CN109145563B

CN109145563B - Identity verification method and device

Info

Publication number: CN109145563B
Application number: CN201810917717.0A
Authority: CN
Inventors: 李亮; 郑丹丹
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2018-08-13
Filing date: 2018-08-13
Publication date: 2022-04-22
Anticipated expiration: 2038-08-13
Also published as: CN109145563A; CN114780934A

Abstract

One or more embodiments of the present specification provide an identity authentication method and apparatus, where the method includes: acquiring an encryption instruction issued by a server; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.

Description

Identity verification method and device

Technical Field

One or more of the present descriptions relate to the field of information verification, and in particular, to an identity verification method and apparatus.

Background

At present, in order to improve the security of an account, in the process of a user requesting for account login, a user authentication mode is added to verify the authenticity of the user, for example, a user terminal acquires face image data of a current user and uploads the face image data to an authentication server, so that the authentication server completes user authentication based on the face image data, and only after the authentication passes, the user is allowed to enter an operation interface.

However, in the process of face image authentication, some illegal molecules complete authentication in a video frame injection attack manner, specifically, the illegal molecules acquire authentication video data of a target user in advance, and then upload the authentication video data of the target user to an authentication server in a video frame replacement manner when a face image is acquired, and at this time, the authentication server performs authentication on a login user based on the authentication video data, and further determines that the user authentication passes this time, so that the illegal molecules complete authentication and enter a user operation interface, which provides an entrance for the illegal molecules to perform illegal activities, and cannot achieve the purpose of ensuring account security in the authentication manner.

Therefore, the problems that the account number has aggressivity, the face identity authentication is invalid and the security of the account number is low exist in the existing mode of carrying out identity authentication based on the face image.

Disclosure of Invention

One or more embodiments of the present disclosure provide an authentication method and apparatus, in an acquisition process of an authentication image, encrypt generated intermediate data according to an encryption instruction issued by a server, and send the authentication image embedded with encryption information to a server, so that the server extracts encryption information from a received authentication image and performs authentication based on the encryption information, thereby preventing malicious attacks on authentication data by illegal entities, thereby ensuring real-time performance, authenticity and validity of acquisition of the authentication data, and improving security of use of a user account.

To solve the above technical problem, one or more embodiments of the present specification are implemented as follows:

one or more embodiments of the present specification provide an identity verification method, including:

acquiring an encryption instruction issued by a verification server;

according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;

and sending the acquired authentication image to the authentication server so that the authentication server performs authentication based on the authentication image.

after an encryption instruction is sent to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction;

decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;

and determining whether the identity authentication of the client passes or not according to the encryption instruction and the target encryption information.

One or more embodiments of the present specification provide an authentication apparatus including:

the encryption instruction acquisition module is used for acquiring an encryption instruction issued by the verification server;

the data encryption module is used for encrypting the intermediate data obtained in at least one target processing stage of the collected identity verification image according to the encryption instruction;

and the verification image sending module is used for sending the acquired authentication image to the verification server so as to enable the verification server to perform authentication based on the authentication image.

the verification image receiving module is used for acquiring an identity verification image which is reported by a client and acquired based on an encryption instruction after the encryption instruction is sent to the client;

the data decryption module is used for decrypting the identity verification image to obtain target encryption information corresponding to at least one target processing stage;

and the identity authentication module is used for determining whether the identity authentication of the client passes according to the encryption instruction and the target encryption information.

One or more embodiments of the present specification provide an authentication apparatus including: a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

acquiring an encryption instruction issued by a verification server;

One or more embodiments of the present specification provide a storage medium storing computer-executable instructions that, when executed, implement the following:

acquiring an encryption instruction issued by a verification server;

In the identity authentication method and device in one or more embodiments of the present specification, an encryption instruction issued by a server is obtained; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.

Drawings

In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some of the embodiments described in one or more of the specification, and that other drawings can be obtained by those skilled in the art without inventive exercise.

Fig. 1 is a schematic application scenario diagram of an authentication system provided in one or more embodiments of the present disclosure;

fig. 2 is a first flowchart of an authentication method applied to a client according to one or more embodiments of the present disclosure;

fig. 3 is a second flowchart of an authentication method applied to a client according to one or more embodiments of the present disclosure;

fig. 4 is a schematic flowchart of a third authentication method applied to a client according to one or more embodiments of the present disclosure;

fig. 5 is a fourth flowchart of an authentication method applied to a client according to one or more embodiments of the present disclosure;

fig. 6 is a schematic flow chart of a fifth authentication method applied to a client according to one or more embodiments of the present disclosure;

fig. 7 is a schematic diagram illustrating an implementation principle of a user face image acquisition process of an authentication method applied to a client according to one or more embodiments of the present disclosure;

fig. 8 is a schematic flowchart of an identity authentication method applied to an authentication server according to one or more embodiments of the present disclosure

Fig. 9 is a schematic block diagram illustrating an authentication apparatus disposed at a client according to one or more embodiments of the present disclosure;

fig. 10 is a schematic block diagram illustrating an authentication device disposed in an authentication server according to one or more embodiments of the present disclosure;

fig. 11 is a schematic structural diagram of an authentication system provided in one or more embodiments of the present disclosure;

fig. 12 is a schematic structural diagram of an authentication device provided in one or more embodiments of the present specification.

Detailed Description

In order to make the technical solutions in one or more embodiments of the present disclosure better understood, the technical solutions in one or more embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in one or more embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of one or more embodiments of the present disclosure, but not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments in one or more of the specification without inventive faculty are intended to fall within the scope of one or more of the specification.

One or more embodiments of the present disclosure provide an authentication method and apparatus, where in an acquisition process of an authentication image, generated intermediate data is encrypted according to an encryption instruction issued by a server, and the authentication image embedded with encryption information is sent to a server, so that the server extracts encryption information from a received authentication image and performs authentication based on the encryption information, thereby preventing malicious attacks on authentication data by illegal entities, ensuring real-time performance, authenticity, and validity of acquisition of the authentication data, and improving security of use of a user account.

Fig. 1 is a schematic view of an application scenario of an authentication system according to one or more embodiments of the present specification, as shown in fig. 1, the system includes: the system comprises a plurality of clients and a verification server, wherein the clients can be mobile terminals such as smart phones and tablet computers, and can also be fixed terminals such as desktop computers, and the specific process of user identity verification is as follows:

firstly, the authentication server issues an encryption instruction to the client, wherein the encryption instruction comprises: target processing stages needing encryption and encryption parameters corresponding to the target processing stages;

then, after receiving an encryption instruction issued by a verification server, the client encrypts intermediate data obtained in at least one target processing stage according to the encryption instruction in the process of acquiring the identity verification image to obtain an encrypted identity verification image;

thirdly, the client sends the encrypted authentication image to an authentication server;

and finally, after receiving the encrypted authentication image, the authentication server authenticates the identity of the user using the client based on the authentication image, if the identity authentication passes, the authentication server sends prompt information for representing that the authentication passes to the client, and if the identity authentication fails, the authentication server sends prompt information for representing that the authentication fails to the client.

Fig. 2 is a first flowchart of an authentication method provided in one or more embodiments of the present specification, where the method in fig. 2 can be executed by the client in fig. 1, as shown in fig. 2, and the method includes at least the following steps:

s201, an encryption instruction issued by a verification server is obtained, wherein the encryption instruction comprises: target processing stages needing encryption and encryption parameters corresponding to the target processing stages;

specifically, the authentication server selects at least one target processing stage from a plurality of data processing stages involved in the identity authentication image acquisition process in advance, sets encryption parameters corresponding to each target processing stage, and generates an encryption instruction for instructing the client to execute encryption operation according to the selected target processing stage and the encryption parameters corresponding to each target processing stage; the verification server issues the encryption command to the client, and the client analyzes the encryption command after receiving the encryption command to determine at least one target processing stage needing to be encrypted and the encryption parameter corresponding to the target processing stage.

S202, according to the obtained encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image;

specifically, when the authentication image is collected, according to the execution sequence of the data processing stages, the data processing stage which needs to be executed currently is determined in the plurality of data processing stages involved in the authentication image collection process;

judging whether the data processing stage needing to be executed currently is a target processing stage or not based on the analyzed at least one target processing stage;

if so, according to the encryption parameter corresponding to the target processing stage, carrying out encryption processing on the obtained intermediate data when the data processing stage is executed, taking the encrypted data as input data of the next data processing stage, and determining the next data processing stage which needs to be executed at present until the identity authentication image is acquired.

And S203, sending the acquired encrypted authentication image to an authentication server so that the authentication server performs authentication based on the encrypted authentication image.

The authentication image is obtained by encrypting intermediate data obtained in at least one target processing stage of the acquired authentication image by the client according to an encryption instruction issued by the authentication server. The method comprises the steps that in the process of acquiring an authentication image, a client encrypts intermediate data according to the encryption requirement of an authentication server, so that the authentication server analyzes the authentication image after receiving the authentication image sent by the client to obtain target encryption information embedded at the client, and then matches the target encryption information with an encryption instruction issued to the client in advance, if matching is successful, the user authentication is determined to be passed, and if matching is unsuccessful, the user authentication is determined to be failed.

In the specific implementation, the client terminal needs to execute a plurality of data processing stages in the process of acquiring the authentication image, and finally outputs the authentication image, wherein, the authentication image may be a frame of authentication image, or may be an authentication video stream composed of a plurality of frames of authentication images, specifically, in order to prevent the identity verification image from being attacked and tampered by illegal molecules, in the process of generating the identity verification image by the client, the data generated by the execution of at least one data processing stage is encrypted, so that inherent encryption information is embedded in the finally obtained authentication image, and meanwhile, at which data processing stage the encryption is carried out, and at which data processing stage the encryption is determined according to the encryption instruction issued by server end, therefore, the server side can accurately identify whether the authentication image is tampered after receiving the authentication image encrypted by the client side.

In one or more embodiments of the present disclosure, during an acquisition process of an authentication image, a client encrypts generated intermediate data according to an encryption command issued by a server, and sends the authentication image embedded with encrypted information to the server, so that the server extracts encrypted information from the received authentication image and performs authentication based on the encrypted information, that is, during a process of generating the authentication image, corresponding encryption processes are performed at different data processing stages, on one hand, the client encrypts the authentication image according to an encryption requirement of the server to implement interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during a generation process of the authentication image, thereby avoiding a risk of data replacement, preventing malicious attacks of illegal molecules on the authentication data, and ensuring real-time performance, and a time of acquiring the authentication data, Authenticity and validity, and safety of using the user account is improved.

Wherein, take to carry out authentication through gathering the face image as the example, specifically, above-mentioned authentication image includes: the user face image, the data processing stage mainly involved in the user face image acquisition process may include: an optical imaging stage, an image sensor acquisition stage, a video stream generation stage and a video coding stage;

correspondingly, the at least one target processing stage may include: at least one of an optical imaging phase, an image sensor acquisition phase, a video stream generation phase, and a video encoding phase.

Specifically, the number of target processing stages that need to be encrypted and indicated by the encryption instruction issued by the server may be one, or may be multiple, for example, at least one target processing stage includes: in the optical imaging stage, when the client acquires the authentication image, only the intermediate data obtained in the optical imaging stage is encrypted, so that the generated authentication image is embedded with the encryption information corresponding to the encryption parameter of the optical imaging stage indicated in the encryption instruction; as another example, at least one target processing stage includes: the method comprises an image sensor acquisition stage and a video stream generation stage, wherein when a client acquires an authentication image, intermediate data obtained in the image sensor acquisition stage and the video stream generation stage are encrypted, so that the generated authentication image is embedded with first encryption information corresponding to encryption parameters of the image sensor acquisition stage indicated in an encryption instruction and second encryption information corresponding to the encryption parameters of the video stream generation stage indicated in the encryption instruction;

specifically, for the case that the multiple data processing stages in the authentication image acquisition process are all target processing stages, intermediate data generated by each target processing stage needs to be encrypted one by one, and the encrypted data of the previous target processing stage is transmitted to the next data processing stage, and the next data processing stage continues to perform corresponding data processing by using the encrypted data as input data until the last data processing stage is executed, so as to generate a final required authentication image.

In a case where the target processing stage is an optical imaging stage, at this time, it is necessary to encrypt intermediate data generated in the optical imaging stage in the authentication image acquisition process, and then enter an image sensor acquisition stage in the authentication image acquisition process, based on this, as shown in fig. 3, the step S202, according to the obtained encryption instruction, encrypts intermediate data obtained in at least one target processing stage in which the authentication image is acquired, and specifically includes:

s2021, determining optical coding information used for data encryption in the optical imaging stage according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate encryption parameters corresponding to each target processing stage, where the optical coding mode is used to encrypt intermediate data in the optical imaging stage, and therefore the encryption parameters corresponding to the optical imaging stage are the optical coding information;

s2022, encrypting the optical image in the optical imaging stage of collecting the identity verification image according to the determined optical coding information.

Specifically, the encrypting the optical image in the optical imaging stage of acquiring the authentication image in S2022 according to the determined optical encoding information specifically includes:

the method comprises the steps that firstly, speckle patterns obtained by irradiating a laser source on a diffraction Optical element corresponding to determined Optical code information are obtained, specifically, the laser source is irradiated on a diffraction grating in a Diffraction Optical Element (DOE) to form diffraction spots (namely the speckle patterns), wherein the diffraction gratings are different, the obtained diffraction spots are also different, and in specific implementation, if a plurality of diffraction Optical Elements are arranged in an imaging light path, the corresponding relation between the Optical code information and the diffraction Optical Elements can be preset and established, the laser source is irradiated on the diffraction Optical element corresponding to the determined Optical code information, and then the corresponding diffraction spots are obtained;

and step two, superposing the speckle pattern on the optical image obtained in the optical imaging stage of acquiring the identity verification image.

Wherein, to the optical imaging stage, adopt the optical coding technique to encrypt the produced intermediate data of this optical imaging stage, this optical coding technique belongs to one of the structured light technique, this structured light technique mainly is: the method comprises the steps of utilizing a light source to irradiate a measured space to code, projecting a one-dimensional or two-dimensional specific image onto a measured object, and judging the surface shape and depth information of the measured object according to the deformation condition of a sample image irradiated on the measured object.

Correspondingly, aiming at the condition that the target processing stage comprises an optical imaging stage, after receiving an identity verification image sent by a client, a verification server analyzes the identity verification image, judges whether an embedded speckle pattern exists on the optical image, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether the embedded speckle pattern exists on the optical image, judging whether the speckle pattern is consistent with a preset speckle pattern, and if so, determining that the intermediate data obtained in the target processing stage meets the preset encryption requirement.

In a case that the target processing stage is an image sensor acquisition stage, at this time, intermediate data generated in the image sensor acquisition stage in the authentication image acquisition process needs to be encrypted, and then the video stream generation stage in the authentication image acquisition process is started, based on this, as shown in fig. 4, the S202 encrypts, according to the obtained encryption instruction, the intermediate data obtained in at least one target processing stage of acquiring the authentication image, and specifically includes:

s2023, determining a hidden position of a digital watermark used for data encryption in an image sensor acquisition stage according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate encryption parameters corresponding to each target processing stage, where the intermediate data is encrypted in the image sensor acquisition stage by using the digital watermark, and therefore the encryption parameters corresponding to the image sensor acquisition stage are the hidden position of the digital watermark;

s2024, according to the determined hidden position, embedding the digital watermark into the image signal in the image sensor acquisition stage of acquiring the authentication image, and specifically, embedding the digital watermark into the position indicated by the hidden position in the image signal.

Specifically, the step S2023 of determining the hidden position of the digital watermark used for data encryption in the acquisition stage of the image sensor according to the obtained encryption instruction includes:

if the encryption instruction indicates time domain encryption, the space domain is used as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage;

if the encryption instruction indicates frequency domain encryption, taking the DCT transform domain as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage;

if the encryption instruction indicates time-frequency domain encryption, the time-frequency transformation domain is used as a hidden position of a digital watermark for data encryption in an image sensor acquisition stage;

and if the encryption instruction indicates time-scale domain encryption, the wavelet transform domain is used as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage.

Correspondingly, aiming at the condition that the target processing stage comprises an image sensor acquisition stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether an embedded digital watermark exists in a target domain in an image signal, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether an embedded digital watermark exists in the image signal under a target transform domain, judging whether the digital watermark is consistent with a preset digital watermark, and if so, determining that intermediate data obtained in the target processing stage meets a preset encryption requirement;

specifically, if the encryption instruction indicates time domain encryption, the target domain is a spatial domain; if the encryption instruction indicates that the frequency domain is encrypted, the target domain is a DCT transform domain; if the encryption instruction indicates time-frequency domain encryption, the target domain is a time-frequency transform domain; if the encryption instruction indicates time-scale domain encryption, the target domain is a wavelet transform domain.

In a case where the target processing stage is a video stream generation stage, at this time, it is necessary to encrypt intermediate data generated in the video stream generation stage in the authentication image acquisition process, and then enter a video encoding stage in the authentication image acquisition process, based on this, as shown in fig. 5, the step S202, according to the obtained encryption instruction, encrypts intermediate data obtained in at least one target processing stage in which the authentication image is acquired, and specifically includes:

s2025, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate an encryption parameter corresponding to each target processing stage, where the intermediate data is encrypted in the video stream generation stage by using a special frame embedding manner, and therefore, the encryption parameter corresponding to the video stream generation stage is the target video frame and the insertion position thereof;

s2026, according to the determined insertion position, inserting a target video frame into the video stream generated in the video stream generation stage of capturing the authentication image, specifically, inserting a specified number of target video frames at a specified position in the video stream, for example, inserting one target video frame every 10 frames in the video stream.

Wherein, the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.

Correspondingly, aiming at the condition that the target processing stage comprises a video stream generation stage, after the authentication server receives the authentication image sent by the client, the authentication image is analyzed, whether a target video frame exists at the target insertion position is judged, and if yes, the intermediate data obtained at the target processing stage is determined to meet the preset encryption requirement.

In a case where the target processing stage is a video encoding stage, at this time, it is necessary to encrypt intermediate data generated in the video encoding stage in the authentication image acquisition process, and then enter an authentication data sending stage in the authentication image acquisition process, based on this, as shown in fig. 6, the S202 encrypts, according to the obtained encryption instruction, intermediate data obtained in at least one target processing stage in which the authentication image is acquired, and specifically includes:

s2027, determining an adding position of target information used for data encryption in a video encoding stage according to the obtained encryption instruction, specifically, the encryption instruction issued by the server is used not only to indicate a target processing stage that needs to be encrypted, but also to indicate encryption parameters corresponding to each target processing stage, where in the video encoding stage, the intermediate data is encrypted by using a special information adding manner, and therefore, the encryption parameter corresponding to the video encoding stage is the adding position of the target information;

s2028, according to the determined adding position, embedding target information in a header information or a picture structure diagram of the face image in a video encoding stage of acquiring the authentication image, specifically, the video encoding stage is to compress a video stream and encode the face image in the video stream by using a video compression technique, where the image encoding has header information or a picture structure diagram, for example, a jpeg file generally has an attached exif information, and the exif information includes information such as an image size, a shooting time, a picture direction, and an image thumbnail, so that the purpose of data encryption can be achieved by modifying the header information or the picture structure diagram of the face image and adding an image special pattern therein.

Correspondingly, aiming at the condition that the target processing stage comprises a video coding stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether target information exists in file header information or a picture structure diagram of a face image, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement.

In specific implementation, in the process of acquiring the authentication image, the client encrypts intermediate data obtained in at least one target processing stage of acquiring the authentication image according to the acquired encryption instruction, with reference to the specific implementation manner of encrypting the intermediate data obtained in the target data processing stage in fig. 3 to 6, so as to generate a final required authentication image.

Further, for the server, after receiving an authentication image sent by the client, in the process of authenticating the user identity based on the authentication image, the authentication image is analyzed, whether intermediate data obtained in each target processing stage meets a preset encryption requirement is judged one by one according to an analysis result and an encryption instruction issued to the client in advance, if the intermediate data obtained in each target processing stage meets the preset encryption requirement, it is determined that the user identity authentication is passed, and if the intermediate data obtained in any target processing stage does not meet the preset encryption requirement, it is determined that the user identity authentication is failed.

The client encrypts the authentication image in a targeted manner, and the client generates an encryption command according to the encryption command, wherein the security of the user account of the client and the authentication efficiency of the authentication server for performing authentication are both considered, on the basis, the security level of the client is considered in the process of generating the encryption command by the authentication server, not all the clients issue the same encryption command, and the more the number of target processing stages indicated by the encryption command issued by the client with higher security level, specifically, the encryption command is determined by the authentication server in the following way:

determining a target security level of a client to be authenticated;

in a plurality of data processing stages for acquiring the identity authentication images, determining at least one target processing stage according to the determined target security level, and determining encryption parameters corresponding to each target processing stage, specifically, the corresponding relation between the security level and at least one target processing stage needing to be encrypted can be preset;

and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameters corresponding to the target processing stages.

Specifically, the higher the security level of the client is, the more the number of target processing stages indicated by the corresponding encryption instruction is, further, it is considered that the authentication of the user may be strengthened for a certain special situation, for example, for the client which is preliminarily determined to have a suspected illegal attack risk, the security level of the client is increased to strengthen the authentication of the user corresponding to the client, based on which, the target security level may be obtained by dynamically adjusting based on an original security level set for the client in advance, in a specific embodiment, the determination process of the target security level specifically is:

judging whether the login environment of the client side is changed or not, if so, increasing the security level of the client side according to a preset adjustment rule, and determining the increased security level as the target security level of the client side;

for example, when it is detected that the login geographical location information of the client is not common geographical location information, that is, if it is detected that the client logs in a different place, it is determined that the login environment of the client changes, at this time, the strength of user identity authentication needs to be enhanced, and the security of the user account usage needs to be further improved.

Further, taking the process of acquiring the face image of the user as an example, if at least one target processing stage includes: an optical imaging stage, an image sensor acquisition stage, a video stream generation stage, and a video encoding stage, where as shown in fig. 7, the process of acquiring a user face image specifically includes:

(1) firstly, entering an optical imaging stage, encrypting an optical image in the optical imaging stage according to optical coding information corresponding to the optical imaging stage to obtain an optical image embedded with a speckle pattern, and taking the optical image embedded with the speckle pattern as input data of an image sensor acquisition stage;

(2) after an optical image embedded with a speckle pattern is output by an imaging optical path, the optical image enters an image sensor acquisition stage, a digital watermark is embedded into an image signal obtained in the image sensor acquisition stage according to a hidden position of the digital watermark corresponding to the image sensor acquisition stage to obtain an image signal embedded with the speckle pattern and the digital watermark, and the image signal embedded with the speckle pattern and the digital watermark is used as input data in a video stream generation stage;

(3) after an Image sensor outputs an Image Signal embedded with a speckle pattern and a digital watermark, the Image Signal enters a video stream generation stage, an Image Signal Processor (ISP) performs Signal processing on the Image Signal output by the Image sensor to sequentially obtain a plurality of face images and generate a face Image video stream, a target video frame is inserted into the face Image video stream according to the insertion position of the target video frame corresponding to the video stream generation stage to obtain a face Image video stream (namely an encrypted first face Image video stream) embedded with the speckle pattern and the digital watermark and inserted with an encrypted video frame, and the encrypted first face Image video stream is used as input data of a video coding stage;

(4) and after the image signal processor outputs the encrypted first face image video stream, entering a video coding stage, adding target information into file header information or a picture structure diagram of a face image in the encrypted first face image video stream according to the adding position of the target information corresponding to the video coding stage to obtain a face image video stream (namely an encrypted second face image video stream) which is embedded with a speckle pattern, embedded with a digital watermark, inserted into an encrypted video frame and added with the target information, and taking the encrypted second face image video stream as a face image of the user to be verified.

In the identity authentication method in one or more embodiments of the present specification, an encryption instruction issued by a server is obtained; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.

On the basis of the same technical concept, the identity authentication method described in correspondence with fig. 2 to 7 above, one or more embodiments of the present specification further provides an identity authentication method, fig. 8 is a schematic flow chart of the identity authentication method provided in one or more embodiments of the present specification, and the method in fig. 8 can be executed by an authentication server, as shown in fig. 8, the method at least includes the following steps:

s801, after sending an encryption instruction to a client, acquiring an authentication image which is reported by the client and acquired based on the encryption instruction, wherein the encryption instruction comprises: the target processing stages that need to be encrypted and the encryption parameters corresponding to each target processing stage, specifically, the specific implementation process of the client acquiring the authentication image refers to the processes shown in fig. 3 to 6, which are not described herein again;

specifically, the authentication server selects at least one target processing stage in a plurality of data processing stages related to the identity authentication image acquisition process in advance, sets encryption parameters corresponding to the target processing stages, and generates an encryption instruction for instructing the client to execute encryption operation according to the selected target processing stage and the encryption parameters corresponding to the target processing stages; and the authentication server sends the encryption command to the client.

S802, decrypting the acquired authentication image to obtain target encryption information corresponding to at least one target processing stage, specifically, extracting the target encryption information embedded in the authentication image by reversely analyzing the authentication image;

and S803, determining whether the identity authentication of the client passes according to the encryption instruction sent to the client in advance and the target encryption information obtained by decryption.

The method comprises the steps that a client side encrypts intermediate data according to an encryption requirement of an authentication server in the process of acquiring an authentication image, so that the authentication server analyzes the authentication image after receiving the authentication image sent by the client side to obtain target encryption information embedded at the client side, the target encryption information is matched with an encryption instruction issued to the client side in advance, if the matching is successful, the user authentication is determined to be passed, and if the matching is unsuccessful, the user authentication is determined to be failed.

In one or more embodiments of the present disclosure, an authentication server sends an encryption instruction to a client, so that the client performs encryption processing on generated intermediate data according to the encryption instruction during an acquisition process of an authentication image, then receives the authentication image embedded with encryption information reported by the client, extracts encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during a process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client performs encryption according to an encryption requirement of a server, and performs interactive encryption between the client and the server, on the other hand, the intermediate data is encrypted during a generation process of the authentication image, so as to avoid a risk of data replacement, thereby preventing malicious attacks of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of the identity authentication data acquisition are ensured, and the use safety of the user account is improved.

Wherein, the step S803, according to the encryption instruction sent to the client in advance and the target encryption information obtained by decryption, of determining whether the authentication of the client passes, specifically includes:

judging whether the target encryption information corresponding to each target processing stage is matched with the encryption parameter corresponding to the target processing stage indicated by the encryption instruction;

if so, determining that the identity authentication of the client passes; if not, determining that the identity authentication of the client side is not passed.

Specifically, for example, the authentication is performed by collecting a face image, and the authentication image includes: the user face image, the data processing stage mainly involved in the user face image acquisition process may include: an optical imaging stage, an image sensor acquisition stage, a video stream generation stage and a video coding stage;

Aiming at the condition that the target processing stage comprises an optical imaging stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether an embedded speckle pattern exists on the optical image, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether the embedded speckle pattern exists on the optical image, judging whether the speckle pattern is consistent with a preset speckle pattern, and if so, determining that the intermediate data obtained in the target processing stage meets the preset encryption requirement.

Aiming at the condition that the target processing stage comprises an image sensor acquisition stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether an embedded digital watermark exists in an image signal under a target domain, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement; or, judging whether an embedded digital watermark exists in the image signal under a target transform domain, judging whether the digital watermark is consistent with a preset digital watermark, and if so, determining that intermediate data obtained in the target processing stage meets a preset encryption requirement;

Aiming at the condition that the target processing stage comprises a video stream generation stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether a target video frame exists at a target insertion position, and if so, determines that intermediate data obtained at the target processing stage meets a preset encryption requirement.

Aiming at the condition that the target processing stage comprises a video coding stage, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image, judges whether target information exists in file header information or a picture structure diagram of a face image, and if so, determines that intermediate data obtained in the target processing stage meets a preset encryption requirement.

That is to say, after receiving an authentication image sent by a client, an authentication server analyzes the authentication image in the process of authenticating the user identity based on the authentication image, and judges one by one whether intermediate data obtained in each target processing stage meets a preset encryption requirement according to an analysis result and an encryption instruction issued to the client in advance, if the intermediate data obtained in each target processing stage meets the preset encryption requirement, it is determined that the user identity authentication is passed, and if the intermediate data obtained in any target processing stage does not meet the preset encryption requirement, it is determined that the user identity authentication is failed.

Further, in order to give consideration to both the security of the use of the user account of the client and the authentication efficiency of the authentication server in performing the authentication, the method specifically controls the client to encrypt the authentication image, based on which, in the process of generating the encryption command by the authentication server, the security level of the client is considered, not all the clients issue the same encryption command, and for the client with higher security level, the more the number of target processing stages indicated by the encryption command issued for the client is, specifically, before sending the encryption command to the client, the method further includes:

determining a target security level of a client to be authenticated;

in a plurality of data processing stages for acquiring the identity authentication images, determining at least one target processing stage according to the determined target security level, and determining the encryption parameter corresponding to each target processing stage, wherein the corresponding relation between the security level and the at least one target processing stage needing to be encrypted can be preset;

and generating an encryption instruction to be issued to the client according to at least one target processing stage and the encryption parameters corresponding to each target processing stage.

In the authentication method in one or more embodiments of the present specification, an authentication server sends an encryption instruction to a client, so that the client encrypts generated intermediate data according to the encryption instruction during an acquisition process of an authentication image, receives the authentication image embedded with encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during a process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts the intermediate data according to an encryption requirement of the server, and realizes interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during a generation process of the authentication image, thereby avoiding a risk of data replacement, and preventing malicious attacks of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of the identity authentication data acquisition are ensured, and the use safety of the user account is improved.

It should be noted that the embodiment in this specification and the previous embodiment in this specification are based on the same inventive concept, and therefore, for specific implementation of this embodiment, reference may be made to implementation of the aforementioned identity authentication method, and repeated details are not described again.

Corresponding to the authentication methods described in fig. 2 to 7, based on the same technical concept, one or more embodiments of the present disclosure further provide an authentication apparatus, fig. 9 is a schematic diagram of module components of the authentication apparatus provided at a client according to one or more embodiments of the present disclosure, where the apparatus is configured to perform the authentication methods described in fig. 2 to 7, and as shown in fig. 9, the apparatus includes:

an encryption instruction obtaining module 901, configured to obtain an encryption instruction issued by the authentication server;

the data encryption module 902 is configured to encrypt intermediate data obtained in at least one target processing stage of the acquired authentication image according to the encryption instruction;

a verification image sending module 903, configured to send the acquired authentication image to the verification server, so that the verification server performs authentication based on the authentication image.

Optionally, the authentication image includes: a user face image;

the at least one target processing stage comprises: at least one of an optical imaging phase, an image sensor acquisition phase, a video stream generation phase, and a video encoding phase.

Optionally, the data encryption module 902 is specifically configured to:

determining optical coding information used for data encryption in the optical imaging stage according to the encryption instruction;

and encrypting the optical image in the optical imaging stage for acquiring the identity verification image according to the optical coding information.

Optionally, the data encryption module 902 is further specifically configured to:

acquiring a speckle pattern obtained by irradiating a laser light source on a diffraction optical element corresponding to the optical coding information;

superimposing the speckle pattern on an optical image in the optical imaging phase of acquiring an authentication image.

Optionally, the data encryption module 902 is specifically configured to:

according to the encryption instruction, determining a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;

and embedding the digital watermark into the image signal in the image sensor acquisition stage for acquiring the identity verification image according to the hidden position.

if the encryption instruction indicates time domain encryption, taking a spatial domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;

if the encryption instruction indicates frequency domain encryption, taking a DCT transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage;

if the encryption instruction indicates time-frequency domain encryption, taking a time-frequency transform domain as a hidden position of a digital watermark used for data encryption in the image sensor acquisition stage;

and if the encryption instruction indicates time-scale domain encryption, taking a wavelet transform domain as a hidden position of a digital watermark for data encryption in the image sensor acquisition stage.

Optionally, the data encryption module 902 is specifically configured to:

according to the encryption instruction, determining a target video frame used for data encryption in the video stream generation stage and an insertion position of the target video frame;

and inserting the target video frame into the video stream generated in the video stream generation stage for acquiring the identity verification image according to the inserting position.

Optionally, the target video frame includes: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.

Optionally, the data encryption module 902 is specifically configured to:

determining the adding position of target information used for data encryption in the video coding stage according to the encryption instruction;

and according to the adding position, embedding the target information in the file header information or the picture structure diagram of the face image in the video coding stage of acquiring the identity verification image.

Optionally, the encryption instruction is determined by the authentication server by:

determining a target security level of a client to be authenticated;

in a plurality of data processing stages for collecting the identity verification images, determining at least one target processing stage and determining an encryption parameter corresponding to each target processing stage according to the target security level;

and generating an encryption instruction to be issued to the client according to the at least one target processing stage and the encryption parameter.

The identity authentication device in one or more embodiments of the present specification obtains an encryption instruction issued by a server; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.

It should be noted that the embodiment in this specification and the first embodiment in this specification are based on the same inventive concept, and therefore specific implementation of this embodiment may refer to implementation of the aforementioned identity authentication method, and repeated details are not described again.

Corresponding to the authentication method described in fig. 8, based on the same technical concept, one or more embodiments of the present specification further provide an authentication apparatus, fig. 10 is a schematic diagram of module compositions of the authentication apparatus provided in a service server and configured to execute the authentication method described in fig. 8, where as shown in fig. 10, the apparatus includes:

a verification image receiving module 1001, configured to obtain an authentication image collected based on an encryption instruction and reported by a client after sending the encryption instruction to the client;

the data decryption module 1002 is configured to decrypt the authentication image to obtain target encryption information corresponding to at least one target processing stage;

and an authentication module 1003, configured to determine whether the authentication of the client passes according to the encryption instruction and the target encryption information.

Optionally, the identity verification module 1003 is specifically configured to:

if so, determining that the identity authentication of the client passes;

if not, determining that the identity authentication of the client side is not passed.

Optionally, the authentication image is obtained by encrypting, by the client, intermediate data obtained in at least one target processing stage of acquiring the authentication image according to the encryption instruction.

Optionally, the apparatus further includes an encryption instruction generating module, where the encryption instruction generating module is configured to:

determining a target security level of a client to be authenticated;

In the authentication device in one or more embodiments of the present specification, the authentication server sends an encryption instruction to the client, so that the client encrypts the generated intermediate data according to the encryption instruction during the process of acquiring the authentication image, receives the authentication image embedded with the encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during the process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts the intermediate data according to the encryption requirement of the server, and realizes interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during the process of generating the authentication image, thereby avoiding the risk of data replacement, and preventing malicious attack of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of the identity authentication data acquisition are ensured, and the use safety of the user account is improved.

Corresponding to the authentication methods described in fig. 2 to fig. 8, based on the same technical concept, one or more embodiments of the present specification further provide an authentication system, fig. 11 is a schematic structural diagram of the authentication system provided in one or more embodiments of the present specification, where the apparatus is configured to execute the authentication methods described in fig. 2 to fig. 8, and as shown in fig. 11, the system includes:

the system comprises an authentication server 10 and a plurality of clients 20, wherein the authentication server 10 is in communication connection with each client 20;

specifically, the authentication server issues an encryption instruction to the client, where the encryption instruction includes: target processing stages needing encryption and encryption parameters corresponding to the target processing stages;

after receiving an encryption instruction issued by a verification server, a client encrypts intermediate data obtained in at least one target processing stage according to the encryption instruction in the process of acquiring an authentication image to obtain an encrypted authentication image;

the client sends the encrypted authentication image to an authentication server;

after receiving the encrypted authentication image, the authentication server performs authentication on the user using the client based on the authentication image, if the authentication passes, sending prompt information for representing that the authentication passes to the client, and if the authentication fails, sending prompt information for representing that the authentication fails to the client.

In the authentication system in one or more embodiments of the present description, an authentication server sends an encryption instruction to a client, the client encrypts generated intermediate data according to the encryption instruction during an acquisition process of an authentication image to obtain an authentication image embedded with encrypted information, then the authentication server receives the authentication image embedded with encrypted information reported by the client, extracts encrypted information from the received authentication image and performs authentication based on the encrypted information, that is, during a process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts according to an encryption requirement of the server to implement interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during a process of generating the authentication image, the risk of data replacement is avoided, so that malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, the authenticity and the effectiveness of the authentication data acquisition are ensured, and the use safety of the user account is improved.

Further, corresponding to the methods shown in fig. 2 to 8, based on the same technical concept, one or more embodiments of the present specification further provide an authentication apparatus for performing the above-mentioned authentication method, as shown in fig. 12.

The authentication device may have a large difference due to different configurations or performances, and may include one or more processors 1201 and a memory 1202, and the memory 1202 may store one or more stored applications or data. Memory 1202 may be, among other things, transient storage or persistent storage. The application stored in memory 1202 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for an authentication device. Still further, processor 1201 may be configured to communicate with memory 1202 to execute a series of computer-executable instructions in memory 1202 on the authentication device. The authentication apparatus may also include one or more power supplies 1203, one or more wired or wireless network interfaces 1204, one or more input-output interfaces 1205, one or more keypads 1206, and the like.

In one particular embodiment, an authentication apparatus comprises a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may comprise one or more modules, and each module may comprise a series of computer-executable instructions for the authentication apparatus, and the one or more programs configured to be executed by the one or more processors comprise computer-executable instructions for:

acquiring an encryption instruction issued by a verification server;

Optionally, the computer executable instructions when executed cause the authentication image to comprise: a user face image;

Optionally, when executed, the computer-executable instructions perform, according to the encryption instruction, encryption processing on intermediate data obtained in at least one target processing stage of acquiring an authentication image, including:

Optionally, when executed, the computer executable instructions encrypt the optical image in the optical imaging phase of capturing the authentication image according to the optical coding information, including:

Optionally, when executed, the computer executable instructions determine, according to the encryption instructions, a hidden location of a digital watermark used for data encryption in the image sensor acquisition stage, including:

Optionally, the computer executable instructions, when executed, the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.

Optionally, the computer executable instructions, when executed, the cryptographic instructions are determined by the authentication server by:

determining a target security level of a client to be authenticated;

In another particular embodiment, an authentication apparatus includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the authentication apparatus, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:

Optionally, when executed, the determining whether the authentication of the client is passed according to the encryption instruction and the target encryption information includes:

if so, determining that the identity authentication of the client passes;

Optionally, when the computer executable instruction is executed, the authentication image is obtained by encrypting, by the client, intermediate data obtained in at least one target processing stage of acquiring the authentication image according to the encryption instruction.

Optionally, the computer executable instructions, when executed, further comprise computer executable instructions for:

determining a target security level of a client to be authenticated;

In the authentication device in one or more embodiments of the present specification, the authentication server sends an encryption instruction to the client, so that the client encrypts generated intermediate data according to the encryption instruction during the process of acquiring an authentication image, receives the authentication image embedded with encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during the process of generating the authentication image by the client, corresponding encryption processing is performed at different data processing stages, on one hand, the client encrypts the intermediate data according to the encryption requirement of the server, and realizes interactive encryption between the client and the server, and on the other hand, the intermediate data is encrypted during the process of generating the authentication image, thereby avoiding the risk of data replacement, and preventing malicious attack of illegal molecules on the authentication data, the real-time performance, the authenticity and the effectiveness of the identity authentication data acquisition are ensured, and the use safety of the user account is improved.

Further, based on the same technical concept, corresponding to the methods shown in fig. 2 to fig. 8, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instructions, where in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, and the like, and the storage medium stores computer-executable instructions that, when executed by a processor, implement the following processes:

acquiring an encryption instruction issued by a verification server;

Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, cause the authentication image to comprise: a user face image;

Optionally, when executed by the processor, the computer-executable instructions stored in the storage medium encrypt intermediate data obtained in at least one target processing stage of acquiring an authentication image according to the encryption instruction, where the encryption instruction includes:

Optionally, the storage medium stores computer executable instructions that when executed by the processor, encrypt an optical image in the optical imaging phase of capturing an authentication image according to the optically encoded information, comprising:

Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, determine a hidden location of a digital watermark used for data encryption in the image sensor acquisition stage according to the encryption instructions, including:

Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.

Optionally, the storage medium stores computer-executable instructions that, when executed by the processor, the cryptographic instructions are determined by the authentication server by:

determining a target security level of a client to be authenticated;

In one or more embodiments of the present description, when executed by a processor, a computer-executable instruction stored in a storage medium obtains an encryption instruction issued by a server; according to the encryption instruction, carrying out encryption processing on intermediate data obtained in at least one target processing stage of the collected identity verification image; and sending the acquired encrypted authentication image to a server so that the server performs authentication based on the authentication image. In the process of acquiring the identity verification image, the generated intermediate data is encrypted according to an encryption instruction issued by the server, and the identity verification image embedded with the encrypted information is sent to the server, so that the server extracts the encrypted information from the received identity verification image and performs identity verification based on the encrypted information, malicious attack of illegal molecules on the identity verification data is prevented, the real-time property, the authenticity and the validity of the identity verification data acquisition are ensured, and the use safety of a user account is improved.

In another specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, and the storage medium stores computer executable instructions that, when executed by the processor, implement the following process:

Optionally, the storage medium stores computer-executable instructions that, when executed by a processor, determine whether the authentication of the client is passed according to the encryption instructions and the target encryption information, and includes:

if so, determining that the identity authentication of the client passes;

Optionally, when executed by the processor, the storage medium stores computer-executable instructions, where the authentication image is obtained by the client encrypting, according to the encryption instruction, intermediate data obtained in at least one target processing stage of acquiring the authentication image.

Optionally, the storage medium stores computer executable instructions that, when executed by the processor, further implement the following process:

determining a target security level of a client to be authenticated;

When the computer executable instructions stored in the storage medium in one or more embodiments of the present specification are executed by the processor, the authentication server sends an encryption instruction to the client, so that the client encrypts the generated intermediate data according to the encryption instruction during the process of acquiring the authentication image, receives the authentication image with the embedded encryption information reported by the client, extracts the encryption information from the received authentication image, and performs authentication based on the encryption information, that is, during the process of generating the authentication image, the client performs corresponding encryption processing at different data processing stages, on one hand, the client encrypts the image according to the encryption requirement of the server, and implements interactive encryption between the client and the server, and on the other hand, encrypts the intermediate data during the process of generating the authentication image, the risk of data replacement is avoided, so that malicious attacks of illegal molecules on the authentication data are prevented, the real-time performance, the authenticity and the effectiveness of the authentication data acquisition are ensured, and the use safety of the user account is improved.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Language Description Language), traffic, pl (core unified Programming Language), Cal, jhdware Description Language, langua, mylar, pams, hardlanguage (Hardware Description Language), vhlanguage, Language, HDL, software Language (Hardware Description Language), and vhjjjjjjjjjjjjjjjg Language, which are currently used in most fields. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations of one or more of the present descriptions.

As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied in the medium.

One or more of the present specification has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to one or more embodiments of the specification. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

One or more of the present specification can be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is merely illustrative of one or more embodiments of the present disclosure and is not intended to limit one or more embodiments of the present disclosure. Various modifications and alterations to one or more of the present descriptions will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of one or more of the present specification should be included in the scope of one or more claims of the present specification.

Claims

1. An identity verification method, comprising:

acquiring an encryption instruction issued by a verification server, wherein the encryption instruction comprises: target processing stages needing to be encrypted and encryption parameters corresponding to the target processing stages;

2. The method of claim 1, wherein the authentication image comprises: a user face image;

at least one of the target processing stages comprises: at least one of an optical imaging phase, an image sensor acquisition phase, a video stream generation phase, and a video encoding phase.

3. The method according to claim 2, wherein the encrypting, according to the encryption instruction, the intermediate data obtained in the at least one target processing stage of acquiring the authentication image comprises:

4. The method of claim 3, wherein encrypting the optical image in the optical imaging phase of capturing the authentication image according to the optically encoded information comprises:

5. The method according to claim 2, wherein the encrypting, according to the encryption instruction, the intermediate data obtained in the at least one target processing stage of acquiring the authentication image comprises:

6. The method of claim 5, wherein determining the hidden location of the digital watermark used for data encryption in the image sensor acquisition phase according to the encryption instruction comprises:

7. The method according to claim 2, wherein the encrypting, according to the encryption instruction, the intermediate data obtained in the at least one target processing stage of acquiring the authentication image comprises:

8. The method of claim 7, wherein the target video frame comprises: and at least one of a blank frame, a video frame embedded with the digital watermark and a video frame superposed with a preset encryption pattern.

9. The method according to claim 2, wherein the encrypting, according to the encryption instruction, the intermediate data obtained in the at least one target processing stage of acquiring the authentication image comprises:

10. The method according to any one of claims 1 to 9, wherein the encryption instruction is determined by the authentication server by:

determining a target security level of a client to be authenticated;

11. An identity verification method, comprising:

after an encryption instruction is sent to a client, an authentication image which is reported by the client and acquired based on the encryption instruction is acquired, wherein the encryption instruction comprises: the authentication image is obtained by encrypting intermediate data obtained by the client according to the encryption instruction and acquired by at least one target processing stage of the acquired authentication image;

decrypting the identity verification image to obtain at least one target encryption information corresponding to the target processing stage;

12. The method of claim 11, wherein the determining whether the authentication of the client is passed according to the encryption instruction and the target encryption information comprises:

if so, determining that the identity authentication of the client passes;

13. The method of claim 11, further comprising:

determining a target security level of a client to be authenticated;

14. An authentication apparatus, comprising:

an encryption instruction obtaining module, configured to obtain an encryption instruction issued by the authentication server, where the encryption instruction includes: target processing stages needing to be encrypted and encryption parameters corresponding to the target processing stages;

15. An authentication apparatus, comprising:

the verification image receiving module is used for acquiring an authentication image which is reported by a client and acquired based on an encryption instruction after the encryption instruction is sent to the client, wherein the encryption instruction comprises: the authentication image is obtained by encrypting intermediate data obtained by the client according to the encryption instruction and acquired by at least one target processing stage of the acquired authentication image;

16. An authentication apparatus, comprising:

a processor; and

17. An authentication apparatus, comprising:

a processor; and

18. A storage medium storing computer-executable instructions, wherein the executable instructions when executed implement the following:

19. A storage medium storing computer-executable instructions, wherein the executable instructions when executed implement the following: