption command after receiving the encryption command to determine at least one target processing stage needing to be encrypted and the encryption parameter corresponding to the target processing stage.
S202, according to the obtained encryption instruction, encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image;
specifically, when the authentication image is collected, according to the execution sequence of the data processing stages, the data processing stage which needs to be executed currently is determined in the plurality of data processing stages involved in the authentication image collection process;
judging whether the data processing stage needing to be executed currently is a target processing stage or not based on the analyzed at least one target processing stage;
if so, according to the encryption parameter corresponding to the target processing stage, carrying out encryption processing on the obtained intermediate data when the data processing stage is executed, taking the encrypted data as input data of the next data processing stage, and determining the next data processing stage which needs to be executed at present until the identity authentication image is acquired.
And S203, sending the acquired encrypted authentication image to an authentication server so that the authentication server performs authentication based on the encrypted authentication image.
The authentication image is obtained by encrypting intermediate data obtained in at least one target processing stage of the acquired authentication image by the client according to an encryption instruction issued by the authentication server. The method comprises the steps that in the process of acquiring an authentication image, a client encrypts intermediate data according to the encryption requirement of an authentication server, so that the authentication server analyzes the authentication image after receiving the authentication image sent by the client to obtain target encryption information embedded at the client, then matches the target encryption information with an encryption instruction issued to the client in advance, if matching is successful, the user identity authentication is determined to be passed, and if matching is unsuccessful, the user identity authentication is determined to be failed.
In the specific implementation, the client terminal needs to execute a plurality of data processing stages in the process of acquiring the authentication image, and finally outputs the authentication image, wherein, the authentication image may be a frame of authentication image, or may be an authentication video stream composed of a plurality of frames of authentication images, specifically, in order to prevent the identity verification image from being attacked and tampered by illegal molecules, in the process of generating the identity verification image by the client, the data generated by the execution of at least one data processing stage is encrypted, so that inherent encryption information is embedded in the finally obtained authentication image, and meanwhile, at which data processing stage the encryption is carried out, and at which data processing stage the encryption is determined according to the encryption instruction issued by server end, therefore, the server side can accurately identify whether the authentication image is tampered or not after receiving the authentication image encrypted by the client side.
In one or more embodiments of the present disclosure, during an acquisition process of an authentication image, a client encrypts generated intermediate data according to an encryption command issued by a server, and sends the authentication image embedded with encrypted information to the server, so that the server extracts encrypted information from the received authentication image and performs authentication based on the encrypted information, that is, during a process of generating the authentication image, corresponding encryption processes are performed at different data processing stages, on one hand, the client encrypts the authentication image according to an encryption requirement of the server to implement interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during a generation process of the authentication image, thereby avoiding a risk of data replacement, preventing malicious attacks of illegal molecules on the authentication data, and ensuring real-time performance, and a time of acquiring the authentication data, Authenticity and validity, and safety of using the user account is improved.
Wherein, take to carry out authentication through gathering the face image as the example, specifically, above-mentioned authentication image includes: the user face image, the data processing stage mainly involved in the user face image acquisition process may include: an optical imaging stage, an image sensor acquisition stage, a video stream generation stage and a video coding stage;
correspondingly, the at least one target processing stage may include: at least one of an optical imaging phase, an image sensor acquisition phase, a video stream generation phase, and a video encoding phase.
Specifically, the number of target processing stages that need to be encrypted and indicated by the encryption instruction issued by the server may be one, or may be multiple, for example, at least one target processing stage includes: in the optical imaging stage, when the client acquires the authentication image, only the intermediate data obtained in the optical imaging stage is encrypted, so that the generated authentication image is embedded with the encryption information corresponding to the encryption parameter of the optical imaging stage indicated in the encryption instruction; as another example, at least one target processing stage includes: the method comprises an image sensor acquisition stage and a video stream generation stage, wherein when a client acquires an authentication image, intermediate data obtained in the image sensor acquisition stage and the video stream generation stage are encrypted, so that the generated authentication image is embedded with first encryption information corresponding to encryption parameters of the image sensor acquisition stage indicated in an encryption instruction and second encryption information corresponding to the encryption parameters of the video stream generation stage indicated in the encryption instruction;
specifically, for the case that the multiple data processing stages in the authentication image acquisition process are all target processing stages, intermediate data generated by each target processing stage needs to be encrypted one by one, and the encrypted data of the previous target processing stage is transmitted to the next data processing stage, and the next data processing stage continues to perform corresponding data processing by using the encrypted data as input data until the last data processing stage is executed, so as to generate a final required authentication image.
In a case that the target processing stage is an optical imaging stage, at this time, intermediate data generated in the optical imaging stage in the authentication image acquisition process needs to be encrypted, and then the image sensor acquisition stage in the authentication image acquisition process is entered, based on this, as shown in fig. 3, the step S202, according to the obtained encryption instruction, encrypts the intermediate data obtained in at least one target processing stage of acquiring the authentication image, and specifically includes:
s2021, determining optical coding information used for data encryption in the optical imaging stage according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used to indicate not only a target processing stage that needs to be encrypted, but also an encryption parameter corresponding to each target processing stage, where the optical imaging stage encrypts intermediate data in an optical coding manner, and thus the encryption parameter corresponding to the optical imaging stage is the optical coding information;
s2022, encrypting the optical image in the optical imaging stage of collecting the identity verification image according to the determined optical coding information.
Specifically, the encrypting the optical image in the optical imaging stage of acquiring the authentication image in S2022 according to the determined optical encoding information specifically includes:
the method comprises the steps that firstly, speckle patterns obtained by irradiating a laser source on a diffraction Optical element corresponding to determined Optical code information are obtained, specifically, the laser source is irradiated on a diffraction grating in a Diffraction Optical Element (DOE) to form diffraction spots (namely the speckle patterns), wherein the diffraction gratings are different, the obtained diffraction spots are also different, and in specific implementation, if a plurality of diffraction Optical Elements are arranged in an imaging light path, the corresponding relation between the Optical code information and the diffraction Optical Elements can be preset and established, the laser source is irradiated on the diffraction Optical element corresponding to the determined Optical code information, and then the corresponding diffraction spots are obtained;
and step two, superposing the speckle pattern on the optical image obtained in the optical imaging stage of acquiring the identity verification image.
Wherein, to the optical imaging stage, adopt the optical coding technique to encrypt the produced intermediate data of this optical imaging stage, this optical coding technique belongs to one of the structured light technique, this structured light technique mainly is: the method comprises the steps of utilizing a light source to irradiate a measured space to code, projecting a one-dimensional or two-dimensional specific image onto a measured object, and judging the surface shape and depth information of the measured object according to the deformation condition of a sample image irradiated on the measured object.
