CN115906028A - User identity verification method and device and self-service terminal - Google Patents
User identity verification method and device and self-service terminal Download PDFInfo
- Publication number
- CN115906028A CN115906028A CN202211392652.5A CN202211392652A CN115906028A CN 115906028 A CN115906028 A CN 115906028A CN 202211392652 A CN202211392652 A CN 202211392652A CN 115906028 A CN115906028 A CN 115906028A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- self
- verification
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The specification provides a user identity authentication method, a user identity authentication device and a self-service terminal, and can be used in the financial field. Based on the method, when the user wants to log in a transaction account by using the self-service terminal at an unmanned network site, the user can firstly initiate a login request with a login certificate; the self-service terminal carries out first identity verification on the user according to the login certificate of the user; under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user; if the second authentication of the user is determined to pass, the authentication of the user is finally determined to be successful; further responding to the login request, and logging in the transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user. Therefore, the data security of the transaction account and the interaction experience of the user can be considered at the same time, and the identity authentication of the user under the unmanned network scene can be completed safely and accurately.
Description
Technical Field
The specification belongs to the technical field of data security, and particularly relates to a user identity authentication method and device and a self-service terminal.
Background
With the development of artificial intelligence technology, more and more financial transaction institutions (e.g., banks, etc.) begin to deploy and promote unmanned service outlets online to provide more convenient financial transaction services for users.
Based on the existing method, when a user logs in a transaction account by using a self-service terminal at an unmanned network, the user can complete authentication and log in the related transaction account smoothly only by inputting a correct password or by face recognition of a machine.
However, the above authentication method is originally designed for a conventional website where workers exist. Due to the particularity of the unmanned network, if the authentication mode is directly applied to the scene of the unmanned network, security holes exist, and further, the risk is caused to the data security of the user transaction account.
At present, an identity authentication method which can simultaneously consider the data security of a transaction account and the interaction experience of a user and is aimed at an unmanned website scene is urgently needed.
Disclosure of Invention
The specification provides a user identity authentication method, a user identity authentication device and a self-service terminal, which can effectively and simultaneously give consideration to data security of a transaction account and interaction experience of a user, and safely and accurately complete user identity authentication in an unmanned network site scene.
The specification provides a user identity authentication method, which is applied to a self-service terminal and comprises the following steps:
receiving a login request initiated by a user; the login request at least carries a login credential of a user;
performing first identity verification on the user according to the login credential of the user;
under the condition that the first identity authentication of the user is confirmed to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user;
determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass;
responding to the login request, and logging in a transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
In one embodiment, presenting a virtual teller to a user includes: a virtual teller is generated and presented to the user based on the AR algorithm.
In one embodiment, interacting with the user through the virtual teller to perform a second authentication with respect to the user, comprises:
acquiring associated data of a user;
screening out a matched target interactive verification strategy from a preset interactive verification strategy set according to the associated data of the user; the preset interactive verification strategy set comprises a plurality of preset interactive verification strategies;
and interactively interacting with the user through the virtual teller according to the target interactive verification strategy to perform second identity verification on the user.
In one embodiment, the preset interactive verification policy includes at least one of: a question-answer interactive verification strategy based on a user database, an interactive verification strategy based on a verification short message and an interactive verification strategy based on a verification mail.
In one embodiment, the association data of the user includes at least one of: the age of the user, the carrying object of the user, and the environment in which the user is located.
In one embodiment, in interacting with the user through the virtual teller to perform a second authentication with respect to the user, the method further comprises:
acquiring expression data of a user in an interactive process with a virtual teller through a camera;
and processing the expression data by using a preset expression analysis model to obtain an expression analysis result of the user.
In one embodiment, in the case that it is determined that the second authentication of the user is passed, the method further comprises:
detecting whether the expression change of the user meets the requirement or not according to the expression analysis result of the user;
and determining that the user identity verification is successful under the condition that the expression change of the user meets the requirement.
In one embodiment, the login credentials include a facial video of the user.
In one embodiment, performing a first authentication with respect to a user based on a login credential of the user comprises:
inquiring a user database to obtain a reference face template of a user; intercepting a face image of the user from a face video of the user;
detecting whether the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value or not;
and under the condition that the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value, determining that the first identity authentication of the user passes.
In one embodiment, in a case that it is determined that a difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold, the method further includes:
processing a face video of a user by using a preset living body detection model to obtain a living body detection result;
and determining whether the first identity authentication of the user passes according to the living body detection result.
In one embodiment, in the case that it is determined that the user first authentication passes, the method further comprises:
acquiring current characteristic data of the self-service terminal and current characteristic data of a user;
and performing risk verification according to the current characteristic data of the self-service terminal and the current characteristic data of the user.
This specification also provides a user authentication device, is applied to self-service terminal, the device includes:
the receiving module is used for receiving a login request initiated by a user; the login request at least carries a login credential of a user;
the first authentication module is used for performing first authentication on the user according to the login credential of the user;
the second authentication module is used for displaying the virtual teller to the user under the condition that the first identity authentication of the user is determined to pass; and interactively interacting with the user through the virtual teller to perform a second authentication on the user;
the determining module is used for determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass;
the login module is used for responding to the login request and logging in the transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
The present specification also provides a self-service terminal, including a processor and a memory for storing processor-executable instructions, where the processor executes the instructions to implement the relevant steps of the user authentication method.
The present specification also provides a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, perform the steps of: receiving a login request initiated by a user; the login request at least carries a login credential of a user; performing first identity verification on the user according to the login credential of the user; under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user; determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass; responding to the login request, and logging in a transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
The present specification also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps associated with the method of user authentication.
Based on the user identity authentication method, the user identity authentication device and the self-service terminal provided by the specification, when a user wants to log in a transaction account for transaction data processing by using the self-service terminal at an unmanned network site, conventional login operation can be performed at the self-service terminal, and correspondingly, the self-service terminal can receive a login request carrying a login certificate; then, the self-service terminal can perform first identity verification on the user according to the login certificate of the user; under the condition that the first identity authentication of the user is determined to pass, generating and displaying a virtual teller to the user based on an AR algorithm; interaction which is targeted and matched with a specific interaction scene is carried out between the virtual teller and the user so as to carry out second identity verification on the user; if the second authentication of the user is determined to pass, the authentication of the user is finally determined to be successful; the self-service terminal can respond to the login request and log in the transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user. Therefore, the data security of the transaction account and the interaction experience of the user can be effectively considered at the same time, and the identity authentication of the user under the unmanned network site scene can be safely and accurately completed.
Drawings
In order to more clearly illustrate the embodiments of the present specification, the drawings needed to be used in the embodiments will be briefly described below, and the drawings in the following description are only some of the embodiments described in the specification, and it is obvious to those skilled in the art that other drawings can be obtained based on the drawings without any inventive work.
Fig. 1 is a schematic flowchart of a user authentication method according to an embodiment of the present disclosure;
FIG. 2 is a diagram illustrating an embodiment of a method for authenticating a user according to an embodiment of the present specification, in an example scenario;
FIG. 3 is a diagram illustrating an embodiment of a method for authenticating a user according to an embodiment of the present specification, in an example scenario;
FIG. 4 is a diagram illustrating an embodiment of a method for authenticating a user according to an embodiment of the present specification, in an example scenario;
FIG. 5 is a block diagram of a kiosk, according to an embodiment of the present disclosure;
fig. 6 is a schematic structural component diagram of a user authentication apparatus according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Referring to fig. 1, an embodiment of the present specification provides a user identity authentication method, where the method is specifically applied to a self-service terminal side. In specific implementation, the method may include the following:
s101: receiving a login request initiated by a user; the login request at least carries a login credential of a user;
s102: performing first identity verification on the user according to the login credential of the user;
s103: under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user;
s104: determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass;
s105: responding to the login request, and logging in a transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
In some embodiments, the user identity authentication method may be specifically applied to a self-service terminal side. Specifically, referring to fig. 2, the self-service terminal may be deployed in an unmanned site of a transaction institution. The unmanned network can provide self-service transaction service for the user in all time.
The self-service terminal specifically comprises a front-end device which is applied to one side of an unmanned network and can realize functions of data acquisition, data transmission, partial service data processing and the like. Specifically, the self-service terminal may be, for example, a desktop computer, a tablet computer, a self-service machine, a self-service robot, or the like.
In some embodiments, the user needs to log in to his/her transaction account at the self-service terminal before using the self-service terminal to transact a specific transaction.
In specific implementation, a user initiates a login operation at a self-service terminal. Specifically, the self-service terminal may first display a login interface for the user. The user can input the user identification, user certificate and the like of the user through the login interface so as to initiate specific login operation.
Correspondingly, the self-service terminal responds to the login operation and can generate and acquire a login request initiated by the user. The login request at least carries login credentials of the user.
The user identifier may be specifically understood as identification information for indicating a user. Specifically, the user identifier may include at least one of: a user name of the user, an identity ID of the user, a transaction account number of the user, and so forth. It should be noted that the user id listed above is only an exemplary illustration. In specific implementation, the user identifier may further include other types of identification information according to specific situations and processing requirements. The present specification is not limited to these.
The login credentials may be understood as credential data that can prove the authenticity of the identity of the user. Specifically, the login credential may specifically include a face video of the user, a transaction account login password of the user, a fingerprint image of the user, and the like. It should be noted that the above listed login credentials are only an exemplary illustration. In specific implementation, the login credential may also include other types of data according to specific application scenarios and precision requirements. The present specification is not limited to these.
It should be noted that the information data related to the user in the present specification is obtained and used on the premise that the user knows and agrees. Moreover, the acquisition, storage, use, processing and the like of the information data all conform to relevant regulations of national laws and regulations.
In some embodiments, the self-service terminal may perform a first authentication on the user after receiving the user's login credentials.
In specific implementation, referring to fig. 3, the performing of the first authentication on the user according to the login credential of the user may include the following steps:
s1: inquiring a user database to obtain a reference face template of a user; intercepting a face image of the user from a face video of the user;
s2: detecting whether the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value or not;
s3: and determining that the first identity verification of the user passes under the condition that the difference value between the face image of the user and the reference face template is smaller than or equal to a preset difference threshold value.
The user database may be a block chain-based database. Therefore, the information data of the user stored in the user database can be safely and reliably protected by using the characteristics of the block chain such as non-tampering and data encryption.
The information data of the user at least comprises a reference face template of the user provided by the user during registration. In addition, the information data of the user may further include historical business transaction records of the user, attribute information of the user (for example, the age of the user, the monthly income of the user, the occupation of the user, and the like), and the like.
In specific implementation, the reference face template of the user can be obtained by querying the user database according to the user identifier of the user.
Meanwhile, under the condition that the login certificate provided by the user comprises a face video of the user, the image frame positioned in the middle position can be directly screened out from the face video; screening image frames which contain complete human faces and are high in definition and free of shielding from the image frames at the middle position to serve as key image frames; and intercepting a face image of the user from the key image frame.
Under the condition that the login credentials provided by the user do not comprise the face video of the user, a camera built in the self-service terminal can be controlled to collect the video containing the face of the user on site, and the face video of the user is obtained. When the human face video is collected, the self-service terminal can also control a built-in voice player to play prompt voice about the collected human face video so as to guide a user to turn the face to the camera, so that the human face video with higher quality can be collected.
In specific implementation, the self-service terminal can compare the face features of the face image of the user with the face template according to a face comparison algorithm to obtain a difference value between the face image of the user and the face template; and detecting whether the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value. The preset difference threshold value can be flexibly set according to specific conditions and verification precision.
In the case that it is determined that the difference value between the face image of the user and the reference face template is less than or equal to the preset difference threshold value, it may be determined that the preliminary authentication (first authentication) of the user passes.
On the contrary, under the condition that the difference value between the face image of the user and the reference face template is determined to be larger than the preset difference threshold value, the second identity authentication of the user can be judged to be failed, and further an error-reporting prompt of login failure can be directly generated.
In some embodiments, when it is determined that the difference value between the face image of the user and the reference face template is less than or equal to the preset difference threshold, the method may further include the following steps: processing a face video of a user by using a preset living body detection model to obtain a living body detection result; and determining whether the first identity authentication of the user passes according to the living body detection result.
The preset living body detection model can be specifically understood as a pre-trained neural network model which can judge whether the face in the video is a real human face or not based on the input face video detection frequency.
In specific implementation, the first identity verification of the user is finally determined to pass under the condition that the face in the face video is determined to be a real human face according to the living body detection result. In contrast, according to the living body detection result, in the case where it is determined that the face in the face video is not a real human face, it may be determined that the first authentication of the user fails.
Based on the embodiment, under the condition that the difference value between the face image of the user and the reference face template is determined to be smaller than or equal to the preset difference threshold value, the preset in-vivo detection model is further utilized to carry out in-vivo detection on the face video of the user, so that the situation that some users illegally use face photos of other users to impersonate other users to log in related transaction accounts is avoided, and therefore first identity verification about the user can be completed more accurately and reliably.
In some embodiments, when it is determined that the first identity authentication of the user passes, the method may further include:
s1: acquiring current characteristic data of the self-service terminal and current characteristic data of a user;
s2: and performing risk verification according to the current characteristic data of the self-service terminal and the current characteristic data of the user.
The current characteristic data of the self-service terminal may specifically include at least one of the following: the self-service terminal comprises an IP address of the self-service terminal, a security level label of the self-service terminal, position coordinates of the self-service terminal, a network environment state of the self-service terminal and the like.
The current characteristic data about the user may specifically include at least one of the following: risk labels for the user, historical violations for the user, current voice data for the user, etc.
In some embodiments, the risk verification according to the current characteristic data about the self-service terminal and the current characteristic data about the user may be implemented as follows: processing current characteristic data of the self-service terminal by using a preset terminal risk prediction model to obtain a corresponding first risk prediction result; processing current characteristic data about the user by using a preset user risk prediction model to obtain a corresponding second risk prediction result; and verifying whether the user has risks or not according to the first risk prediction result and the second risk prediction result.
The preset terminal risk prediction model may be specifically understood as a neural network model that determines whether related risks exist when the user logs in a transaction account by using the self-service terminal currently based on terminal dimensions according to input characteristic data about the self-service terminal.
The preset user risk prediction model can be specifically understood as a neural network model which judges whether related risks exist when the user logs in a transaction account by using the self-service terminal currently based on user dimensionality and input characteristic data about the user.
Based on the embodiment, whether related risks exist when the user logs in the transaction account by using the self-service terminal can be accurately determined based on two dimensions of the self-service terminal and the user according to the two risk prediction results. When the risk is determined, the subsequent login processing related to the transaction account can be stopped, and the risk prompt is generated and displayed to the user, so that the data security of the transaction account of the user can be well protected.
In some embodiments, the verifying whether the user has a risk according to the first risk prediction result and the second risk prediction result may include the following steps: combining the first risk prediction result and the second risk prediction result according to a preset combination rule to obtain a combined risk prediction result aiming at the condition that the user logs in a transaction account by using the self-service terminal currently; processing the joint risk prediction result by using a preset risk evaluation model to obtain a corresponding target risk value; and determining whether the user currently uses the self-service terminal to log in a transaction account has risks or not according to the target risk value.
The preset risk evaluation model, the preset user risk prediction model and the preset terminal risk prediction model can be obtained by training based on sample login records of sample users logging in sample transaction accounts by using sample terminals.
Specifically, the target risk value may be compared with a preset risk threshold; according to the comparison result, under the condition that the target risk value is determined to be less than or equal to the preset risk threshold value, the risk can be determined to be absent, and further the subsequent data processing can be carried out; conversely, when the target risk value is determined to be greater than the preset risk threshold value, the risk can be determined to exist, and then the subsequent data processing can be stopped, and the relevant risk prompt can be generated and displayed.
In some embodiments, upon determining that the user has passed the first authentication, a virtual teller may be presented to the user; and then the virtual teller interacts with the user, so that second identity authentication which is stricter than the first identity authentication can be performed in a relatively friendly manner.
In some embodiments, the presenting a virtual teller to the user may include: a virtual teller is generated and presented to the user based on the AR algorithm.
The AR (Augmented Reality) may specifically refer to an algorithm technology for skillfully fusing virtual information and a real world, and may be implemented by applying virtual information such as characters, images, three-dimensional models, music, videos, and the like generated by a computer to the real world after analog simulation by using various technical means such as multimedia, three-dimensional modeling, real-time tracking and registration, intelligent interaction, sensing, and the like, so as to achieve mutual complementation of the two kinds of information, thereby achieving "augmentation" of the real world.
Specifically, the virtual teller can be displayed on the self-service terminal based on an AR algorithm, and the user is guided to efficiently and reliably complete second identity authentication on the user through interactive interaction with the user; meanwhile, the user can obtain better interactive experience in the process of second identity authentication.
In some embodiments, after the virtual teller is shown to the user, before the second authentication on the user is performed through the virtual teller, the self-service terminal may further perform a voice or text query interaction with the user through a service query interaction template preset by the virtual teller, so as to obtain a corresponding interaction result. And determining the target service which the user may want to handle according to the interaction result. Further, according to a preset sensitive service table, whether the target service belongs to sensitive information possibly related to the user or sensitive services closely related to account security of a transaction account of the user is determined. Under the condition that the target service is determined to be a sensitive service, the second identity authentication can be performed through interaction with the user, so that the account data security of the user can be protected in a more targeted manner. Under the condition that the target service is determined to be the non-sensitive service, the login request can be directly responded, and the transaction account of the user can be logged in, so that the waiting time of the user can be shortened, and the user can more quickly and conveniently handle and complete the non-sensitive service.
In some embodiments, referring to fig. 4, the interaction with the user through the virtual teller to perform the second authentication on the user may include the following steps:
s1: acquiring associated data of a user;
s2: screening out a matched target interactive verification strategy from a preset interactive verification strategy set according to the associated data of the user; the preset interactive verification strategy set comprises a plurality of preset interactive verification strategies;
s3: and interactively interacting with the user through the virtual teller according to the target interactive verification strategy to perform second identity verification on the user.
In specific implementation, the corresponding interactive scene can be determined according to the associated data of the user; and then according to the interactive scene, screening out a matched preset interactive verification strategy from a preset interactive verification strategy set to serve as a target interactive verification strategy. And the virtual teller can perform specific interactive interaction with the user according to the target interactive verification strategy.
In some embodiments, the preset interactive verification policy may specifically include at least one of: a question-answer interactive verification strategy based on a user database, an interactive verification strategy based on a verification short message, an interactive verification strategy based on a verification mail and the like. Each preset interactive verification strategy corresponds to an interactive scene.
The associated data of the user may specifically include at least one of the following: the age of the user, the carrying object of the user, the environment in which the user is located, and the like.
Before specific implementation, a preset interactive verification strategy can be constructed and obtained according to the following modes: collecting process data of a sample user when the sample user uses a sample self-service terminal to handle business under different interaction scenes; dividing the process data into data groups respectively corresponding to different interactive scenes according to the interactive scenes; summarizing and clustering process data contained in each data group to determine common characteristics of user interaction behaviors aiming at different interaction scenes; and then, corresponding interactive verification strategies can be configured for different interactive scenes according to the common characteristics of the user interactive behaviors.
Specifically, for example, for an interaction scenario where a user does not currently carry an electronic device such as a mobile phone and the like and the current environment is relatively quiet, a question-answer interaction verification policy based on a user database may be configured. Based on the interactive authentication strategy, the virtual teller can firstly inquire a user database to obtain a security question and a corresponding security answer provided when the user registers; randomly extracting one or more security problems, and asking corresponding security problems to a user through a voice player; collecting voice answers of a user to safety problems; then converting the voice answer into text data; processing the semantic text data by using a preset semantic recognition model to obtain a corresponding semantic recognition result; performing semantic matching on the semantic recognition result and the corresponding safety answer; and determining whether the second authentication of the user is passed by detecting whether the semantic matching is successful.
For another example, for an interactive scene in which the user currently carries a mobile phone and the current environment is noisy, an interactive verification policy based on a verification short message may be configured. Based on the interactive verification strategy, the virtual teller can firstly inquire a user database and acquire the registered mobile phone number of the user; meanwhile, a random number generator is utilized to generate a random number as a security verification code; further, the virtual teller can display the verification mode and the security verification code to the user in a text display mode so as to guide the user to edit a verification short message containing the security verification code by using a registered mobile phone and send the verification short message to a designated number; wherein the designated number is associated with the self-service terminal. Meanwhile, the self-service terminal can start timing after the virtual teller finishes the text display, and receives the verification short message within the effective time. Under the condition that the verification short message is received within the effective time, further, whether the mobile phone number which sends the verification short message is a registered mobile phone number or not is detected, and whether the safety verification code in the verification short message is consistent with the displayed safety verification code or not is detected; and determining that the second identity authentication is passed under the condition that the mobile phone number sending the authentication short message is determined to be the registered mobile phone number and the security authentication code in the authentication short message is consistent with the displayed security authentication code.
After obtaining a plurality of preset interactive verification policies, the plurality of preset interactive verification policies may be combined to obtain a preset interactive verification policy set.
In specific implementation, the associated data including part of the age of the user and the like can be obtained by querying the user database according to the user identifier of the user; meanwhile, an image of the whole body of the user included in the user can be acquired as a detection image, and associated data of another part including the carried object of the user, the environment where the user is located and the like can be acquired through image recognition according to the detection image.
In specific implementation, the self-service terminal can detect whether image frames containing the whole body of the user exist in the obtained face video; when the human face video is detected to contain the image frame of the whole body of the user, the image frame can be directly intercepted to be used as a detection image. Under the condition that the human face video is detected not to contain the image frame of the whole body of the user, a built-in voice player can be used for playing related prompt tones so as to guide the user to configure a camera, and the image containing the whole body of the user is collected to serve as the detection image.
The implementation can be specifically implemented by processing the detection image by using a preset image recognition model to determine whether the carried objects of the user comprise electronic equipment such as a mobile phone, a computer, an intelligent watch and the like; and determining whether the current environment of the user belongs to a noisy environment or a quiet environment, and the like.
In some embodiments, in the process of interacting with the user through the virtual teller to perform the second authentication on the user, the method may further include the following steps:
s1: acquiring expression data of a user in an interactive process with a virtual teller through a camera;
s2: and processing the expression data by using a preset expression analysis model to obtain an expression analysis result of the user.
In the specific implementation process, the self-service terminal can control the camera to collect the face image of the user in real time or at regular time in the interactive process; and acquiring expression data of the user according to the face image.
In specific implementation, in the interactive process, the virtual teller screens out a matched expression from the expression library according to the semantic content of the played voice data or the displayed text data; and the matched expression is displayed to the user in time so as to better interact with the user, and expression data which is relatively natural and has relatively higher reference value is obtained during the interactive interaction process of the user.
In specific implementation, a preset expression analysis model can be utilized to obtain a corresponding expression analysis result by processing the expression data; furthermore, a plurality of expression analysis results can be combined in sequence according to the acquisition time of each expression data, and the expression change of the user in the interactive interaction process is obtained.
In some embodiments, when the second authentication of the user is determined to pass, the method may further include, in implementation: detecting whether the expression change of the user meets the requirement or not according to the expression analysis result of the user; and determining that the user identity verification is successful under the condition that the expression change of the user meets the requirement.
In specific implementation, the expression change of the user in the interactive process can be obtained through combination according to the expression analysis result of the user; and detecting whether the expression change of the user has negative emotions such as heart deficiency, fear and the like by using the micro-expression analysis template.
If the negative emotion does not exist in the expression change of the user, the expression change of the user can be judged to meet the requirement, and finally the identity verification of the user is determined to be successful. On the contrary, if the negative emotion exists in the expression change of the user, the expression change of the user can be judged to be not qualified, and the authentication failure of the user is determined.
Therefore, expression data in the interactive process of the user and the virtual teller can be obtained and utilized, and identity verification aiming at the user can be realized more accurately and strictly.
In some embodiments, in the event that the user authentication is determined to be successful, the self-service terminal may automatically log in to the transaction account of the user in response to the login request; and presenting the user with a transaction service interface that has logged into the transaction account. At this time, the user can normally use the self-service terminal in the unmanned network through the transaction service interface to safely handle specific transaction services.
As can be seen from the above, in the user identity authentication method provided in the embodiment of the present specification, when a user wants to log in a transaction account for transaction data processing using a self-service terminal at an unmanned website, a conventional login operation may be performed on the self-service terminal, and accordingly, the self-service terminal may receive a login request carrying a login credential; then, the self-service terminal can perform first identity verification on the user according to the login certificate of the user; under the condition that the first identity authentication of the user is determined to pass, generating and displaying a virtual teller to the user based on an AR algorithm; performing targeted and matched interaction with the user through the virtual teller to perform second identity verification on the user; if the second authentication of the user is passed, the user identity authentication is finally determined to be successful; the user can further respond to the login request and log in the transaction account of the user; and a transaction service interface of the transaction account of the user is shown to the user. Therefore, the data security of the transaction account and the interaction experience of the user can be effectively considered at the same time, and the identity authentication of the user under the unmanned network site scene can be safely and accurately completed.
An embodiment of the present specification further provides a self-service terminal, including a processor and a memory for storing processor executable instructions, where the processor may perform the following steps according to the instructions when implemented specifically: receiving a login request initiated by a user; the login request at least carries a login credential of a user; performing first identity verification on the user according to the login credential of the user; under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user; determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass; responding to the login request, and logging in a transaction account of the user; and a transaction service interface of the transaction account of the user is shown to the user.
In order to more accurately complete the above instructions, referring to fig. 5, the embodiment of the present specification further provides another specific server, where the server includes a network communication port 501, a processor 502, and a memory 503, and the above structures are connected by an internal cable, so that the structures may perform specific data interaction.
The network communication port 501 may be specifically configured to receive a login request initiated by a user; wherein, the login request at least carries the login credential of the user.
The processor 502 may be specifically configured to perform a first authentication on the user according to the login credential of the user; under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user; determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass; responding to the login request, and logging in a transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
The memory 503 may be specifically configured to store a corresponding instruction program.
In this embodiment, the network communication port 501 may be a virtual port bound to different communication protocols, so as to send or receive different data. For example, the network communication port may be a port responsible for web data communication, a port responsible for FTP data communication, or a port responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.
In this embodiment, the processor 502 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The description is not intended to be limiting.
In this embodiment, the memory 503 may include multiple layers, and in a digital system, the memory may be any memory as long as it can store binary data; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
Further, the self-service terminal may further include a camera, a voice player, a display screen, and other device structures.
The embodiment of the present specification further provides a computer-readable storage medium based on the user identity authentication method, where the computer-readable storage medium stores computer program instructions, and when the computer program instructions are executed, the computer-readable storage medium implements the following steps: receiving a login request initiated by a user; the login request at least carries a login credential of a user; performing first identity verification on the user according to the login credential of the user; under the condition that the first identity authentication of the user is confirmed to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user; determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass; responding to the login request, and logging in a transaction account of the user; and a transaction service interface of the transaction account of the user is shown to the user.
In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer-readable storage medium can be explained in comparison with other embodiments, and are not described herein again.
Embodiments of the present specification further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the following steps: receiving a login request initiated by a user; the login request at least carries a login credential of a user; performing first identity verification on the user according to the login credential of the user; under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user; determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass; responding to the login request, and logging in a transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
Referring to fig. 6, in a software level, an embodiment of the present specification further provides a user authentication apparatus, which may specifically include the following structural modules:
the receiving module 601 is specifically configured to receive a login request initiated by a user; the login request at least carries a login credential of a user;
the first authentication module 602 may be specifically configured to perform a first authentication on a user according to a login credential of the user;
the second authentication module 603 may be specifically configured to, in a case that it is determined that the first authentication of the user passes, present the virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user;
the determining module 604 may be specifically configured to determine that the user identity authentication is successful in the case that it is determined that the second identity authentication of the user passes;
the login module 605 is specifically configured to respond to a login request and log in a transaction account of a user; and displaying a transaction service interface of the transaction account of the user to the user.
In some embodiments, when the second verification module 603 is implemented, the virtual teller may be presented to the user as follows: a virtual teller is generated and presented to the user based on the AR algorithm.
In some embodiments, the second authentication module 603 may be implemented to interact with the user through the virtual teller machine in the following manner to perform the second authentication on the user: acquiring associated data of a user; screening out a matched target interactive verification strategy from a preset interactive verification strategy set according to the associated data of the user; the preset interactive verification strategy set comprises a plurality of preset interactive verification strategies; and interactively interacting with the user through the virtual teller according to the target interactive verification strategy to perform second identity verification on the user.
In some embodiments, the preset interactive verification policy may specifically include at least one of: a question-answer interactive verification strategy based on a user database, an interactive verification strategy based on a verification short message, an interactive verification strategy based on a verification mail and the like.
In some embodiments, the association data of the user may specifically include at least one of: the age of the user, the carrying object of the user, the environment in which the user is located, and the like.
In some embodiments, in the process of performing the second authentication on the user through the interactive interaction between the virtual teller and the user, the apparatus may further be configured to acquire, through the camera, expression data of the user in the process of the interactive interaction between the virtual teller and the user; and processing the expression data by using a preset expression analysis model to obtain an expression analysis result of the user.
In some embodiments, when the device is implemented specifically under the condition that it is determined that the second authentication of the user passes, the device may be further configured to detect whether the change of the expression of the user meets a requirement according to an expression analysis result of the user; and determining that the user identity authentication is successful under the condition that the expression change of the user meets the requirement.
In some embodiments, the login credentials may specifically include a facial video of the user, or the like.
In some embodiments, when the first authentication module 602 is implemented, the first authentication on the user may be performed according to the login credential of the user in the following manner: inquiring a user database to obtain a reference face template of a user; intercepting a face image of the user from a face video of the user; detecting whether the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value or not; and under the condition that the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value, determining that the first identity authentication of the user passes.
In some embodiments, in a case that it is determined that a difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold, when the first verification module 602 is implemented specifically, the first verification module may be further configured to process a face video of the user by using a preset in-vivo detection model to obtain an in-vivo detection result; and determining whether the first identity authentication of the user passes according to the living body detection result.
In some embodiments, the apparatus may further include a risk verification module. The risk verification module may be specifically configured to obtain current feature data about the self-service terminal and current feature data about the user, in a case that it is determined that the first identity verification of the user passes; and performing risk verification according to the current characteristic data of the self-service terminal and the current characteristic data of the user.
It should be noted that, the units, devices, modules, etc. illustrated in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
As can be seen from the above, according to the user identity authentication device provided in the embodiment of the present specification, when a user wants to log in a transaction account for transaction data processing using a self-service terminal at an unmanned site, a conventional login operation may be performed on the self-service terminal, and accordingly, the self-service terminal may receive a login request carrying a login credential; then, the self-service terminal can perform first identity verification on the user according to the login certificate of the user; under the condition that the first identity authentication of the user is determined to pass, generating and displaying a virtual teller to the user based on an AR algorithm; performing targeted and matched interaction with the user through the virtual teller to perform second identity verification on the user; if the second authentication of the user is determined to pass, the authentication of the user is finally determined to be successful; the user can further respond to the login request and log in the transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user. Therefore, the data security of the transaction account and the interaction experience of the user can be effectively considered at the same time, and the identity authentication of the user under the unmanned network site scene can be safely and accurately completed.
Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer-readable storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus necessary general hardware platform. With this understanding, the technical solutions in the present specification may be essentially embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments in the present specification.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.
Claims (15)
1. A user identity authentication method is applied to a self-service terminal, and comprises the following steps:
receiving a login request initiated by a user; the login request at least carries a login credential of a user;
performing first identity verification on the user according to the login credential of the user;
under the condition that the first identity authentication of the user is determined to pass, displaying a virtual teller to the user; and interactively interacting with the user through the virtual teller to perform a second authentication on the user;
determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass;
responding to the login request, and logging in a transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
2. The method of claim 1, wherein presenting the user with a virtual teller comprises: a virtual teller is generated and presented to the user based on the AR algorithm.
3. The method of claim 2, wherein interacting with the user through the virtual teller to perform a second authentication with respect to the user comprises:
acquiring associated data of a user;
screening out a matched target interactive verification strategy from a preset interactive verification strategy set according to the associated data of the user; the preset interactive verification strategy set comprises a plurality of preset interactive verification strategies;
and interactively interacting with the user through the virtual teller according to the target interactive verification strategy to perform second identity verification on the user.
4. The method of claim 3, wherein the preset interactive authentication policy comprises at least one of: a question-answer interactive verification strategy based on a user database, an interactive verification strategy based on a verification short message and an interactive verification strategy based on a verification mail.
5. The method of claim 3, wherein the association data of the user comprises at least one of: the age of the user, the carrying object of the user and the environment of the user.
6. The method of claim 1, wherein in interacting with the user through the virtual teller to perform a second authentication with respect to the user, the method further comprises:
acquiring expression data of a user in an interactive process with a virtual teller through a camera;
and processing the expression data by using a preset expression analysis model to obtain an expression analysis result of the user.
7. The method of claim 6, wherein in the event that the user is determined to be authenticated by the second identity, the method further comprises:
detecting whether the expression change of the user meets the requirement or not according to the expression analysis result of the user;
and determining that the user identity authentication is successful under the condition that the expression change of the user meets the requirement.
8. The method of claim 1, wherein the login credentials comprise a video of a face of the user.
9. The method of claim 8, wherein performing a first authentication with respect to the user based on the user's login credentials comprises:
inquiring a user database to obtain a reference face template of a user; intercepting a face image of the user from a face video of the user;
detecting whether the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value or not;
and under the condition that the difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value, determining that the first identity authentication of the user passes.
10. The method according to claim 9, wherein in a case that it is determined that a difference value between the face image of the user and the reference face template is less than or equal to a preset difference threshold value, the method further comprises:
processing a face video of a user by using a preset living body detection model to obtain a living body detection result;
and determining whether the first identity authentication of the user passes according to the living body detection result.
11. The method of claim 1, wherein in the event that it is determined that the user first authentication passes, the method further comprises:
acquiring current characteristic data of the self-service terminal and current characteristic data of a user;
and performing risk verification according to the current characteristic data of the self-service terminal and the current characteristic data of the user.
12. A user identity authentication device is applied to a self-service terminal, and comprises:
the receiving module is used for receiving a login request initiated by a user; the login request at least carries a login credential of a user;
the first authentication module is used for performing first authentication on the user according to the login credential of the user;
the second verification module is used for displaying the virtual teller to the user under the condition that the first identity verification of the user is confirmed to pass; and interactively interacting with the user through the virtual teller to perform a second authentication on the user;
the determining module is used for determining that the user identity authentication is successful under the condition that the second identity authentication of the user is determined to pass;
the login module is used for responding to the login request and logging in the transaction account of the user; and displaying a transaction service interface of the transaction account of the user to the user.
13. A self-service terminal comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 11.
14. A computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method of any one of claims 1 to 11.
15. A computer program product comprising a computer program which, when executed by a processor, carries out the steps of the method according to any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211392652.5A CN115906028A (en) | 2022-11-08 | 2022-11-08 | User identity verification method and device and self-service terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211392652.5A CN115906028A (en) | 2022-11-08 | 2022-11-08 | User identity verification method and device and self-service terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115906028A true CN115906028A (en) | 2023-04-04 |
Family
ID=86490589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211392652.5A Pending CN115906028A (en) | 2022-11-08 | 2022-11-08 | User identity verification method and device and self-service terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115906028A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116708708A (en) * | 2023-08-01 | 2023-09-05 | 广州市艾索技术有限公司 | Method and system for constructing paperless conference based on distribution |
-
2022
- 2022-11-08 CN CN202211392652.5A patent/CN115906028A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116708708A (en) * | 2023-08-01 | 2023-09-05 | 广州市艾索技术有限公司 | Method and system for constructing paperless conference based on distribution |
| CN116708708B (en) * | 2023-08-01 | 2024-04-02 | 广州市艾索技术有限公司 | Method and system for constructing paperless conference based on distribution |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3256976B1 (en) | Toggling biometric authentication | |
| CN108804884B (en) | Identity authentication method, identity authentication device and computer storage medium | |
| Li et al. | Unobservable re-authentication for smartphones. | |
| US20180308107A1 (en) | Living-body detection based anti-cheating online research method, device and system | |
| JP2022532677A (en) | Identity verification and management system | |
| WO2020024398A1 (en) | Biometrics-assisted payment method and apparatus, and computer device and storage medium | |
| CN105100108B (en) | A kind of login authentication method based on recognition of face, apparatus and system | |
| US20210287472A1 (en) | Attendance management system and method, and electronic device | |
| CN111033501A (en) | Secure authorization to access private data in virtual reality | |
| TW202008197A (en) | Identity verification method and device and account information modification method and device | |
| US20180374101A1 (en) | Facial biometrics card emulation for in-store payment authorization | |
| US9667613B1 (en) | Detecting mobile device emulation | |
| CN107800672A (en) | A kind of Information Authentication method, electronic equipment, server and information authentication system | |
| EP4156601A1 (en) | Automated code analysis and tagging (methods and systems) | |
| CN109389028A (en) | Face identification method, device, equipment and storage medium based on motion analysis | |
| CA3049042A1 (en) | System and method for authenticating transactions from a mobile device | |
| CN104486306B (en) | Identity authentication method is carried out based on finger hand vein recognition and cloud service | |
| CN111738199B (en) | Image information verification method, device, computing device and medium | |
| JP2023549934A (en) | Method and apparatus for user recognition | |
| CN111241873A (en) | Image reproduction detection method, training method of model thereof, payment method and payment device | |
| CN106921655B (en) | Service authorization method and device | |
| CN115906028A (en) | User identity verification method and device and self-service terminal | |
| Goicoechea-Telleria et al. | Vulnerabilities of Biometric Systems integrated in Mobile Devices: an evaluation | |
| CN107390864B (en) | Network investigation method based on eyeball trajectory tracking, electronic equipment and storage medium | |
| CN109389467A (en) | Loan system face login method, equipment, storage medium and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |