CN110647641A - Authentication method, apparatus, computer equipment and storage medium - Google Patents

Authentication method, apparatus, computer equipment and storage medium Download PDF

Info

Publication number
CN110647641A
CN110647641A CN201910753696.8A CN201910753696A CN110647641A CN 110647641 A CN110647641 A CN 110647641A CN 201910753696 A CN201910753696 A CN 201910753696A CN 110647641 A CN110647641 A CN 110647641A
Authority
CN
China
Prior art keywords
user
image
application
data
face image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910753696.8A
Other languages
Chinese (zh)
Inventor
杨力郎
吴元新
周水彪
雷志凌
汪艳群
金明
魏尧东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910753696.8A priority Critical patent/CN110647641A/en
Publication of CN110647641A publication Critical patent/CN110647641A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/53Querying
    • G06F16/535Filtering based on additional data, e.g. user or group profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/58Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/583Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Library & Information Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Collating Specific Patterns (AREA)

Abstract

本申请涉及一种身份验证方法、装置、计算机设备和存储介质。所述方法包括:获取业务数据;所述业务数据包括目标用户的用户标识及现场人脸图像;根据所述业务数据对应业务场景及所述用户标识确定身份验证类型;当所述身份验证类型为预设类型时,生成所述用户标识的查询语句;基于所述查询语句在复用库中查询拉取所述用户标识对应的基准人脸图像;当现场人脸图像与基准人脸图像比对一致,则目标用户的身份验证通过。采用本方法能够节约交互资源。

The present application relates to an identity verification method, apparatus, computer equipment and storage medium. The method includes: acquiring business data; the business data includes a user ID of a target user and a live face image; determining an identity verification type according to a business scenario corresponding to the business data and the user ID; when the identity verification type is When the type is preset, a query statement of the user ID is generated; based on the query statement, the reference face image corresponding to the user ID is queried and pulled in the multiplexing library; when the on-site face image is compared with the reference face image If they are consistent, the authentication of the target user is passed. By adopting this method, interactive resources can be saved.

Description

身份验证方法、装置、计算机设备和存储介质Authentication method, apparatus, computer equipment and storage medium

技术领域technical field

本申请涉及计算机技术领域,特别是涉及一种身份验证方法、装置、计算机设备和存储介质。The present application relates to the field of computer technology, and in particular, to an identity verification method, apparatus, computer equipment and storage medium.

背景技术Background technique

在多种业务场景中,常需要对用户是否为本人进行验证。随着计算机技术的发展,出现了多种身份验证方式。比如,基于人脸图像、指纹等生物特征的身份验证。传统方式,基于人脸图像的身份验证主要采用联网核查的方式,需要调用人行或公安部的生物特征库接口,将现场采集的人脸图像与人行或者公安部构建的生物特征库中相应人脸图像进行比对。但是这种方式需要频繁调用接口,占用大量交互资源。In various business scenarios, it is often necessary to verify whether the user is the user. With the development of computer technology, a variety of authentication methods have emerged. For example, authentication based on biometric features such as face images and fingerprints. Traditionally, the authentication based on face images mainly adopts the method of online verification, which requires calling the biometric database interface of the People's Bank of China or the Ministry of Public Security to compare the face images collected on the spot with the corresponding faces in the biometric database constructed by the People's Bank of China or the Ministry of Public Security. Images are compared. However, this method requires frequent calls to the interface and takes up a lot of interaction resources.

发明内容SUMMARY OF THE INVENTION

基于此,有必要针对上述技术问题,提供一种能够节约交互资源的身份验证方法、装置、计算机设备和存储介质。Based on this, it is necessary to provide an authentication method, apparatus, computer device and storage medium that can save interactive resources in response to the above technical problems.

一种身份验证方法,所述方法包括:获取业务数据;所述业务数据包括目标用户的用户标识及现场人脸图像;根据所述业务数据对应业务场景及所述用户标识确定身份验证类型;当所述身份验证类型为预设类型时,生成所述用户标识的查询语句;基于所述查询语句在复用库中查询拉取所述用户标识对应的基准人脸图像;当所述现场人脸图像与所述基准人脸图像比对一致,则所述目标用户的身份验证通过。An identity verification method, the method comprising: acquiring business data; the business data includes a user identifier of a target user and a live face image; determining an identity verification type according to a business scenario corresponding to the business data and the user identifier; When the identity verification type is a preset type, a query statement of the user identification is generated; based on the query statement, the reference face image corresponding to the user identification is queried and pulled in the multiplexing library; If the image is consistent with the reference face image, the identity verification of the target user is passed.

在一个实施例中,所述获取业务数据包括:在第一母应用程序所提供的用于运行子应用程序的环境中,运行选中的第一子应用程序;建立第一子应用程序与第二子应用程序的通信连接;所述第二子应用程序运行在用户终端上第二母应用程序所提供的用于运行子应用程序的环境中;通过所述子应用接收所述用户终端发送的用户标识,所述用户标识是所述用户终端通过所述第二子应用程序获取的用户存储于第二母应用的身份信息。In one embodiment, the acquiring business data includes: in the environment provided by the first parent application for running the sub-application, running the selected first sub-application; establishing the first sub-application and the second sub-application The communication connection of the sub-application; the second sub-application runs in the environment provided by the second parent application on the user terminal for running the sub-application; the user terminal sent by the user terminal is received through the sub-application ID, where the user ID is the user's identity information stored in the second parent application obtained by the user terminal through the second sub-application.

在一个实施例中,所述获取业务数据包括:获取待传输的业务数据,筛选业务数据中的图像数据;将筛选到的图像数据存储至第一服务器;接收所述第一服务器返回的与存储的图像数据对应的图像标识;将所述业务数据中的字符数据和图像标识发送至第二服务器;当需要使用图像数据时,根据图像标识从所述第一服务器拉取图像数据。In one embodiment, the obtaining service data includes: obtaining service data to be transmitted, and screening image data in the service data; storing the screened image data in a first server; receiving and storing the data returned by the first server and storing The image identifier corresponding to the image data; sending the character data and the image identifier in the business data to the second server; when the image data needs to be used, the image data is pulled from the first server according to the image identifier.

在一个实施例中,所述基于所述查询语句在复用库中拉取所述用户标识对应的基准人脸图像之前,还包括:在多个业务库中同步已验证的现场人脸图像及对应的属性信息;所述属性信息包括用户标识;根据预存储的公钥对所述现场人脸图像进行对称解密;对解密得到的现场人脸图像进行非对称加密;将加密后现场人脸图像作为相应用户标识的基准人脸图像存储至复用库。In one embodiment, before pulling the reference face image corresponding to the user ID in the multiplexing library based on the query statement, the method further includes: synchronizing the verified live face image and Corresponding attribute information; the attribute information includes a user ID; symmetrically decrypt the on-site face image according to a pre-stored public key; perform asymmetric encryption on the decrypted on-site face image; encrypt the encrypted on-site face image The reference face image as the corresponding user identification is stored in the multiplexing library.

在一个实施例中,所述方法还包括:当所述身份验证类型不属于预设类型,或者所述复用库中不存在所述用户标识对应的基准人脸图像时,调用数据接口从第三方库拉取所述用户标识对应的基准人脸图像。In one embodiment, the method further includes: when the authentication type does not belong to a preset type, or the reference face image corresponding to the user ID does not exist in the multiplexing library, invoking a data interface from the first The third-party library pulls the reference face image corresponding to the user identification.

一种身份验证装置,包括:现场图像获取模块,用于获取业务数据;所述业务数据包括目标用户的用户标识及现场人脸图像;基准图像获取模块,用于根据所述业务数据对应业务场景及所述用户标识确定身份验证类型;当所述身份验证类型为预设类型时,生成所述用户标识的查询语句;基于所述查询语句在复用库中查询拉取所述用户标识对应的基准人脸图像;图像比对验证模块,用于当所述现场人脸图像与所述基准人脸图像比对一致,则所述目标用户的身份验证通过。An identity verification device, comprising: an on-site image acquisition module for acquiring business data; the business data includes a user identification of a target user and an on-site face image; a reference image acquisition module for corresponding to a business scenario according to the business data and the user ID to determine the identity verification type; when the identity verification type is a preset type, generate a query statement for the user ID; query and pull the corresponding user ID based on the query statement in the multiplexing library A reference face image; an image comparison and verification module, configured to pass the identity verification of the target user when the on-site face image is consistent with the reference face image.

在一个实施例中,所述现场图像获取模块还用于在第一母应用程序所提供的用于运行子应用程序的环境中,运行选中的第一子应用程序;建立第一子应用程序与第二子应用程序的通信连接;所述第二子应用程序运行在用户终端上第二母应用程序所提供的用于运行子应用程序的环境中;通过所述子应用接收所述用户终端发送的用户标识,所述用户标识是所述用户终端通过所述第二子应用程序获取的用户存储于第二母应用的身份信息。In one embodiment, the live image acquisition module is further configured to run the selected first sub-application in the environment provided by the first parent application for running the sub-application; establish the first sub-application with The communication connection of the second sub-application; the second sub-application runs in the environment provided by the second parent application on the user terminal for running the sub-application; the sub-application receives the data sent by the user terminal through the sub-application The user identifier is the user's identity information stored in the second parent application obtained by the user terminal through the second sub-application.

在一个实施例中,所述现场图像获取模块还用于获取待传输的业务数据,筛选业务数据中的图像数据;将筛选到的图像数据存储至第一服务器;接收第一服务器返回的与存储的图像数据对应的图像标识;将业务数据中的字符数据和图像标识发送至第二服务器;当需要使用图像数据时,根据图像标识从第一服务器拉取图像数据。In one embodiment, the on-site image acquisition module is further configured to acquire service data to be transmitted, and screen the image data in the service data; store the screened image data in the first server; receive and store the data returned by the first server. The image identification corresponding to the image data; sending the character data and the image identification in the business data to the second server; when the image data needs to be used, the image data is pulled from the first server according to the image identification.

一种计算机设备,包括存储器和处理器,所述存储器存储有计算机程序,所述处理器执行所述计算机程序时实现本申请任意一个实施例中提供的身份验证方法的步骤。A computer device includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the identity verification method provided in any one of the embodiments of the present application when the processor executes the computer program.

一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现本申请任意一个实施例中提供的身份验证方法的步骤。A computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the identity verification method provided in any one of the embodiments of this application.

上述身份验证方法、装置、计算机设备和存储介质,构建用于存储已有客户信息的本地复用库,并针对不同业务场景的业务数据预置不同的身份验证方式。在办理预设类型业务场景的业务时,若需要对用户身份进行验证,则可以先基于复用库获取作为参考的基准人脸图像;若复用库中存在相应身份证号对应的证件图片,可以直接在本地复用库中提取相应用户标识对应的基准人脸图像,通过比对基准人脸图像和现场人脸图像即可实现身份验证,无需调用联网核查接口,减少与第三方库之间的交互频率,从而节约交互资源。The above authentication method, device, computer equipment and storage medium build a local multiplexing library for storing existing customer information, and preset different authentication methods for business data in different business scenarios. When handling a business of a preset type of business scenario, if the user identity needs to be verified, you can first obtain a reference face image based on the multiplexing library; if there is an ID picture corresponding to the corresponding ID number in the multiplexing library, The reference face image corresponding to the corresponding user ID can be directly extracted from the local multiplexing library, and authentication can be realized by comparing the reference face image and the on-site face image without calling the network verification interface, reducing the need for communication with third-party libraries. interaction frequency, thereby saving interaction resources.

附图说明Description of drawings

图1为一个实施例中身份验证方法的应用场景图;Fig. 1 is the application scene diagram of the authentication method in one embodiment;

图2为一个实施例中身份验证方法的流程示意图;2 is a schematic flowchart of an identity verification method in one embodiment;

图3为一个实施例中身份验证装置的结构框图;3 is a structural block diagram of an identity verification device in one embodiment;

图4为一个实施例中计算机设备的内部结构图;Fig. 4 is the internal structure diagram of the computer device in one embodiment;

图5为另一个实施例中计算机设备的内部结构图。FIG. 5 is an internal structure diagram of a computer device in another embodiment.

具体实施方式Detailed ways

为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.

本申请提供的身份验证方法,可以应用于如图1所示的应用环境中。参照图1,该身份验证方法应用于身份验证系统。该身份验证系统包括终端110和服务器120。该身份验证方法可以在终端110或服务器120完成。终端110可以获取业务数据后在终端110上采用上述身份验证方法对目标用户进行身份验证。或者终端110可以获取业务数据后,通过网络将业务数据发送至服务器120,服务器120采用上述身份验证方法对目标用户进行身份验证。终端102可以但不限于是各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备,服务器104可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The authentication method provided in this application can be applied to the application environment shown in FIG. 1 . Referring to FIG. 1, the identity verification method is applied to an identity verification system. The authentication system includes a terminal 110 and a server 120 . The authentication method can be done at the terminal 110 or the server 120 . After the terminal 110 obtains the service data, the terminal 110 can use the above-mentioned authentication method to perform identity authentication on the target user. Alternatively, the terminal 110 may, after acquiring the service data, send the service data to the server 120 through the network, and the server 120 may use the above-mentioned authentication method to authenticate the target user. The terminal 102 can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers and portable wearable devices, and the server 104 can be implemented by an independent server or a server cluster composed of multiple servers.

在一个实施例中,如图2所示,提供了一种身份验证方法,以该方法应用于图1中的终端或服务器为例进行说明,包括以下步骤:In one embodiment, as shown in FIG. 2 , an authentication method is provided, and the method is applied to the terminal or server in FIG. 1 as an example for description, including the following steps:

步骤S202,获取业务数据;业务数据包括目标用户的用户标识及现场人脸图像。Step S202, acquiring service data; the service data includes the user ID of the target user and the on-site face image.

当目标用户需要办理某种业务时,可以基于自己的用户终端录入业务数据进行业务办理,或者前往柜台由业务人员在业务终端辅助录入业务数据进行业务办理。为了描述方便,下文将用户终端、业务终端、服务器统称为计算机设备。计算机设备获取现场采集的业务数据。根据要办理的业务不同,业务数据的内容可以不同。比如,待贷款申请业务场景中,待传输的业务数据可以是贷款审核数据,包括贷款字符数据、身份证图像数据、营业执照图像数据和房产证图像数据中的至少一种。When the target user needs to handle a certain business, the business can be handled based on the business data entered on the user terminal, or the business personnel can enter the business data at the counter to assist in the business handling. For the convenience of description, the user terminal, the service terminal, and the server are collectively referred to as computer equipment hereinafter. Computer equipment acquires business data collected on-site. Depending on the business to be handled, the content of the business data can be different. For example, in the loan application business scenario, the business data to be transmitted may be loan review data, including at least one of loan character data, ID card image data, business license image data, and real estate certificate image data.

若办理的业务需要进行身份验证,业务数据包括目标用户的用户标识及现场人脸图像。其中,用户标识是能够唯一标识目标用户的身份信息,如证件号、手机号等。现场人脸图像是指在业务办理现实场景下采集的人脸图像。If identity verification is required for the business handled, the business data includes the user ID of the target user and the on-site face image. The user identifier is identity information that can uniquely identify the target user, such as a certificate number, a mobile phone number, and the like. The on-site face image refers to the face image collected in the real scene of business processing.

步骤S204,根据业务数据对应业务场景及用户标识确定身份验证类型。Step S204: Determine the identity verification type according to the business scenario corresponding to the business data and the user ID.

本实施例提供的身份验证方法适用于多种业务场景。不同业务场景对于身份验证的方式(以下称“身份验证类型”)不同。比如,在一些业务场景中的业务允许按照预设的一种身份验证类型进行身份验证,而有些业务场景的业务则不允许。其中一种预设的身份验证类型(以下简称“预设类型”)是指首先根据用户标识在预先构建的复用库中查询对应的基准人脸图像,当复用库中不存在对应基准人脸图像时才调用第三方接口从第三方库中拉取对应的基准人脸图像。The authentication method provided in this embodiment is suitable for various business scenarios. Different business scenarios have different authentication methods (hereinafter referred to as "authentication types"). For example, services in some business scenarios allow authentication according to a preset authentication type, while services in some business scenarios are not allowed. One of the preset authentication types (hereinafter referred to as "preset types") refers to first querying the corresponding reference face image in the pre-built multiplexing library according to the user ID. When there is no corresponding benchmarking person in the multiplexing library When the face image is called, the third-party interface is called to pull the corresponding reference face image from the third-party library.

步骤S206,当身份验证类型为预设类型时,生成用户标识的查询语句。Step S206, when the authentication type is a preset type, generate a query statement for the user ID.

计算机设备预先存储了多种业务场景对应的SQL语句模板。计算机设备利用待验证的目标用户的用户标识对SQL语句模板中的查询标签进行替换,得到用于在复用库中查询该用户标识对应基准人脸图像的查询语句。The computer device pre-stores SQL statement templates corresponding to various business scenarios. The computer device replaces the query label in the SQL statement template with the user ID of the target user to be verified, and obtains a query statement for querying the reference face image corresponding to the user ID in the multiplexing library.

步骤S208,基于查询语句在复用库中查询拉取用户标识对应的基准人脸图像。Step S208, query and pull the reference face image corresponding to the user ID in the multiplexing library based on the query statement.

计算机设备基于生成的查询语句在复用库中查询是否存在该用户标识对应的基准人脸图像。若存在,表示该目标用户为老用户,计算机设备直接从复用库中拉取相应基准人脸图像进行身份验证。Based on the generated query statement, the computer device queries the multiplexing library whether there is a reference face image corresponding to the user identification. If it exists, it means that the target user is an old user, and the computer device directly pulls the corresponding reference face image from the multiplexing library for authentication.

在一个实施例中,上述身份验证方法还包括:当身份验证类型不属于预设类型,或者复用库中不存在用户标识对应的基准人脸图像时,调用数据接口从第三方库拉取用户标识对应的基准人脸图像。In one embodiment, the above-mentioned authentication method further includes: when the authentication type does not belong to the preset type, or the reference face image corresponding to the user ID does not exist in the multiplexing library, invoking the data interface to pull the user from the third-party library Identifies the corresponding reference face image.

若身份验证类型不属于预设类型,表示当前业务不允许按照上述方式进行身份验证,则计算机设备调用人行或公安部的生物特征库接口从人行或公安部的生物特征库等第三方库中拉取基准人脸图像。If the authentication type does not belong to the preset type, it means that the current business does not allow authentication according to the above method, and the computer device calls the biometric library interface of the People's Bank of China or the Ministry of Public Security to pull the data from a third-party library such as the biometric library of the People's Bank of China or the Ministry of Public Security. Take the benchmark face image.

若复用库中不存在用户标识对应的基准人脸图像,表示该目标用户为新用户,计算机设备按照上述方式调用第三方接口从第三方库中拉取基准人脸图像,通过将目标用户的现场人脸图像和基准人脸图像进行比对,实现联网核查。If the reference face image corresponding to the user ID does not exist in the multiplexing library, it means that the target user is a new user, and the computer device invokes the third-party interface to pull the reference face image from the third-party library in the above-mentioned manner. The on-site face image is compared with the reference face image to realize online verification.

步骤S210,当现场人脸图像与基准人脸图像比对一致,则目标用户的身份验证通过。Step S210, when the on-site face image is consistent with the reference face image, the identity verification of the target user is passed.

计算机设备分别提取现场人脸图像和基准人脸图像的图像特征,计算两个图像特征的相似度,比较相似度是否达到阈值。若是,则身份验证通过;反制,身份验证失败。The computer equipment extracts the image features of the live face image and the reference face image respectively, calculates the similarity of the two image features, and compares whether the similarity reaches a threshold. If it is, the authentication is passed; otherwise, the authentication fails.

在一个实施例中,复用库中还存储了每个基准人脸图像对应的图像特征,使得后续基准人脸图像用于身份验证时可以直接拉取相应图像特征,减少了对同一图像频繁提取图像特征的繁琐,提高图像比对效率,进而提高身份验证效率。In one embodiment, the image features corresponding to each reference face image are also stored in the multiplexing library, so that the corresponding image features can be directly extracted when subsequent reference face images are used for identity verification, reducing frequent extraction of the same image. The cumbersome image features improve the efficiency of image comparison, thereby improving the efficiency of identity verification.

根据用户标识可以准确确定用作用户进行身份验证比对基准的唯一人脸图像,从而只需将现场采集的人脸图像与根据用户标识确定的唯一人脸图形进行比对,不仅进一步提高身份验证效率,由于减少了生物特征库中其他生物特征对特征比对过程的干扰,也可以提高身份验证结果准确性。According to the user identification, the unique face image that is used as the benchmark for user authentication and comparison can be accurately determined, so that only the face image collected on the spot needs to be compared with the unique face image determined according to the user identification, which not only further improves the authentication Efficiency, since the interference of other biometrics in the biometric library to the feature comparison process is reduced, the accuracy of authentication results can also be improved.

本实施例中,构建用于存储已有客户信息的本地复用库,并针对不同业务场景的业务数据预置不同的身份验证方式。在办理预设类型业务场景的业务时,若需要对用户身份进行验证,则可以先基于复用库获取作为参考的基准人脸图像;若复用库中存在相应身份证号对应的证件图片,可以直接在本地复用库中提取相应用户标识对应的基准人脸图像,通过比对基准人脸图像和现场人脸图像即可实现身份验证,无需调用联网核查接口,减少与第三方库之间的交互频率,从而节约交互资源。In this embodiment, a local multiplexing library for storing existing customer information is constructed, and different authentication methods are preset for business data in different business scenarios. When handling a business of a preset type of business scenario, if the user identity needs to be verified, you can first obtain a reference face image based on the multiplexing library; if there is an ID picture corresponding to the corresponding ID number in the multiplexing library, The reference face image corresponding to the corresponding user ID can be directly extracted from the local multiplexing library, and authentication can be realized by comparing the reference face image and the on-site face image without calling the network verification interface, reducing the need for communication with third-party libraries. interaction frequency, thereby saving interaction resources.

在一个实施例中,获取业务数据包括:在第一母应用程序所提供的用于运行子应用程序的环境中,运行选中的第一子应用程序;建立第一子应用程序与第二子应用程序的通信连接;所述第二子应用程序运行在用户终端上第二母应用程序所提供的用于运行子应用程序的环境中;通过所述子应用接收所述用户终端发送的用户标识,所述用户标识是所述用户终端通过所述第二子应用程序获取的用户存储于第二母应用的身份信息。In one embodiment, acquiring the business data includes: running the selected first sub-application in the environment provided by the first parent application for running the sub-application; establishing the first sub-application and the second sub-application The communication connection of the program; the second sub-application runs in the environment provided by the second parent application on the user terminal for running the sub-application; the user identification sent by the user terminal is received through the sub-application, The user identifier is user identity information obtained by the user terminal through the second sub-application and stored in the second parent application.

业务终端上运行有第一母应用程序以及运行在第一母应用程序上的第一子应用程序。用户终端上运行有第二母应用程序以及运行在第二母应用程序上的第二子应用程序。用户终端运行的第二子应用程序与业务终端上运行的第一子应用程序通过第二服务平台、第一服务平台中转通信。第一服务平台是为第一母应用程序提供服务的平台,第二服务平台是为第二母应用程序提供服务的平台。业务终端可以是具有人脸图像采集功能的平板电脑、闸机、收银设备等。A first parent application and a first sub-application running on the first parent application run on the service terminal. A second parent application and a second sub-application running on the second parent application run on the user terminal. The second sub-application running on the user terminal communicates with the first sub-application running on the service terminal through the second service platform and the first service platform. The first service platform is a platform that provides services for the first parent application, and the second service platform is a platform that provides services for the second parent application. The service terminal can be a tablet computer, a gate, a cash register, etc. with a face image collection function.

第二母应用程序及第一母应用程序是直接运行于操作系统的原生应用程序。比如,第二母应用程序可以是能够提供待验证的用户的身份信息的社交应用、邮件引用、支付应用或游戏应用等。社交应用,包括即时通信应用、SNS(Social Network Service,社交网站)应用或者直播应用等。第一母应用程序可以是能够进行身份验证,并根据身份验证结果执行不同业务操作的社交应用、支付应用或检票应用等。第二子应用程序及第一子应用程序则是可在原生应用程序提供的环境中运行的应用程序。第二母应用程序、第一母应用程序具体可以是业务方与用户之间进行交互所使用的通信客户端,相应的第二子应用程序和第一子应用程序可以称之为小程序(Mini Program)。第二子应用程序和第一子应用程序可以是具有相同功能的同款子应用。The second parent application and the first parent application are native applications directly running on the operating system. For example, the second parent application may be a social application, email referral, payment application, or game application, etc., which can provide the identity information of the user to be verified. Social applications, including instant messaging applications, SNS (Social Network Service, social networking site) applications or live broadcast applications. The first parent application may be a social application, a payment application, or a ticket checking application, etc. that can perform identity verification and perform different business operations according to the identity verification result. The second sub-application and the first sub-application are applications that can run in the environment provided by the native application. The second parent application and the first parent application may specifically be the communication client used for the interaction between the business party and the user, and the corresponding second sub-application and the first sub-application may be referred to as mini programs (Mini Programs). Program). The second sub-application and the first sub-application may be the same sub-application with the same function.

用户预先可以对第二子应用程序在第二母应用程序启动后自动在第二母应用程序上运行、能够被周围的业务终端发现,以及对于用户标识的读取权限进行授权。在需要对目标用户进行身份验证时,业务终端通过第一子应用程序向用户终端发送连接请求。第二子应用程序响应连接请求,建立与业务终端之间的通信链路。通信链路是基于预设近场通信方式建立在用户终端与业务终端之间的点对点传输通道。The user may in advance authorize the second sub-application to automatically run on the second parent application after the second parent application is started, to be discoverable by the surrounding service terminals, and to authorize the read right of the user ID. When the target user needs to be authenticated, the service terminal sends a connection request to the user terminal through the first sub-application. The second sub-application establishes a communication link with the service terminal in response to the connection request. The communication link is a point-to-point transmission channel established between the user terminal and the service terminal based on a preset near-field communication method.

用户终端通过第二子应用程序获取属于第二母应用程序的用户标识。其中,用户标识是显示或记录在第二母应用程序中用于指代目标用户的标识,具体可以是用户在登录第二母应用程序时输入的身份信息,比如用户账号、用户手机号等;也可以是对用户标识加密后得到的用于唯一标识当前用户身份的字符串,与该用户标识对应,存储在第二服务平台的身份标识,比如属于即时通讯应用的openid(用户唯一标识)。若从第二母应用程序读取到的用户标识为用户账号,则第二子应用程序从第二母应用程序进一步读取该用户账号关联的用户手机号,将读取的用户手机号确定为最终的用户标识。用户终端基于通信链路将用户标识发送至业务终端,使业务终端基于用户标识拉取基准人脸图像。The user terminal acquires the user identifier belonging to the second parent application through the second sub-application. Wherein, the user identifier is an identifier displayed or recorded in the second parent application program to refer to the target user, and specifically may be the identity information entered by the user when logging in to the second parent application program, such as user account number, user mobile phone number, etc.; It can also be a character string obtained by encrypting the user ID and used to uniquely identify the current user ID, which corresponds to the user ID and is stored in the second service platform, such as an openid (user unique ID) belonging to an instant messaging application. If the user ID read from the second parent application is a user account, the second child application further reads the user mobile phone number associated with the user account from the second parent application, and determines the read user mobile phone number as End User ID. The user terminal sends the user identification to the service terminal based on the communication link, so that the service terminal pulls the reference face image based on the user identification.

本实施例中,在第二母应用程序运行了具有与身份验证设备通信的能力的第二子应用程序,该第二子应用程序还具备基于业务终端发起的连接请求从第二母应用程序读取用户标识,并自动对读取的用户标识进行反馈的能力。借助该第二子应用程序可实现用户标识的自动获取,避免了用户手动输入用户标识的繁琐,提高身份验证效率。In this embodiment, the second parent application runs a second sub-application capable of communicating with the authentication device, and the second sub-application also has the ability to read from the second parent application based on a connection request initiated by the service terminal The ability to obtain user IDs and automatically provide feedback on the read user IDs. With the help of the second sub-application, the automatic acquisition of the user ID can be realized, the tediousness of manually inputting the user ID by the user is avoided, and the authentication efficiency is improved.

在一个实施例中,通过第一母应用程序上的第一子应用程序,建立与用户终端上第二母应用程序上的第二子应用程序之间的通信链路包括:通过第一母应用程序上运行的第一子应用程序发起连接请求,并将连接请求依次通过第一母应用程序对应的第一服务平台、第二母应用程序对应的第二服务平台发送至用户终端上第二母应用程序上运行的第二子应用程序;当接收到第二子应用程序对连接请求的响应后,建立与用户终端上第二母应用程序上的第二子应用程序之间的通信链路。In one embodiment, through the first sub-application on the first parent application, establishing a communication link with the second sub-application on the second parent application on the user terminal includes: through the first parent application The first sub-application running on the program initiates a connection request, and sends the connection request to the second mother application on the user terminal through the first service platform corresponding to the first mother application program and the second service platform corresponding to the second mother application program in turn. The second sub-application running on the application; after receiving the response of the second sub-application to the connection request, establish a communication link with the second sub-application on the second parent application on the user terminal.

用户可通过第二子应用程序与业务方跨应用建立连接。具体地,用户终端上启动运行了第二母应用程序,并通过第二母应用程序调起了第二子应用程序。业务终端上启动运行了第一母应用程序,并通过第一母应用程序调起了第一子应用程序。在需要对目标用户进行身份验证时,业务终端采用预设的近场通信技术实时探测周围用于建立通信链路的信号,并通过第一子应用程序确定发出强度符合预设条件的信号的用户终端的终端标识。终端标识能够唯一标识目标用户的终端,可以是发出的用于建立通信链路的信号的标识。根据发出用于建立通信链路的信号的方式不同,终端标识具体可以是蓝牙mac地址(MediaAccess Control Address)等。The user can establish a cross-application connection with the business party through the second sub-application. Specifically, the second parent application is started and run on the user terminal, and the second child application is invoked through the second parent application. The first parent application is started and run on the service terminal, and the first child application is called up through the first parent application. When the target user needs to be authenticated, the service terminal uses the preset near-field communication technology to detect the surrounding signals used to establish a communication link in real time, and uses the first sub-application to determine the user who sends out the signal whose strength meets the preset condition. The terminal ID of the terminal. The terminal identifier can uniquely identify the terminal of the target user, and may be an identifier of a signal sent out for establishing a communication link. The terminal identifier may specifically be a Bluetooth mac address (Media Access Control Address) or the like according to different ways of sending a signal for establishing a communication link.

第一子应用程序获取第二母应用程序标识,根据第二母应用程序标识以及确定的终端标识生成连接请求。第一子应用程序通过第一母应用程序将连接请求发送至第一服务平台。第一服务平台在接收到连接请求后,检查到第二母应用程序标识为属于第二母应用程序的应用标识,则将连接请求标记为跨应用请求,向第二母应用程序标识对应的第二服务平台发起跨应用的连接请求。根据连接请求携带的终端标识,第二服务平台将连接请求发送至相应用户终端。用户终端通过第二母应用程序上运行的第二子应用程序响应该连接请求,建立与业务终端之间的通信链路。The first sub-application acquires the identifier of the second parent application, and generates a connection request according to the identifier of the second parent application and the determined terminal identifier. The first sub-application sends the connection request to the first service platform through the first parent application. After receiving the connection request, the first service platform checks that the second parent application identifier is an application identifier belonging to the second parent application, then marks the connection request as a cross-application request, and sends the second parent application identifier corresponding to the second parent application identifier. The second service platform initiates a cross-application connection request. According to the terminal identifier carried in the connection request, the second service platform sends the connection request to the corresponding user terminal. The user terminal responds to the connection request through the second sub-application running on the second parent application, and establishes a communication link with the service terminal.

在本实施例中,只需在第二母应用程序中运行第二子应用程序,在第一母应用程序运行第一子应用程序,即可基于已有的第二母应用程序对应的第二服务平台及第一母应用程序对应的第一服务平台,实现用户终端与业务终端之间的连接,无需增设任何硬件设备的情况下即可实现用户标识快速获取。In this embodiment, it is only necessary to run the second sub-application in the second parent application and run the first sub-application in the first parent application, and then the second parent application can be based on the existing second parent application. The service platform and the first service platform corresponding to the first parent application program realize the connection between the user terminal and the service terminal, and can realize the rapid acquisition of the user ID without adding any hardware equipment.

在一个实施例中,获取业务数据包括:获取待传输的业务数据,筛选业务数据中的图像数据;将筛选到的图像数据存储至第一服务器;接收第一服务器返回的与存储的图像数据对应的图像标识;将业务数据中的字符数据和图像标识发送至第二服务器;当需要使用图像数据时,根据图像标识从第一服务器拉取图像数据。In one embodiment, acquiring service data includes: acquiring service data to be transmitted, and screening image data in the service data; storing the screened image data in a first server; receiving a response from the first server corresponding to the stored image data Send the character data and image identification in the business data to the second server; when the image data needs to be used, pull the image data from the first server according to the image identification.

若终端将获取的业务数据发送至服务器进行审核校验,终端需要传输大量的包括图像数据的业务数据,而图像数据的数据量较大,在业务数据的传输过程中,会延长业务数据的传输时间,且容易造成网络拥堵。本实施例若终端将业务数据发送至服务器,由服务器采用上述身份验证方法对目标用户进行身份验证,则在业务数据上传时可将其中图像数据单独存储,以提高数据传输效率。If the terminal sends the acquired service data to the server for verification and verification, the terminal needs to transmit a large amount of service data including image data, and the data volume of the image data is relatively large. During the transmission of service data, the transmission of service data will be prolonged. time, and it is easy to cause network congestion. In this embodiment, if the terminal sends the service data to the server, and the server uses the above authentication method to authenticate the target user, the image data can be stored separately when the service data is uploaded to improve data transmission efficiency.

具体地,终端对用户上传的业务数据进行分析,通过分析识别业务数据中的图像数据,从业务数据中提取识别到的图像数据。比如,若业务数据为贷款审核数据,贷款审核数据中包括贷款字符数据和身份证图像数据,终端从贷款审核数据中筛选,得到身份证图像数据。Specifically, the terminal analyzes the service data uploaded by the user, analyzes and recognizes the image data in the service data, and extracts the recognized image data from the service data. For example, if the business data is loan review data, the loan review data includes loan character data and ID card image data, and the terminal filters the loan review data to obtain ID card image data.

终端预存储了第一服务器的服务器地址。第一服务器是用于存储图像数据的服务器。终端根将筛选到的图像数据发送至与服务器地址对应的第一服务器。The terminal pre-stores the server address of the first server. The first server is a server for storing image data. The terminal root sends the filtered image data to the first server corresponding to the server address.

在一个实施例中,终端在筛选到图像数据后,对筛选到的图像数据统计数据量,将统计到的数据量与预设数据量比较,当统计到的数据量大于预设数据量时,将筛选到的图像数据存储至第一服务器;当统计到的数据量小于预设数据量时,直接将业务数据发送至第二服务器,即上述服务器120。In one embodiment, after screening the image data, the terminal counts the data amount of the screened image data, and compares the counted data amount with the preset data amount. When the counted data amount is greater than the preset data amount, The screened image data is stored in the first server; when the amount of data collected is less than the preset amount of data, the service data is directly sent to the second server, that is, the above-mentioned server 120 .

第一服务器对接收到的图像数据进行存储,生成与存储的图像数据对应的图像标识。第一服务器将生成的图像标识返回至终端。图标标识与存储的图像数据一一对应。图像标识可以是图像数据的存储地址,也可以是对图像数据中图像特征数据进行哈希运算的结果值,还可以是按照图像数据的存储顺序生成的存储序号。容易理解,图像标识还可以是其他标识信息,如随机生成与图像数据唯一对应的编号等,对此不做限制。The first server stores the received image data, and generates an image identifier corresponding to the stored image data. The first server returns the generated image identification to the terminal. The icon identifiers correspond one-to-one with the stored image data. The image identifier may be a storage address of the image data, or a result value of performing a hash operation on the image feature data in the image data, or may be a storage sequence number generated according to the storage order of the image data. It is easy to understand that the image identification may also be other identification information, such as randomly generating a number uniquely corresponding to the image data, etc., which is not limited.

业务数据包括图像数据和字符数据。终端对业务数据中的字符数据和接收到图像标识进行封装,得到业务数据对应的传输数据包,将传输数据包发送至第二服务器。第二服务器对传输数据包进行解析,得到业务数据中的字符数据和图像标识,根据得到的图像标识从第一服务器拉取图像数据。The business data includes image data and character data. The terminal encapsulates the character data in the service data and the received image identifier, obtains a transmission data packet corresponding to the service data, and sends the transmission data packet to the second server. The second server parses the transmission data packet, obtains character data and image identifiers in the service data, and pulls image data from the first server according to the obtained image identifiers.

本实施例中,从业务数据中筛选出图像数据,在将筛选到的图像数据存储至第一服务器后;仅将第一服务器返回的图像数据的图像标识和业务数据中的字符数据传输至第二服务器,由第二服务器根据图像标识从第一服务器拉取图像数据,减少了向第二服务器发送业务数据的数据量,从而可以提高业务数据传输效率。In this embodiment, the image data is filtered from the service data, and after the filtered image data is stored in the first server; only the image identifier of the image data returned by the first server and the character data in the service data are transmitted to the first server. For the second server, the second server pulls the image data from the first server according to the image identifier, which reduces the data volume of the service data sent to the second server, thereby improving the service data transmission efficiency.

在一个实施例中,基于查询语句在复用库中拉取用户标识对应的基准人脸图像之前,还包括:在多个业务库中同步已验证的现场人脸图像及对应的属性信息;属性信息包括用户标识;根据预存储的公钥对现场人脸图像进行对称解密;对解密得到的现场人脸图像进行非对称加密;将加密后现场人脸图像作为相应用户标识的基准人脸图像存储至复用库。In one embodiment, before pulling the reference face image corresponding to the user ID in the multiplexing library based on the query statement, the method further includes: synchronizing the verified live face image and corresponding attribute information in multiple service libraries; The information includes the user ID; symmetrically decrypt the live face image according to the pre-stored public key; perform asymmetric encryption on the decrypted live face image; store the encrypted live face image as the reference face image corresponding to the user ID to the reuse library.

复用库中的基准人脸图像可以是在历史的业务办理过程中采集的验证通过的用户现场人脸图像。对于集团公司,可以通过对多个子公司采集的验证通过的现场人脸图像进行归集得到。具体地,为了对用户信息进行隐私保护,不同子公司可能采用AES(AdvancedEncryption Standard,高级加密标准)、二进制加密等不同的加密逻辑对包含用户标识的用户信息进行加密,将加密后的用户信息存储至各自的业务库中。The reference face image in the multiplexing library may be a verified user's on-site face image collected in the historical business processing process. For group companies, it can be obtained by collecting the verified on-site face images collected by multiple subsidiaries. Specifically, in order to protect the privacy of user information, different subsidiaries may use different encryption logics such as AES (Advanced Encryption Standard, Advanced Encryption Standard), binary encryption, etc. to encrypt user information including user identification, and store the encrypted user information. to their respective business libraries.

计算机设备在多个业务库中同步已验证的现场人脸图像及对应的属性信息。属性信息包括现场人脸图像对应的用户标识、采集时间、验证结果、数据提供方、加密信息等。中,数据提供方是指采集相应现场人脸图像的子公司。加密信息包括加密方法及对应的解密逻辑。比如,当加密方法为非对称加密时,对应的解密逻辑包括用于解密的公钥。The computer equipment synchronizes the verified on-site face images and corresponding attribute information in multiple service libraries. The attribute information includes the user ID corresponding to the live face image, the collection time, the verification result, the data provider, and encrypted information. In , the data provider refers to the subsidiary that collects the corresponding on-site face images. The encrypted information includes an encryption method and corresponding decryption logic. For example, when the encryption method is asymmetric encryption, the corresponding decryption logic includes the public key used for decryption.

计算机设备利用公钥对现场人脸图像进行解密。计算机设备按照统一的加密逻辑对解密得到的每个现场人脸图像重新进行加密,将加密后现场人脸图像作为相应用户标识的基准人脸图像存储至复用库。The computer equipment uses the public key to decrypt the live face image. The computer equipment re-encrypts each live face image obtained by decryption according to the unified encryption logic, and stores the encrypted live face image as the reference face image of the corresponding user identification in the multiplexing library.

在另一个实施例中,计算机设备还对现场人脸图像的属性信息进行标准化处理,将标准化处理后的属性信息一并存储至复用库。后续基于属性信息可以判断复用库中相应基准人脸图像是否符合调用方提出的调用条件。比如,调用条件可以是采集时间在6个月内等。In another embodiment, the computer device further performs standardization processing on the attribute information of the live face image, and stores the standardized attribute information in the multiplexing library. Subsequently, based on the attribute information, it can be determined whether the corresponding reference face image in the multiplexing library meets the calling conditions proposed by the caller. For example, the calling condition may be that the collection time is within 6 months.

本实施例中,对多个业务库中的现场人脸图像进行归集即可得到复用库,提高复用库构建效率。In this embodiment, a multiplexing library can be obtained by collecting on-site face images in multiple service libraries, thereby improving the construction efficiency of the multiplexing library.

应该理解的是,虽然图2的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图2中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the flowchart of FIG. 2 are shown in sequence according to the arrows, these steps are not necessarily executed in the sequence shown by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order, and these steps may be performed in other orders. Moreover, at least a part of the steps in FIG. 2 may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed and completed at the same time, but may be executed at different times. The execution of these sub-steps or stages The sequence is also not necessarily sequential, but may be performed alternately or alternately with other steps or sub-steps of other steps or at least a portion of a phase.

在一个实施例中,如图3所示,提供了一种身份验证装置,包括:现场图像获取模块302、现场图像获取模块302和图像比对验证模块306,其中:In one embodiment, as shown in FIG. 3, an identity verification device is provided, including: a live image acquisition module 302, a live image acquisition module 302, and an image comparison verification module 306, wherein:

现场图像获取模块302,用于获取业务数据;业务数据包括目标用户的用户标识及现场人脸图像。The on-site image acquisition module 302 is used to acquire service data; the service data includes the user ID of the target user and the on-site face image.

基准图像获取模块304,用于根据业务数据对应业务场景及用户标识确定身份验证类型;当身份验证类型为预设类型时,生成用户标识的查询语句;基于查询语句在复用库中查询拉取用户标识对应的基准人脸图像。The reference image acquisition module 304 is configured to determine the authentication type according to the corresponding business scenario of the business data and the user ID; when the authentication type is a preset type, generate a query statement of the user ID; based on the query statement, query and pull from the multiplexing library The reference face image corresponding to the user ID.

图像比对验证模块306,用于当现场人脸图像与基准人脸图像比对一致,则目标用户的身份验证通过。The image comparison and verification module 306 is configured to pass the identity verification of the target user when the on-site face image is consistent with the reference face image.

在一个实施例中,现场图像获取模块302还用于在第一母应用程序所提供的用于运行子应用程序的环境中,运行选中的第一子应用程序;建立第一子应用程序与第二子应用程序的通信连接;所述第二子应用程序运行在用户终端上第二母应用程序所提供的用于运行子应用程序的环境中;通过所述子应用接收所述用户终端发送的用户标识,所述用户标识是所述用户终端通过所述第二子应用程序获取的用户存储于第二母应用的身份信息。In one embodiment, the live image acquisition module 302 is further configured to run the selected first sub-application in the environment provided by the first parent application for running the sub-application; establish the first sub-application and the first sub-application The communication connection between the two sub-applications; the second sub-application runs in the environment provided by the second parent application on the user terminal for running the sub-application; the sub-application receives the data sent by the user terminal through the sub-application A user identifier, where the user identifier is the user's identity information stored in the second parent application obtained by the user terminal through the second sub-application.

在一个实施例中,现场图像获取模块302还用于获取待传输的业务数据,筛选业务数据中的图像数据;将筛选到的图像数据存储至第一服务器;接收第一服务器返回的与存储的图像数据对应的图像标识;将业务数据中的字符数据和图像标识发送至第二服务器;当需要使用图像数据时,根据图像标识从第一服务器拉取图像数据。In one embodiment, the on-site image acquisition module 302 is further configured to acquire service data to be transmitted, screen image data in the service data; store the screened image data to the first server; receive the returned and stored data from the first server image identification corresponding to the image data; sending the character data and image identification in the business data to the second server; when the image data needs to be used, pulling the image data from the first server according to the image identification.

在一个实施例中,上述身份验证装置还包括复用库构建模块308,用于在多个业务库中同步已验证的现场人脸图像及对应的属性信息;属性信息包括用户标识根据预存储的公钥对现场人脸图像进行对称解密;对解密得到的现场人脸图像进行非对称加密;将加密后现场人脸图像作为相应用户标识的基准人脸图像存储至复用库。In one embodiment, the above-mentioned identity verification apparatus further includes a multiplexing library building module 308 for synchronizing the verified on-site face images and corresponding attribute information in multiple service libraries; The public key decrypts the live face image symmetrically; performs asymmetric encryption on the decrypted live face image; and stores the encrypted live face image as the reference face image of the corresponding user identification in the multiplexing library.

在一个实施例中,基准图像获取模块304还用于当身份验证类型不属于预设类型,或者复用库中不存在用户标识对应的基准人脸图像时,调用数据接口从第三方库拉取用户标识对应的基准人脸图像。In one embodiment, the reference image obtaining module 304 is further configured to call the data interface to pull from the third-party library when the authentication type does not belong to the preset type, or when the reference face image corresponding to the user ID does not exist in the multiplexing library The reference face image corresponding to the user ID.

关于身份验证装置的具体限定可以参见上文中对于身份验证方法的限定,在此不再赘述。上述身份验证装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitation of the identity verification device, reference may be made to the above limitation on the identity verification method, which will not be repeated here. Each module in the above-mentioned identity verification device can be implemented in whole or in part by software, hardware and combinations thereof. The above modules can be embedded in or independent of the processor in the computer device in the form of hardware, or stored in the memory in the computer device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.

在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图4所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和复用库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和复用库。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的复用库用于存储基准人脸图像。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种身份验证方法。In one embodiment, a computer device is provided, and the computer device may be a server, and its internal structure diagram may be as shown in FIG. 4 . The computer device includes a processor, memory, a network interface, and a multiplexing library connected by a system bus. Among them, the processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium, an internal memory. The nonvolatile storage medium stores an operating system, a computer program, and a multiplexing library. The internal memory provides an environment for the execution of the operating system and computer programs in the non-volatile storage medium. The multiplexing library of the computer device is used to store reference face images. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer program, when executed by the processor, implements an authentication method.

在一个实施例中,提供了一种计算机设备,该计算机设备可以是终端,其内部结构图可以如图5所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口、显示屏和输入装置。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统和计算机程序。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种身份验证方法。该计算机设备的显示屏可以是液晶显示屏或者电子墨水显示屏,该计算机设备的输入装置可以是显示屏上覆盖的触摸层,也可以是计算机设备外壳上设置的按键、轨迹球或触控板,还可以是外接的键盘、触控板或鼠标等。In one embodiment, a computer device is provided, and the computer device may be a terminal, and its internal structure diagram may be as shown in FIG. 5 . The computer equipment includes a processor, memory, a network interface, a display screen, and an input device connected by a system bus. Among them, the processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium, an internal memory. The nonvolatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the execution of the operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer program, when executed by the processor, implements an authentication method. The display screen of the computer equipment may be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment may be a touch layer covered on the display screen, or a button, a trackball or a touchpad set on the shell of the computer equipment , or an external keyboard, trackpad, or mouse.

本领域技术人员可以理解,图4和图5中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structures shown in FIG. 4 and FIG. 5 are only block diagrams of partial structures related to the solution of the present application, and do not constitute a limitation on the computer equipment to which the solution of the present application is applied. A computer device may include more or fewer components than those shown in the figures, or combine certain components, or have a different arrangement of components.

一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现本申请任意一个实施例中提供的身份验证方法的步骤。A computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the identity verification method provided in any one of the embodiments of this application.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those skilled in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable storage medium , when the computer program is executed, it may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other medium used in the various embodiments provided in this application may include non-volatile and/or volatile memory. Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. In order to make the description simple, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features It is considered to be the range described in this specification.

以上实施例仅表达了本申请的几种实施方式,其描述较为具体详细,但并不能因此理解为对发明专利范围的限制。应当指出的是,对于本领域普通技术人员来说,在不脱离本申请构思的前提下,还可做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above examples only represent several embodiments of the present application, and the descriptions thereof are more specific and detailed, but should not be construed as a limitation on the scope of the invention patent. It should be pointed out that for those skilled in the art, without departing from the concept of the present application, several modifications and improvements can be made, which all belong to the protection scope of the present application. Therefore, the scope of protection of the patent of the present application shall be subject to the appended claims.

Claims (10)

1.一种身份验证方法,所述方法包括:1. An identity verification method, the method comprising: 获取业务数据;所述业务数据包括目标用户的用户标识及现场人脸图像;Acquiring business data; the business data includes the user identification of the target user and the on-site face image; 根据所述业务数据对应业务场景及所述用户标识确定身份验证类型;Determine the authentication type according to the business scenario corresponding to the business data and the user identifier; 当所述身份验证类型为预设类型时,生成所述用户标识的查询语句;When the authentication type is a preset type, generating a query statement for the user ID; 基于所述查询语句在复用库中查询拉取所述用户标识对应的基准人脸图像;Query and pull the reference face image corresponding to the user ID in the multiplexing library based on the query statement; 当所述现场人脸图像与所述基准人脸图像比对一致,则所述目标用户的身份验证通过。When the on-site face image is consistent with the reference face image, the identity verification of the target user is passed. 2.根据权利要求1所述的方法,其特征在于,所述获取业务数据包括:2. The method according to claim 1, wherein the acquiring service data comprises: 在第一母应用程序所提供的用于运行子应用程序的环境中,运行选中的第一子应用程序;In the environment provided by the first parent application for running the sub-application, run the selected first sub-application; 建立第一子应用程序与第二子应用程序的通信连接;所述第二子应用程序运行在用户终端上第二母应用程序所提供的用于运行子应用程序的环境中;establishing a communication connection between the first sub-application and the second sub-application; the second sub-application runs in the environment for running the sub-application provided by the second parent application on the user terminal; 通过所述子应用接收所述用户终端发送的用户标识,所述用户标识是所述用户终端通过所述第二子应用程序获取的用户存储于第二母应用的身份信息。The user identification sent by the user terminal is received through the sub-application, where the user identification is the user's identity information stored in the second parent application and obtained by the user terminal through the second sub-application. 3.根据权利要求1所述的方法,其特征在于,所述获取业务数据包括:3. The method according to claim 1, wherein the acquiring service data comprises: 获取待传输的业务数据,筛选业务数据中的图像数据;Obtain the business data to be transmitted, and filter the image data in the business data; 将筛选到的图像数据存储至第一服务器;storing the filtered image data to the first server; 接收所述第一服务器返回的与存储的图像数据对应的图像标识;receiving an image identifier corresponding to the stored image data returned by the first server; 将所述业务数据中的字符数据和图像标识发送至第二服务器;sending the character data and image identification in the business data to the second server; 当需要使用图像数据时,根据图像标识从所述第一服务器拉取图像数据。When the image data needs to be used, the image data is pulled from the first server according to the image identifier. 4.根据权利要求1所述的方法,其特征在于,所述基于所述查询语句在复用库中拉取所述用户标识对应的基准人脸图像之前,还包括:4. The method according to claim 1, wherein, before the reference face image corresponding to the user identification is pulled in the multiplexing library based on the query statement, the method further comprises: 在多个业务库中同步已验证的现场人脸图像及对应的属性信息;所述属性信息包括用户标识;Synchronizing verified on-site face images and corresponding attribute information in multiple service libraries; the attribute information includes user identification; 根据预存储的公钥对所述现场人脸图像进行对称解密;Symmetrically decrypt the on-site face image according to the pre-stored public key; 对解密得到的现场人脸图像进行非对称加密;Perform asymmetric encryption on the decrypted live face image; 将加密后现场人脸图像作为相应用户标识的基准人脸图像存储至复用库。The encrypted on-site face image is stored in the multiplexing library as the reference face image of the corresponding user identification. 5.根据权利要求1所述的方法,其特征在于,所述方法还包括:5. The method according to claim 1, wherein the method further comprises: 当所述身份验证类型不属于预设类型,或者所述复用库中不存在所述用户标识对应的基准人脸图像时,调用数据接口从第三方库拉取所述用户标识对应的基准人脸图像。When the authentication type does not belong to the preset type, or the reference face image corresponding to the user ID does not exist in the multiplexing library, the data interface is invoked to pull the reference face corresponding to the user ID from a third-party library face image. 6.一种身份验证装置,包括:6. An identity verification device, comprising: 现场图像获取模块,用于获取业务数据;所述业务数据包括目标用户的用户标识及现场人脸图像;an on-site image acquisition module, used for acquiring business data; the business data includes the user identification of the target user and the on-site face image; 基准图像获取模块,用于根据所述业务数据对应业务场景及所述用户标识确定身份验证类型;当所述身份验证类型为预设类型时,生成所述用户标识的查询语句;基于所述查询语句在复用库中查询拉取所述用户标识对应的基准人脸图像;a reference image acquisition module, configured to determine an identity verification type according to the business scenario corresponding to the business data and the user identifier; when the identity verification type is a preset type, generate a query statement for the user identifier; based on the query The statement queries and pulls the reference face image corresponding to the user ID in the multiplexing library; 图像比对验证模块,用于当所述现场人脸图像与所述基准人脸图像比对一致,则所述目标用户的身份验证通过。The image comparison and verification module is configured to pass the identity verification of the target user when the on-site face image is consistent with the reference face image. 7.根据权利要求6所述的装置,其特征在于,所述现场图像获取模块还用于通过第二母应用上的第二子应用,建立与用户终端上第一母应用上的第一子应用之间的通信链路;通过所述第二子应用接收所述用户终端基于所述通信链路发送的用户标识;所述用户标识是由所述用户终端通过第二子应用获取的用户属于第二母应用的身份信息。7 . The device according to claim 6 , wherein the on-site image acquisition module is further configured to establish a connection with the first child application on the first parent application on the user terminal through the second child application on the second parent application. 8 . A communication link between applications; receiving a user identification sent by the user terminal based on the communication link through the second sub-application; the user identification is a user belonging to a user acquired by the user terminal through the second sub-application The identity information of the second parent application. 8.根据权利要求6所述的装置,其特征在于,所述现场图像获取模块还用于获取待传输的业务数据,筛选业务数据中的图像数据;将筛选到的图像数据存储至第一服务器;接收第一服务器返回的与存储的图像数据对应的图像标识;将业务数据中的字符数据和图像标识发送至第二服务器;当需要使用图像数据时,根据图像标识从第一服务器拉取图像数据。8 . The device according to claim 6 , wherein the on-site image acquisition module is further configured to acquire service data to be transmitted, and screen the image data in the service data; and store the screened image data in the first server. 9 . ; Receive the image identification corresponding to the stored image data returned by the first server; Send the character data and the image identification in the business data to the second server; When the image data needs to be used, pull the image from the first server according to the image identification data. 9.一种计算机设备,包括存储器和处理器,所述存储器存储有计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至5中任一项所述方法的步骤。9. A computer device, comprising a memory and a processor, wherein the memory stores a computer program, wherein the processor implements the steps of the method according to any one of claims 1 to 5 when the processor executes the computer program . 10.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至5中任一项所述的方法的步骤。10. A computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 5 are implemented.
CN201910753696.8A 2019-08-15 2019-08-15 Authentication method, apparatus, computer equipment and storage medium Pending CN110647641A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910753696.8A CN110647641A (en) 2019-08-15 2019-08-15 Authentication method, apparatus, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910753696.8A CN110647641A (en) 2019-08-15 2019-08-15 Authentication method, apparatus, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN110647641A true CN110647641A (en) 2020-01-03

Family

ID=69009674

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910753696.8A Pending CN110647641A (en) 2019-08-15 2019-08-15 Authentication method, apparatus, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110647641A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111275448A (en) * 2020-02-22 2020-06-12 腾讯科技(深圳)有限公司 Face data processing method and device and computer equipment
CN111428263A (en) * 2020-03-10 2020-07-17 岭东核电有限公司 Work order processing method and device, computer equipment and storage medium
CN111464819A (en) * 2020-03-30 2020-07-28 腾讯音乐娱乐科技(深圳)有限公司 Live image detection method, device, equipment and storage medium
CN113011883A (en) * 2021-01-28 2021-06-22 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
WO2024144602A1 (en) * 2022-12-29 2024-07-04 Kobil Teknoloji Limited Sirketi A digital authentication system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306876A (en) * 2018-01-30 2018-07-20 平安普惠企业管理有限公司 Client identity verification method, device, computer equipment and storage medium
CN109492367A (en) * 2018-10-17 2019-03-19 平安国际融资租赁有限公司 Electronic contract signature processing method, device, computer equipment and storage medium
CN109842611A (en) * 2018-12-14 2019-06-04 平安科技(深圳)有限公司 Auth method, device, computer equipment and storage medium
CN110086799A (en) * 2019-04-23 2019-08-02 广州腾讯科技有限公司 Auth method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306876A (en) * 2018-01-30 2018-07-20 平安普惠企业管理有限公司 Client identity verification method, device, computer equipment and storage medium
CN109492367A (en) * 2018-10-17 2019-03-19 平安国际融资租赁有限公司 Electronic contract signature processing method, device, computer equipment and storage medium
CN109842611A (en) * 2018-12-14 2019-06-04 平安科技(深圳)有限公司 Auth method, device, computer equipment and storage medium
CN110086799A (en) * 2019-04-23 2019-08-02 广州腾讯科技有限公司 Auth method and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111275448A (en) * 2020-02-22 2020-06-12 腾讯科技(深圳)有限公司 Face data processing method and device and computer equipment
CN111428263A (en) * 2020-03-10 2020-07-17 岭东核电有限公司 Work order processing method and device, computer equipment and storage medium
CN111428263B (en) * 2020-03-10 2023-07-21 岭东核电有限公司 Work order processing method, device, computer equipment and storage medium
CN111464819A (en) * 2020-03-30 2020-07-28 腾讯音乐娱乐科技(深圳)有限公司 Live image detection method, device, equipment and storage medium
CN111464819B (en) * 2020-03-30 2022-07-15 腾讯音乐娱乐科技(深圳)有限公司 Live image detection method, device, equipment and storage medium
CN113011883A (en) * 2021-01-28 2021-06-22 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
CN113011883B (en) * 2021-01-28 2024-07-23 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
WO2024144602A1 (en) * 2022-12-29 2024-07-04 Kobil Teknoloji Limited Sirketi A digital authentication system

Similar Documents

Publication Publication Date Title
US11558381B2 (en) Out-of-band authentication based on secure channel to trusted execution environment on client device
US20210377254A1 (en) Federated identity management with decentralized computing platforms
US12160515B2 (en) Non-fungible token authentication
WO2021003980A1 (en) Blacklist sharing method and apparatus, computer device and storage medium
CN108346191B (en) Attendance checking method and device, computer equipment and storage medium
US11616775B2 (en) Network access authentication method, apparatus, and system
CN110647641A (en) Authentication method, apparatus, computer equipment and storage medium
WO2021184755A1 (en) Application access method and apparatus, and electronic device and storage medium
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
EP4007984A1 (en) Self-sovereign identity systems and methods for identification documents
US11824850B2 (en) Systems and methods for securing login access
CN113221128B (en) Account and password storage method and registration management system
CN109274652A (en) Identity information verifies system, method and device and computer storage medium
WO2022095518A1 (en) Automatic interface test method and apparatus, and computer device and storage medium
US12198215B2 (en) Self-sovereign identity systems and methods for identification documents
CN112235301A (en) Method and device for verifying access authority and electronic equipment
US20240137362A1 (en) Two-way authentication system and method
EP3794485B1 (en) Method and network node for managing access to a blockchain
CN112862487A (en) Digital certificate authentication method, equipment and storage medium
CN111405016A (en) User information acquisition method and related equipment
CN114449515B (en) Verification method, verification system, application platform and terminal
CN112039857A (en) Calling method and device of public basic module
EP3343494A1 (en) Electronic signature of transactions between users and remote providers by use of two-dimensional codes
CN114257410A (en) Identity authentication method and device based on digital certificate, and computer equipment
CN112597512B (en) Temperature data control method and device based on block chain and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200103

RJ01 Rejection of invention patent application after publication