Correspondingly, aiming at the condition that the target processing stage comprises an optical imaging stage, after receiving an identity verification image sent by a client, a verification server analyzes the identity verification image and judges whether an embedded speckle pattern exists on the optical image, if so, the intermediate data obtained in the target processing stage is determined to meet the preset encryption requirement; or, judging whether the embedded speckle pattern exists on the optical image, judging whether the speckle pattern is consistent with a preset speckle pattern, and if so, determining that the intermediate data obtained in the target processing stage meets the preset encryption requirement.
In a case that the target processing stage is an image sensor acquisition stage, at this time, intermediate data generated in the image sensor acquisition stage in the authentication image acquisition process needs to be encrypted, and then the video stream generation stage in the authentication image acquisition process is started, based on this, as shown in fig. 4, the S202 encrypts, according to the obtained encryption instruction, the intermediate data obtained in at least one target processing stage of acquiring the authentication image, and specifically includes:
s2023, determining a hidden position of a digital watermark used for data encryption in an image sensor acquisition stage according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate encryption parameters corresponding to each target processing stage, where the intermediate data is encrypted in the image sensor acquisition stage by using the digital watermark, and therefore the encryption parameters corresponding to the image sensor acquisition stage are the hidden position of the digital watermark;
s2024, according to the determined hidden position, embedding the digital watermark into the image signal in the image sensor acquisition stage of acquiring the authentication image, and specifically, embedding the digital watermark into the position indicated by the hidden position in the image signal.
Specifically, the step S2023 of determining the hidden position of the digital watermark used for data encryption in the acquisition stage of the image sensor according to the acquired encryption instruction includes:
if the encryption instruction indicates time domain encryption, the spatial domain is taken as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage;
if the encryption instruction indicates frequency domain encryption, taking the DCT transform domain as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage;
if the encryption instruction indicates time-frequency domain encryption, the time-frequency transformation domain is used as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage;
if the encryption instruction indicates time-scale domain encryption, the wavelet transform domain is used as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage.
Correspondingly, aiming at the condition that the target processing stage comprises an image sensor acquisition stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether an embedded digital watermark exists in a target domain in an image signal, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether an embedded digital watermark exists in the image signal under a target transform domain, judging whether the digital watermark is consistent with a preset digital watermark, and if so, determining that intermediate data obtained in the target processing stage meets a preset encryption requirement;
specifically, if the encryption instruction indicates time domain encryption, the target domain is a spatial domain at this time; if the encryption instruction indicates that the frequency domain is encrypted, the target domain is a DCT transform domain; if the encryption instruction indicates time-frequency domain encryption, the target domain is a time-frequency transform domain; if the encryption instruction indicates time-scale domain encryption, the target domain is a wavelet transform domain.
In a case that the target processing stage is a video stream generation stage, at this time, intermediate data generated in the video stream generation stage in the authentication image acquisition process needs to be encrypted, and then the video encoding stage in the authentication image acquisition process is started, based on this, as shown in fig. 5, the step S202, according to the obtained encryption instruction, encrypts the intermediate data obtained in at least one target processing stage of acquiring the authentication image, specifically including:
s2025, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate an encryption parameter corresponding to each target processing stage, where the intermediate data is encrypted in the video stream generation stage by using a special frame embedding manner, and therefore, the encryption parameter corresponding to the video stream generation stage is the target video frame and the insertion position thereof;
s2026, according to the determined insertion position, inserting a target video frame into the video stream generated in the video stream generation stage of capturing the authentication image, specifically, inserting a specified number of target video frames at a specified position in the video stream, for example, inserting one target video frame every 10 frames in the video stream.
Wherein, the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.
Correspondingly, aiming at the condition that the target processing stage comprises a video stream generation stage, after the authentication server receives the authentication image sent by the client, the authentication image is analyzed, whether a target video frame exists at the target insertion position is judged, and if yes, the intermediate data obtained at the target processing stage is determined to meet the preset encryption requirement.
In a case that the target processing stage is a video encoding stage, at this time, the intermediate data generated in the video encoding stage in the authentication image acquisition process needs to be encrypted, and then the authentication data transmission stage in the authentication image acquisition process is entered, based on this, as shown in fig. 6, the step S202, according to the obtained encryption instruction, encrypts the intermediate data obtained in at least one target processing stage of acquiring the authentication image, specifically including:
s2027, determining an adding position of target information used for data encryption in a video encoding stage according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate encryption parameters corresponding to each target processing stage, where in the video encoding stage, the intermediate data is encrypted by using a special information adding manner, and therefore, the encryption parameter corresponding to the video encoding stage is the adding position of the target information;
s2028, according to the determined adding position, embedding target information in a file header information or a picture structure diagram of the face image in a video encoding stage of acquiring an authentication image, specifically, the video encoding stage is to compress a video stream and encode the face image in the video stream by using a video compression technique, where the image encoding has file header information or a picture structure diagram, for example, a jpeg file generally has an attached exif information, and the exif information includes information such as an image size, a shooting time, a photograph direction, and an image thumbnail.
Correspondingly, aiming at the condition that the target processing stage comprises a video coding stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether target information exists in file header information or a picture structure diagram of a face image, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement.
In specific implementation, in the process of acquiring the authentication image, the client encrypts the intermediate data obtained in at least one target processing stage of acquiring the authentication image according to the acquired encryption instruction, with reference to the specific implementation manner of encrypting the intermediate data obtained in the target data processing stage in fig. 3 to 6, so as to generate the finally required authentication image.
Further, for the server, after receiving an authentication image sent by the client, in the process of authenticating the user identity based on the authentication image, the authentication image is analyzed, whether intermediate data obtained in each target processing stage meets a preset encryption requirement is judged one by one according to an analysis result and an encryption instruction issued to the client in advance, if the intermediate data obtained in each target processing stage meets the preset encryption requirement, it is determined that the user identity authentication is passed, and if the intermediate data obtained in any target processing stage does not meet the preset encryption requirement, it is determined that the user identity authentication is failed.
The client encrypts the authentication image in a targeted manner, and the client generates an encryption command according to the encryption command, wherein the security of the user account of the client and the authentication efficiency of the authentication server for performing authentication are both considered, on the basis, the security level of the client is considered in the process of generating the encryption command by the authentication server, not all the clients issue the same encryption command, and the more the number of target processing stages indicated by the encryption command issued by the client with higher security level, specifically, the encryption command is determined by the authentication server in the following way:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for acquiring the identity authentication images, determining at least one target processing stage according to the determined target security level, and determining encryption parameters corresponding to each target processing stage, specifically, the corresponding relation between the security level and at least one target processing stage needing to be encrypted can be preset;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameters corresponding to each target processing stage.
Specifically, the higher the security level of the client is, the more the number of target processing stages indicated by the corresponding encryption instruction is, and further, it is considered that the authentication of the user may be strengthened for a certain special situation, for example, for the client that is preliminarily determined to have a suspected illegal attack risk, the security level of the client is increased to strengthen the authentication of the user corresponding to the client, based on which, the target security level may be obtained by dynamically adjusting based on an original security level set for the client in advance, in a specific embodiment, the determination process of the target security level is specifically:
judging whether the login environment of the client side is changed or not, if so, increasing the security level of the client side according to a preset adjustment rule, and determining the increased security level as the target security level of the client side;
for example, when it is detected that the login geographical location information of the client is not common geographical location information, that is, if it is detected that the client logs in a different place, it is determined that the login environment of the client changes, at this time, the strength of user identity authentication needs to be enhanced, and the security of the user account usage needs to be further improved.
Further, taking the process of acquiring the image of the face of the user as an example, if at least one target processing stage includes: an optical imaging stage, an image sensor acquisition stage, a video stream generation stage, and a video encoding stage, where as shown in fig. 7, the process of acquiring a user face image specifically includes:
(1) firstly, entering an optical imaging stage, encrypting an optical image in the optical imaging stage according to optical coding information corresponding to the optical imaging stage to obtain an optical image embedded with a speckle pattern, and taking the optical image embedded with the speckle pattern as input data of an image sensor acquisition stage;
(2) after an optical image embedded with a speckle pattern is output by an imaging optical path, entering an image sensor acquisition stage, embedding a digital watermark in an image signal obtained in the image sensor acquisition stage according to a hidden position of the digital watermark corresponding to the image sensor acquisition stage to obtain an image signal embedded with the speckle pattern and the digital watermark, and taking the image signal embedded with the speckle pattern and the digital watermark as input data of a video stream generation stage;
(3) after an Image sensor outputs an Image Signal embedded with a speckle pattern and a digital watermark, the Image Signal enters a video stream generation stage, an Image Signal Processor (ISP) processes the Image Signal output by the Image sensor to sequentially obtain a plurality of face images and generate a face Image video stream, a target video frame is inserted into the face Image video stream according to the insertion position of the target video frame corresponding to the video stream generation stage to obtain a face Image video stream (namely an encrypted first face Image video stream) embedded with the speckle pattern and the digital watermark and inserted with an encrypted video frame, and the encrypted first face Image video stream is used as input data of a video coding stage;
(4) and after the image signal processor outputs the encrypted first face image video stream, entering a video coding stage, adding target information into file header information or a picture structure diagram of a face image in the encrypted first face image video stream according to the adding position of the target information corresponding to the video coding stage to obtain a face image video stream (namely an encrypted second face image video stream) which is embedded with a speckle pattern, embedded with a digital watermark, inserted into an encrypted video frame and added with the target information, and taking the encrypted second face image video stream as a face image of the user to be verified.
In the identity authentication method in one or more embodiments of the present specification, an encryption instruction issued by a server is obtained; according to the encryption instruction, encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the authentication images, the generated intermediate data are encrypted according to an encryption instruction issued by the server, and the authentication images embedded with the encryption information are sent to the server, so that the server extracts the encryption information from the received authentication images and performs authentication based on the encryption information, malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, the authenticity and the effectiveness of the authentication data acquisition are ensured, and the use safety of user accounts is improved.
Based on the same technical concept, the identity authentication method described in fig. 2 to fig. 7 is further provided in one or more embodiments of the present specification, fig. 8 is a schematic flow diagram of the identity authentication method provided in one or more embodiments of the present specification, and the method in fig. 8 can be executed by an authentication server, as shown in fig. 8, the method at least includes the following steps:
s801, after sending an encryption instruction to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction, wherein the encryption instruction comprises: the target processing stages that need to be encrypted and the encryption parameters corresponding to each target processing stage, specifically, the specific implementation process of the client acquiring the authentication image refers to the processes shown in fig. 3 to 6, which are not described herein again;
specifically, the authentication server selects at least one target processing stage from a plurality of data processing stages involved in the identity authentication image acquisition process in advance, sets encryption parameters corresponding to the target processing stages, and generates an encryption instruction for instructing the client to execute encryption operation according to the selected target processing stage and the encryption parameters corresponding to the target processing stages; and the authentication server sends the encryption command to the client.
S802, decrypting the acquired authentication image to obtain target encryption information corresponding to at least one target processing stage, specifically, extracting the target encryption information embedded in the authentication image by reversely analyzing the authentication image;
and S803, determining whether the identity authentication of the client passes according to the encryption instruction sent to the client in advance and the target encryption information obtained by decryption.
The method comprises the steps that a client side encrypts intermediate data according to an encryption requirement of an authentication server in the process of acquiring an authentication image, so that the authentication server analyzes the authentication image after receiving the authentication image sent by the client side to obtain target encryption information embedded at the client side, then the target encryption information is matched with an encryption instruction issued to the client side in advance, if the target encryption information is matched successfully, the user identity authentication is determined to be passed, and if the target encryption information is matched unsuccessfully, the user identity authentication is determined to be failed.
In one or more embodiments of the present specification, a verification server sends an encryption instruction to a client, so that the client performs encryption processing on generated intermediate data according to the encryption instruction in an acquisition process of an authentication image, then receives the authentication image embedded with encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, in a process of generating the authentication image by the client, corresponding encryption processing is performed in different data processing stages, on one hand, the client performs encryption according to an encryption requirement of a server, and interactive encryption is implemented between the client and the server, on the other hand, the intermediate data is encrypted in a generation process of the authentication image, so that a risk of data replacement is avoided, thereby preventing malicious attacks of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of the identity authentication data acquisition are ensured, and the use safety of the user account is improved.
Wherein, the step S803, according to the encryption instruction sent to the client in advance and the target encryption information obtained by decryption, of determining whether the authentication of the client passes, specifically includes:
judging whether the target encryption information corresponding to each target processing stage is matched with the encryption parameter corresponding to the target processing stage indicated by the encryption instruction;
if so, determining that the identity of the client passes the authentication; if not, determining that the identity authentication of the client side is not passed.
Specifically, for example, the authentication is performed by collecting a face image, and the authentication image includes: the user face image, the data processing stage mainly involved in the user face image acquisition process may include: an optical imaging stage, an image sensor acquisition stage, a video stream generation stage and a video coding stage;
correspondingly, the at least one target processing stage may include: at least one of an optical imaging stage, an image sensor acquisition stage, a video stream generation stage, and a video encoding stage.
Aiming at the condition that the target processing stage comprises an optical imaging stage, after receiving an identity verification image sent by a client, a verification server analyzes the identity verification image, judges whether an embedded speckle pattern exists on the optical image, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether the embedded speckle pattern exists on the optical image, judging whether the speckle pattern is consistent with a preset speckle pattern, and if so, determining that the intermediate data obtained in the target processing stage meets the preset encryption requirement.
Aiming at the condition that the target processing stage comprises an image sensor acquisition stage, after an authentication server receives an authentication image sent by a client, the authentication image is analyzed, whether an embedded digital watermark exists in an image signal under a target domain or not is judged, and if yes, it is determined that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether an embedded digital watermark exists in the image signal under a target transform domain, judging whether the digital watermark is consistent with a preset digital watermark, and if so, determining that intermediate data obtained in the target processing stage meets a preset encryption requirement;
specifically, if the encryption instruction indicates time domain encryption, the target domain is a spatial domain at this time; if the encryption instruction indicates that the frequency domain is encrypted, the target domain is a DCT transform domain; if the encryption instruction indicates time-frequency domain encryption, the target domain is a time-frequency transform domain; if the encryption instruction indicates time-scale domain encryption, the target domain is a wavelet transform domain.
And aiming at the condition that the target processing stage comprises a video stream generation stage, after receiving an authentication image sent by a client, the authentication server analyzes the authentication image, judges whether a target video frame exists in a target insertion position, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement.
Aiming at the condition that the target processing stage comprises a video coding stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether target information exists in file header information or a picture structure chart of a face image, and if yes, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement.
That is to say, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image in the process of authenticating the user identity based on the authentication image, and judges one by one whether intermediate data obtained in each target processing stage meets a preset encryption requirement according to an analysis result and an encryption instruction issued to the client in advance, if the intermediate data obtained in each target processing stage meets the preset encryption requirement, it is determined that the user identity authentication is passed, and if the intermediate data obtained in any target processing stage does not meet the preset encryption requirement, it is determined that the user identity authentication is failed.
Further, in order to give consideration to both the security of the use of the user account of the client and the authentication efficiency of the authentication server in performing the authentication, the method specifically controls the client to encrypt the authentication image, based on which, in the process of generating the encryption command by the authentication server, the security level of the client is considered, not all the clients issue the same encryption command, and for the client with higher security level, the more the number of target processing stages indicated by the encryption command issued for the client is, specifically, before sending the encryption command to the client, the method further includes:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for acquiring the identity authentication images, determining at least one target processing stage according to the determined target security level, and determining the encryption parameter corresponding to each target processing stage, wherein the corresponding relation between the security level and the at least one target processing stage needing to be encrypted can be preset;
and generating an encryption instruction to be issued to the client according to at least one target processing stage and the encryption parameters corresponding to each target processing stage.
Specifically, the higher the security level of the client is, the more the number of target processing stages indicated by the corresponding encryption instruction is, further, it is considered that the authentication of the user may be strengthened for a certain special situation, for example, for the client which is preliminarily determined to have a suspected illegal attack risk, the security level of the client is increased to strengthen the authentication of the user corresponding to the client, based on which, the target security level may be obtained by dynamically adjusting based on an original security level set for the client in advance, in a specific embodiment, the determination process of the target security level specifically is:
judging whether the login environment of the client side is changed or not, if so, increasing the security level of the client side according to a preset adjustment rule, and determining the increased security level as the target security level of the client side;
for example, when it is detected that the login geographical location information of the client is not common geographical location information, that is, if it is detected that the client logs in a different place, it is determined that the login environment of the client changes, at this time, the strength of user identity authentication needs to be enhanced, and the security of the user account usage needs to be further improved.
In the authentication method in one or more embodiments of the present specification, an authentication server sends an encryption instruction to a client, so that the client encrypts generated intermediate data according to the encryption instruction during an acquisition process of an authentication image, receives the authentication image embedded with encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during a process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts the intermediate data according to an encryption requirement of the server, and realizes interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during a generation process of the authentication image, thereby avoiding a risk of data replacement, and preventing malicious attacks of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of identity authentication data acquisition are ensured, and the use safety of the user account is improved.
It should be noted that the embodiment in this specification and the previous embodiment in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the foregoing identity authentication method, and repeated parts are not described again.
Corresponding to the authentication methods described in fig. 2 to 7, based on the same technical concept, one or more embodiments of the present disclosure further provide an authentication apparatus, fig. 9 is a schematic diagram of module components of the authentication apparatus provided at a client according to one or more embodiments of the present disclosure, where the apparatus is configured to perform the authentication methods described in fig. 2 to 7, and as shown in fig. 9, the apparatus includes:
an encryption instruction obtaining module 901, configured to obtain an encryption instruction issued by the authentication server;
a data encryption module 902, configured to encrypt, according to the encryption instruction, intermediate data obtained in at least one target processing stage of the acquired authentication image;
a verification image sending module 903, configured to send the acquired authentication image to the verification server, so that the verification server performs authentication based on the authentication image.
Optionally, the authentication image includes: a user face image;
the at least one target processing stage comprises: at least one of an optical imaging phase, an image sensor acquisition phase, a video stream generation phase, and a video encoding phase.
Optionally, the data encryption module 902 is specifically configured to:
determining optical coding information used for data encryption in the optical imaging stage according to the encryption instruction;
and encrypting the optical image in the optical imaging stage of acquiring the identity verification image according to the optical coding information.
Optionally, the data encryption module 902 is further specifically configured to:
acquiring a speckle pattern obtained by irradiating a laser light source on a diffraction optical element corresponding to the optical coding information;
superimposing the speckle pattern on an optical image in the optical imaging phase of acquiring an authentication image.
Optionally, the data encryption module 902 is specifically configured to:
according to the encryption instruction, determining a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and embedding the digital watermark into the image signal in the image sensor acquisition stage for acquiring the identity verification image according to the hidden position.
Optionally, the data encryption module 902 is further specifically configured to:
if the encryption instruction indicates time domain encryption, the spatial domain is taken as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates frequency domain encryption, taking a DCT transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates time-frequency domain encryption, taking a time-frequency transform domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and if the encryption instruction indicates time-scale domain encryption, taking a wavelet transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage.
Optionally, the data encryption module 902 is specifically configured to:
according to the encryption instruction, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame;
and inserting the target video frame into the video stream generated in the video stream generation stage for acquiring the identity verification image according to the inserting position.
Optionally, the target video frame includes: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.
Optionally, the data encryption module 902 is specifically configured to:
determining the adding position of target information used for data encryption in the video coding stage according to the encryption instruction;
and according to the adding position, embedding the target information into file header information or a picture structure chart of the face image in the video coding stage of acquiring the identity verification image.
Optionally, the encryption instruction is determined by the authentication server by:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
The identity authentication device in one or more embodiments of the present specification obtains an encryption instruction issued by a server; according to the encryption instruction, encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the authentication images, the generated intermediate data are encrypted according to an encryption instruction issued by the server, and the authentication images embedded with the encryption information are sent to the server, so that the server extracts the encryption information from the received authentication images and performs authentication based on the encryption information, malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, the authenticity and the effectiveness of the authentication data acquisition are ensured, and the use safety of user accounts is improved.
It should be noted that the embodiment in this specification and the first embodiment in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the foregoing identity authentication method, and repeated parts are not described again.
Corresponding to the identity authentication method described in fig. 8, based on the same technical concept, one or more embodiments of the present specification further provide an identity authentication apparatus, fig. 10 is a schematic diagram of module compositions of the identity authentication apparatus provided in a service server and provided in one or more embodiments of the present specification, where the apparatus is configured to execute the identity authentication method described in fig. 8, and as shown in fig. 10, the apparatus includes:
a verification image receiving module 1001, configured to obtain an authentication image collected based on an encryption instruction and reported by a client after sending the encryption instruction to the client;
the data decryption module 1002 is configured to decrypt the authentication image to obtain target encryption information corresponding to at least one target processing stage;
and an authentication module 1003, configured to determine whether the authentication of the client passes according to the encryption instruction and the target encryption information.
Optionally, the identity verification module 1003 is specifically configured to:
judging whether the target encryption information corresponding to each target processing stage is matched with the encryption parameter corresponding to the target processing stage indicated by the encryption instruction;
if so, determining that the identity authentication of the client passes;
if not, determining that the identity authentication of the client side is not passed.
Optionally, the authentication image is obtained by encrypting, by the client, intermediate data obtained in at least one target processing stage of acquiring the authentication image according to the encryption instruction.
Optionally, the apparatus further includes an encryption instruction generating module, where the encryption instruction generating module is configured to:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for acquiring the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
In the authentication device in one or more embodiments of the present specification, the authentication server sends an encryption instruction to the client, so that the client encrypts the generated intermediate data according to the encryption instruction during the process of acquiring the authentication image, receives the authentication image embedded with the encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during the process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts the intermediate data according to the encryption requirement of the server, and realizes interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during the process of generating the authentication image, thereby avoiding the risk of data replacement, and preventing malicious attack of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of identity authentication data acquisition are ensured, and the use safety of the user account is improved.
It should be noted that the embodiment in this specification and the first embodiment in this specification are based on the same inventive concept, and therefore specific implementation of this embodiment may refer to implementation of the aforementioned identity authentication method, and repeated details are not described again.
Corresponding to the authentication methods described in fig. 2 to fig. 8, based on the same technical concept, one or more embodiments of the present specification further provide an authentication system, fig. 11 is a schematic structural diagram of the authentication system provided in one or more embodiments of the present specification, where the apparatus is configured to execute the authentication methods described in fig. 2 to fig. 8, and as shown in fig. 11, the system includes:
the system comprises an authentication server 10 and a plurality of clients 20, wherein the authentication server 10 is in communication connection with each client 20;
specifically, the authentication server issues an encryption instruction to the client, where the encryption instruction includes: target processing stages needing encryption and encryption parameters corresponding to the target processing stages;
after receiving an encryption instruction issued by a verification server, a client encrypts intermediate data obtained in at least one target processing stage according to the encryption instruction in the process of acquiring an authentication image to obtain an encrypted authentication image;
the client sends the encrypted authentication image to an authentication server;
after receiving the encrypted authentication image, the authentication server performs authentication on the user using the client based on the authentication image, if the authentication passes, sending prompt information for representing that the authentication passes to the client, and if the authentication fails, sending prompt information for representing that the authentication fails to the client.
In the authentication system in one or more embodiments of the present specification, an authentication server sends an encryption instruction to a client, the client encrypts generated intermediate data according to the encryption instruction during an authentication image acquisition process to obtain an authentication image embedded with encryption information, and then the authentication server receives the authentication image embedded with encryption information reported by the client, extracts encryption information from the received authentication image and performs authentication based on the encryption information, that is, during an authentication image generation process of the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts according to a server encryption requirement to realize interactive encryption between the client and the server, and on the other hand, encrypts intermediate data during an authentication image generation process, the risk of data replacement is avoided, so that malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, authenticity and effectiveness of the authentication data acquisition are ensured, and the use safety of the user account is improved.
It should be noted that the embodiment in this specification and the first embodiment in this specification are based on the same inventive concept, and therefore specific implementation of this embodiment may refer to implementation of the aforementioned identity authentication method, and repeated details are not described again.
Further, on the basis of the same technical concept, corresponding to the methods shown in fig. 2 to fig. 8, one or more embodiments of the present specification further provide an authentication apparatus for performing the above-mentioned authentication method, as shown in fig. 12.
The authentication device may have a large difference due to different configurations or performances, and may include one or more processors 1201 and a memory 1202, and the memory 1202 may store one or more stored applications or data. Memory 1202 may be, among other things, transient storage or persistent storage. The application stored in memory 1202 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for an authentication device. Still further, processor 1201 may be configured to communicate with memory 1202 to execute a series of computer-executable instructions in memory 1202 on the authentication device. The authentication apparatus may also include one or more power supplies 1203, one or more wired or wireless network interfaces 1204, one or more input-output interfaces 1205, one or more keypads 1206, and the like.
In one particular embodiment, an authentication apparatus comprises a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may comprise one or more modules, and each module may comprise a series of computer-executable instructions for the authentication apparatus, and the one or more programs configured to be executed by the one or more processors comprise computer-executable instructions for:
acquiring an encryption instruction issued by a verification server;
according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
Optionally, the computer executable instructions when executed cause the authentication image to comprise: a user face image;
the at least one target processing stage comprises: at least one of an optical imaging stage, an image sensor acquisition stage, a video stream generation stage, and a video encoding stage.
Optionally, when executed, the computer-executable instructions perform, according to the encryption instruction, encryption processing on intermediate data obtained in at least one target processing stage of acquiring an authentication image, including:
determining optical coding information used for data encryption in the optical imaging stage according to the encryption instruction;
and encrypting the optical image in the optical imaging stage for acquiring the identity verification image according to the optical coding information.
Optionally, when executed, the computer executable instructions encrypt the optical image in the optical imaging phase of acquiring the authentication image according to the optical coding information, including:
acquiring a speckle pattern obtained by irradiating a laser light source on a diffraction optical element corresponding to the optical coding information;
superimposing the speckle pattern on an optical image in the optical imaging phase of acquiring an authentication image.
Optionally, when executed, the computer-executable instructions perform, according to the encryption instruction, encryption processing on intermediate data obtained in at least one target processing stage of acquiring an authentication image, including:
according to the encryption instruction, determining a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and embedding the digital watermark into the image signal in the image sensor acquisition stage for acquiring the identity verification image according to the hidden position.
Optionally, when executed, the computer executable instructions determine, according to the encryption instruction, a hidden location of a digital watermark used for data encryption in the image sensor acquisition stage, and include:
if the encryption instruction indicates time domain encryption, the spatial domain is taken as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates frequency domain encryption, taking a DCT transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates time-frequency domain encryption, taking a time-frequency transform domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and if the encryption instruction indicates time-scale domain encryption, taking a wavelet transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage.
Optionally, when executed, the computer-executable instructions perform, according to the encryption instruction, encryption processing on intermediate data obtained in at least one target processing stage of acquiring an authentication image, including:
according to the encryption instruction, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame;
and inserting the target video frame into the video stream generated in the video stream generation stage for acquiring the identity verification image according to the insertion position.
Optionally, the computer executable instructions, when executed, the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.
Optionally, when executed, the computer executable instruction performs encryption processing on intermediate data obtained in at least one target processing stage of acquiring an authentication image according to the encryption instruction, and includes:
determining the adding position of target information used for data encryption in the video coding stage according to the encryption instruction;
and according to the adding position, embedding the target information in the file header information or the picture structure diagram of the face image in the video coding stage of acquiring the identity verification image.
Optionally, the computer executable instructions, when executed, the cryptographic instructions are determined by the authentication server by:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
The identity authentication device in one or more embodiments of the present specification obtains an encryption instruction issued by a server; according to the encryption instruction, encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.
In another particular embodiment, an authentication apparatus includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the authentication apparatus, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
after an encryption instruction is sent to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity authentication of the client passes or not according to the encryption instruction and the target encryption information.
Optionally, when executed, the determining whether the authentication of the client is passed according to the encryption instruction and the target encryption information includes:
judging whether the target encryption information corresponding to each target processing stage is matched with the encryption parameter corresponding to the target processing stage indicated by the encryption instruction;
if so, determining that the identity of the client passes the authentication;
if not, determining that the identity authentication of the client side is not passed.
Optionally, when the computer executable instruction is executed, the authentication image is obtained by encrypting, by the client, intermediate data obtained in at least one target processing stage of acquiring the authentication image according to the encryption instruction.
Optionally, the computer executable instructions, when executed, further comprise computer executable instructions for:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
In the authentication device in one or more embodiments of the present specification, the authentication server sends an encryption instruction to the client, so that the client encrypts the generated intermediate data according to the encryption instruction during the process of acquiring the authentication image, then receives the authentication image embedded with the encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during the process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts the intermediate data according to the encryption requirement of the server, and realizes interactive encryption between the client and the server, on the other hand, the intermediate data is encrypted during the process of generating the authentication image, thereby avoiding the risk of data replacement, and preventing malicious attacks on the authentication data by illegal molecules, the real-time performance, the authenticity and the effectiveness of the identity authentication data acquisition are ensured, and the use safety of the user account is improved.
Further, based on the same technical concept, corresponding to the methods shown in fig. 2 to fig. 8, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instructions, where in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, and the like, and the storage medium stores computer-executable instructions that, when executed by a processor, implement the following processes:
acquiring an encryption instruction issued by a verification server;
according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, cause the authentication image to comprise: a user face image;
the at least one target processing stage comprises: at least one of an optical imaging stage, an image sensor acquisition stage, a video stream generation stage, and a video encoding stage.
Optionally, when executed by the processor, the computer-executable instructions stored in the storage medium encrypt intermediate data obtained in at least one target processing stage of acquiring an authentication image according to the encryption instruction, where the encryption instruction includes:
determining optical coding information used for data encryption in the optical imaging stage according to the encryption instruction;
and encrypting the optical image in the optical imaging stage of acquiring the identity verification image according to the optical coding information.
Optionally, the storage medium stores computer executable instructions that when executed by the processor, encrypt an optical image in the optical imaging phase of capturing an authentication image according to the optically encoded information, comprising:
acquiring a speckle pattern obtained by irradiating a laser light source on a diffractive optical element corresponding to the optical coding information;
superimposing the speckle pattern on an optical image in the optical imaging phase of acquiring an authentication image.
Optionally, when executed by the processor, the storage medium stores computer-executable instructions for performing encryption processing on intermediate data obtained in at least one target processing stage of acquiring an authentication image according to the encryption instruction, where the encryption processing includes:
according to the encryption instruction, determining a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and embedding the digital watermark into the image signal in the image sensor acquisition stage for acquiring the identity verification image according to the hidden position.
Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, determine a hidden location of a digital watermark used for data encryption in the image sensor acquisition stage according to the encryption instructions, including:
if the encryption instruction indicates time domain encryption, the spatial domain is taken as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates frequency domain encryption, taking a DCT transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates time-frequency domain encryption, taking a time-frequency transform domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and if the encryption instruction indicates time-scale domain encryption, taking a wavelet transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage.
Optionally, when executed by the processor, the computer-executable instructions stored in the storage medium encrypt intermediate data obtained in at least one target processing stage of acquiring an authentication image according to the encryption instruction, where the encryption instruction includes:
according to the encryption instruction, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame;
and inserting the target video frame into the video stream generated in the video stream generation stage for acquiring the identity verification image according to the insertion position.
Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.
Optionally, when executed by the processor, the computer-executable instructions stored in the storage medium encrypt intermediate data obtained in at least one target processing stage of acquiring an authentication image according to the encryption instruction, where the encryption instruction includes:
determining the adding position of target information used for data encryption in the video coding stage according to the encryption instruction;
and according to the adding position, embedding the target information into file header information or a picture structure chart of the face image in the video coding stage of acquiring the identity verification image.
Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, the cryptographic instructions are determined by the authentication server by:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
When executed by a processor, the computer-executable instructions stored in the storage medium in one or more embodiments of the present specification obtain an encryption instruction issued by a server; according to the encryption instruction, encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the authentication images, the generated intermediate data are encrypted according to an encryption instruction issued by the server, and the authentication images embedded with the encryption information are sent to the server, so that the server extracts the encryption information from the received authentication images and performs authentication based on the encryption information, malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, the authenticity and the effectiveness of the authentication data acquisition are ensured, and the use safety of user accounts is improved.
In another specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, and when executed by the processor, the storage medium stores computer executable instructions capable of implementing the following process:
after an encryption instruction is sent to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity verification of the client passes or not according to the encryption instruction and the target encryption information.
Optionally, the storage medium stores computer-executable instructions that, when executed by a processor, determine whether the authentication of the client is passed according to the encryption instructions and the target encryption information, and includes:
judging whether the target encryption information corresponding to each target processing stage is matched with the encryption parameter corresponding to the target processing stage indicated by the encryption instruction;
if so, determining that the identity authentication of the client passes;
if not, determining that the identity authentication of the client side is not passed.
Optionally, when executed by the processor, the storage medium stores computer-executable instructions, where the authentication image is obtained by the client encrypting, according to the encryption instruction, intermediate data obtained in at least one target processing stage of acquiring the authentication image.
Optionally, the storage medium stores computer executable instructions that, when executed by the processor, further implement the following process:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
When the computer executable instructions stored in the storage medium in one or more embodiments of the present specification are executed by the processor, the authentication server sends an encryption instruction to the client, so that the client encrypts the generated intermediate data according to the encryption instruction in the process of acquiring the authentication image, receives the authentication image embedded with the encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, the client performs corresponding encryption processing in different data processing stages in the process of generating the authentication image, on one hand, the client encrypts the image according to the encryption requirement of the server, and realizes interactive encryption between the client and the server, and on the other hand, encrypts the intermediate data in the process of generating the authentication image, the risk of data replacement is avoided, so that malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, authenticity and effectiveness of the authentication data acquisition are ensured, and the use safety of the user account is improved.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain a corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry for implementing the logical method flows can be readily obtained by a mere need to program the method flows with some of the hardware description languages described above and into an integrated circuit.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be conceived to be both a software module implementing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more pieces of software and/or hardware in the implementation of one or more of the present descriptions.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied in the medium.
One or more of the present specification has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to one or more embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied in the medium.
One or more of the present specification can be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is merely illustrative of one or more embodiments of the present disclosure and is not intended to limit one or more embodiments of the present disclosure. Various modifications and alterations to one or more of the present descriptions will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of one or more of the present specification should be included in the scope of one or more claims of the present specification.
Claims (19)
1. An identity verification method, comprising:
acquiring an encryption instruction issued by a verification server, wherein the encryption instruction comprises: a target processing stage needing encryption;
according to the encryption instruction, data obtained in at least one target processing stage of the collected identity verification image is encrypted;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
2. The method of claim 1, wherein the authentication image comprises: a user face image;
at least one of the target processing stages comprises: at least one of an optical imaging phase, an image sensor acquisition phase, a video stream generation phase, and a video encoding phase.
3. The method according to claim 2, wherein encrypting, according to the encryption command, data obtained in at least one of the target processing stages of acquiring the authentication image comprises:
determining optical coding information used for data encryption in the optical imaging stage according to the encryption instruction;
and encrypting the optical image in the optical imaging stage for acquiring the identity verification image according to the optical coding information.
4. The method of claim 3, wherein encrypting the optical image in the optical imaging phase of capturing the authentication image according to the optically encoded information comprises:
acquiring a speckle pattern obtained by irradiating a laser light source on a diffraction optical element corresponding to the optical coding information;
superimposing the speckle pattern on an optical image in the optical imaging phase of acquiring an authentication image.
5. The method according to claim 2, wherein encrypting, according to the encryption command, data obtained in at least one of the target processing stages of acquiring the authentication image comprises:
according to the encryption instruction, determining a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and embedding the digital watermark into the image signal in the image sensor acquisition stage for acquiring the identity verification image according to the hidden position.
6. The method of claim 5, wherein determining the hidden location of the digital watermark used for data encryption in the image sensor acquisition phase according to the encryption instruction comprises:
if the encryption instruction indicates time domain encryption, taking a spatial domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates frequency domain encryption, taking a DCT transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage;
if the encryption instruction indicates time-frequency domain encryption, taking a time-frequency transform domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;
and if the encryption instruction indicates time-scale domain encryption, taking a wavelet transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage.
7. The method according to claim 2, wherein encrypting, according to the encryption command, data obtained in at least one of the target processing stages of acquiring the authentication image comprises:
according to the encryption instruction, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame;
and inserting the target video frame into the video stream generated in the video stream generation stage for acquiring the identity verification image according to the insertion position.
8. The method of claim 7, wherein the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.
9. The method according to claim 2, wherein encrypting, according to the encryption command, data obtained in at least one of the target processing stages of acquiring the authentication image comprises:
determining the adding position of target information used for data encryption in the video coding stage according to the encryption instruction;
and according to the adding position, embedding the target information in the file header information or the picture structure diagram of the face image in the video coding stage of acquiring the identity verification image.
10. The method according to any one of claims 1 to 9, wherein the encryption instruction is determined by the authentication server by:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
11. An identity verification method, comprising:
after an encryption instruction is sent to a client, an authentication image which is reported by the client and acquired based on the encryption instruction is acquired, wherein the encryption instruction comprises: the client side encrypts data obtained by at least one target processing stage of the acquired authentication images according to the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity verification of the client passes or not according to the encryption instruction and the target encryption information.
12. The method according to claim 11, wherein the determining whether the authentication of the client is passed according to the encryption instruction and the target encryption information comprises:
judging whether the target encryption information corresponding to each target processing stage is matched with the encryption parameter corresponding to the target processing stage indicated by the encryption instruction;
if so, determining that the identity of the client passes the authentication;
if not, determining that the identity authentication of the client side is not passed.
13. The method of claim 11, further comprising:
determining a target security level of a client to be authenticated;
in a plurality of data processing stages for acquiring the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;
and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.
14. An authentication apparatus, comprising:
an encryption instruction obtaining module, configured to obtain an encryption instruction issued by a verification server, where the encryption instruction includes: a target processing stage needing encryption;
the data encryption module is used for encrypting data obtained in at least one target processing stage of the collected identity verification image according to the encryption instruction;
and the verification image sending module is used for sending the acquired authentication image to the verification server so as to enable the verification server to perform authentication based on the authentication image.
15. An authentication apparatus, comprising:
the verification image receiving module is used for acquiring an authentication image which is reported by a client and acquired based on an encryption instruction after the encryption instruction is sent to the client, wherein the encryption instruction comprises: the client side encrypts data obtained by at least one target processing stage of the acquired authentication images according to the encryption instruction;
the data decryption module is used for decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and the identity authentication module is used for determining whether the identity authentication of the client passes according to the encryption instruction and the target encryption information.
16. An authentication apparatus, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring an encryption instruction issued by a verification server, wherein the encryption instruction comprises: a target processing stage needing encryption;
according to the encryption instruction, data obtained in at least one target processing stage of the collected identity verification image are encrypted;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
17. An authentication apparatus, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
after an encryption instruction is sent to a client, an authentication image which is reported by the client and acquired based on the encryption instruction is acquired, wherein the encryption instruction comprises: the client side encrypts data obtained by at least one target processing stage of the acquired authentication images according to the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity authentication of the client passes or not according to the encryption instruction and the target encryption information.
18. A storage medium storing computer-executable instructions, wherein the executable instructions when executed implement the following:
acquiring an encryption instruction issued by a verification server, wherein the encryption instruction comprises: a target processing stage needing encryption;
according to the encryption instruction, data obtained in at least one target processing stage of the collected identity verification image are encrypted;
and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.
19. A storage medium storing computer-executable instructions, wherein the executable instructions when executed implement the following:
after an encryption instruction is sent to a client, an authentication image which is reported by the client and acquired based on the encryption instruction is acquired, wherein the encryption instruction comprises: the client side encrypts data obtained by at least one target processing stage of the acquired authentication images according to the encryption instruction;
decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;
and determining whether the identity verification of the client passes or not according to the encryption instruction and the target encryption information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210380760.4A CN114780934A (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810917717.0A CN109145563B (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
| CN202210380760.4A CN114780934A (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810917717.0A Division CN109145563B (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114780934A true CN114780934A (en) | 2022-07-22 |
Family
ID=64792824
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210380760.4A Pending CN114780934A (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
| CN201810917717.0A Active CN109145563B (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810917717.0A Active CN109145563B (en) | 2018-08-13 | 2018-08-13 | Identity verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114780934A (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110414200B (en) * | 2019-04-08 | 2021-07-23 | 广州腾讯科技有限公司 | Identity authentication method, identity authentication device, storage medium and computer equipment |
| CN112241735A (en) * | 2019-07-18 | 2021-01-19 | 杭州海康威视数字技术股份有限公司 | Image processing method, device and system |
| CN111062323B (en) * | 2019-12-16 | 2023-06-02 | 腾讯科技(深圳)有限公司 | Face image transmission method, numerical value transfer method, device and electronic equipment |
| CN111369249A (en) * | 2020-02-25 | 2020-07-03 | 桂林微网互联信息技术有限公司 | Digital encryption authorization processing method and user terminal |
| CN111325175A (en) * | 2020-03-03 | 2020-06-23 | 北京三快在线科技有限公司 | Living body detection method, living body detection device, electronic apparatus, and storage medium |
| CN112309008A (en) * | 2020-10-29 | 2021-02-02 | 一汽奔腾轿车有限公司 | Safety management platform of automobile digital key |
| CN112686351A (en) * | 2021-03-22 | 2021-04-20 | 北京焦点新干线信息技术有限公司 | Channel risk control method and device |
| CN114422856A (en) * | 2022-01-07 | 2022-04-29 | 北京达佳互联信息技术有限公司 | Video data verification method, device, equipment and storage medium |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030021495A1 (en) * | 2001-07-12 | 2003-01-30 | Ericson Cheng | Fingerprint biometric capture device and method with integrated on-chip data buffering |
| CN101075868B (en) * | 2006-05-19 | 2010-05-12 | 华为技术有限公司 | Long-distance identity-certifying system, terminal, server and method |
| CN101316169B (en) * | 2008-07-18 | 2010-11-03 | 张曌 | Network identity verification method based on internet third party biological characteristic validation |
| CN101729256B (en) * | 2008-10-24 | 2012-08-08 | 深圳宝嘉电子设备有限公司 | Security certificate method based on fingerprint, cryptographic technology and fragile digital watermark |
| CN102306305B (en) * | 2011-07-06 | 2013-04-17 | 北京航空航天大学 | Method for authenticating safety identity based on organic characteristic watermark |
| US9495586B1 (en) * | 2013-09-18 | 2016-11-15 | IDChecker, Inc. | Identity verification using biometric data |
| CN104980278B (en) * | 2014-04-14 | 2018-11-16 | 阿里巴巴集团控股有限公司 | The method and apparatus for verifying the availability of biometric image |
| KR101812464B1 (en) * | 2014-06-11 | 2018-01-30 | 주식회사 슈프리마 | Creation and authentication of biometric information by using watermark |
| CN105138873A (en) * | 2015-08-20 | 2015-12-09 | 浪潮(北京)电子信息产业有限公司 | Image-based safety certification method and device |
| CN105429959B (en) * | 2015-11-02 | 2019-08-16 | 北京旷视科技有限公司 | Image processing method and client device, image authentication method and server |
| CN105681316B (en) * | 2016-02-02 | 2019-12-17 | 腾讯科技(深圳)有限公司 | identity verification method and device |
| CN106209381B (en) * | 2016-07-12 | 2019-04-26 | 深圳市中易通安全芯科技有限公司 | A kind of photo encipher-decipher method and its system |
| CN107277053A (en) * | 2017-07-31 | 2017-10-20 | 广东欧珀移动通信有限公司 | Auth method, device and mobile terminal |
| CN108022102A (en) * | 2017-12-04 | 2018-05-11 | 阿里巴巴集团控股有限公司 | A kind of auth method, device and equipment |
-
2018
- 2018-08-13 CN CN202210380760.4A patent/CN114780934A/en active Pending
- 2018-08-13 CN CN201810917717.0A patent/CN109145563B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145563A (en) | 2019-01-04 |
| CN109145563B (en) | 2022-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109145563B (en) | Identity verification method and device | |
| JP6606169B2 (en) | Information encryption and decryption | |
| Naveh et al. | Photoproof: Cryptographic image authentication for any set of permissible transformations | |
| CN110795501A (en) | Method, device, equipment and system for creating verifiable statement based on block chain | |
| JP2018507586A5 (en) | ||
| EP3132368B1 (en) | Method and apparatus of verifying usability of biological characteristic image | |
| CN110222531B (en) | Method, system and equipment for accessing database | |
| CN111931154B (en) | Service processing method, device and equipment based on digital certificate | |
| CN109495268B (en) | Two-dimensional code authentication method and device and computer readable storage medium | |
| Wang et al. | 2D barcodes for visual cryptography | |
| EP2911067A1 (en) | Electronic signing method based on biometric information recognition and method for verifying electronically signed electronic document based on said biometric information recognition, and terminal, server, and computer-readable recording medium using same | |
| US20200382308A1 (en) | User Apparatus and Method for the Protection of Confidential Data | |
| WO2021184974A1 (en) | Identity authentication method for privacy protection, and apparatus | |
| CN111177748A (en) | Fingerprint storage encryption method, device and system | |
| CN112837202B (en) | Watermark image generation and attack tracing method and device based on privacy protection | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device | |
| CN111147248A (en) | Encrypted transmission method, device and system of face feature library and storage medium | |
| Ahmed-Rengers | FrameProv: towards end-to-end video provenance | |
| Lin et al. | Robust digital signature for multimedia authentication | |
| CN115357929A (en) | Image processing method, device and equipment | |
| Capasso et al. | A Comprehensive Survey on Methods for Image Integrity | |
| CN113190780B (en) | Block chain-based website construction and information query method, device and system | |
| TW202312105A (en) | On-device image authentication | |
| CN114638014A (en) | Image processing method, device and equipment based on privacy protection | |
| Canessa et al. | photoQR: A novel ID card with an encoded view |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |