CN109428719A

CN109428719A - A kind of auth method, device and equipment

Info

Publication number: CN109428719A
Application number: CN201710722531.5A
Authority: CN
Inventors: 江璇; 董鹂贇; 林述民
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2017-08-22
Filing date: 2017-08-22
Publication date: 2019-03-05
Anticipated expiration: 2037-08-22
Also published as: CN115766031A; CN109428719B

Abstract

The embodiment of the present application discloses a kind of auth method, device and equipment, this method comprises: obtaining the voice data for the voice that user is issued for validation problem data；Speech recognition and voiceprint extraction are carried out to the voice data, obtain speech recognition result and vocal print feature；According to institute's speech recognition result harmony line feature, the identity of the user is verified.Using the embodiment of the present application, the safety of the target account of user can be promoted, and it is possible to shorten the operating process of user, improves the convenience of authentication.

Description

A kind of auth method, device and equipment

Technical field

This application involves core body technical field more particularly to a kind of auth methods, device and equipment.

Background technique

The safety of personal information is increasingly by people in the application program of personal information security, especially financial scenario Attention, how to guarantee the information security of user, improve the usage experience of user, eliminate people and use after related application The sorrow of Gu becomes the major issue for needing to solve.

In most cases, authentication is an indispensable module of on-line system, and it is current to be used to judgement Whether the corresponding user of the account of game server is registration user, only the guaranteed corresponding user of account currently logged in Belong to the user, the resource of the user stored in server just can guarantee safe and controllable.Validation problem is common A kind of authentication mode, i.e. server provide some validation problem data to user, by judging user for validation problem Whether pre-stored answer unanimously verifies the identity of user in the answer of data and server.Wherein, validation problem data It usually can actively be provided by user, i.e., user inputs its needs into the verifying page that server provides by terminal device and sets The validation problem set, such as " what your senior middle school's form master's name is? ", moreover, the answer of the validation problem also by user from In the corresponding answer of above-mentioned validation problem that oneself filling server provides.When carrying out authentication, server can be by user Pre-set validation problem data are sent to user, are sent to again by terminal device after the corresponding answer data of user's input Server, server compares the answer data and the pre-stored answer of user, if the two is identical, verifying is logical It crosses, otherwise authentication failed.

However, aforesaid way is easy the relevant information of leakage user, can especially be leaked to riper with the user in life The people known causes the account security of user to reduce, moreover, usually above-mentioned verification process needs multiple validation problems to be tied It closes, such that user's operation long flow path, convenience are poor.

Summary of the invention

The purpose of the embodiment of the present application is to provide a kind of auth method, device and equipment, to realize through question and answer Form carries out interactive voice with user, the vocal print acquisition that is naturally completed and compares, moreover, by validation problem data and The two aspect data such as vocal print feature verify the identity of user, promote the safety of the target account of user, and it is possible to The operating process for shortening user, improves the convenience of authentication.

In order to solve the above technical problems, the embodiment of the present application is achieved in that

A kind of auth method provided by the embodiments of the present application, which comprises

Obtain the voice data for the voice that user is issued for validation problem data；

Speech recognition and voiceprint extraction are carried out to the voice data, obtain speech recognition result and vocal print feature；

According to institute's speech recognition result harmony line feature, the identity of the user is verified.

Optionally, before the voice data for the voice that the acquisition user is issued for validation problem data, the side Method further include:

The Client-initiated authentication request is received, includes verification environment information in the authentication request；

The validation problem data to be matched according to the verification environment acquisition of information and the user.

Optionally, the validation problem data to be matched according to the verification environment acquisition of information and the user, packet It includes:

According to the verification environment information, the stolen risk factor of the target account of the user is determined；

According to the risk factor, the voice response quantity and validation problem data for being used for authentication are determined.

Optionally, the security level of the voice response quantity and the target account is positively correlated.

Optionally, described that speech recognition is carried out to the voice data, obtain speech recognition result, comprising:

Speech recognition is carried out to the voice data, the corresponding text data of the voice data is obtained, by the text Data are as institute's speech recognition result.

Optionally, described according to institute's speech recognition result harmony line feature, user's body corresponding to the user identifier Part is verified, comprising:

Institute's speech recognition result is compared with the answer of corresponding validation problem data, obtains the first comparison knot Fruit, and the vocal print feature is compared with the target vocal print feature of the pre-stored user, obtain the second comparison knot Fruit；

According to first comparison result and second comparison result, determine whether the authentication of the user leads to It crosses.

Optionally, the method also includes:

Obtain the characteristic value of the vocal print feature；

It is described that the vocal print feature is compared with the target vocal print feature of the pre-stored user, obtain second Comparison result, comprising:

If the characteristic value of the vocal print feature be greater than the first preset threshold, by the vocal print feature with it is pre-stored The target vocal print feature of the user is compared, and obtains the second comparison result.

Optionally, the method also includes:

If the comparison value of the characteristic value of the characteristic value of the vocal print feature and the target vocal print feature is not more than second Preset threshold then obtains the additional identification problem data to match with the user and the verification environment information；

Based on the additional identification problem data and first comparison result, the identity of the user is verified.

Optionally, the validation problem data are generated according to the historical behavior data of the corresponding user of the user identifier, Or, being chosen from the pre-set safe question and answer data of the user.

Optionally, the verification environment information include location information that the user is presently in and/or with the user Relevant Transaction Information.

A kind of authentication means provided by the embodiments of the present application, described device include:

Voice obtains module, for obtaining the voice data for the voice that user is issued for validation problem data；

It identifies extraction module, for carrying out speech recognition and voiceprint extraction to the voice data, obtains speech recognition knot Fruit and vocal print feature；

Authentication module, for being verified to the identity of the user according to institute's speech recognition result harmony line feature.

Optionally, described device further include:

Request receiving module is wrapped in the authentication request for receiving the Client-initiated authentication request Include verification environment information；

Data acquisition module, the validation problem number for being matched according to the verification environment acquisition of information and the user According to.

Optionally, the data acquisition module, comprising:

Risk factor determination unit, for determining that the target account of the user is stolen according to the verification environment information Risk factor；

Data capture unit, for determining the voice response quantity for authentication and testing according to the risk factor Demonstrate,prove problem data.

Optionally, the identification extraction module obtains the voice number for carrying out speech recognition to the voice data According to corresponding text data, using the text data as institute's speech recognition result.

Optionally, the authentication module, comprising:

Comparison result acquiring unit, for carrying out institute's speech recognition result with the answer of corresponding validation problem data It compares, obtains the first comparison result, and the vocal print feature and the target vocal print feature of the pre-stored user are carried out It compares, obtains the second comparison result；

Authentication unit, for determining the body of the user according to first comparison result and second comparison result Part verifies whether to pass through.

Optionally, described device further include:

Characteristic value acquisition module, for obtaining the characteristic value of the vocal print feature；

The comparison result acquiring unit, if the characteristic value for the vocal print feature is greater than the first preset threshold, The vocal print feature is compared with the target vocal print feature of the pre-stored user, obtains the second comparison result.

Optionally, described device further include:

Additional data obtains module, if for the characteristic value of the vocal print feature and the feature of the target vocal print feature The comparison value of value is not more than the second preset threshold, then obtains and additional test with what the user and the verification environment information matched Demonstrate,prove problem data；

The authentication module, for being based on the additional identification problem data and first comparison result, to the use The identity at family is verified.

A kind of identity-validation device provided by the embodiments of the present application, the equipment include:

Processor；And

It is arranged to the memory of storage computer executable instructions, the executable instruction makes the place when executed It manages device and executes following operation:

As can be seen from the technical scheme provided by the above embodiments of the present application, the embodiment of the present application is by obtaining user for verifying Then the voice data for the voice that problem data is issued carries out speech recognition and voiceprint extraction to the voice data, obtains language Sound recognition result and vocal print feature, finally, can be tested according to the speech recognition result and vocal print feature the identity of user Card, in this way, in the form of question and answer, carrying out interactive voice with user, the vocal print being naturally completed is adopted by validation problem data Collection and comparison are promoted moreover, being verified by the two aspect data such as validation problem data and vocal print feature to the identity of user The safety of the target account of user, also, compared due to increasing vocal print, it is possible to reduce the quantity of validation problem data, from And shorten the operating process of user, improve the convenience of authentication.

Detailed description of the invention

In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application, for those of ordinary skill in the art, in the premise of not making the creative labor property Under, it is also possible to obtain other drawings based on these drawings.

Fig. 1 is a kind of auth method embodiment of the application；

Fig. 2 is a kind of display interface schematic diagram of the authentication of user of the application；

Fig. 3 is the application another kind auth method embodiment；

Fig. 4 is a kind of authentication means embodiment of the application；

Fig. 5 is a kind of identity-validation device embodiment of the application.

Specific embodiment

The embodiment of the present application provides a kind of auth method, device and equipment.

In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with the application reality The attached drawing in example is applied, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described implementation Example is merely a part but not all of the embodiments of the present application.Based on the embodiment in the application, this field is common The application protection all should belong in technical staff's every other embodiment obtained without creative efforts Range.

Embodiment one

As shown in Figure 1, the embodiment of the present application provides a kind of auth method, the executing subject of this method can be terminal Equipment or server, terminal device therein can be such as mobile phone, tablet computer mobile terminal device, can also be such as individual The terminal devices such as computer, server can be an independent server, be also possible to the service being made of multiple servers Device cluster.The efficiency of speech recognition and voiceprint extraction is improved in the embodiment of the present application, the executing subject of this method is to service It is described in detail for device, the case where for terminal device, the specific processing for being referred to following servers is executed, herein not It repeats again.This method can specifically include following steps:

In step s 102, the voice data for the voice that user is issued for validation problem data is obtained.

Wherein, user can be any user for needing to carry out authentication.Validation problem data can be to user For verifying the data for the problem of whether certain user is he or she when progress authentication, for example, " your senior middle school's title is assorted ? ", or " do commodity that you bought in nearest one month include which of following? A, XXX playshoes, B, XXX mobile phone, C, XXX laptop, D, XXXT sympathize " etc..

In an implementation, it may include a variety of for needing the scene verified to the identity of user, for example, user forgets that it is stepped on The user name or password of the background server of Lu's application program need to carry out identity and test when needing to give for change user name or password Card, for another example user by network or it is online under do shopping and settle accounts when, the identity of user can be verified, in another example, use When family passes through its username and password login service device, the geographical location that user logs in and the geography that user usually logs in are detected Position is different, then can further verify etc. to the identity of user.In the above scenario, when need to the identity of user into When row verifying, in order to improve user experience and authentication efficiency, authentication can be carried out by voice mode.Specifically, When user is in above-mentioned any scene, user can start authentication mechanism with the authentication mechanism in trigger the server, server, and The identity of user is verified according to execution step preset in authentication mechanism, it can the quotient bought according to user The information such as the good friend of product or user generate one or more validation problems, the validation problem of generation can be passed through display equipment It is shown to user, as shown in Fig. 2, alternatively, above-mentioned validation problem can be read one by one by voice pre-set in server. User can carry out response for the validation problem data of server output, and during response, user can be according to current The validation problem of output says the answer of the validation problem by voice, meanwhile, server can star audio reception device, The voice data for the voice that user is issued can be received by audio reception device.

For example, server generate two validation problems, respectively " what your senior middle school's title is? " " you have nearest one Do the commodity bought in month include which of following? A, XXX playshoes, B, XXX mobile phone, C, XXX laptop, D, XXXT Sympathize ", at this point, server can be exported first and (is output by voice or by showing that equipment is shown), " your senior middle school's title is assorted ? " this validation problem data, user can say answer, such as " my senior middle school's title by voice for the validation problem It is the middle school A ", at this point, server can receive " my senior middle school's title is the middle school A " that user is issued by audio reception device Voice voice data, then, server can then export that " commodity that you bought in nearest one month include in following Which? A, XXX playshoes, B, XXX mobile phone, C, XXX laptop, D, XXXT sympathize " this validation problem data, Yong Huke To say answer, such as " D " by voice for the validation problem, at this point, server can be received by audio reception device The voice data etc. of the voice of " D " that user is issued.

In step S104, speech recognition and voiceprint extraction are carried out to above-mentioned voice data, obtain speech recognition result and Vocal print feature.

Wherein, speech recognition result, which can be, is converted to mechanized data, example for the language content in user speech Such as binary coding or character string, in practical applications, computer can also further convert the readable data of conversion For the text data or Chinese text data of corresponding text data, such as English, specifically may be set according to actual conditions. Vocal print feature may include the frequency and trend of such as loudness of a sound, waveform, formant, specifically may be set according to actual conditions.

In an implementation, in order to guarantee user account safety, not only can verify user by validation problem data Identity, can be combined with the vocal print of the voice of user to verify the identity of user, specifically, voice knowledge carried out to voice data Not and voiceprint extraction can be two mutually independent treatment processes, and sequencing can be not present in specific processing.It is first right The treatment process of speech recognition is illustrated, can the voice data based on magnanimity to pre-set speech recognition modeling carry out Training, obtains the speech recognition modeling that can be used for speech recognition, may include a variety for the treatment of mechanisms in speech recognition modeling, such as The treatment mechanisms such as pretreatment, feature extraction and characteristic matching specifically can be respectively by the voice data transmission of magnanimity to voice In identification model, speech recognition modeling first pre-processes voice data, establishes voice mould further according to the characteristic voice of people Type analyzes the voice signal of input, and extracts required feature, voice needed for establishing speech recognition on this basis Template, to obtain speech recognition modeling.During speech recognition, the voice that user issues is received by audio reception device Afterwards, electric signal transmission can be converted into speech recognition modeling, can by speech recognition modeling sound template with it is defeated The feature of the voice data entered is compared, and according to certain search and matching strategy, is found out a series of optimal with input Then the sound template that voice data matches further according to the definition of this sound template, can be obtained by the voice by tabling look-up The recognition result of data.

Next, the treatment process for carrying out voiceprint extraction to voice data is illustrated, vocal print feature may include Meier Cepstrum coefficient MFCC (Mel Frequency Cepstral Coefficients) perceives linear predictor coefficient PLP (Perceptual Linear Predictive), depth characteristic Deep Feature and the regular spectral coefficient PNCC of energy etc.. By taking vocal print feature is MFCC as an example, preemphasis, framing, adding window can be carried out to the voice signal comprising voice data received Deng processing, the voice signal that obtains that treated, it is then possible to will be treated by Fast Fourier Transform (FFT) (i.e. FFT) Voice signal is converted into the voice signal under mel frequency, calculates the log logarithmic energy of the voice signal under mel frequency, finally, Corresponding MFCC, i.e. vocal print feature can be calculated in such a way that DCT (discrete cosine transform) seeks cepstrum.

In step s 106, according to upper speech recognition result and above-mentioned vocal print feature, the identity of user is verified.

In an implementation, for the processing verified according to identity of the speech recognition result to user, voice can be known Other result is compared with the answer of corresponding validation problem data, if the two is identical, then it represents that the verifying that user answers is asked Topic is correct, otherwise mistake.For example, the example based on above-mentioned steps S102, if validation problem data are that " your senior middle school's title is What? " answer be " middle school A ", user issue voice speech recognition result be " my senior middle school's title is the middle school A ", this When, server can be by comparison, and the validation problem for determining that user answers is correct.In another example if validation problem data " you most Do the commodity bought in nearly one month include which of following? A, XXX playshoes, B, XXX mobile phone, C, XXX laptop, D, XXXT sympathizes " answer be " D ", user issue voice speech recognition result be " A ", at this point, server can be by right Than determining the validation problem mistake that user answers.

For Application on Voiceprint Recognition mechanism, if it is needing user to provide its identity (such as account) and vocal print feature, then The vocal print feature of the pre-stored user is compared, and whether both confirmations are consistent, i.e., the Application on Voiceprint Recognition mechanism is a 1:1 Recognition mechanism；If user is only needed to provide its vocal print feature, then hunted out from pre-stored multiple vocal print features Which is the vocal print feature of the user, then the Application on Voiceprint Recognition mechanism is the recognition mechanism of a 1:N.The application can be above-mentioned Any one Application on Voiceprint Recognition mechanism in two kinds of Application on Voiceprint Recognition mechanism, in the embodiment of the present application by taking the recognition mechanism of 1:N as an example, mesh Before, Application on Voiceprint Recognition model can be obtained by iVector mode and the vocal print of user is verified, Application on Voiceprint Recognition mechanism master It may include two treatment processes, i.e. the training process of Application on Voiceprint Recognition model and vocal print identification process in the training process can It is pre-processed with the voice data of a large number of users to collection, removes noise data, the hash etc. in voice data, obtain To pretreated voice data carry out respectively GMM (Mixtore of Gaussian, gauss hybrid models) model training, UBM (Universal Background Model, universal background model) model training, channel training, channel compensation, IVector is trained and SVM (Support Vector Machine, support vector machines) is trained, to obtain GMM model, SVM mould Type, iVector model and channel model.It, can be by the voice of user during the voice data to user identifies Data are pre-processed, and pretreated voice data is obtained, and pretreated voice data can be passed through GMM mould respectively Type, SVM model and iVector model are handled, i.e. the vocal print feature of the voice of calculating user sending and pre-stored sound Similarity between line feature, if obtained similarity numerical value is greater than preset similarity threshold, it is determined that the body of the user Part, otherwise, the identity validation of user fails.

For according to upper speech recognition result and above-mentioned vocal print feature, to the processing that the identity of user is verified, when According to speech recognition result, the validation problem for determining that user answers is correct, and according to the vocal print feature of user, determines the user's When identity, server, which can determine, passes through the authentication of user, and otherwise server determines that user does not pass through authentication.

The embodiment of the present application provides a kind of auth method, is directed to what validation problem data were issued by obtaining user Then the voice data of voice carries out speech recognition and voiceprint extraction to the voice data, obtains speech recognition result and vocal print Feature, finally, can be verified according to the speech recognition result and vocal print feature to the identity of user, in this way, passing through verifying Problem data carries out interactive voice with user in the form of question and answer, the vocal print acquisition and comparison being naturally completed, moreover, logical It crosses the two aspect data such as validation problem data and vocal print feature to verify the identity of user, promotes the target account of user Safety, also, compared due to increasing vocal print, it is possible to reduce the quantity of validation problem data, thus, shorten the operation of user Process improves the convenience of authentication.

Embodiment two

As shown in figure 3, the embodiment of the present application provides a kind of auth method, the executing subject of this method can be for eventually End equipment or server, terminal device therein can be such as mobile phone, tablet computer mobile terminal device, can also be as a The terminal devices such as people's computer, server can be an independent server, be also possible to the clothes being made of multiple servers Business device cluster.The efficiency of speech recognition and voiceprint extraction is improved in the embodiment of the present application, the executing subject of this method is to take It is described in detail for business device, the case where for terminal device, is referred to the specific processing execution of following servers, herein It repeats no more.This method specifically includes following content:

In step s 302, Client-initiated authentication request is received, includes verification environment in the authentication request Information.

Wherein, verification environment information can be the letter of environment relevant to verifying identity in the environment that user is presently in Breath, for example, the verification environment information includes the location information that user is presently in and/or transaction relevant to user letter Breath, such as transaction amount, location information therein can be geographical location information, be also possible to opposite between certain datum mark Location information etc., transaction amount therein specific such as 1000 or 5000.

In an implementation, the safety of personal information is more next in the application program of personal information security, especially financial scenario It is more valued by people, how to guarantee the information security of user, improve the usage experience of user, that eliminates user looks back it Sorrow becomes the major issue for needing to solve, for this purpose, the application proposes the auth method of user a kind of, to prevent user's Target account or personal information are stolen.Specifically, user can according to need the user for being registered as certain website, under certain line The user of the websites such as website, shopping website, instant messaging website or the forum of shopping plaza is to do shopping under certain line for the user The case where user of the website in market, user's initiation authentication request can be there are many situations, and such as user descends the quotient that does shopping online Commodity are had purchased in, when being settled accounts, the letter for the commodity that user is bought can be determined by the terminal device of shopping plaza Breath and its price, and then the total price for the commodity that user is bought is obtained, pass through the available corresponding transaction of the total price The amount of money, meanwhile, the geographical location information that available user is presently in, and can the ground based on above-mentioned transaction amount and user It manages the verification environments information such as location information and generates authentication request, it is then possible to which the authentication request is sent to service Device, thus, server can receive Client-initiated authentication request.It is online shopping website for the user, instant The case where communicating the user of the websites such as website or forum, user initiates authentication request can also be there are many situation, such as user When logging in corresponding website, user name and/or password of login etc. are had forgotten, at this point, user can click its terminal used The hyperlink of " forgetting Password " in the login page shown in equipment, terminal device can show the corresponding page, with request User, which inputs the information such as the pre-set mailbox of user or phone number, can click determination therein after the completion of user's input Key, the available current geographical location information of terminal device and/or transaction amount (for online shopping website), and with this Authentication request is generated, it is then possible to the authentication request is sent to server, thus, server can receive Client-initiated authentication request.

In step s 304, the validation problem data to be matched according to above-mentioned verification environment acquisition of information and user.

In an implementation, after server receives the verification environment information that user issues, verification environment information can be carried out Analysis, extracting includes geographical location in the information, such as verification environment information such as geographical location information and/or transaction amount therein Information and transaction amount, then the common geographical location where the target account login service device of the available user of server is believed Breath, the geographical location information in verification environment information can be compared with common geographical location information, if the two is identical, Then show that the login geographical location of the target account of user is normal, if the two is different, i.e. the target account strange land of the user is stepped on Server is recorded, then shows that the stolen risk of the target account of user is higher.Meanwhile available pre-stored transaction limit Volume can compare transaction amount and above-mentioned trading limit, if transaction amount is greater than trading limit, show user's The transaction risk of target account is higher, if transaction amount is less than trading limit, shows the transaction wind of the target account of user Danger is relatively low.Based on above content, the target account different-place login server if the user, the mesh of user can be determined It is higher to mark the stolen risk of account；If transaction amount is greater than trading limit, the transaction risk of the target account of user compared with It is high；If the target account different-place login server of the user, and transaction amount would be greater than trading limit, then can determine user's The stolen risk of target account is higher.

The target account of user stolen risk or transaction risk can be determined through the above way, it can be according to user The stolen risk or transaction risk of target account, choose corresponding validation problem from pre-set validation problem data Data, and/or, corresponding validation problem data etc. are generated according to the historical behavior data of user.For example, if the mesh of the user Account different-place login server is marked, and transaction amount is greater than trading limit, then accordingly, available 6 verifyings are asked Data are inscribed, 2 validation problem data therein can be chosen from the pre-set validation problem data of user, and remaining 4 Validation problem data can be according to the historical behavior data of user user generation etc..

The processing of above-mentioned steps S304 can be accomplished in several ways, and provide a kind of optional processing mode again below, It can specifically include following steps one and step 2.

Step 1 determines the stolen risk factor of the target account of user according to above-mentioned verification environment information.

Wherein, risk factor can be specific value, be also possible to corresponding information of numerical intervals etc., such as can be according to testing It demonstrate,proves environmental information and multiple risk class is set, it is specific such as three risk class, respectively high risk, intermediate risk and low-risk Deng.

In an implementation, if only including geographical location information in verification environment information, and the geographical location information of user with The common geographical location information of user is identical, then can determine that the stolen risk of the target account of user is lower, target account May be at low risk level, the stolen risk factor of target account be it is low, if the geographical location information of user and user Common geographical location information it is not identical, then can determine that the stolen risk of the target account of user is higher, target account can To be in high-risk grade, the stolen risk factor of target account is height.

If only including transaction amount in verification environment information, and corresponding trading limit includes the first trading limit and the Two trading limits, wherein the first trading limit is less than the second trading limit, in this way, three sections can be divided, i.e., 0~the first Trading limit, the first trading limit~second trading limit and is greater than the second trading limit, for example, 0~500,500~1000, Different risk class can be respectively set in greater than 1000, three sections, and such as 0~the first trading limit is low-risk, and first hands over Easy limit~second trading limit is intermediate risk, and being greater than the second trading limit is high risk.For example, the user that server obtains Transaction amount be 150 yuan, then by above three section, can determine that target account is in low risk level, i.e. target account The stolen risk factor in family is low.

If including geographical location information and transaction amount in verification environment information, phase may be set according to actual conditions The risk class answered, if the geographical location information of user and the common geographical location information of user are identical, risk class can root It is determined according to transaction amount；If the geographical location information of user and the common geographical location information of user be not identical, transaction amount is 10000, then the stolen risk factor of target account can be determined for height, such as the geographical location information of user and commonly using for user Geographical location information is not identical, transaction amount 200, then can determine that the stolen risk factor of target account is medium.

Step 2 determines the voice response quantity and validation problem data for being used for authentication according to above-mentioned risk factor.

Wherein, which is the data generated according to the historical behavior data of user, and/or, it is from user The data chosen in pre-set safe question and answer data.The security level positive of the voice response quantity and the target account Close, i.e. voice response quantity is more, the security level of target account will be higher, and if the initial safety etc. of target account Grade is lower, mutually can be more in requisition for the voice response quantity of acquisition, and safety of target account etc. can be improved in this way Grade.

In an implementation, the risk factor that an available target account is stolen through the above steps, in the server may be used With the corresponding relationship being previously provided between risk factor and voice response quantity, validation problem data can have with risk factor It closes, can also be unrelated with risk factor, for example, being found by the corresponding relationship between risk factor and voice response quantity It, can be from validation problem number related with user after the stolen corresponding voice response quantity of risk factor of above-mentioned target account Randomly select in or generate at random the validation problem data of the voice response quantity found.Alternatively, by risk factor with Corresponding relationship between voice response quantity finds the stolen corresponding voice response number of risk factor of above-mentioned target account After amount, the risk factor that can be stolen according to target account is chosen or is generated from validation problem data related with user The stolen corresponding validation problem data of risk factor of target account, and the quantity of obtained validation problem data is asked for voice Answer amount.

It should be noted that the security level of validation problem data is determined by voice response quantity, the safety of target account Grade is codetermined by the comparison of the security level and vocal print feature of validation problem data, unknown in the comparison result of vocal print feature In the case where, can based on scheduled business experience confirm validation problem data minimum safe class requirement (or for minimum Problematic amount).The security level of target account can determine in the following manner, it is assumed that validation problem data are Q_i, correspond to Security level can be r (Q_i), the vocal print feature for the voice that user issues is V_j, corresponding security level can be r (V_i), S can be the security level determining according to scheduled business experience, validation problem data and use in the embodiment of the present application The interactive mode at family is validation problem one at a time, and α and β are respectively the minimum requirements for reaching the security level of target account, can To determine whether that validation problem data corresponding validation problem in part answers wrong and vocal print aspect ratio to not according to following configurations Pass through.

S=α * ∑ r (Q_i)+β*∑r(V_j)………………………………(1)

In step S306, the voice data for the voice that user is issued for validation problem data is obtained.

In step S308, speech recognition and voiceprint extraction are carried out to above-mentioned voice data, obtain speech recognition result and Vocal print feature.

The step content of above-mentioned steps S306 and step S308 respectively with the step S102 and step in above-described embodiment one The step content of S104 is identical, and the processing of above-mentioned steps S306 and step S308 can be respectively referring to step S102 and step S104 Related content, details are not described herein.

It should be noted that carrying out speech recognition to above-mentioned voice data in above-mentioned steps S308, speech recognition knot is obtained The processing of fruit can be varied, and a kind of feasible processing mode presented below can specifically include the following contents: to upper predicate Sound data carry out speech recognition, the corresponding text data of the voice data are obtained, using this article notebook data as above-mentioned speech recognition As a result, concrete processing procedure may refer to the related content of above-mentioned steps S104, details are not described herein.

In step s310, upper speech recognition result is compared with the answer of corresponding validation problem data, is obtained It is compared to the first comparison result, and by above-mentioned vocal print feature with the target vocal print feature of pre-stored user, obtains Two comparison results.

In view of the voice of user may be subjected to the influence of external environment, i.e. the noise of external environment enters the language of user In sound, the voice quality of user is caused to decline, in addition, being influenced by external environment etc., the vocal print of user can also change, into And the voice quality of user is caused to decline, for this purpose, whether the vocal print feature that can be set can provide authentication decision Judgment mechanism, with determine the need for carry out vocal print feature comparison, specifically may refer to following step one and step 2.

Step 1 obtains the characteristic value of above-mentioned vocal print feature.

In an implementation, the characteristic value of above-mentioned vocal print feature can be determined according to the calculation method of characteristic value, for example, embodiment IVector mode is based in one in step S106, the vector of available correlation vocal print feature passes through obtained vocal print feature Vector further calculates the characteristic value of vocal print feature.

Step 2, if the characteristic value of above-mentioned vocal print feature is greater than the first preset threshold, by the vocal print feature and in advance The target vocal print feature of the user of storage is compared, and obtains the second comparison result.

Wherein, the first preset threshold may be set according to actual conditions, and specific such as 1 or 5.

In step S312, according to above-mentioned first comparison result and above-mentioned second comparison result, determine that the identity of user is tested Whether card passes through.

The processing of above-mentioned steps S312 can be respectively referring to the related content of step S106 in above-described embodiment one, herein not It repeats again.

In view of the voice of user is influenced by external environment, i.e. the noise of external environment enters in the voice of user, The voice quality of user is caused to decline, in addition, being influenced by external environment etc., the vocal print of user can also change, Jin Erzao Decline at the voice quality of user, in order to avoid the relevant informations such as the information of user or target account are stolen, can increase attached Add validation problem data, to improve the security level of target account, specifically may refer to following step S314 and step S316.

In step S314, if the comparison of the characteristic value of the characteristic value of above-mentioned vocal print feature and above-mentioned target vocal print feature Value is not more than the second preset threshold, then obtains the additional identification problem data to match with user and above-mentioned verification environment information.

Wherein, the second preset threshold may be set according to actual conditions, and specific such as 1 or 5, also, the first preset threshold Greater than the second preset threshold.The characteristic value of above-mentioned vocal print feature and the comparison value of the characteristic value of above-mentioned target vocal print feature can be The ratio of the two, such as the characteristic value of vocal print feature are 5, the characteristic value 2 of target vocal print feature, then the feature of above-mentioned vocal print feature The comparison value of value and the characteristic value of above-mentioned target vocal print feature is 5/2=2.5.Additional identification problem data is going through according to user The data that history behavioral data generates, and/or, it is the data chosen from the pre-set safe question and answer data of user.

The processing of above-mentioned steps S314 can be respectively referring to the related content of step S304, and details are not described herein.

In step S316, it is based on above-mentioned additional identification problem data and above-mentioned first comparison result, to the identity of user It is verified.

In addition, it should be noted that, obtaining the voice number of the voice of user's sending based on above-mentioned additional identification problem data It can be to update the current vocal print feature of user by the vocal print feature of the voice data after.

In addition, if user does not carry out the registration of vocal print feature vocal print feature can be carried out based on validation problem data Automatic collection and registration, therefore, the embodiment of the present application does not force restriction user that must carry out the Active Registration of vocal print feature； If user is when carrying out the comparison of vocal print feature, since various problems cause comparison result that can not be applied to authentication (ratio Such as environmental noise, vocal print change with age and physical condition), then in the authentication process and user experience for not influencing user Under the premise of, the voice data for the voice that user issues is collected, so as to the extraction algorithm or model optimization to vocal print feature.To sound The extraction algorithm of line feature or the degree of optimization of model are higher, after adapting to the abnormal factors such as noise, in the identity for carrying out user The comparison requirement of vocal print feature can be required to have to comply in verification process, to promote the security level of the target account of user； If a small amount of validation problem answer of user is incorrect, but the comparison of final vocal print feature passes through, and meets the peace of target account When full class requirement, then corresponding answer can be corrected according to voice data, to promote the answer of validation problem data Accuracy.

Embodiment three

The above are auth methods provided by the embodiments of the present application, are based on same thinking, and the embodiment of the present application also mentions For a kind of authentication means, as shown in Figure 4.

The authentication means include: that voice obtains module 401, identification extraction module 402 and authentication module 403, In:

Voice obtains module 401, for obtaining the voice data for the voice that user is issued for validation problem data；

It identifies extraction module 402, for carrying out speech recognition and voiceprint extraction to the voice data, obtains speech recognition And vocal print feature as a result；

Authentication module 403, for testing the identity of the user according to institute's speech recognition result harmony line feature Card.

In the embodiment of the present application, described device further include:

In the embodiment of the present application, the data acquisition module, comprising:

In the embodiment of the present application, the security level of the voice response quantity and the target account is positively correlated.

In the embodiment of the present application, the identification extraction module 402, for carrying out speech recognition to the voice data, The corresponding text data of the voice data is obtained, using the text data as institute's speech recognition result.

In the embodiment of the present application, the authentication module 403, comprising:

In the embodiment of the present application, described device further include:

The authentication module 403, for being based on the additional identification problem data and first comparison result, to described The identity of user is verified.

In the embodiment of the present application, the validation problem data are according to the historical behavior of the corresponding user of the user identifier Data generate, or, choosing from the pre-set safe question and answer data of the user.

In the embodiment of the present application, the verification environment information include location information that the user is presently in and/or Transaction Information relevant to the user.

The embodiment of the present application provides a kind of authentication means, is directed to what validation problem data were issued by obtaining user Then the voice data of voice carries out speech recognition and voiceprint extraction to the voice data, obtains speech recognition result and vocal print Feature, finally, can be verified according to the speech recognition result and vocal print feature to the identity of user, in this way, passing through verifying Problem data carries out interactive voice with user in the form of question and answer, the vocal print acquisition and comparison being naturally completed, moreover, logical It crosses the two aspect data such as validation problem data and vocal print feature to verify the identity of user, promotes the target account of user Safety, also, compared due to increasing vocal print, it is possible to reduce the quantity of validation problem data, thus, shorten the operation of user Process improves the convenience of authentication.

Example IV

Based on same thinking, the embodiment of the present application also provides a kind of identity-validation device, as shown in Figure 5.

The identity-validation device can be server provided by the above embodiment or terminal device etc..

Identity-validation device can generate bigger difference because configuration or performance are different, may include one or one with On processor 501 and memory 502, can store one or more storage application programs or number in memory 502 According to.Wherein, memory 502 can be of short duration storage or persistent storage.The application program for being stored in memory 502 may include one A or more than one module (diagram is not shown), each module may include can to the series of computation machine in identity-validation device It executes instruction.Further, processor 501 can be set to communicate with memory 502, executes and deposits on identity-validation device Series of computation machine executable instruction in reservoir 502.Identity-validation device can also include one or more power supplys 503, one or more wired or wireless network interfaces 504, one or more input/output interfaces 505, one or More than one keyboard 506.

Specifically in the present embodiment, identity-validation device includes memory and one or more program, In one perhaps more than one program is stored in memory and one or more than one program may include one or one With upper module, and each module may include and being configured to the series of computation machine executable instruction in identity-validation device With by one or more than one processor execute this or more than one program include can for carrying out following computer It executes instruction:

Optionally, the executable instruction when executed, can also make the processor:

Obtain the characteristic value of the vocal print feature；

The embodiment of the present application provides a kind of identity-validation device, is directed to what validation problem data were issued by obtaining user Then the voice data of voice carries out speech recognition and voiceprint extraction to the voice data, obtains speech recognition result and vocal print Feature, finally, can be verified according to the speech recognition result and vocal print feature to the identity of user, in this way, passing through verifying Problem data carries out interactive voice with user in the form of question and answer, the vocal print acquisition and comparison being naturally completed, moreover, logical It crosses the two aspect data such as validation problem data and vocal print feature to verify the identity of user, promotes the target account of user Safety, also, compared due to increasing vocal print, it is possible to reduce the quantity of validation problem data, thus, shorten the operation of user Process improves the convenience of authentication.

It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can With or may be advantageous.

In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions For either the software module of implementation method can be the structure in hardware component again.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.

For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.

It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.

The application can describe in the general context of computer-executable instructions executed by a computer, such as program Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with In the local and remote computer storage media including storage equipment.

All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.

The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims

1. a kind of auth method, which is characterized in that the described method includes:

2. the method according to claim 1, wherein described obtain what user was issued for validation problem data Before the voice data of voice, the method also includes:

3. according to the method described in claim 2, it is characterized in that, described according to the verification environment acquisition of information and the use The validation problem data that family matches, comprising:

4. according to the method described in claim 3, it is characterized in that, the safety of the voice response quantity and the target account Grade is positively correlated.

5. being obtained the method according to claim 1, wherein described carry out speech recognition to the voice data Speech recognition result, comprising:

Speech recognition is carried out to the voice data, the corresponding text data of the voice data is obtained, by the text data As institute's speech recognition result.

6. the method according to claim 1, wherein described according to institute's speech recognition result harmony line feature, The corresponding user identity of the user identifier is verified, comprising:

Institute's speech recognition result is compared with the answer of corresponding validation problem data, obtains the first comparison result, and The vocal print feature is compared with the target vocal print feature of the pre-stored user, obtains the second comparison result；

According to first comparison result and second comparison result, determine whether the authentication of the user passes through.

7. according to the method described in claim 6, it is characterized in that, the method also includes:

Obtain the characteristic value of the vocal print feature；

It is described that the vocal print feature is compared with the target vocal print feature of the pre-stored user, obtain the second comparison As a result, comprising:

If the characteristic value of the vocal print feature be greater than the first preset threshold, by the vocal print feature with it is pre-stored described The target vocal print feature of user is compared, and obtains the second comparison result.

8. the method according to the description of claim 7 is characterized in that the method also includes:

If the comparison value of the characteristic value of the characteristic value of the vocal print feature and the target vocal print feature is default no more than second Threshold value then obtains the additional identification problem data to match with the user and the verification environment information；

9. the method according to claim 1, wherein the validation problem data are corresponding according to the user identifier User historical behavior data generate, or, being chosen from the pre-set safe question and answer data of the user.

10. method according to claim 1 to 9, which is characterized in that the verification environment information includes described The location information and/or Transaction Information relevant to the user that user is presently in.

11. a kind of authentication means, which is characterized in that described device includes:

Identify extraction module, for carrying out speech recognition and voiceprint extraction to the voice data, obtain speech recognition result and Vocal print feature；

12. device according to claim 11, which is characterized in that described device further include:

Request receiving module includes testing in the authentication request for receiving the Client-initiated authentication request Demonstrate,prove environmental information；

Data acquisition module, the validation problem data for being matched according to the verification environment acquisition of information and the user.

13. device according to claim 12, which is characterized in that the data acquisition module, comprising:

Risk factor determination unit, for determining what the target account of the user was stolen according to the verification environment information Risk factor；

Data capture unit, for determining and being asked for the voice response quantity of authentication and verifying according to the risk factor Inscribe data.

14. device according to claim 13, which is characterized in that the peace of the voice response quantity and the target account Congruent grade is positively correlated.

15. device according to claim 11, which is characterized in that the identification extraction module, for the voice number According to speech recognition is carried out, the corresponding text data of the voice data is obtained, using the text data as the speech recognition As a result.

16. device according to claim 11, which is characterized in that the authentication module, comprising:

Comparison result acquiring unit, for comparing institute's speech recognition result with the answer of corresponding validation problem data It is right, the first comparison result is obtained, and the vocal print feature and the target vocal print feature of the pre-stored user are compared It is right, obtain the second comparison result；

Authentication unit, for determining that the identity of the user is tested according to first comparison result and second comparison result Whether card passes through.

17. device according to claim 16, which is characterized in that described device further include:

The comparison result acquiring unit, if the characteristic value for the vocal print feature is greater than the first preset threshold, by institute It states vocal print feature to be compared with the target vocal print feature of the pre-stored user, obtains the second comparison result.

18. device according to claim 17, which is characterized in that described device further include:

Additional data obtains module, if the characteristic value of the characteristic value and target vocal print feature for the vocal print feature Comparison value is not more than the second preset threshold, then obtains the additional identification to match with the user and the verification environment information and ask Inscribe data；

The authentication module, for being based on the additional identification problem data and first comparison result, to the user's Identity is verified.

19. device according to claim 11, which is characterized in that the validation problem data are according to the user identifier pair The historical behavior data of the user answered generate, or, choosing from the pre-set safe question and answer data of the user.

20. device described in any one of 1-19 according to claim 1, which is characterized in that the verification environment information includes institute State the location information and/or Transaction Information relevant to the user that user is presently in.

21. a kind of identity-validation device, the equipment include:

Processor；And

It is arranged to the memory of storage computer executable instructions, the executable instruction makes the processor when executed Execute following operation: