CN105590043B

CN105590043B - Identity verification method, device and system

Info

Publication number: CN105590043B
Application number: CN201410567734.8A
Authority: CN
Inventors: 廖晨; 王进; 张东蕊; 许灿冲; 张�杰
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2014-10-22
Filing date: 2014-10-22
Publication date: 2020-07-07
Anticipated expiration: 2034-10-22
Also published as: CN105590043A

Abstract

An identity verification method comprising: when a service processing request sent by a terminal device is received, at least one first shooting parameter is sent to the terminal device, so that the terminal device controls a shooting device to collect a face image of a user for identity authentication according to the first shooting parameter; receiving the face image sent by the terminal equipment, matching a second shooting parameter of the face image with the first shooting parameter, and matching the face image with a preset face image; and determining whether the user passes the identity authentication according to the matching result. In addition, the invention also provides an identity authentication device and an identity authentication system. The identity authentication method, the identity authentication device and the identity authentication system can improve the safety of identity authentication based on face recognition.

Description

Identity verification method, device and system

Technical Field

The invention relates to the technical field of computers, in particular to an identity authentication method, device and system.

Background

Face recognition is a biometric technology for identity recognition based on facial feature information of a person. A series of related technologies, also commonly called face recognition and face recognition, are used to capture an image or video stream containing a face with a camera or a video camera, automatically detect and track the face in the image, and then perform face recognition on the detected face. Face recognition is used as a mode of identity verification, and is widely applied to the fields of governments, armies, banks, social welfare barriers, electronic commerce, security and defense, mobile payment and the like.

However, the existing identity authentication technology based on face recognition has certain potential safety hazard, a background server receives a face recognition result of a terminal device unilaterally, the background server lacks interactive linkage with front-end face recognition software, and is limited by the current face recognition algorithm in anti-cheating, a malicious user can break through or bypass the face recognition software by adopting various unconventional means, and the identity authentication is completed by directly sending face images of the legitimate user acquired by various illegal means (such as acquiring static photos through a social network, intercepting videos, secretly shooting and the like) to the server, so that the personal privacy or property safety of the legitimate user is threatened.

Disclosure of Invention

In view of this, the present invention provides an identity authentication method, apparatus and system, which can improve the security of identity authentication based on face recognition.

The identity authentication method provided by the embodiment of the invention comprises the following steps: when a service processing request sent by terminal equipment is received, at least one first shooting parameter is sent to the terminal equipment, so that the terminal equipment controls a shooting device to acquire a face image of a user for identity authentication according to the first shooting parameter; receiving the face image sent by the terminal equipment, matching a second shooting parameter of the face image with the first shooting parameter, and matching the face image with a preset face image; and determining whether the user passes the identity authentication according to the matching result.

The embodiment of the invention provides another identity authentication method, which comprises the following steps: sending a service processing request to a server; receiving at least one first shooting parameter issued by the server; and controlling a shooting device to acquire a face image of the user for identity authentication according to the first shooting parameters and sending the face image to the server so that the server matches second shooting parameters of the face image with the first shooting parameters, matches the face image with a preset face image, and determines whether the user passes the identity authentication according to a matching result.

Another identity authentication method provided in the embodiments of the present invention includes: the terminal equipment sends a service processing request to the server; when the service processing request is received, the server issues at least one first shooting parameter to the terminal equipment; the terminal equipment receives the issued first shooting parameters, controls a shooting device to acquire a face image of the user for identity authentication according to the first shooting parameters, and returns the face image to the server; and the server receives the returned face image, matches a second shooting parameter of the face image with the first shooting parameter, matches the face image with a preset face image at the same time, and determines whether the user passes the identity authentication according to a matching result.

The identity authentication device provided by the embodiment of the invention runs in a server and comprises: the system comprises an issuing module, a processing module and a judging module, wherein the issuing module is used for issuing at least one first shooting parameter to the terminal equipment when receiving a service processing request sent by the terminal equipment, so that the terminal equipment controls a shooting device to acquire a face image of a user for identity verification according to the first shooting parameter; the receiving module is used for receiving the face image sent by the terminal equipment; the matching module is used for matching the second shooting parameters of the face image received by the receiving module with the first shooting parameters sent by the sending module and matching the face image with a preset face image; and the verification module is used for determining whether the user passes the identity verification according to the matching result of the matching module.

The embodiment of the present invention provides another identity authentication apparatus, operating in a terminal device, including: the sending module is used for sending a service processing request to the server; the receiving module is used for receiving at least one first shooting parameter sent by the server; the acquisition module is used for controlling the shooting device to acquire a face image of the user for identity authentication according to the first shooting parameter received by the receiving module; the sending module is further configured to send the face image to the server, so that the server matches the second shooting parameter of the face image with the first shooting parameter, matches the face image with a preset face image, and determines whether the user passes the authentication according to a matching result.

An identity authentication system provided in an embodiment of the present invention includes: a terminal device and a server; the terminal device is used for sending a service processing request to the server; the server is used for issuing at least one first shooting parameter to the terminal equipment when the service processing request is received; the terminal equipment is also used for receiving the first shooting parameter sent down, controlling a shooting device to collect a face image of the user for identity authentication according to the first shooting parameter and returning the face image to the server; the server is further used for receiving the returned face image, matching a second shooting parameter of the face image with the first shooting parameter, matching the face image with a preset face image, and determining whether the user passes the identity authentication according to a matching result.

According to the identity authentication method, the identity authentication device and the identity authentication system, the face images acquired under different shooting parameters have different characteristics, when a service processing request sent by terminal equipment is received each time, at least one first shooting parameter is sent to the terminal equipment, the face image of a user acquired according to the first shooting parameter sent by the terminal equipment is received, a second shooting parameter of the face image is matched with the first shooting parameter, and meanwhile the face image is matched with a preset face image; whether the user passes the identity authentication is determined according to the matching result, interactive linkage between the background server and front-end face recognition software is achieved, the situation that the traditional background server receives the face recognition result of the terminal device unilaterally and is easy to cheat by malicious users through cheating modes such as photos, videos and the like is changed, the limitation of the current face recognition algorithm on cheating resistance is overcome, and therefore the safety of the identity authentication based on the face recognition is improved on the premise that extra hardware support and hardware use cost are not increased.

In order to make the aforementioned and other objects, features and advantages of the invention comprehensible, preferred embodiments accompanied with figures are described in detail below.

Drawings

Fig. 1 is a schematic diagram of an authentication system provided in the present invention;

fig. 2 shows a block diagram of a terminal device;

FIG. 3 shows a block diagram of a server;

fig. 4 is a flowchart of an authentication method according to a first embodiment of the present invention;

fig. 5 is a flowchart of an authentication method according to a second embodiment of the present invention;

fig. 6 is a flowchart of an authentication method according to a third embodiment of the present invention;

fig. 7 is a flowchart of an authentication method according to a fourth embodiment of the present invention;

fig. 8 is a flowchart of an authentication method according to a fifth embodiment of the present invention;

fig. 9 is a flowchart of an authentication method according to a sixth embodiment of the present invention;

fig. 10 is a schematic structural diagram of an authentication device according to a seventh embodiment of the present invention;

fig. 11 is a schematic structural diagram of an authentication device according to an eighth embodiment of the present invention;

fig. 12 is a schematic structural diagram of an authentication device according to a ninth embodiment and a tenth embodiment of the present invention.

Detailed Description

To further illustrate the technical means and effects of the present invention adopted to achieve the predetermined objects, the following detailed description of the embodiments, structures, features and effects according to the present invention will be made with reference to the accompanying drawings and preferred embodiments.

Fig. 1 is a schematic diagram of an authentication system according to an embodiment of the present invention. As shown in fig. 1, the authentication system includes: a terminal device 100 and a server 200. The terminal device 100 and the server 200 are located in a wireless network or a wired network through which data interaction is performed. A face feature database is preset in the server 200, and is used for storing an account of the terminal device and a preset face image preset by a user and used for identity authentication or a face feature parameter extracted from the preset face image. It is understood that the face feature database may be configured in other servers.

The terminal device 100 may include a smartphone, a tablet computer, an electronic book reader, an MP3 player (Moving Picture Experts Group Audio Layer III, motion Picture Experts compression standard Audio Layer 3), an MP4 player (Moving Picture Experts Group Audio Layer IV, motion Picture Experts compression standard Audio Layer 4), a laptop portable computer, a desktop computer, a car-mounted computer, an all-in-one machine, and the like, which are equipped with a camera device having a camera function.

A terminal device 100, configured to send a service processing request to a server 200; the server 200 is configured to, when receiving the service processing request, issue at least one first shooting parameter to the terminal device 100; the terminal device 100 is further configured to receive the first shooting parameter sent down, control the shooting device to acquire a face image of the user for authentication according to the first shooting parameter, and return the face image to the server 200; the server 200 is further configured to receive the returned face image, match the second shooting parameter of the face image with the first shooting parameter, match the face image with a preset face image, and determine whether the user passes the identity authentication according to a matching result.

Assuming that the payment application scenario is taken as an example, when receiving a payment request sent by a smart phone, a server issues a group of first shooting parameters (a small aperture value, a white balance starting function, and a high resolution) to the smart phone, so that the smart phone calls a preset face recognition program interface to control a camera to collect a face image of a user according to the small aperture value, the white balance starting function, and the high resolution function. The server receives the face image sent by the smart phone, matches a second shooting parameter of the face image with the first shooting parameter sent down so as to judge the conformity degree of the face image with the requirements of small aperture value, opening white balance, high resolution ratio and the like, matches the face image with a preset face image in a face feature database to obtain the matching degree of the face image and the preset face image, and then comprehensively judges whether the user can pass identity authentication or not according to the conformity degree and the matching degree of the face image and the preset face image.

Fig. 2 shows a block diagram of a terminal device. As shown in fig. 2, the terminal device 100 includes a memory 102, a memory controller 104, one or more processors 106 (only one of which is shown), a peripheral interface 108, a radio frequency module 110, a positioning module 112, a camera module 114, an audio module 116, a display screen 118, and a key module 120. These components communicate with each other via one or more communication buses/signal lines 122.

It will be appreciated that the configuration shown in fig. 2 is merely illustrative, and that terminal device 100 may include more or fewer components than shown in fig. 2, or have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.

The memory 102 may be used to store software programs and modules, such as program instructions/modules corresponding to the authentication method, apparatus and system in the embodiments of the present invention, and the processor 102 executes various functional applications and data processing by running the software programs and modules stored in the memory 104, so as to implement the above-mentioned authentication method.

The memory 102 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 102 may further include memory located remotely from processor 106, which may be connected to terminal device 100 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. Access to the memory 102 by the processor 106, and possibly other components, may be under the control of the memory controller 104.

Peripheral interface 108 couples various input/output devices to the CPU and memory 102. The processor 106 executes various software, instructions within the memory 102 to perform various functions of the terminal device 100 and to perform data processing.

In some embodiments, the peripheral interface 108, the processor 106, and the memory controller 104 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.

The rf module 110 is used for receiving and transmitting electromagnetic waves, and implementing interconversion between the electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices. The rf module 110 may include various existing circuit elements for performing these functions, such as an antenna, an rf transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The rf module 110 may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The Wireless network may use various Communication standards, protocols and technologies, including, but not limited to, Global System for Mobile Communication (GSM), Enhanced Mobile Communication (Enhanced Data GSM Environment, EDGE), wideband Code division multiple Access (W-CDMA), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), bluetooth, Wireless Fidelity (WiFi) (e.g., IEEE802.11 a, IEEE802.11b, IEEE802.1 g and/or IEEE802.1 n), Voice over internet protocol (VoIP), VoIP, world wide mail for internet, Wi-Max, and other short message Communication protocols, as well as any other suitable communication protocols, and may even include those that have not yet been developed.

The positioning module 112 is used for acquiring the current position of the terminal device 100. Examples of the positioning module 112 include, but are not limited to, a global positioning satellite system (GPS), a wireless local area network-based positioning technology, or a mobile communication network-based positioning technology.

The camera module 114 is used to take a picture or video. The pictures or videos taken may be stored in the memory 102 and transmitted through the radio frequency module 110.

Audio module 116 provides an audio interface to a user that may include one or more microphones, one or more speakers, and audio circuitry. The audio circuitry receives audio data from the peripheral interface 108, converts the audio data to electrical information, and transmits the electrical information to the speaker. The speaker converts the electrical information into sound waves that the human ear can hear. The audio circuitry also receives electrical information from the microphone, converts the electrical information to voice data, and transmits the voice data to the peripheral interface 108 for further processing. The audio data may be retrieved from the memory 102 or through the radio frequency module 110. In addition, the audio data may also be stored in the memory 102 or transmitted through the radio frequency module 110. In some examples, the audio module 116 may also include an earphone jack for providing an audio interface to a headset or other device.

The display screen 118 provides an output interface between the terminal device 100 and the user. In particular, display screen 118 displays video output to the user, the content of which may include text, graphics, video, and any combination thereof. Some of the output results are for some of the user interface objects. Further, the display screen 118 may also provide an input interface between the terminal device 100 and the user for receiving user inputs, such as user clicks, swipes, and other gesture operations, so that the user interface objects respond to the user inputs. The technique of detecting user input may be based on resistive, capacitive, or any other possible touch detection technique. Specific examples of display screen 118 include, but are not limited to, a liquid crystal display or a light emitting polymer display.

The key module 120 also provides an interface for a user to input to the terminal device 100, and the user can press different keys to cause the terminal device 100 to perform different functions.

Fig. 3 shows a block diagram of a server. As shown in fig. 3, the server 200 includes: memory 201, processor 202, and network module 203.

It will be appreciated that the configuration shown in fig. 3 is merely illustrative and that server 200 may include more or fewer components than shown in fig. 2 or have a different configuration than shown in fig. 3. The components shown in fig. 3 may be implemented in hardware, software, or a combination thereof. In addition, the server in the embodiment of the present invention may further include a plurality of servers with different specific functions.

The memory 201 may be used to store software programs and modules, such as program instructions/modules corresponding to the authentication method, apparatus and system in the embodiments of the present invention, and the processor 202 executes various functional applications and data processing by running the software programs and modules stored in the memory 201, so as to implement the authentication method in the embodiments of the present invention. Memory 201 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 201 may further include memory located remotely from processor 202, which may be connected to server 200 via a network. Further, the software programs and modules may further include: a service module 221, and an operating system 222. The operating system 222, which may be, for example, LINUX, UNIX, WINDOWS, may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components. The service module 221 runs on the basis of the operating system 222, monitors a request from the network through the network service of the operating system 222, completes corresponding data processing according to the request, and returns a processing result to the client. That is, the service module 221 is used to provide a web service to a client.

The network module 203 is used for receiving and transmitting network signals. The network signal may include a wireless signal or a wired signal. In one example, the network signal is a wired network signal. At this time, the network module 203 may include a processor, a random access memory, a converter, a crystal oscillator, and the like.

First embodiment

Fig. 4 is a flowchart of an authentication method according to a first embodiment of the present invention. The identity authentication method provided by the embodiment can realize identity authentication based on face recognition through the server 200 shown in fig. 1. As shown in fig. 4, the method includes:

step S11, when receiving a service processing request sent by a terminal device, issuing at least one first shooting parameter to the terminal device, so that the terminal device controls a shooting device to acquire a face image of a user for identity authentication according to the first shooting parameter;

the server 200 receives a service processing request sent by the terminal device 100, where the service processing request may include: the service identifier of the service to be processed and the account number of the terminal device 100. The account of the terminal device 100 is preferably a user account of an application client preset in the terminal device 100, for example: the user login account of the instant messaging application client (such as the WeChat client) and the financial application client (such as the Paibao client).

Specifically, the service processing request sent by the terminal device 100 to the server 200 may be used to request the server 200 to process a preset sensitive service. The preset sensitive service needs to authenticate the terminal device 100 due to the privacy or property security (e.g., login, electronic payment, password modification, virtual device transfer, physical or virtual property consumption, etc.) of the user, and the server 200 processes the service corresponding to the service identifier included in the service processing request only when the terminal device 100 authenticates.

When receiving a service processing request sent by the terminal device 100, the server 200 determines that an authentication task is triggered, and issues at least one first shooting parameter to the terminal device 100, so that the terminal device 100 controls the shooting device to acquire a face image of a user for authentication according to the issued at least one first shooting parameter.

In order to improve the shooting effect of the camera device and expand the functions of the camera device, the camera device generally has various parameters, so that software and users can shoot pictures with different characteristics and styles conveniently according to needs. The shooting parameters may specifically include, but are not limited to: resolution, aperture value, white balance, sensitivity (ISO), backlight compensation, etc. It can be understood that the face images acquired under different shooting parameters have different characteristics, such as: when the aperture value is smaller, the picture is brighter, otherwise, the picture is darker; when the resolution is smaller, the image definition is lower, otherwise, the definition is higher.

In this embodiment, a plurality of candidate shooting parameters may be preset in the server 200, and when receiving a service processing request sent by the terminal device 100, the server 200 randomly determines at least one shooting parameter from the preset candidate shooting parameters, and sends the at least one shooting parameter as a first shooting parameter to the terminal device 100. The alternative shooting parameters may be a set of all shooting parameters native to the existing or future imaging apparatus, or a set of a plurality of designated shooting parameters preset by the user, and the first shooting parameter may be any combination of one or more different shooting parameters randomly determined by the server 200.

In other embodiments, the first photographing parameter may also be one or more photographing parameters corresponding to the model of the terminal device 100.

Step S12, receiving the face image sent by the terminal equipment, matching the shooting parameters of the face image with the shooting parameters sent before, and matching the face image with a preset face image;

a face feature database is preset in the server 200, and is used for storing an account of the terminal device and a preset face image preset by a user and used for identity authentication or a face feature parameter extracted from the preset face image. It is understood that the face feature database may be configured in other servers.

The terminal device 100 receives the first shooting parameter sent by the server 200, acquires a face image of the user according to the first shooting parameter by calling a preset face recognition API (Application Programming Interface), and sends the acquired face image to the server 200.

The server 200 extracts a second shooting parameter corresponding to the first shooting parameter of the face image sent by the terminal device 100 on one hand, compares the second shooting parameter with the first shooting parameter, and obtains an absolute value of a difference value between the second shooting parameter and the first shooting parameter. On the other hand, the face feature parameters in the face image are extracted, the face feature parameters in the preset face image corresponding to the account are searched from the face feature database according to the account number of the terminal device 100 included in the service processing request sent by the terminal device 100, and then the face feature parameters in the face image are matched with the face feature parameters in the preset face image stored in the face feature database to obtain the matching degree of the face feature parameters and the preset face image.

Step S13, determining whether the user passes the identity authentication according to the matching result.

The server 200 integrates the absolute value of the difference between the second shooting parameter in the face image sent by the terminal device 100 and the first shooting parameter sent by the terminal device, and the matching degree between the face feature parameter in the face image and the face feature parameter in the preset face image, calculates and obtains a reference value for judging whether the identity of the user is legal according to a preset algorithm, and determines that the user passes the identity authentication when the reference value is greater than a preset threshold value.

In the identity authentication method provided by the embodiment of the invention, by utilizing the characteristic that face images acquired under different shooting parameters have different characteristics, when a service processing request sent by terminal equipment is received each time, at least one first shooting parameter is issued to the terminal equipment, a face image of a user acquired according to the first shooting parameter and sent by the terminal equipment is received, a second shooting parameter of the face image is matched with the first shooting parameter, and the face image is matched with a preset face image; whether the user passes the identity authentication is determined according to the matching result, interactive linkage between the background server and front-end face recognition software is achieved, the situation that the traditional background server receives the face recognition result of the terminal device unilaterally and is easy to cheat by malicious users through cheating modes such as photos, videos and the like is changed, the limitation of the current face recognition algorithm on cheating resistance is overcome, and therefore the safety of the identity authentication based on the face recognition is improved on the premise that extra hardware support and hardware use cost are not increased.

Second embodiment

Fig. 5 is a flowchart of an authentication method according to a second embodiment of the present invention. The identity authentication method provided by the embodiment can realize identity authentication based on face recognition through the server 200 shown in fig. 1. As shown in fig. 5, the method includes:

step S21, when receiving a service processing request sent by a terminal device, randomly determining at least one shooting parameter from the alternative shooting parameters, and sending the shooting parameter as a first shooting parameter to the terminal device, so that the terminal device controls a shooting device to collect a face image of a user for identity authentication according to the first shooting parameter;

the service processing request may include: the service identifier of the service to be processed and the account number of the terminal device 100. The account of the terminal device 100 is preferably a user account of an application client preset in the terminal device 100, for example: the user login account of the instant messaging application client (such as the WeChat client) and the financial application client (such as the Paibao client).

In order to improve the shooting effect of the camera device and expand the functions of the camera device, the camera device generally has various parameters, so that software and users can shoot pictures with different characteristics and styles conveniently according to needs. The shooting parameters may specifically include, but are not limited to: resolution, aperture value, white balance, sensitivity, backlight compensation, etc. It can be understood that the face images acquired under different shooting parameters have different characteristics, such as: when the aperture value is smaller, the picture is brighter, otherwise, the picture is darker; when the resolution is smaller, the image definition is lower, otherwise, the definition is higher.

In this embodiment, the server 200 may be preset with a shooting parameter database for storing a plurality of candidate shooting parameters and respective corresponding values thereof, and when receiving a service processing request sent by the terminal device 100, the server 200 randomly determines at least one shooting parameter from the plurality of candidate shooting parameters stored in the preset shooting parameter database, and issues the at least one shooting parameter as a first shooting parameter to the terminal device 100, so that the terminal device 100 controls the shooting apparatus to acquire a face image of the user for authentication according to the issued at least one first shooting parameter. The alternative shooting parameters may be a set of all shooting parameters native to the existing or future imaging device, or a set of a plurality of designated shooting parameters preset by a user, and the first shooting parameter may be any combination of one or more different shooting parameters in the alternative shooting parameters.

Wherein the method for randomly determining the first photographing parameter further comprises the following steps:

the first step is as follows: judging whether the difference between the time of issuing the first shooting parameter to the terminal device 100 and the current system time is less than a preset numerical value or not during the last authentication;

specifically, the server 200 obtains the time for issuing the first shooting parameter to the terminal device 100 when the user of the terminal device 100 is authenticated last time (hereinafter, referred to as the time for issuing the first shooting parameter last time), and compares the time with the current system time to determine whether the difference between the two is smaller than a preset value. It is understood that, regardless of whether the authentication is successful, as long as the server 200 receives the face image transmitted by the terminal device 100, it is regarded that the authentication is performed once.

The second step is that: if not, randomly determining at least one shooting parameter which is not repeated with the first shooting parameter issued in the last authentication from the alternative shooting parameters as the first shooting parameter issued this time;

if the difference between the last time of issuing the first shooting parameter and the current system time by the server 200 is greater than or equal to the preset value, at least one shooting parameter which is not repeated with the last issued shooting parameter is randomly determined from preset alternative shooting parameters as the first shooting parameter issued this time according to the shooting parameter issued last time to the terminal device 100.

The third step: and if so, randomly determining at least one shooting parameter from the alternative shooting parameters as the first shooting parameter.

If the difference between the last time of issuing the first shooting parameter and the current system time is smaller than the preset value, the server 200 randomly determines at least one shooting parameter from the alternative shooting parameters as the first shooting parameter to be issued.

It is to be understood that the number of the first shooting parameters sent each time may be fixed, and the server 200 may determine how many shooting parameters are determined from the alternative shooting parameters as the first shooting parameters according to the specified number. Preferably, the number of the first shooting parameters issued each time is dynamically changed, and the server 200 may randomly determine the number of the first shooting parameters issued this time within a preset numerical range.

For example, assuming that the last time the user of the terminal device 100 was authenticated, the time for the server 200 to issue the first shooting parameter to the terminal device 100 is 8:20, the preset value is 5 minutes, and the candidate shooting parameters include: resolution, aperture value, white balance, light sensitivity and backlight compensation, wherein the first shooting parameter issued last time is as follows: resolution and aperture value.

When receiving a service processing request sent by the terminal device 100, the server 200 obtains the current system time, and determines whether the time interval between the last time of sending the first shooting parameter time 8:20 and the current system time is less than 5 minutes.

If the current system time is 8:22, the ratio of the last time of issuing the first shooting parameter time 8:20 to the current system time 8:22 is 2 minutes less than the preset 5 minutes, the server 200 randomly determines at least one shooting parameter of non-resolution and aperture value from the candidate shooting parameters as a first shooting parameter (such as sensitivity, backlight compensation) and sends the first shooting parameter to the terminal device 100.

If the current system time is 9:00, since the time interval between the last time of issuing the first shooting parameter time 8:20 and the current system time 9:00 is 60 minutes longer than the preset 5 minutes, the server 200 randomly determines at least one shooting parameter from the candidate shooting parameters as a first shooting parameter, where the first shooting parameter may include the last issued shooting parameter (e.g., aperture value, sensitivity, backlight compensation) and issues the first shooting parameter to the terminal device 100.

Like this, when the time interval of the two authentication is smaller than the preset value, the terminal device 100 is issued the first shooting parameter which is not repeated with the shooting parameter issued for the first time, so as to realize dynamic issuing of the first shooting parameter, and the possibility that the malicious user cracks the authentication by repeatedly shooting the face image of the legal user according to different shooting parameters in a repeated authentication manner can be effectively reduced, thereby improving the security of the authentication.

Step S22, receiving the face image sent by the terminal equipment, extracting second shooting parameters corresponding to the first shooting parameters in the face image, and calculating absolute values of differences between the second shooting parameters and the first shooting parameters one by one;

the terminal device 100 receives the first shooting parameter sent by the server 200, acquires a face image of the user according to the first shooting parameter by calling a preset face recognition API to instruct the camera device, and sends the acquired face image to the server 200. The server 200 extracts the second shooting parameters corresponding to the first shooting parameters from the face image sent by the terminal device 100, and calculates the absolute values of the differences between the second shooting parameters and the first shooting parameters one by one.

Step S23, extracting the face feature parameters in the face image, matching the face feature parameters in the face image with the face feature parameters in the preset face image stored in the face feature database, and obtaining the matching degree of the two;

a face feature database is preset in the server 200, and is used for storing an account of the terminal device and a preset face image preset by a user and used for identity authentication or a face feature parameter extracted from the preset face image. It is understood that the face feature database may be configured in other servers. The server 200 searches, according to the account number of the terminal device 100 included in the service processing request sent by the terminal device 100, the face feature parameters in the preset face image corresponding to the account number from the face feature database, matches the face feature parameters extracted from the face image sent by the terminal device 100 with the face feature parameters in the preset face image, and obtains the matching degree between the two.

Step S24, searching the first weight corresponding to the absolute value of each difference and the second weight corresponding to the matching degree from the weight database;

the server 200 may be preset with a weight database, in which the absolute values of the difference values between the different first shooting parameters and the different second shooting parameters and their corresponding weights, and the matching degrees of the different face feature parameters and their corresponding weights are stored. Wherein the larger the absolute value of the difference is, the smaller the first weight is, the smaller the matching degree is, and the smaller the second weight is.

Step S25, carrying out weighted summation on the absolute value of each difference value, each first weight value, the matching degree and the second weight value, and comparing the value obtained after weighted summation with a preset threshold value;

the server 200 performs weighted summation on the absolute value of each difference, each first weight, the matching degree, and the second weight according to a preset algorithm to obtain a reference value for judging whether the identity of the user is legal, and compares the reference value with a preset value.

And step S26, when the value obtained after the weighted summation is greater than the preset threshold, determining that the user passes the authentication.

When the reference value obtained after the weighted summation is greater than the preset threshold value, determining that the user passes the identity authentication; and when the reference value obtained after the weighted summation is less than or equal to the preset threshold value, determining that the user fails the authentication.

For example, it is assumed that the first shooting parameters sent include: f1, the parameter value is V1; the sensitivity ISO1 has a parameter value of V2, and the second shooting parameter in the face image transmitted from the terminal device 100 includes: f2, the parameter value is V3; sensitivity ISO2, parameter value V4. The matching degree of the face characteristic parameters in the face image and the face characteristic parameters in the preset face image stored in the face characteristic database is M, and the preset threshold value is T. The server 200 calculates absolute values | V1 to V3| of the difference between the F1 and F2 diaphragm values, and absolute values | V2 to V4| of the difference between the ISO1 and ISO2 sensitivity, respectively. Obtaining by searching the weight database: a weight Q1 corresponding to | V1-V3|, a weight Q2 corresponding to | V2-V4|, and a weight Q3 corresponding to the matching degree M, then a weighted summation operation S (| V1-V3| Q1+ | V2-V4| Q2+ M Q3) is performed, the value of S is compared with T, when S > T, it is determined that the user of the terminal device 100 passes authentication, and when S is not greater than T, it is determined that the user of the terminal device 100 does not pass authentication.

If it is determined that the user of the user terminal 100 passes the authentication, the server 200 processes the corresponding service according to the service identifier in the received service processing request. If the user is determined not to pass the authentication, the server 200 refuses to process the service corresponding to the service identifier. Further, the server 200 may also send a prompt message to the user terminal 100 to prompt the user terminal 100 that the user authentication fails when it is determined that the user is not authenticated.

In the identity authentication method provided by the embodiment of the invention, by utilizing the characteristic that face images acquired under different shooting parameters have different characteristics, when a service processing request sent by terminal equipment is received each time, at least one first shooting parameter is issued to the terminal equipment, a face image of a user acquired according to the first shooting parameter and sent by the terminal equipment is received, a second shooting parameter of the face image is matched with the first shooting parameter, and the face image is matched with a preset face image; whether the user passes the identity authentication is determined according to the matching result, interactive linkage between the background server and front-end face recognition software is achieved, the situation that the traditional background server receives the face recognition result of the terminal device unilaterally and is easy to cheat by malicious users through cheating modes such as photos, videos and the like is changed, the limitation of the current face recognition algorithm on cheating resistance is overcome, and therefore the safety of the identity authentication based on the face recognition is improved on the premise that extra hardware support and hardware use cost are not increased. In addition, at least one shooting parameter is randomly determined from the alternative shooting parameters to serve as the first shooting parameter, so that the shooting parameters can be dynamically issued, the difficulty of decoding the shooting parameters by malicious users is improved, and the verification safety is further improved.

Third embodiment

Fig. 6 is a flowchart of an authentication method according to a third embodiment of the present invention. The identity authentication method provided by the embodiment can realize identity authentication based on face recognition through the server 200 shown in fig. 1. As shown in fig. 6, the method includes:

step S31, when receiving a service processing request sent by a terminal device, obtaining the model of the terminal device, obtaining at least one corresponding shooting parameter according to the model, and sending the shooting parameter as a first shooting parameter to the terminal device, so that the terminal device controls a shooting device to collect a face image of a user for identity authentication according to the first shooting parameter;

the service processing request sent by the terminal device 100 may include: the service identifier of the service to be processed and the account number of the terminal device 100. The account of the terminal device 100 is preferably a user account of an application client preset in the terminal device 100, for example: the user login account of the instant messaging application client (such as the WeChat client) and the financial application client (such as the Paibao client). The service processing request may be used to request processing of a preset sensitive service from the server 200. The preset sensitive service needs to authenticate the terminal device 100 due to the privacy or property security (e.g., login, electronic payment, password modification, virtual device transfer, physical or virtual property consumption, etc.) of the user, and the server 200 processes the service corresponding to the service identifier included in the service processing request only when the terminal device 100 authenticates.

The server 200 is preset with a shooting parameter database, which can be used to store the model of each terminal device, at least one shooting parameter corresponding to the model, and the value corresponding to each shooting parameter. It is to be understood that the photographing parameter database may be deployed in other servers.

When receiving a service processing request sent by the terminal device 100, the server 200 determines that the authentication task is triggered, sends a report instruction for instructing the terminal device 100 to report the model of the terminal device 100 to the terminal device 100, receives the model of the terminal device 100 returned by the terminal device 100 according to the report instruction, searches the shooting parameter corresponding to the model from the shooting parameter database according to the model, and sends the searched shooting parameter as a first shooting parameter to the terminal device 100. The shooting parameters corresponding to the model of the terminal device 100 are issued to the terminal device 100 in this way, so that the failure of authentication caused by the mismatching of the shooting parameters and the model of the terminal device 100 can be prevented, the applicability of the method is improved, and meanwhile, the malicious user can break the authentication only on the premise of knowing the model of the terminal device used by the legal user, so that the difficulty of breaking the authentication is increased, and the security of the authentication can be improved.

In order to further improve the security of the identity authentication, the server 200 may further use all the shooting parameters corresponding to the model searched from the shooting parameter database as alternative shooting parameters, and randomly determine at least one shooting parameter from the alternative shooting parameters as the first shooting parameter and send the first shooting parameter to the terminal device 100. The method for randomly determining at least one shooting parameter from the candidate shooting parameters is similar to that of the second embodiment, and is not described herein again.

Step S32, receiving the face image sent by the terminal equipment, extracting second shooting parameters corresponding to the first shooting parameters in the face image, and calculating absolute values of differences between the second shooting parameters and the first shooting parameters one by one;

step S33, extracting the face feature parameters in the face image, matching the face feature parameters in the face image with the face feature parameters in the preset face image stored in the face feature database, and obtaining the matching degree of the two;

step S34, searching the first weight corresponding to the absolute value of each difference and the second weight corresponding to the matching degree from the weight database;

step S35, carrying out weighted summation on the absolute value of each difference value, each first weight value, the matching degree and the second weight value, and comparing the value obtained after weighted summation with a preset threshold value;

and step S36, when the value obtained after the weighted summation is greater than the preset threshold, determining that the user passes the authentication.

The contents of steps S22 to S26 in the second embodiment can be referred to in steps S32 to S36, which are not repeated herein.

Fourth embodiment

Fig. 7 is a flowchart of an authentication method according to a fourth embodiment of the present invention. The identity authentication method provided in this embodiment can implement identity authentication based on face recognition by using the terminal device 100 shown in fig. 1. As shown in fig. 7, the method includes:

step S401, a service processing request is sent to a server;

Step S403, receiving at least one first shooting parameter sent by the server;

it can be understood that, in order to improve the shooting effect of the camera device and expand the functions of the camera device, the camera device generally has various parameters, which is convenient for software and users to shoot pictures with different characteristics and styles according to the needs. The shooting parameters may specifically include, but are not limited to: resolution, aperture value, white balance, sensitivity, backlight compensation, etc. It can be understood that the face images acquired under different shooting parameters have different characteristics, such as: when the aperture value is smaller, the picture is brighter, otherwise, the picture is darker; when the resolution is smaller, the image definition is lower, otherwise, the definition is higher.

Step S405, controlling the shooting device to collect the face image of the user for identity authentication according to the first shooting parameter, and sending the face image to the server, so that the server matches the second shooting parameter of the face image with the first shooting parameter, matches the face image with a preset face image, and determines whether the user passes the identity authentication according to the matching result.

The terminal device 100 calls a preset face recognition API, configures corresponding shooting parameters of the configured camera device according to the first shooting parameter sent down, receives a shooting instruction triggered by a user, controls the camera device to shoot a picture pointed by the shooting instruction according to the first shooting parameter so as to acquire a face image of the user, and then sends the acquired face image to the server 200 according to a sending instruction triggered by the user.

The identity authentication method provided by the embodiment of the invention utilizes the characteristic that the face images acquired under different shooting parameters have different characteristics, controls the shooting device to acquire the face images of the user according to at least one first shooting parameter sent by the server after each service processing request is sent, and sends the face images to the server so that the server can determine whether the user passes the identity authentication according to the matching result of the second shooting parameter of the face images and the first shooting parameter and the matching result of the face images and the preset face images, thereby realizing the interactive linkage of the background server and the front-end face recognition software, changing the situation that the traditional background server receives the face recognition result of the terminal equipment unilaterally and is easy to be cheated by malicious users in the cheating modes of photos, videos and the like, the method makes up the limitation of the current face recognition algorithm on cheat resistance, thereby improving the safety of identity verification based on face recognition on the premise of not increasing additional hardware support and hardware use cost.

Fifth embodiment

Fig. 8 is a flowchart of an authentication method according to a fifth embodiment of the present invention. The identity authentication method provided in this embodiment can implement identity authentication based on face recognition by using the terminal device 100 shown in fig. 1. As shown in fig. 8, unlike the fourth embodiment, between step S401 and step S403, there is further included:

step S502, receiving a reporting instruction sent by the server, reporting the model of the terminal equipment to the server according to the reporting instruction, so that the server acquires at least one corresponding shooting parameter according to the model as the first shooting parameter.

Sixth embodiment

Fig. 9 is a flowchart of an authentication method according to a sixth embodiment of the present invention. The identity authentication method provided in this embodiment can implement identity authentication based on face recognition by using the terminal device 100 and the server 200 shown in fig. 1. As shown in fig. 9, the method includes:

step S61, the terminal device sends a service processing request to the server;

Step S62, when receiving the service processing request, the server issues at least one first shooting parameter to the terminal device;

when receiving the service processing request, the server 200 determines that the authentication task is triggered, and issues at least one first shooting parameter to the terminal device 100, so that the terminal device 100 controls the shooting device to acquire the face image of the user for authentication according to the issued at least one first shooting parameter.

The method for randomly determining the first shooting parameter may specifically include:

In other embodiments, the preset shooting parameter database may further be configured to store a model of each terminal device, at least one shooting parameter corresponding to the model, and a value corresponding to each shooting parameter. The server 200 may obtain the model of the terminal device 100, search the shooting parameter corresponding to the model from the shooting parameter database according to the model, and send the searched shooting parameter as the first shooting parameter to the terminal device 100. The shooting parameters corresponding to the model of the terminal device 100 are issued to the terminal device 100 in this way, so that the failure of authentication caused by the mismatching of the shooting parameters and the model of the terminal device 100 can be prevented, the applicability of the method is improved, and meanwhile, the malicious user can break the authentication only on the premise of knowing the model of the terminal device used by the legal user, so that the security of the authentication is improved.

In order to further improve the security of the identity authentication, the server may further obtain all the shooting parameters corresponding to the model according to the model reported by the terminal device 100 as the alternative shooting parameters, and randomly determine at least one shooting parameter from the alternative shooting parameters as the first shooting parameter and send the first shooting parameter to the terminal device 100.

Step S63, the terminal equipment receives the first shooting parameter sent down, controls the shooting device to collect the face image of the user for identity authentication according to the first shooting parameter, and returns the face image to the server;

Step S64, the server receives the returned face image, matches the second shooting parameter of the face image with the first shooting parameter, matches the face image with a preset face image, and determines whether the user passes the authentication according to the matching result.

A face feature database and a weight database are preset in the server 200, and the face feature database is used for storing an account of the terminal device and a preset face image preset by a user and used for identity authentication or face feature parameters extracted from the preset face image. The weight database is used for storing absolute values of differences of different first shooting parameters and second shooting parameters and weights corresponding to the absolute values, matching degrees of different face characteristic parameters and corresponding weights. Wherein the larger the absolute value of the difference is, the smaller the first weight is, the smaller the matching degree is, and the smaller the second weight is. It is understood that the face feature database and the weight database may be configured in other servers.

First, the server 200 extracts second shooting parameters corresponding to the first shooting parameters from the face image, and calculates absolute values of differences between the second shooting parameters and the first shooting parameters one by one. Meanwhile, according to the account number of the terminal device 100 included in the service processing request sent by the terminal device 100, the face feature parameters in the preset face image corresponding to the account number are searched from the face feature database, the face feature parameters extracted from the face image sent by the terminal device 100 are matched with the face feature parameters in the preset face image, and the matching degree of the two is obtained.

Then, the server 200 searches a first weight corresponding to the absolute value of each difference value and a second weight corresponding to the matching degree from the weight database; carrying out weighted summation on the absolute value of each difference value, each first weight value, the matching degree and the second weight value, and comparing the value obtained after weighted summation with a preset threshold value; when the value obtained after the weighted summation is greater than the preset threshold value, determining that the user passes the identity authentication; and when the value obtained after the weighted summation is less than or equal to the preset threshold value, determining that the user fails the authentication.

The identity authentication method provided by the embodiment of the invention utilizes the characteristic that face images acquired under different shooting parameters have different characteristics, and a server issues at least one first shooting parameter to a terminal device when receiving a service processing request sent by the terminal device every time, receives a face image of a user acquired according to the first shooting parameter sent by the terminal device, matches a second shooting parameter of the face image with the first shooting parameter, and matches the face image with a preset face image; whether the user passes the identity authentication is determined according to the matching result, interactive linkage between the background server and front-end face recognition software is achieved, the situation that the traditional background server receives the face recognition result of the terminal device unilaterally and is easy to cheat by malicious users through cheating modes such as photos, videos and the like is changed, the limitation of the current face recognition algorithm on cheating resistance is overcome, and therefore the safety of the identity authentication based on the face recognition is improved on the premise that extra hardware support and hardware use cost are not increased.

Seventh embodiment

Fig. 10 is a schematic structural diagram of an authentication device according to a seventh embodiment of the present invention. The authentication apparatus provided in this embodiment may be operated in the server 200 shown in fig. 1, and is used to implement the authentication method in the foregoing embodiment. As shown in fig. 10, the authentication device 30 includes:

the issuing module 31 is configured to issue at least one first shooting parameter to the terminal device when receiving a service processing request sent by the terminal device, so that the terminal device controls the shooting device to acquire a face image of a user for identity authentication according to the first shooting parameter;

a receiving module 32, configured to receive the face image sent by the terminal device;

the matching module 33 is configured to match the second shooting parameter of the face image received by the receiving module 32 with the first shooting parameter sent by the sending module 31, and match the face image with a preset face image;

and the verification module 34 is used for determining whether the user passes the identity verification according to the matching result of the matching module 33.

For the specific process of implementing each function of each functional module of the identity authentication apparatus 30 in this embodiment, please refer to the specific contents described in the embodiments shown in fig. 1 to fig. 9, which is not described herein again.

Eighth embodiment

Fig. 11 is a schematic structural diagram of an authentication device according to an eighth embodiment of the present invention. The authentication apparatus provided in this embodiment may be operated in the server 200 shown in fig. 1, and is used to implement the authentication method in the foregoing embodiment. As shown in fig. 11, the authentication apparatus 40 includes:

Preferably, the issuing module 31 includes:

and the determining unit 311 is configured to randomly determine at least one shooting parameter from the candidate shooting parameters, and send the at least one shooting parameter as a first shooting parameter to the terminal device.

A judging module 312, configured to judge whether a time interval between the time of issuing the first shooting parameter to the terminal device and the current system time is smaller than a preset value during the last authentication;

the determining unit 311 is further configured to randomly determine, if the determining module 45 determines that the first shooting parameter is not repeated in the previous authentication, from the candidate shooting parameters, as the first shooting parameter issued this time.

Preferably, the issuing module 31 further includes:

an obtaining unit 313, configured to obtain a model of the terminal device, obtain at least one corresponding shooting parameter according to the model, and send the shooting parameter as a first shooting parameter to the terminal device.

Preferably, the matching module 33 comprises:

an extracting unit 331, configured to extract a second shooting parameter corresponding to the first shooting parameter in the face image;

a calculating unit 332 for calculating the absolute value of the difference between each of the second photographing parameters and the first photographing parameter one by one;

the extracting unit 331 is further configured to extract a face feature parameter in the face image;

a matching unit 333, configured to match the face feature parameters in the face image with the face feature parameters in the preset face image stored in the face feature database, so as to obtain a matching degree between the two.

Preferably, the verification module 34 comprises:

a searching unit 341, configured to search, from a weight database, a first weight corresponding to each absolute value of the difference and a second weight corresponding to the matching degree, where the larger the absolute value of the difference is, the smaller the first weight is, the smaller the matching degree is, and the smaller the second weight is;

a calculating unit 342, configured to perform weighted summation on the absolute value of each difference, each first weight, the matching degree, and the second weight, and compare a value obtained after the weighted summation with a preset threshold;

a verification unit 343, configured to determine that the user passes the identity verification when the value obtained after the weighted summation is greater than the preset threshold.

For the specific process of implementing each function of each functional module of the identity authentication apparatus 40, please refer to the specific contents described in the embodiments shown in fig. 1 to fig. 9, which is not described herein again.

The identity authentication device provided in the seventh embodiment and the eighth embodiment of the present invention utilizes the characteristic that facial images acquired under different shooting parameters have different characteristics, and when a service processing request sent by a terminal device is received each time, at least one first shooting parameter is issued to the terminal device, a facial image of a user acquired according to the first shooting parameter sent by the terminal device is received, a second shooting parameter of the facial image is matched with the first shooting parameter, and the facial image is matched with a preset facial image at the same time; whether the user passes the identity authentication is determined according to the matching result, interactive linkage between the background server and front-end face recognition software is achieved, the situation that the traditional background server receives the face recognition result of the terminal device unilaterally and is easy to cheat by malicious users through cheating modes such as photos, videos and the like is changed, the limitation of the current face recognition algorithm on cheating resistance is overcome, and therefore the safety of the identity authentication based on the face recognition is improved on the premise that extra hardware support and hardware use cost are not increased.

Ninth embodiment

Fig. 12 is a schematic structural diagram of an authentication device according to a ninth embodiment and a tenth embodiment of the present invention. The identity authentication apparatus provided in this embodiment can be operated in the terminal device 100 shown in fig. 1, and is used to implement the identity authentication method in the foregoing embodiment. As shown in fig. 12, the authentication apparatus 50 includes:

a sending module 51, configured to send a service processing request to a server;

a receiving module 52, configured to receive at least one first shooting parameter sent by the server;

an acquisition module 53, configured to control the shooting device to acquire a face image of the user for authentication according to the first shooting parameter received by the receiving module 52;

the sending module 51 is further configured to send the face image to the server, so that the server matches the second shooting parameter of the face image with the first shooting parameter, matches the face image with a preset face image, and determines whether the user passes the identity authentication according to a matching result.

For the specific process of implementing each function of each functional module of the identity authentication apparatus 50 in this embodiment, please refer to the specific contents described in the embodiments shown in fig. 1 to fig. 9, which will not be described herein again.

Tenth embodiment

The identity authentication apparatus provided in this embodiment can be operated in the terminal device 100 shown in fig. 1, and is used to implement the identity authentication method in the foregoing embodiment. The difference from the ninth embodiment is:

the receiving module 52 is further configured to receive a reporting instruction sent by the server;

the sending module 51 is further configured to report the model of the terminal device to the server according to the reporting instruction received by the receiving module, so that the server obtains at least one corresponding shooting parameter according to the model as the first shooting parameter.

The identity authentication device provided in the ninth embodiment and the tenth embodiment of the present invention utilizes the characteristic that the face images acquired under different shooting parameters have different characteristics, after each service processing request is sent, controls the shooting device according to at least one first shooting parameter sent by the server, acquires the face image of the user according to the first shooting parameter, sends the face image to the server, so that the server can determine whether the user passes the identity authentication according to the matching result of the second shooting parameter of the face image and the first shooting parameter, and the matching result of the face image and the preset face image, thereby implementing the interactive linkage of the background server and the front-end face recognition software, changing the situation that the traditional background server receives the face recognition result of the terminal device unilaterally and is easy to be cheated by a malicious user in the modes of photos, videos, etc., the method makes up the limitation of the current face recognition algorithm on cheat resistance, thereby improving the safety of identity verification based on face recognition on the premise of not increasing additional hardware support and hardware use cost.

It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

Although the present invention has been described with reference to the preferred embodiments, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

1. An identity verification method, the method comprising:

when a service processing request sent by terminal equipment is received, at least one first shooting parameter is sent to the terminal equipment, so that the terminal equipment controls a shooting device to acquire a face image of a user for identity authentication according to the first shooting parameter;

the at least one first shooting parameter is at least one shooting parameter randomly determined from a plurality of candidate shooting parameters, or at least one shooting parameter corresponding to the model of the terminal equipment;

receiving the face image sent by the terminal equipment, matching a second shooting parameter of the face image with the first shooting parameter to obtain an absolute value of a difference value between the second shooting parameter of the face image and the first shooting parameter, and matching the face image with a preset face image to obtain a matching degree of the face image and the preset face image;

and calculating to obtain a reference value for judging whether the identity of the user is legal or not through a preset algorithm according to the absolute value of the difference and the matching degree, and determining that the user passes the identity authentication when the reference value is greater than a preset threshold value.

2. The method of claim 1, wherein the issuing the at least one first shooting parameter to the terminal device comprises:

and randomly determining at least one shooting parameter from the alternative shooting parameters, and sending the shooting parameter as a first shooting parameter to the terminal equipment.

3. The method of claim 2, further comprising:

judging whether the time interval between the time of issuing the first shooting parameter to the terminal equipment and the current system time is smaller than a preset numerical value or not during the last authentication;

if not, at least one shooting parameter which is not repeated with the first shooting parameter issued at the last time of identity authentication is randomly determined from the alternative shooting parameters to serve as the first shooting parameter issued this time.

4. The method of claim 1, wherein the sending the at least one first shooting parameter to the terminal device further comprises:

acquiring the model of the terminal equipment;

and acquiring at least one corresponding shooting parameter according to the model, and sending the shooting parameter as a first shooting parameter to the terminal equipment.

5. The method of claim 1, wherein the matching the second shooting parameter of the face image with the first shooting parameter to obtain the absolute value of the difference between the second shooting parameter of the face image and the first shooting parameter comprises:

and extracting second shooting parameters corresponding to the first shooting parameters in the face image, and calculating absolute values of differences between the second shooting parameters and the first shooting parameters one by one.

6. The method of claim 5, wherein the matching the face image with a preset face image to obtain a matching degree of the face image with the preset face image comprises:

extracting face characteristic parameters in the face image;

and matching the face characteristic parameters in the face image with the face characteristic parameters in the preset face image stored in a face characteristic database to obtain the matching degree of the face characteristic parameters and the preset face image.

7. The method according to claim 6, wherein said calculating and obtaining a reference value for evaluating whether the identity of the user is legal according to the absolute value of the difference and the matching degree comprises:

searching a first weight value corresponding to the absolute value of each difference value and a second weight value corresponding to the matching degree from a weight value database, wherein the larger the absolute value of the difference value is, the smaller the first weight value is, the smaller the matching degree is, and the smaller the second weight value is;

and carrying out weighted summation on the absolute value of each difference, each first weight, the matching degree and the second weight to obtain a reference value for judging whether the identity of the user is legal or not.

8. An identity verification method, the method comprising:

sending a service processing request to a server;

receiving at least one first shooting parameter issued by the server;

controlling a shooting device to acquire a face image of a user for identity authentication according to the first shooting parameter, and sending the face image to the server, so that the server matches a second shooting parameter of the face image with the first shooting parameter to obtain an absolute value of a difference value between the second shooting parameter of the face image and the first shooting parameter, meanwhile, matching the face image with a preset face image to obtain a matching degree between the face image and the preset face image, calculating and obtaining a reference value for judging whether the identity of the user is legal or not according to the absolute value of the difference value and the matching degree through a preset algorithm, and determining that the user passes identity authentication when the reference value is greater than a preset threshold value.

9. The method of claim 8, wherein the sending the service processing request to the server and the receiving the at least one first shooting parameter sent by the server, comprises:

and receiving a reporting instruction sent by the server, and reporting the model of the terminal equipment to the server according to the reporting instruction so that the server acquires at least one corresponding shooting parameter according to the model and uses the shooting parameter as the first shooting parameter.

10. An identity verification method, the method comprising:

the terminal equipment sends a service processing request to the server;

when the service processing request is received, the server issues at least one first shooting parameter to the terminal equipment;

the at least one first shooting parameter is at least one shooting parameter randomly determined by the server from a plurality of candidate shooting parameters, or is at least one shooting parameter corresponding to the model of the terminal equipment;

the terminal equipment receives the issued first shooting parameters, controls a shooting device to acquire a face image of the user for identity authentication according to the first shooting parameters, and returns the face image to the server;

the server receives the returned face image, matches a second shooting parameter of the face image with the first shooting parameter to obtain an absolute value of a difference value between the second shooting parameter of the face image and the first shooting parameter, matches the face image with a preset face image to obtain a matching degree of the face image and the preset face image, calculates and obtains a reference value for judging whether the identity of the user is legal or not through a preset algorithm according to the absolute value of the difference value and the matching degree, and determines that the user passes identity authentication when the reference value is larger than a preset threshold value.

11. An authentication apparatus, operable on a server, the apparatus comprising:

the system comprises an issuing module, a processing module and a judging module, wherein the issuing module is used for issuing at least one first shooting parameter to the terminal equipment when receiving a service processing request sent by the terminal equipment, so that the terminal equipment controls a shooting device to acquire a face image of a user for identity verification according to the first shooting parameter;

the receiving module is used for receiving the face image sent by the terminal equipment;

the matching module is used for matching the second shooting parameter of the face image received by the receiving module with the first shooting parameter sent by the sending module to obtain an absolute value of a difference value between the second shooting parameter of the face image and the first shooting parameter, and matching the face image with a preset face image to obtain a matching degree of the face image and the preset face image;

and the verification module is used for calculating and obtaining a reference value for judging whether the identity of the user is legal or not through a preset algorithm according to the absolute value of the difference and the matching degree, and determining that the user passes the identity verification when the reference value is greater than a preset threshold value.

12. The apparatus of claim 11, wherein the issuing module comprises:

the determining unit is used for randomly determining at least one shooting parameter from the alternative shooting parameters and sending the shooting parameter as a first shooting parameter to the terminal equipment;

the judging unit is used for judging whether the time interval between the time of issuing the first shooting parameter to the terminal equipment and the current system time is smaller than a preset numerical value or not during the last authentication;

the determining unit is further configured to randomly determine, if the determining module determines that the first shooting parameter is not repeated in the last authentication, at least one shooting parameter that is not repeated in the last authentication from the candidate shooting parameters as the first shooting parameter that is issued this time.

13. The apparatus of claim 11, wherein the issuing module further comprises:

and the acquisition unit is used for acquiring the model of the terminal equipment, acquiring at least one corresponding shooting parameter according to the model, and sending the shooting parameter as a first shooting parameter to the terminal equipment.

14. The apparatus of claim 11, wherein the matching module comprises:

the extraction unit is used for extracting a second shooting parameter corresponding to the first shooting parameter in the face image;

a calculating unit configured to calculate absolute values of differences between the second shooting parameters and the first shooting parameters one by one;

the extraction unit is further used for extracting the face characteristic parameters in the face image;

and the matching unit is used for matching the face characteristic parameters in the face image with the face characteristic parameters in the preset face image stored in the face characteristic database to obtain the matching degree of the face characteristic parameters and the preset face image.

15. The apparatus of claim 14, wherein the verification module comprises:

a searching unit, configured to search, from a weight database, a first weight corresponding to an absolute value of each difference and a second weight corresponding to the matching degree, where the larger the absolute value of the difference is, the smaller the first weight is, the smaller the matching degree is, and the smaller the second weight is;

and the calculating unit is used for carrying out weighted summation on the absolute value of each difference value, each first weight value, the matching degree and the second weight value to obtain a reference value for judging whether the identity of the user is legal or not.

16. An authentication apparatus, operating in a terminal device, the apparatus comprising:

the sending module is used for sending a service processing request to the server;

the receiving module is used for receiving at least one first shooting parameter sent by the server;

the acquisition module is used for controlling the shooting device to acquire a face image of the user for identity authentication according to the first shooting parameter received by the receiving module;

the sending module is further configured to send the face image to the server, so that the server matches the second shooting parameter of the face image with the first shooting parameter, matches the face image with a preset face image, and determines whether the user passes the authentication according to a matching result.

17. The apparatus of claim 16,

the receiving module is further configured to receive a reporting instruction sent by the server;

the sending module is further configured to report the model of the terminal device to the server according to the reporting instruction received by the receiving module, so that the server obtains at least one corresponding shooting parameter according to the model and uses the shooting parameter as the first shooting parameter.

18. An identity verification system, the system comprising: a terminal device and a server;

the terminal device is used for sending a service processing request to the server;

the server is used for issuing at least one first shooting parameter to the terminal equipment when the service processing request is received;

the terminal equipment is also used for receiving the first shooting parameter sent down, controlling a shooting device to collect a face image of the user for identity authentication according to the first shooting parameter and returning the face image to the server;

the server is further configured to receive the returned face image, match a second shooting parameter of the face image with the first shooting parameter to obtain an absolute value of a difference between the second shooting parameter of the face image and the first shooting parameter, match the face image with a preset face image to obtain a matching degree between the face image and the preset face image, calculate a reference value for judging whether the identity of the user is legal or not according to the absolute value of the difference and the matching degree through a preset algorithm, and determine that the user passes identity verification when the reference value is greater than a preset threshold value.

19. A storage medium having stored thereon executable instructions for causing a processor to perform the method of any one of claims 1 to 10 when executed.